Author: orudyy
Date: Fri Mar 29 17:30:54 2013
New Revision: 1462551

URL: http://svn.apache.org/r1462551
Log:
QPID-4678: Add ACL checks to restrict the operations to change broker level 
configuration through the management interfaces

Added:
    
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/OperationLoggingDetails.java
    
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
Modified:
    
qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/PlainConfigurationTest.java
    qpid/trunk/qpid/java/broker/etc/broker_example.acl
    
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java
    
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java
    
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
    
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java
    
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/VirtualHostAdapter.java
    
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java
    
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java
    
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectType.java
    
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/Operation.java
    
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/QpidRestTestCase.java

Modified: 
qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/PlainConfigurationTest.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/PlainConfigurationTest.java?rev=1462551&r1=1462550&r2=1462551&view=diff
==============================================================================
--- 
qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/PlainConfigurationTest.java
 (original)
+++ 
qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/PlainConfigurationTest.java
 Fri Mar 29 17:30:54 2013
@@ -447,6 +447,13 @@ public class PlainConfigurationTest exte
                 "user1", Operation.ACCESS, ObjectType.MANAGEMENT, 
ObjectProperties.EMPTY);
     }
 
+    public void testBrokerRuleParsing() throws Exception
+    {
+        validateRule(writeACLConfig("ACL ALLOW user1 CONFIGURE BROKER"), 
"user1", Operation.CONFIGURE, ObjectType.BROKER,
+                ObjectProperties.EMPTY);
+        validateRule(writeACLConfig("ACL ALLOW user1 ALL BROKER"), "user1", 
Operation.ALL, ObjectType.BROKER, ObjectProperties.EMPTY);
+    }
+
     private void validateRule(final PlainConfiguration config, String 
username, Operation operation, ObjectType objectType, ObjectProperties 
objectProperties)
     {
         final RuleSet rs = config.getConfiguration();

Modified: qpid/trunk/qpid/java/broker/etc/broker_example.acl
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/etc/broker_example.acl?rev=1462551&r1=1462550&r2=1462551&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/etc/broker_example.acl (original)
+++ qpid/trunk/qpid/java/broker/etc/broker_example.acl Fri Mar 29 17:30:54 2013
@@ -72,6 +72,9 @@ ACL ALLOW-LOG webadmins UPDATE USER
 
 ACL ALLOW-LOG webadmins UPDATE METHOD
 
+# authorise operations changing broker model
+ACL ALLOW-LOG webadmins CONFIGURE BROKER
+
 # at the moment only the following UPDATE METHOD rules are supported by web 
management console
 #ACL ALLOW-LOG webadmins UPDATE METHOD component="VirtualHost.Queue" 
name="moveMessages"
 #ACL ALLOW-LOG webadmins UPDATE METHOD component="VirtualHost.Queue" 
name="copyMessages"

Modified: 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java?rev=1462551&r1=1462550&r2=1462551&view=diff
==============================================================================
--- 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java
 (original)
+++ 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java
 Fri Mar 29 17:30:54 2013
@@ -90,6 +90,7 @@ abstract class AbstractAdapter implement
     public final State setDesiredState(final State currentState, final State 
desiredState)
             throws IllegalStateTransitionException, AccessControlException
     {
+        authoriseSetDesiredState(currentState, desiredState);
         if (_taskExecutor.isTaskExecutorThread())
         {
             if (setState(currentState, desiredState))
@@ -224,6 +225,7 @@ abstract class AbstractAdapter implement
     public Object setAttribute(final String name, final Object expected, final 
Object desired)
             throws IllegalStateException, AccessControlException, 
IllegalArgumentException
     {
+        authoriseSetAttribute(name, expected, desired);
         if (_taskExecutor.isTaskExecutorThread())
         {
             if (changeAttribute(name, expected, desired))
@@ -302,6 +304,7 @@ abstract class AbstractAdapter implement
     @Override
     public <C extends ConfiguredObject> C createChild(Class<C> childClass, 
Map<String, Object> attributes, ConfiguredObject... otherParents)
     {
+        authoriseCreateChild(childClass, attributes, otherParents);
         if (_taskExecutor.isTaskExecutorThread())
         {
             C child = addChild(childClass, attributes, otherParents);
@@ -331,6 +334,7 @@ abstract class AbstractAdapter implement
     @Override
     public void setAttributes(final Map<String, Object> attributes) throws 
IllegalStateException, AccessControlException, IllegalArgumentException
     {
+        authoriseSetAttributes(attributes);
         if (getTaskExecutor().isTaskExecutorThread())
         {
             changeAttributes(attributes);
@@ -357,4 +361,24 @@ abstract class AbstractAdapter implement
             }
         }
     }
+
+    protected void authoriseSetDesiredState(State currentState, State 
desiredState) throws AccessControlException
+    {
+        // allowed by default
+    }
+
+    protected void authoriseSetAttribute(String name, Object expected, Object 
desired) throws AccessControlException
+    {
+        // allowed by default
+    }
+
+    protected <C extends ConfiguredObject> void authoriseCreateChild(Class<C> 
childClass, Map<String, Object> attributes, ConfiguredObject... otherParents) 
throws AccessControlException
+    {
+        // allowed by default
+    }
+
+    protected void authoriseSetAttributes(Map<String, Object> attributes) 
throws AccessControlException
+    {
+        // allowed by default
+    }
 }

Modified: 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java?rev=1462551&r1=1462550&r2=1462551&view=diff
==============================================================================
--- 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java
 (original)
+++ 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java
 Fri Mar 29 17:30:54 2013
@@ -316,6 +316,36 @@ public abstract class AuthenticationProv
         return manager;
     }
 
+    @Override
+    protected void authoriseSetDesiredState(State currentState, State 
desiredState) throws AccessControlException
+    {
+        if(desiredState == State.DELETED)
+        {
+            if 
(!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), 
AuthenticationProvider.class, Operation.DELETE))
+            {
+                throw new AccessControlException("Deletion of authentication 
provider is denied");
+            }
+        }
+    }
+
+    @Override
+    protected void authoriseSetAttribute(String name, Object expected, Object 
desired) throws AccessControlException
+    {
+        if 
(!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), 
AuthenticationProvider.class, Operation.UPDATE))
+        {
+            throw new AccessControlException("Setting of authentication 
provider attributes is denied");
+        }
+    }
+
+    @Override
+    protected void authoriseSetAttributes(Map<String, Object> attributes) 
throws AccessControlException
+    {
+        if 
(!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), 
AuthenticationProvider.class, Operation.UPDATE))
+        {
+            throw new AccessControlException("Setting of authentication 
provider attributes is denied");
+        }
+    }
+
     public static class SimpleAuthenticationProviderAdapter extends 
AuthenticationProviderAdapter<AuthenticationManager>
     {
 

Modified: 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java?rev=1462551&r1=1462550&r2=1462551&view=diff
==============================================================================
--- 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
 (original)
+++ 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
 Fri Mar 29 17:30:54 2013
@@ -59,8 +59,7 @@ import org.apache.qpid.server.model.Trus
 import org.apache.qpid.server.model.UUIDGenerator;
 import org.apache.qpid.server.model.VirtualHost;
 import org.apache.qpid.server.configuration.updater.TaskExecutor;
-import 
org.apache.qpid.server.security.auth.manager.Base64MD5PasswordFileAuthenticationManagerFactory;
-import 
org.apache.qpid.server.security.auth.manager.PlainPasswordFileAuthenticationManagerFactory;
+import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.security.group.FileGroupManager;
 import org.apache.qpid.server.security.group.GroupManager;
 import org.apache.qpid.server.security.SecurityManager;
@@ -390,7 +389,18 @@ public class BrokerAdapter extends Abstr
         final VirtualHostAdapter virtualHostAdapter = new 
VirtualHostAdapter(UUID.randomUUID(), attributes, this,
                 _statisticsGatherer, getTaskExecutor());
         addVirtualHost(virtualHostAdapter);
-        virtualHostAdapter.setDesiredState(State.INITIALISING, State.ACTIVE);
+
+        // permission has already been granted to create the virtual host
+        // disable further access check on other operations, e.g. create 
exchange
+        _securityManager.setAccessChecksDisabled(true);
+        try
+        {
+            virtualHostAdapter.setDesiredState(State.INITIALISING, 
State.ACTIVE);
+        }
+        finally
+        {
+            _securityManager.setAccessChecksDisabled(false);
+        }
         return virtualHostAdapter;
     }
 
@@ -1031,7 +1041,6 @@ public class BrokerAdapter extends Abstr
     @Override
     protected void changeAttributes(Map<String, Object> attributes)
     {
-        //TODO: Add ACL check
         //TODO: Add management mode check
         Map<String, Object> convertedAttributes = 
MapValueConverter.convert(attributes, ATTRIBUTE_TYPES);
         validateAttributes(convertedAttributes);
@@ -1200,4 +1209,32 @@ public class BrokerAdapter extends Abstr
             }
         }
     }
+
+    @Override
+    protected void authoriseSetAttribute(String name, Object expected, Object 
desired) throws AccessControlException
+    {
+        if (!_securityManager.authoriseConfiguringBroker(getName(), 
Broker.class, Operation.UPDATE))
+        {
+            throw new AccessControlException("Setting of broker attributes is 
denied");
+        }
+    }
+
+    @Override
+    protected <C extends ConfiguredObject> void authoriseCreateChild(Class<C> 
childClass, Map<String, Object> attributes,
+            ConfiguredObject... otherParents) throws AccessControlException
+    {
+        if 
(!_securityManager.authoriseConfiguringBroker(String.valueOf(attributes.get(NAME)),
 childClass, Operation.CREATE))
+        {
+            throw new AccessControlException("Creation of new broker level 
entity is denied");
+        }
+    }
+
+    @Override
+    protected void authoriseSetAttributes(Map<String, Object> attributes) 
throws AccessControlException
+    {
+        if (!_securityManager.authoriseConfiguringBroker(getName(), 
Broker.class, Operation.UPDATE))
+        {
+            throw new AccessControlException("Setting of broker attributes is 
denied");
+        }
+    }
 }

Modified: 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java?rev=1462551&r1=1462550&r2=1462551&view=diff
==============================================================================
--- 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java
 (original)
+++ 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java
 Fri Mar 29 17:30:54 2013
@@ -45,6 +45,7 @@ import org.apache.qpid.server.model.Stat
 import org.apache.qpid.server.model.Transport;
 import org.apache.qpid.server.model.VirtualHost;
 import org.apache.qpid.server.model.VirtualHostAlias;
+import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.util.MapValueConverter;
 import org.apache.qpid.server.util.ParameterizedTypeImpl;
 import org.apache.qpid.server.configuration.updater.TaskExecutor;
@@ -356,4 +357,34 @@ public class PortAdapter extends Abstrac
         }
         super.changeAttributes(MapValueConverter.convert(attributes, 
ATTRIBUTE_TYPES));
     }
+
+    @Override
+    protected void authoriseSetDesiredState(State currentState, State 
desiredState) throws AccessControlException
+    {
+        if(desiredState == State.DELETED)
+        {
+            if 
(!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), 
Port.class, Operation.DELETE))
+            {
+                throw new AccessControlException("Deletion of port is denied");
+            }
+        }
+    }
+
+    @Override
+    protected void authoriseSetAttribute(String name, Object expected, Object 
desired) throws AccessControlException
+    {
+        if 
(!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), 
Port.class, Operation.UPDATE))
+        {
+            throw new AccessControlException("Setting of port attributes is 
denied");
+        }
+    }
+
+    @Override
+    protected void authoriseSetAttributes(Map<String, Object> attributes) 
throws AccessControlException
+    {
+        if 
(!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), 
Port.class, Operation.UPDATE))
+        {
+            throw new AccessControlException("Setting of port attributes is 
denied");
+        }
+    }
 }

Modified: 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/VirtualHostAdapter.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/VirtualHostAdapter.java?rev=1462551&r1=1462550&r2=1462551&view=diff
==============================================================================
--- 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/VirtualHostAdapter.java
 (original)
+++ 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/VirtualHostAdapter.java
 Fri Mar 29 17:30:54 2013
@@ -71,6 +71,7 @@ import org.apache.qpid.server.queue.AMQQ
 import org.apache.qpid.server.queue.QueueEntry;
 import org.apache.qpid.server.queue.QueueRegistry;
 import org.apache.qpid.server.security.SecurityManager;
+import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
 import org.apache.qpid.server.stats.StatisticsGatherer;
 import org.apache.qpid.server.store.MessageStore;
@@ -980,8 +981,6 @@ public final class VirtualHostAdapter ex
         }
         else if (desiredState == State.DELETED)
         {
-            //TODO: add ACL check to authorize the operation
-
             String hostName = getName();
 
             if 
(hostName.equals(_broker.getAttribute(Broker.DEFAULT_VIRTUAL_HOST)))
@@ -1091,4 +1090,34 @@ public final class VirtualHostAdapter ex
     {
         throw new UnsupportedOperationException("Changing attributes on 
virtualhosts is not supported.");
     }
+
+    @Override
+    protected void authoriseSetDesiredState(State currentState, State 
desiredState) throws AccessControlException
+    {
+        if(desiredState == State.DELETED)
+        {
+            if 
(!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), 
VirtualHost.class, Operation.DELETE))
+            {
+                throw new AccessControlException("Deletion of virtual host is 
denied");
+            }
+        }
+    }
+
+    @Override
+    protected void authoriseSetAttribute(String name, Object expected, Object 
desired) throws AccessControlException
+    {
+        if 
(!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), 
VirtualHost.class, Operation.UPDATE))
+        {
+            throw new AccessControlException("Setting of virtual host 
attributes is denied");
+        }
+    }
+
+    @Override
+    protected void authoriseSetAttributes(Map<String, Object> attributes) 
throws AccessControlException
+    {
+        if 
(!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), 
VirtualHost.class, Operation.UPDATE))
+        {
+            throw new AccessControlException("Setting of virtual host 
attributes is denied");
+        }
+    }
 }

Modified: 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java?rev=1462551&r1=1462550&r2=1462551&view=diff
==============================================================================
--- 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java
 (original)
+++ 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java
 Fri Mar 29 17:30:54 2013
@@ -33,7 +33,9 @@ import org.apache.qpid.server.queue.AMQQ
 import org.apache.qpid.server.security.access.ObjectProperties;
 import org.apache.qpid.server.security.access.ObjectType;
 import org.apache.qpid.server.security.access.Operation;
+import org.apache.qpid.server.security.access.OperationLoggingDetails;
 
+import static org.apache.qpid.server.security.access.ObjectType.BROKER;
 import static org.apache.qpid.server.security.access.ObjectType.EXCHANGE;
 import static org.apache.qpid.server.security.access.ObjectType.GROUP;
 import static org.apache.qpid.server.security.access.ObjectType.METHOD;
@@ -41,6 +43,7 @@ import static org.apache.qpid.server.sec
 import static org.apache.qpid.server.security.access.ObjectType.USER;
 import static org.apache.qpid.server.security.access.ObjectType.VIRTUALHOST;
 import static org.apache.qpid.server.security.access.Operation.BIND;
+import static org.apache.qpid.server.security.access.Operation.CONFIGURE;
 import static org.apache.qpid.server.security.access.Operation.CONSUME;
 import static org.apache.qpid.server.security.access.Operation.CREATE;
 import static org.apache.qpid.server.security.access.Operation.DELETE;
@@ -549,4 +552,20 @@ public class SecurityManager implements 
         }
     }
 
+    public boolean authoriseConfiguringBroker(String configuredObjectName, 
Class<? extends ConfiguredObject> configuredObjectType, Operation 
configuredObjectOperation)
+    {
+        String description = String.format("%s %s '%s'",
+                configuredObjectOperation == null? null : 
configuredObjectOperation.name().toLowerCase(),
+                configuredObjectType == null ? null : 
configuredObjectType.getSimpleName().toLowerCase(),
+                configuredObjectName);
+        final OperationLoggingDetails properties = new 
OperationLoggingDetails(description);
+        return checkAllPlugins(new AccessCheck()
+        {
+            Result allowed(AccessControl plugin)
+            {
+                return plugin.authorise(CONFIGURE, BROKER, properties);
+            }
+        });
+    }
+
 }

Modified: 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java?rev=1462551&r1=1462550&r2=1462551&view=diff
==============================================================================
--- 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java
 (original)
+++ 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java
 Fri Mar 29 17:30:54 2013
@@ -350,4 +350,9 @@ public class ObjectProperties
     {
         return _properties.toString();
     }
+
+    public boolean isEmpty()
+    {
+        return _properties.isEmpty();
+    }
 }

Modified: 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectType.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectType.java?rev=1462551&r1=1462550&r2=1462551&view=diff
==============================================================================
--- 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectType.java
 (original)
+++ 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectType.java
 Fri Mar 29 17:30:54 2013
@@ -20,6 +20,7 @@ package org.apache.qpid.server.security.
 
 import static org.apache.qpid.server.security.access.Operation.ACCESS;
 import static org.apache.qpid.server.security.access.Operation.BIND;
+import static org.apache.qpid.server.security.access.Operation.CONFIGURE;
 import static org.apache.qpid.server.security.access.Operation.CONSUME;
 import static org.apache.qpid.server.security.access.Operation.CREATE;
 import static org.apache.qpid.server.security.access.Operation.DELETE;
@@ -48,7 +49,8 @@ public enum ObjectType
     ROUTE, // Not allowed in the Java broker
     METHOD(Operation.ALL, ACCESS, UPDATE),
     USER(Operation.ALL, CREATE, DELETE, UPDATE),
-    GROUP(Operation.ALL, CREATE, DELETE, UPDATE);
+    GROUP(Operation.ALL, CREATE, DELETE, UPDATE),
+    BROKER(Operation.ALL, CONFIGURE);
 
     private EnumSet<Operation> _actions;
     

Modified: 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/Operation.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/Operation.java?rev=1462551&r1=1462550&r2=1462551&view=diff
==============================================================================
--- 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/Operation.java
 (original)
+++ 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/Operation.java
 Fri Mar 29 17:30:54 2013
@@ -32,8 +32,9 @@ public enum Operation
     UNBIND,
     DELETE,
     PURGE,
-    UPDATE;
-    
+    UPDATE,
+    CONFIGURE;
+
     public static Operation parse(String text)
     {
         for (Operation operation : values())

Added: 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/OperationLoggingDetails.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/OperationLoggingDetails.java?rev=1462551&view=auto
==============================================================================
--- 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/OperationLoggingDetails.java
 (added)
+++ 
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/OperationLoggingDetails.java
 Fri Mar 29 17:30:54 2013
@@ -0,0 +1,53 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.security.access;
+
+
+public class OperationLoggingDetails extends ObjectProperties
+{
+    private String _description;
+
+    public OperationLoggingDetails(String description)
+    {
+        super();
+        _description = description;
+    }
+
+    @Override
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder("(");
+        if (!super.isEmpty())
+        {
+            sb.append("properties=").append(super.toString());
+        }
+        if (_description != null)
+        {
+            if (sb.length() > 1)
+            {
+                sb.append(", ");
+            }
+            sb.append(_description);
+        }
+        sb.append(")");
+        return sb.toString();
+    }
+}

Modified: 
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/QpidRestTestCase.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/QpidRestTestCase.java?rev=1462551&r1=1462550&r2=1462551&view=diff
==============================================================================
--- 
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/QpidRestTestCase.java
 (original)
+++ 
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/QpidRestTestCase.java
 Fri Mar 29 17:30:54 2013
@@ -95,4 +95,10 @@ public class QpidRestTestCase extends Qp
     {
         return _restTestHelper;
     }
+
+    protected void restartBrokerInManagementMode() throws Exception
+    {
+        stopBroker();
+        startBroker(0, true);
+    }
 }

Added: 
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java?rev=1462551&view=auto
==============================================================================
--- 
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
 (added)
+++ 
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
 Fri Mar 29 17:30:54 2013
@@ -0,0 +1,455 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.systest.rest.acl;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.qpid.server.model.AuthenticationProvider;
+import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.Port;
+import org.apache.qpid.server.model.Protocol;
+import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.security.acl.AbstractACLTestCase;
+import 
org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory;
+import 
org.apache.qpid.server.security.auth.manager.PlainPasswordFileAuthenticationManagerFactory;
+import org.apache.qpid.systest.rest.QpidRestTestCase;
+import org.apache.qpid.test.utils.TestBrokerConfiguration;
+import org.apache.qpid.test.utils.TestFileUtils;
+
+public class BrokerACLTest extends QpidRestTestCase
+{
+    private static final String ALLOWED_USER = "user1";
+    private static final String DENIED_USER = "user2";
+
+    @Override
+    protected void customizeConfiguration() throws ConfigurationException, 
IOException
+    {
+        super.customizeConfiguration();
+        getRestTestHelper().configureTemporaryPasswordFile(this, ALLOWED_USER, 
DENIED_USER);
+
+        AbstractACLTestCase.writeACLFileUtil(this, null,
+                "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
+                "ACL ALLOW-LOG " + ALLOWED_USER + " CONFIGURE BROKER",
+                "ACL DENY-LOG " + DENIED_USER + " CONFIGURE BROKER",
+                "ACL DENY-LOG ALL ALL");
+
+        
getBrokerConfiguration().setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT,
+                "httpBasicAuthenticationEnabled", true);
+    }
+
+    public void testCreateAuthenticationProviderAllowed() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        String authenticationProviderName = getTestName();
+
+        int responseCode = 
createAuthenticationProvider(authenticationProviderName);
+        assertEquals("Provider creation should be allowed", 201, responseCode);
+
+        assertAuthenticationProviderExists(authenticationProviderName);
+    }
+
+    public void testCreateAuthenticationProviderDenied() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+        String authenticationProviderName = getTestName();
+
+        int responseCode = 
createAuthenticationProvider(authenticationProviderName);
+        assertEquals("Provider creation should be denied", 403, responseCode);
+
+        assertAuthenticationProviderDoesNotExist(authenticationProviderName);
+    }
+
+    public void testDeleteAuthenticationProviderAllowed() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        String providerName = getTestName();
+
+        int responseCode = createAuthenticationProvider(providerName);
+        assertEquals("Provider creation should be allowed", 201, responseCode);
+
+        assertAuthenticationProviderExists(providerName);
+
+        responseCode = 
getRestTestHelper().submitRequest("/rest/authenticationprovider/" + 
providerName, "DELETE", null);
+        assertEquals("Provider deletion should be allowed", 200, responseCode);
+
+        assertAuthenticationProviderDoesNotExist(TEST2_VIRTUALHOST);
+    }
+
+    public void testDeleteAuthenticationProviderDenied() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        String providerName = getTestName();
+
+        int responseCode = createAuthenticationProvider(providerName);
+        assertEquals("Provider creation should be allowed", 201, responseCode);
+
+        assertAuthenticationProviderExists(providerName);
+
+        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+        responseCode = 
getRestTestHelper().submitRequest("/rest/authenticationprovider/" + 
providerName, "DELETE", null);
+        assertEquals("Provider deletion should be denied", 403, responseCode);
+
+        assertAuthenticationProviderExists(providerName);
+    }
+
+    public void testSetAuthenticationProviderAttributesAllowed() throws 
Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        String providerName = 
TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER;
+
+        assertAuthenticationProviderExists(providerName);
+
+        File file = TestFileUtils.createTempFile(this, ".users", 
"guest:guest\n" + ALLOWED_USER + ":" + ALLOWED_USER + "\n"
+                + DENIED_USER + ":" + DENIED_USER);
+
+        Map<String, Object> attributes = new HashMap<String, Object>();
+        attributes.put(AuthenticationProvider.NAME, providerName);
+        attributes.put(AuthenticationProvider.TYPE, 
PlainPasswordFileAuthenticationManagerFactory.PROVIDER_TYPE);
+        
attributes.put(PlainPasswordFileAuthenticationManagerFactory.ATTRIBUTE_PATH, 
file.getAbsolutePath());
+
+        int responseCode = 
getRestTestHelper().submitRequest("/rest/authenticationprovider/" + 
providerName, "PUT", attributes);
+        assertEquals("Setting of provider attribites should be allowed", 200, 
responseCode);
+    }
+
+    public void testSetAuthenticationProviderAttributesDenied() throws 
Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        String providerName = 
TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER;
+
+        Map<String, Object> providerData = 
getRestTestHelper().getJsonAsSingletonList(
+                "/rest/authenticationprovider/" + providerName);
+
+        File file = TestFileUtils.createTempFile(this, ".users", 
"guest:guest\n" + ALLOWED_USER + ":" + ALLOWED_USER + "\n"
+                + DENIED_USER + ":" + DENIED_USER);
+
+        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+        Map<String, Object> attributes = new HashMap<String, Object>();
+        attributes.put(AuthenticationProvider.NAME, providerName);
+        attributes.put(AuthenticationProvider.TYPE, 
AnonymousAuthenticationManagerFactory.PROVIDER_TYPE);
+        
attributes.put(PlainPasswordFileAuthenticationManagerFactory.ATTRIBUTE_PATH, 
file.getAbsolutePath());
+
+        int responseCode = 
getRestTestHelper().submitRequest("/rest/authenticationprovider/" + 
providerName, "PUT", attributes);
+        assertEquals("Setting of provider attribites should be allowed", 403, 
responseCode);
+
+        Map<String, Object> provider = 
getRestTestHelper().getJsonAsSingletonList("/rest/authenticationprovider/" + 
providerName);
+        assertEquals("Unexpected PATH attribute value",
+                
providerData.get(PlainPasswordFileAuthenticationManagerFactory.ATTRIBUTE_PATH),
+                
provider.get(PlainPasswordFileAuthenticationManagerFactory.ATTRIBUTE_PATH));
+    }
+
+    public void testCreateVirtualHostAllowed() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        String hostName = getTestName();
+
+        int responseCode = createHost(hostName);
+        assertEquals("Host creation should be allowed", 201, responseCode);
+
+        assertVirtualHostExists(hostName);
+    }
+
+    public void testCreateVirtualHostDenied() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+        String hostName = getTestName();
+
+        int responseCode = createHost(hostName);
+        assertEquals("Host creation should be denied", 403, responseCode);
+
+        assertVirtualHostDoesNotExist(hostName);
+    }
+
+    public void testDeleteVirtualHostAllowed() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        assertVirtualHostExists(TEST2_VIRTUALHOST);
+
+        int responseCode = 
getRestTestHelper().submitRequest("/rest/virtualhost/" + TEST2_VIRTUALHOST, 
"DELETE", null);
+        assertEquals("Host deletion should be allowed", 200, responseCode);
+
+        assertVirtualHostDoesNotExist(TEST2_VIRTUALHOST);
+    }
+
+    public void testDeleteVirtualHostDenied() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        assertVirtualHostExists(TEST2_VIRTUALHOST);
+
+        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+        int responseCode = 
getRestTestHelper().submitRequest("/rest/virtualhost/" + TEST2_VIRTUALHOST, 
"DELETE", null);
+        assertEquals("Host deletion should be denied", 403, responseCode);
+
+        assertVirtualHostExists(TEST2_VIRTUALHOST);
+    }
+
+    public void testCreatePortAllowed() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        String portName = getTestName();
+
+        int responseCode = createPort(portName);
+        assertEquals("Port creation should be allowed", 201, responseCode);
+
+        assertPortExists(portName);
+    }
+
+    public void testCreatePortDenied() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+        String portName = getTestName();
+
+        int responseCode = createPort(portName);
+        assertEquals("Port creation should be denied", 403, responseCode);
+
+        assertPortDoesNotExist(portName);
+    }
+
+    public void testDeletePortDenied() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT;
+        assertPortExists(portName);
+
+        restartBrokerInManagementMode();
+
+        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+        int responseCode = getRestTestHelper().submitRequest("/rest/port/" + 
portName, "DELETE", null);
+        assertEquals("Port deletion should be denied", 403, responseCode);
+
+        assertPortExists(portName);
+    }
+
+    public void testDeletePortAllowed() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT;
+        assertPortExists(portName);
+
+        restartBrokerInManagementMode();
+
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        int responseCode = getRestTestHelper().submitRequest("/rest/port/" + 
portName, "DELETE", null);
+        assertEquals("Port deletion should be allowed", 200, responseCode);
+
+        assertPortDoesNotExist(portName);
+    }
+
+    public void testSetPortAttributesAllowed() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        String portName = getTestName();
+
+        int responseCode = createPort(portName);
+        assertEquals("Port creation should be allowed", 201, responseCode);
+
+        assertPortExists(portName);
+
+        restartBrokerInManagementMode();
+
+        Map<String, Object> attributes = new HashMap<String, Object>();
+        attributes.put(Port.NAME, portName);
+        attributes.put(Port.AUTHENTICATION_PROVIDER, 
ANONYMOUS_AUTHENTICATION_PROVIDER);
+        responseCode = getRestTestHelper().submitRequest("/rest/port/" + 
portName, "PUT", attributes);
+        assertEquals("Setting of port attribites should be allowed", 200, 
responseCode);
+
+        Map<String, Object> port = 
getRestTestHelper().getJsonAsSingletonList("/rest/port/" + portName);
+        assertEquals("Unexpected authentication provider attribute value", 
ANONYMOUS_AUTHENTICATION_PROVIDER,
+                port.get(Port.AUTHENTICATION_PROVIDER));
+    }
+
+    public void testSetPortAttributesDenied() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        String portName = getTestName();
+
+        int responseCode = createPort(portName);
+        assertEquals("Port creation should be allowed", 201, responseCode);
+
+        assertPortExists(portName);
+
+        restartBrokerInManagementMode();
+
+        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+
+        Map<String, Object> attributes = new HashMap<String, Object>();
+        attributes.put(Port.NAME, portName);
+        attributes.put(Port.PROTOCOLS, Arrays.asList(Protocol.AMQP_0_9));
+        attributes.put(Port.AUTHENTICATION_PROVIDER, 
ANONYMOUS_AUTHENTICATION_PROVIDER);
+        responseCode = getRestTestHelper().submitRequest("/rest/port/" + 
portName, "PUT", attributes);
+        assertEquals("Setting of port attribites should be denied", 403, 
responseCode);
+
+        Map<String, Object> port = 
getRestTestHelper().getJsonAsSingletonList("/rest/port/" + portName);
+        assertEquals("Unexpected authentication provider attribute value",
+                TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER, 
port.get(Port.AUTHENTICATION_PROVIDER));
+    }
+
+    public void testSetBrokerAttributesAllowed() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        String defaultAuthenticationProvider = 
TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER;
+        Map<String, Object> brokerAttributes = 
getRestTestHelper().getJsonAsSingletonList("/rest/broker");
+        assertEquals("Unexpected authentication provider", 
defaultAuthenticationProvider,
+                brokerAttributes.get(Broker.DEFAULT_AUTHENTICATION_PROVIDER));
+        restartBrokerInManagementMode();
+
+        Map<String, Object> newAttributes = new HashMap<String, Object>();
+        newAttributes.put(Broker.DEFAULT_AUTHENTICATION_PROVIDER, 
ANONYMOUS_AUTHENTICATION_PROVIDER);
+        int responseCode = getRestTestHelper().submitRequest("/rest/broker", 
"PUT", newAttributes);
+        assertEquals("Setting of port attribites should be allowed", 200, 
responseCode);
+
+        brokerAttributes = 
getRestTestHelper().getJsonAsSingletonList("/rest/broker");
+        assertEquals("Unexpected default authentication provider attribute 
value", ANONYMOUS_AUTHENTICATION_PROVIDER,
+                brokerAttributes.get(Broker.DEFAULT_AUTHENTICATION_PROVIDER));
+    }
+
+    public void testSetBrokerAttributesDenied() throws Exception
+    {
+        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+
+        String defaultAuthenticationProvider = 
TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER;
+
+        Map<String, Object> brokerAttributes = 
getRestTestHelper().getJsonAsSingletonList("/rest/broker");
+        assertEquals("Unexpected authentication provider", 
defaultAuthenticationProvider,
+                brokerAttributes.get(Broker.DEFAULT_AUTHENTICATION_PROVIDER));
+        restartBrokerInManagementMode();
+
+        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
+        Map<String, Object> newAttributes = new HashMap<String, Object>();
+        newAttributes.put(Broker.DEFAULT_AUTHENTICATION_PROVIDER, 
ANONYMOUS_AUTHENTICATION_PROVIDER);
+        int responseCode = getRestTestHelper().submitRequest("/rest/broker", 
"PUT", newAttributes);
+        assertEquals("Setting of port attribites should be allowed", 403, 
responseCode);
+
+        brokerAttributes = 
getRestTestHelper().getJsonAsSingletonList("/rest/broker");
+        assertEquals("Unexpected default authentication provider attribute 
value", defaultAuthenticationProvider,
+                brokerAttributes.get(Broker.DEFAULT_AUTHENTICATION_PROVIDER));
+    }
+
+    private int createPort(String portName) throws Exception
+    {
+        Map<String, Object> attributes = new HashMap<String, Object>();
+        attributes.put(Port.NAME, portName);
+        attributes.put(Port.PORT, findFreePort());
+        attributes.put(Port.AUTHENTICATION_PROVIDER, 
TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER);
+
+        return getRestTestHelper().submitRequest("/rest/port/" + portName, 
"PUT", attributes);
+    }
+
+    private void assertPortExists(String portName) throws Exception
+    {
+        assertPortExistence(portName, true);
+    }
+
+    private void assertPortDoesNotExist(String portName) throws Exception
+    {
+        assertPortExistence(portName, false);
+    }
+
+    private void assertPortExistence(String portName, boolean exists) throws 
Exception
+    {
+        List<Map<String, Object>> hosts = 
getRestTestHelper().getJsonAsList("/rest/port/" + portName);
+        assertEquals("Unexpected result", exists, !hosts.isEmpty());
+    }
+
+    private int createHost(String hostName) throws Exception
+    {
+        Map<String, Object> hostData = new HashMap<String, Object>();
+        hostData.put(VirtualHost.NAME, hostName);
+        hostData.put(VirtualHost.STORE_PATH, getStoreLocation(hostName));
+        hostData.put(VirtualHost.STORE_TYPE, getTestProfileMessageStoreType());
+
+        return getRestTestHelper().submitRequest("/rest/virtualhost/" + 
hostName, "PUT", hostData);
+    }
+
+    private void assertVirtualHostDoesNotExist(String hostName) throws 
Exception
+    {
+        assertVirtualHostExistence(hostName, false);
+    }
+
+    private void assertVirtualHostExists(String hostName) throws Exception
+    {
+        assertVirtualHostExistence(hostName, true);
+    }
+
+    private void assertVirtualHostExistence(String hostName, boolean exists) 
throws Exception
+    {
+        List<Map<String, Object>> hosts = 
getRestTestHelper().getJsonAsList("/rest/virtualhost/" + hostName);
+        assertEquals("Unexpected result", exists, !hosts.isEmpty());
+    }
+
+    private String getStoreLocation(String hostName)
+    {
+        return new File(TMP_FOLDER, "store-" + hostName + "-" + 
System.currentTimeMillis()).getAbsolutePath();
+    }
+
+    private int createAuthenticationProvider(String 
authenticationProviderName) throws Exception
+    {
+        Map<String, Object> attributes = new HashMap<String, Object>();
+        attributes.put(AuthenticationProvider.NAME, 
authenticationProviderName);
+        attributes.put(AuthenticationProvider.TYPE, 
AnonymousAuthenticationManagerFactory.PROVIDER_TYPE);
+
+        return 
getRestTestHelper().submitRequest("/rest/authenticationprovider/" + 
authenticationProviderName, "PUT", attributes);
+    }
+
+    private void assertAuthenticationProviderDoesNotExist(String 
authenticationProviderName) throws Exception
+    {
+        assertAuthenticationProviderExistence(authenticationProviderName, 
false);
+    }
+
+    private void assertAuthenticationProviderExists(String 
authenticationProviderName) throws Exception
+    {
+        assertAuthenticationProviderExistence(authenticationProviderName, 
true);
+    }
+
+    private void assertAuthenticationProviderExistence(String 
authenticationProviderName, boolean exists) throws Exception
+    {
+        String path = "/rest/authenticationprovider/" + 
authenticationProviderName;
+        List<Map<String, Object>> providers = 
getRestTestHelper().getJsonAsList(path);
+        assertEquals("Unexpected result", exists, !providers.isEmpty());
+    }
+
+}



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to