SecurityManager.java

orudyy Thu, 21 Mar 2013 03:26:10 -0700

Author: orudyy
Date: Thu Mar 21 10:25:40 2013
New Revision: 1459216

URL: http://svn.apache.org/r1459216
Log:
QPID-4661: Add functionality to update broker fields affected by changes in 
attributes


Modified:
    
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/startup/BrokerRecoverer.java
    
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
    
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java

Modified: 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/startup/BrokerRecoverer.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/startup/BrokerRecoverer.java?rev=1459216&r1=1459215&r2=1459216&view=diff
==============================================================================
--- 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/startup/BrokerRecoverer.java
 (original)
+++ 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/startup/BrokerRecoverer.java
 Thu Mar 21 10:25:40 2013
@@ -128,7 +128,7 @@ public class BrokerRecoverer implements 
 
     private AuthenticationProvider 
getAuthenticationProviderByName(BrokerAdapter broker, String 
authenticationProviderName)
     {
-        AuthenticationProvider provider = 
broker.getAuthenticationProviderByName(authenticationProviderName);
+        AuthenticationProvider provider = 
broker.findAuthenticationProviderByName(authenticationProviderName);
         if (provider == null)
         {
             throw new IllegalConfigurationException("Cannot find the 
authentication provider with name: "

Modified: 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java?rev=1459216&r1=1459215&r2=1459216&view=diff
==============================================================================
--- 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
 (original)
+++ 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
 Thu Mar 21 10:25:40 2013
@@ -127,6 +127,7 @@ public class BrokerAdapter extends Abstr
     private static final String DEFAULT_KEY_STORE_NAME = "defaultKeyStore";
     private static final String DEFAULT_TRUST_STORE_NAME = "defaultTrustStore";
     private static final String DEFAULT_GROUP_PROFIDER_NAME = 
"defaultGroupProvider";
+    private static final String DEFAULT_PEER_STORE_NAME = "defaultPeerStore";
 
     private static final String DUMMY_PASSWORD_MASK = "********";
 
@@ -192,7 +193,7 @@ public class BrokerAdapter extends Abstr
         _authenticationProviderFactory = authenticationProviderFactory;
         _portFactory = portFactory;
         _securityManager = new SecurityManager((String)getAttribute(ACL_FILE));
-
+        addChangeListener(_securityManager);
         _defaultKeyStoreId = 
UUIDGenerator.generateBrokerChildUUID(KeyStore.class.getSimpleName(), 
DEFAULT_KEY_STORE_NAME);
         _defaultTrustStoreId = 
UUIDGenerator.generateBrokerChildUUID(TrustStore.class.getSimpleName(), 
DEFAULT_TRUST_STORE_NAME);
         createBrokerChildrenFromAttributes();
@@ -211,7 +212,11 @@ public class BrokerAdapter extends Abstr
             UUID groupProviderId = 
UUIDGenerator.generateBrokerChildUUID(GroupProvider.class.getSimpleName(),
                     DEFAULT_GROUP_PROFIDER_NAME);
             GroupProviderAdapter groupProviderAdapter = new 
GroupProviderAdapter(groupProviderId, groupManager, this);
-            addGroupProvider(groupProviderAdapter);
+            _groupProviders.put(DEFAULT_GROUP_PROFIDER_NAME, 
groupProviderAdapter);
+        }
+        else
+        {
+            _groupProviders.remove(DEFAULT_GROUP_PROFIDER_NAME);
         }
         Map<String, Object> actualAttributes = getActualAttributes();
         String keyStorePath = (String) getAttribute(KEY_STORE_PATH);
@@ -224,8 +229,12 @@ public class BrokerAdapter extends Abstr
             keyStoreAttributes.put(KeyStore.TYPE, 
java.security.KeyStore.getDefaultType());
             keyStoreAttributes.put(KeyStore.CERTIFICATE_ALIAS, 
getAttribute(KEY_STORE_CERT_ALIAS));
             keyStoreAttributes.put(KeyStore.KEY_MANAGER_FACTORY_ALGORITHM, 
KeyManagerFactory.getDefaultAlgorithm());
-            KeyStoreAdapter KeyStoreAdapter = new 
KeyStoreAdapter(_defaultKeyStoreId, this, keyStoreAttributes);
-            addKeyStore(KeyStoreAdapter);
+            KeyStoreAdapter keyStoreAdapter = new 
KeyStoreAdapter(_defaultKeyStoreId, this, keyStoreAttributes);
+            _keyStores.put(keyStoreAdapter.getId(), keyStoreAdapter);
+        }
+        else
+        {
+            _keyStores.remove(_defaultKeyStoreId);
         }
         String trustStorePath = (String) getAttribute(TRUST_STORE_PATH);
         if (trustStorePath != null)
@@ -238,13 +247,17 @@ public class BrokerAdapter extends Abstr
             trsustStoreAttributes.put(TrustStore.TYPE, 
java.security.KeyStore.getDefaultType());
             
trsustStoreAttributes.put(TrustStore.KEY_MANAGER_FACTORY_ALGORITHM, 
KeyManagerFactory.getDefaultAlgorithm());
             TrustStoreAdapter trustStore = new 
TrustStoreAdapter(_defaultTrustStoreId, this, trsustStoreAttributes);
-            addTrustStore(trustStore);
+            _trustStores.put(trustStore.getId(), trustStore);
+        }
+        else
+        {
+            _trustStores.remove(_defaultTrustStoreId);
         }
         String peerStorePath = (String) getAttribute(PEER_STORE_PATH);
+        UUID peerStoreId = 
UUIDGenerator.generateBrokerChildUUID(TrustStore.class.getSimpleName(), 
DEFAULT_PEER_STORE_NAME);
         if (peerStorePath != null)
         {
             Map<String, Object> peerStoreAttributes = new HashMap<String, 
Object>();
-            UUID peerStoreId = UUID.randomUUID();
             peerStoreAttributes.put(TrustStore.NAME, peerStoreId.toString());
             peerStoreAttributes.put(TrustStore.PATH, peerStorePath);
             peerStoreAttributes.put(TrustStore.PEERS_ONLY, Boolean.TRUE);
@@ -252,7 +265,11 @@ public class BrokerAdapter extends Abstr
             peerStoreAttributes.put(TrustStore.TYPE, 
java.security.KeyStore.getDefaultType());
             peerStoreAttributes.put(TrustStore.KEY_MANAGER_FACTORY_ALGORITHM, 
KeyManagerFactory.getDefaultAlgorithm());
             TrustStoreAdapter trustStore = new TrustStoreAdapter(peerStoreId, 
this, peerStoreAttributes);
-            addTrustStore(trustStore);
+            _trustStores.put(trustStore.getId(), trustStore);
+        }
+        else
+        {
+            _trustStores.remove(peerStoreId);
         }
     }
 
@@ -282,7 +299,7 @@ public class BrokerAdapter extends Abstr
         }
     }
 
-    public AuthenticationProvider getAuthenticationProviderByName(String 
authenticationProviderName)
+    public AuthenticationProvider findAuthenticationProviderByName(String 
authenticationProviderName)
     {
         Collection<AuthenticationProvider> providers = 
getAuthenticationProviders();
         for (AuthenticationProvider authenticationProvider : providers)
@@ -997,6 +1014,15 @@ public class BrokerAdapter extends Abstr
         Map<String, Object> convertedAttributes = 
MapValueConverter.convert(attributes, ATTRIBUTE_TYPES);
         validateAttributes(convertedAttributes);
         super.changeAttributes(convertedAttributes);
+
+        // the calls below are not thread safe but they should be fine in a 
management mode
+        // as there will be no user connected
+        createBrokerChildrenFromAttributes();
+        String defaultProviderName = 
(String)getAttribute(DEFAULT_AUTHENTICATION_PROVIDER);
+        if 
(!_defaultAuthenticationProvider.getName().equals(defaultProviderName))
+        {
+            _defaultAuthenticationProvider = 
findAuthenticationProviderByName(defaultProviderName);
+        }
     }
 
     private void validateAttributes(Map<String, Object> convertedAttributes)
@@ -1019,7 +1045,7 @@ public class BrokerAdapter extends Abstr
         String defaultAuthenticationProvider = (String) 
convertedAttributes.get(DEFAULT_AUTHENTICATION_PROVIDER);
         if (defaultAuthenticationProvider != null)
         {
-            AuthenticationProvider provider = 
getAuthenticationProviderByName(defaultAuthenticationProvider);
+            AuthenticationProvider provider = 
findAuthenticationProviderByName(defaultAuthenticationProvider);
             if (provider == null)
             {
                 throw new IllegalConfigurationException("Authentication 
provider with name " + defaultAuthenticationProvider

Modified: 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java?rev=1459216&r1=1459215&r2=1459216&view=diff
==============================================================================
--- 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java
 (original)
+++ 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java
 Thu Mar 21 10:25:40 2013
@@ -23,6 +23,10 @@ import org.apache.log4j.Logger;
 import org.apache.qpid.framing.AMQShortString;
 import org.apache.qpid.server.exchange.Exchange;
 
+import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.ConfigurationChangeListener;
+import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.plugin.AccessControlFactory;
 import org.apache.qpid.server.plugin.QpidServiceLoader;
 import org.apache.qpid.server.queue.AMQQueue;
@@ -46,9 +50,11 @@ import static org.apache.qpid.server.sec
 
 import javax.security.auth.Subject;
 import java.net.SocketAddress;
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.concurrent.ConcurrentHashMap;
@@ -60,7 +66,7 @@ import java.util.concurrent.ConcurrentHa
  *
  * @see AccessControl
  */
-public class SecurityManager
+public class SecurityManager implements ConfigurationChangeListener
 {
     private static final Logger _logger = 
Logger.getLogger(SecurityManager.class);
 
@@ -69,8 +75,9 @@ public class SecurityManager
 
     public static final ThreadLocal<Boolean> _accessChecksDisabled = new 
ClearingThreadLocal(false);
 
-    private Map<String, AccessControl> _globalPlugins = new HashMap<String, 
AccessControl>();
-    private Map<String, AccessControl> _hostPlugins = new HashMap<String, 
AccessControl>();
+    private Map<String, AccessControl> _globalPlugins = new 
ConcurrentHashMap<String, AccessControl>();
+    private Map<String, AccessControl> _hostPlugins = new 
ConcurrentHashMap<String, AccessControl>();
+    private Map<String, List<String>> _aclConfigurationToPluginNamesMapping = 
new ConcurrentHashMap<String, List<String>>();
 
     /**
      * A special ThreadLocal, which calls remove() on itself whenever the 
value is
@@ -130,14 +137,22 @@ public class SecurityManager
 
     public SecurityManager(String aclFile)
     {
+        configureACLPlugin(aclFile);
+    }
+
+    private void configureACLPlugin(String aclFile)
+    {
         Map<String, Object> attributes = new HashMap<String, Object>();
         attributes.put("aclFile", aclFile);
+
         for (AccessControlFactory provider : (new 
QpidServiceLoader<AccessControlFactory>()).instancesOf(AccessControlFactory.class))
         {
             AccessControl accessControl = provider.createInstance(attributes);
             if(accessControl != null)
             {
                 addHostPlugin(accessControl);
+
+                mapAclConfigurationToPluginName(aclFile, 
accessControl.getClass().getName());
             }
         }
 
@@ -147,6 +162,17 @@ public class SecurityManager
         }
     }
 
+    private void mapAclConfigurationToPluginName(String aclFile, String 
pluginName)
+    {
+         List<String> pluginNames =  
_aclConfigurationToPluginNamesMapping.get(aclFile);
+        if (pluginNames == null)
+        {
+            pluginNames = new ArrayList<String>();
+            _aclConfigurationToPluginNamesMapping.put(aclFile, pluginNames);
+        }
+        pluginNames.add(pluginName);
+    }
+
     public static Subject getThreadSubject()
     {
         return _subject.get();
@@ -477,4 +503,50 @@ public class SecurityManager
         _hostPlugins.put(plugin.getClass().getName(), plugin);
     }
 
+    @Override
+    public void stateChanged(ConfiguredObject object, State oldState, State 
newState)
+    {
+        // no op
+    }
+
+    @Override
+    public void childAdded(ConfiguredObject object, ConfiguredObject child)
+    {
+        // no op
+    }
+
+    @Override
+    public void childRemoved(ConfiguredObject object, ConfiguredObject child)
+    {
+        // no op
+    }
+
+    @Override
+    public void attributeSet(ConfiguredObject object, String attributeName, 
Object oldAttributeValue, Object newAttributeValue)
+    {
+        if (object instanceof Broker && Broker.ACL_FILE.equals(attributeName))
+        {
+            // the code below is not thread safe, however, it should be fine 
in a management mode
+            // as there will be no user connected
+
+            if (oldAttributeValue != null)
+            {
+                List<String> pluginNames = 
_aclConfigurationToPluginNamesMapping.remove(oldAttributeValue);
+                if (pluginNames != null)
+                {
+                    for (String name : pluginNames)
+                    {
+                        _hostPlugins.remove(name);
+                    }
+                }
+            }
+            if (newAttributeValue != null)
+            {
+                configureACLPlugin((String)newAttributeValue);
+            }
+            _immediatePublishPropsCache.clear();
+            _publishPropsCache.clear();
+        }
+    }
+
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org
For additional commands, e-mail: commits-h...@qpid.apache.org

svn commit: r1459216 - in /qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server: configuration/startup/BrokerRecoverer.java model/adapter/BrokerAdapter.java security/SecurityManager.java

Reply via email to