Author: rgodfrey
Date: Sat Mar 8 10:28:33 2014
New Revision: 1575506
URL: http://svn.apache.org/r1575506
Log:
QPID-5611 : Ensure the appropriate principals are available at the time of all
event logging
Modified:
qpid/trunk/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/store/berkeleydb/BDBHAMessageStore.java
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/Broker.java
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHostMessages.java
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHost_logmessages.properties
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueConsumerImpl.java
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueRunner.java
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/SubFlushRunner.java
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/HouseKeepingTask.java
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/KeyStoreRecovererTest.java
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/TrustStoreRecovererTest.java
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/logging/messages/VirtualHostMessagesTest.java
qpid/trunk/qpid/java/broker-core/src/velocity/templates/org/apache/qpid/server/logging/messages/LogMessages.vm
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/MBeanInvocationHandlerImpl.java
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/ManagementLogonLogoffReporter.java
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/UsernameAccessor.java
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/UsernameCachingRMIJRMPServer.java
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/test/java/org/apache/qpid/server/jmx/ManagementLogonLogoffReporterTest.java
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/InternalBrokerHolder.java
Modified:
qpid/trunk/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/store/berkeleydb/BDBHAMessageStore.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/store/berkeleydb/BDBHAMessageStore.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/store/berkeleydb/BDBHAMessageStore.java
(original)
+++
qpid/trunk/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/store/berkeleydb/BDBHAMessageStore.java
Sat Mar 8 10:28:33 2014
@@ -619,12 +619,10 @@ public class BDBHAMessageStore extends A
{
final String originalThreadName =
Thread.currentThread().getName();
Thread.currentThread().setName(threadName);
- Subject subject = new Subject(false,
SecurityManager.SYSTEM.getPrincipals(),
- Collections.emptySet(),
Collections.emptySet());
- subject.getPrincipals().add(new TaskPrincipal("BDB HA
State Change"));
+
try
{
- Subject.doAs(subject, new PrivilegedAction<Object>()
+ Subject.doAs(SecurityManager.getSystemTaskSubject("BDB
HA State Change"), new PrivilegedAction<Object>()
{
@Override
public Object run()
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/Broker.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/Broker.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/Broker.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/Broker.java
Sat Mar 8 10:28:33 2014
@@ -86,12 +86,9 @@ public class Broker
public void startup(final BrokerOptions options) throws Exception
{
- Subject subject = SecurityManager.SYSTEM;
- subject = new Subject(false, subject.getPrincipals(),
subject.getPublicCredentials(), subject.getPrivateCredentials());
- subject.getPrincipals().add(new TaskPrincipal("Broker"));
_eventLogger = new EventLogger(new SystemOutMessageLogger());
- Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
+ Subject.doAs(SecurityManager.getSystemTaskSubject("Broker"), new
PrivilegedExceptionAction<Object>()
{
@Override
public Object run() throws Exception
@@ -282,11 +279,7 @@ public class Broker
{
public void run()
{
-
- Subject subject = SecurityManager.SYSTEM;
- subject = new Subject(false, subject.getPrincipals(),
subject.getPublicCredentials(), subject.getPrivateCredentials());
- subject.getPrincipals().add(new TaskPrincipal("Shutdown"));
- Subject.doAs(subject, new PrivilegedAction<Object>()
+ Subject.doAs(SecurityManager.getSystemTaskSubject("Shutdown"), new
PrivilegedAction<Object>()
{
@Override
public Object run()
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHostMessages.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHostMessages.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHostMessages.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHostMessages.java
Sat Mar 8 10:28:33 2014
@@ -64,16 +64,21 @@ public class VirtualHostMessages
/**
* Log a VirtualHost message of the Format:
- * <pre>VHT-1002 : Closed</pre>
+ * <pre>VHT-1002 : Closed : {0}</pre>
* Optional values are contained in [square brackets] and are numbered
* sequentially in the method call.
*
*/
- public static LogMessage CLOSED()
+ public static LogMessage CLOSED(String param1)
{
String rawMessage = _messages.getString("CLOSED");
- final String message = rawMessage;
+ final Object[] messageArguments = {param1};
+ // Create a new MessageFormat to ensure thread safety.
+ // Sharing a MessageFormat and using applyPattern is not thread safe
+ MessageFormat formatter = new MessageFormat(rawMessage,
_currentLocale);
+
+ final String message = formatter.format(messageArguments);
return new LogMessage()
{
@@ -187,16 +192,21 @@ public class VirtualHostMessages
/**
* Log a VirtualHost message of the Format:
- * <pre>VHT-1005 : Unexpected fatal error</pre>
+ * <pre>VHT-1005 : {0} Unexpected fatal error</pre>
* Optional values are contained in [square brackets] and are numbered
* sequentially in the method call.
*
*/
- public static LogMessage ERRORED()
+ public static LogMessage ERRORED(String param1)
{
String rawMessage = _messages.getString("ERRORED");
- final String message = rawMessage;
+ final Object[] messageArguments = {param1};
+ // Create a new MessageFormat to ensure thread safety.
+ // Sharing a MessageFormat and using applyPattern is not thread safe
+ MessageFormat formatter = new MessageFormat(rawMessage,
_currentLocale);
+
+ final String message = formatter.format(messageArguments);
return new LogMessage()
{
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHost_logmessages.properties
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHost_logmessages.properties?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHost_logmessages.properties
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHost_logmessages.properties
Sat Mar 8 10:28:33 2014
@@ -20,9 +20,9 @@
#
# 0 - name
CREATED = VHT-1001 : Created : {0}
-CLOSED = VHT-1002 : Closed
+CLOSED = VHT-1002 : Closed : {0}
STATS_DATA = VHT-1003 : {0} : {1,choice,0#delivered|1#received} :
{2,number,#.###} kB/s peak : {3,number,#} bytes total
STATS_MSGS = VHT-1004 : {0} : {1,choice,0#delivered|1#received} :
{2,number,#.###} msg/s peak : {3,number,#} msgs total
-ERRORED = VHT-1005 : Unexpected fatal error
\ No newline at end of file
+ERRORED = VHT-1005 : {0} Unexpected fatal error
\ No newline at end of file
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
Sat Mar 8 10:28:33 2014
@@ -41,7 +41,6 @@ import org.apache.qpid.server.configurat
import org.apache.qpid.server.configuration.updater.TaskExecutor;
import org.apache.qpid.server.logging.EventLogger;
import org.apache.qpid.server.logging.LogRecorder;
-import org.apache.qpid.server.logging.MessageLogger;
import org.apache.qpid.server.logging.messages.BrokerMessages;
import org.apache.qpid.server.model.*;
import org.apache.qpid.server.plugin.PreferencesProviderFactory;
@@ -477,7 +476,7 @@ public class BrokerAdapter<X extends Bro
// permission has already been granted to create the virtual host
// disable further access check on other operations, e.g. create
exchange
- Subject.doAs(SecurityManager.SYSTEM, new PrivilegedAction<Object>()
+ Subject.doAs(SecurityManager.getSubjectWithAddedSystemRights(), new
PrivilegedAction<Object>()
{
@Override
public Object run()
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java
Sat Mar 8 10:28:33 2014
@@ -22,6 +22,7 @@ import java.lang.reflect.Type;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Principal;
+import java.security.PrivilegedAction;
import java.util.*;
import java.util.concurrent.ConcurrentSkipListSet;
import java.util.concurrent.CopyOnWriteArrayList;
@@ -55,6 +56,8 @@ import org.apache.qpid.server.message.Se
import org.apache.qpid.server.protocol.AMQSessionModel;
import org.apache.qpid.server.consumer.Consumer;
import org.apache.qpid.server.consumer.ConsumerTarget;
+import org.apache.qpid.server.security.*;
+import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
import org.apache.qpid.server.store.DurableConfigurationStoreHelper;
import org.apache.qpid.server.store.StorableMessageMetaData;
@@ -985,60 +988,72 @@ public abstract class AbstractQueue
_totalMessagesReceived.incrementAndGet();
- QueueEntry entry;
+
final QueueConsumer<?> exclusiveSub = _exclusiveSubscriber;
- entry = _entries.add(message);
+ final QueueEntry entry = _entries.add(message);
if(action != null || (exclusiveSub == null && _queueRunner.isIdle()))
{
/*
-
- iterate over consumers and if any is at the end of the queue and
can deliver this message, then deliver the message
-
+ * iterate over consumers and if any is at the end of the queue
and can deliver this message,
+ * then deliver the message
*/
- QueueConsumerList.ConsumerNode node =
_consumerList.getMarkedNode();
- QueueConsumerList.ConsumerNode nextNode = node.findNext();
- if (nextNode == null)
- {
- nextNode = _consumerList.getHead().findNext();
- }
- while (nextNode != null)
- {
- if (_consumerList.updateMarkedNode(node, nextNode))
- {
- break;
- }
- else
- {
- node = _consumerList.getMarkedNode();
- nextNode = node.findNext();
- if (nextNode == null)
- {
- nextNode = _consumerList.getHead().findNext();
- }
- }
- }
-
- // always do one extra loop after we believe we've finished
- // this catches the case where we *just* miss an update
- int loops = 2;
-
- while (entry.isAvailable() && loops != 0)
- {
- if (nextNode == null)
- {
- loops--;
- nextNode = _consumerList.getHead();
- }
- else
- {
- // if consumer at end, and active, offer
- QueueConsumer<?> sub = nextNode.getConsumer();
- deliverToConsumer(sub, entry);
- }
- nextNode = nextNode.findNext();
- }
+ Subject.doAs(SecurityManager.getSystemTaskSubject("Immediate
Delivery"),
+ new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+
+ QueueConsumerList.ConsumerNode node =
_consumerList.getMarkedNode();
+ QueueConsumerList.ConsumerNode nextNode =
node.findNext();
+ if (nextNode == null)
+ {
+ nextNode =
_consumerList.getHead().findNext();
+ }
+ while (nextNode != null)
+ {
+ if (_consumerList.updateMarkedNode(node,
nextNode))
+ {
+ break;
+ }
+ else
+ {
+ node = _consumerList.getMarkedNode();
+ nextNode = node.findNext();
+ if (nextNode == null)
+ {
+ nextNode =
_consumerList.getHead().findNext();
+ }
+ }
+ }
+ // always do one extra loop after we believe
we've finished
+ // this catches the case where we *just* miss
an update
+ int loops = 2;
+
+ while (entry.isAvailable() && loops != 0)
+ {
+ if (nextNode == null)
+ {
+ loops--;
+ nextNode = _consumerList.getHead();
+ }
+ else
+ {
+ // if consumer at end, and active,
offer
+ final QueueConsumer<?> sub =
nextNode.getConsumer();
+ deliverToConsumer(sub, entry);
+
+
+ }
+ nextNode = nextNode.findNext();
+
+ }
+
+ return null;
+ }
+ });
}
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueConsumerImpl.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueConsumerImpl.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueConsumerImpl.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueConsumerImpl.java
Sat Mar 8 10:28:33 2014
@@ -92,7 +92,7 @@ class QueueConsumerImpl
{
public void stateChanged(QueueConsumerImpl sub, State oldState, State
newState)
{
-
_eventLogger.message(SubscriptionMessages.STATE(newState.toString()));
+ _eventLogger.message(QueueConsumerImpl.this,
SubscriptionMessages.STATE(newState.toString()));
}
};
@ManagedAttributeField
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueRunner.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueRunner.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueRunner.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueRunner.java
Sat Mar 8 10:28:33 2014
@@ -28,6 +28,8 @@ import java.util.concurrent.atomic.Atomi
import java.util.concurrent.atomic.AtomicLong;
import org.apache.log4j.Logger;
+import org.apache.qpid.server.security.*;
+import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.auth.TaskPrincipal;
import org.apache.qpid.server.util.ConnectionScopedRuntimeException;
import org.apache.qpid.transport.TransportException;
@@ -66,10 +68,7 @@ public class QueueRunner implements Runn
{
if(_scheduled.compareAndSet(SCHEDULED,RUNNING))
{
- Subject subject = new Subject(false,
org.apache.qpid.server.security.SecurityManager.SYSTEM.getPrincipals(),
Collections
- .emptySet(), Collections.emptySet());
- subject.getPrincipals().add(new TaskPrincipal("Queue Delivery"));
- Subject.doAs(subject, new PrivilegedAction<Object>()
+ Subject.doAs(SecurityManager.getSystemTaskSubject("Queue
Delivery"), new PrivilegedAction<Object>()
{
@Override
public Object run()
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/SubFlushRunner.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/SubFlushRunner.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/SubFlushRunner.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/SubFlushRunner.java
Sat Mar 8 10:28:33 2014
@@ -62,9 +62,7 @@ class SubFlushRunner implements Runnable
{
if(_scheduled.compareAndSet(SCHEDULED, RUNNING))
{
- Subject subject = new Subject(false,
SecurityManager.SYSTEM.getPrincipals(), Collections.emptySet(),
Collections.emptySet());
- subject.getPrincipals().add(new TaskPrincipal("Sub. Delivery"));
- Subject.doAs(subject, new PrivilegedAction<Object>()
+ Subject.doAs(SecurityManager.getSystemTaskSubject("Sub.
Delivery"), new PrivilegedAction<Object>()
{
@Override
public Object run()
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
Sat Mar 8 10:28:33 2014
@@ -151,10 +151,7 @@ public class ApplicationRegistry impleme
{
_reset = reset;
_logger = logger;
- _subject = new Subject(false,
SecurityManager.SYSTEM.getPrincipals(), Collections.emptySet(),
Collections.emptySet());
- _subject.getPrincipals().add(new TaskPrincipal("Statistics"));
- _subject.setReadOnly();
-
+ _subject = SecurityManager.getSystemTaskSubject("Statistics");
}
public void run()
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
Sat Mar 8 10:28:33 2014
@@ -34,6 +34,7 @@ import org.apache.qpid.server.security.a
import org.apache.qpid.server.security.access.ObjectType;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.security.access.OperationLoggingDetails;
+import org.apache.qpid.server.security.auth.TaskPrincipal;
import javax.security.auth.Subject;
@@ -69,7 +70,7 @@ public class SecurityManager implements
{
private static final Logger _logger =
Logger.getLogger(SecurityManager.class);
- public static final Subject SYSTEM = new Subject(true,
+ private static final Subject SYSTEM = new Subject(true,
Collections.singleton(new
SystemPrincipal()),
Collections.emptySet(),
Collections.emptySet());
@@ -107,6 +108,31 @@ public class SecurityManager implements
}
}
+ public static Subject getSubjectWithAddedSystemRights()
+ {
+ Subject subject = Subject.getSubject(AccessController.getContext());
+ if(subject == null)
+ {
+ subject = new Subject();
+ }
+ else
+ {
+ subject = new Subject(false, subject.getPrincipals(),
subject.getPublicCredentials(), subject.getPrivateCredentials());
+ }
+ subject.getPrincipals().addAll(SYSTEM.getPrincipals());
+ subject.setReadOnly();
+ return subject;
+ }
+
+
+ public static Subject getSystemTaskSubject(String taskName)
+ {
+ Subject subject = new Subject(false, SYSTEM.getPrincipals(),
SYSTEM.getPublicCredentials(), SYSTEM.getPrivateCredentials());
+ subject.getPrincipals().add(new TaskPrincipal(taskName));
+ subject.setReadOnly();
+ return subject;
+ }
+
private void configureVirtualHostAclPlugin(String aclFile, String
vhostName)
{
if(aclFile != null)
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
Sat Mar 8 10:28:33 2014
@@ -714,7 +714,7 @@ public abstract class AbstractVirtualHos
_state = State.STOPPED;
- _eventLogger.message(VirtualHostMessages.CLOSED());
+ _eventLogger.message(VirtualHostMessages.CLOSED(getName()));
}
protected void closeStorage()
@@ -921,7 +921,7 @@ public abstract class AbstractVirtualHos
{
if (state == State.ERRORED)
{
- _eventLogger.message(VirtualHostMessages.ERRORED());
+ _eventLogger.message(VirtualHostMessages.ERRORED(getName()));
}
}
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/HouseKeepingTask.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/HouseKeepingTask.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/HouseKeepingTask.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/HouseKeepingTask.java
Sat Mar 8 10:28:33 2014
@@ -22,6 +22,8 @@ package org.apache.qpid.server.virtualho
import org.apache.log4j.Logger;
+import org.apache.qpid.server.security.*;
+import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.auth.TaskPrincipal;
import javax.security.auth.Subject;
@@ -42,11 +44,7 @@ public abstract class HouseKeepingTask i
{
_virtualHost = vhost;
_name = _virtualHost.getName() + ":" + this.getClass().getSimpleName();
- _subject = new Subject(false,
org.apache.qpid.server.security.SecurityManager.SYSTEM.getPrincipals(),
Collections
- .emptySet(), Collections.emptySet());
- _subject.getPrincipals().add(new TaskPrincipal(_name));
- _subject.setReadOnly();
-
+ _subject = SecurityManager.getSystemTaskSubject(_name);
}
final public void run()
Modified:
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/KeyStoreRecovererTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/KeyStoreRecovererTest.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/KeyStoreRecovererTest.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/KeyStoreRecovererTest.java
Sat Mar 8 10:28:33 2014
@@ -63,7 +63,7 @@ public class KeyStoreRecovererTest exten
assertEquals(id, keyStore.getId());
//verify we can retrieve the actual password using the method
- Subject.doAs(SecurityManager.SYSTEM, new PrivilegedAction<Object>()
+ Subject.doAs(SecurityManager.getSubjectWithAddedSystemRights(), new
PrivilegedAction<Object>()
{
@Override
public Object run()
Modified:
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/TrustStoreRecovererTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/TrustStoreRecovererTest.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/TrustStoreRecovererTest.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/TrustStoreRecovererTest.java
Sat Mar 8 10:28:33 2014
@@ -59,7 +59,7 @@ public class TrustStoreRecovererTest ext
assertNotNull("Trust store configured object is not created",
trustStore);
assertEquals(id, trustStore.getId());
- Subject.doAs(SecurityManager.SYSTEM, new PrivilegedAction<Object>()
+ Subject.doAs(SecurityManager.getSubjectWithAddedSystemRights(), new
PrivilegedAction<Object>()
{
@Override
public Object run()
Modified:
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/logging/messages/VirtualHostMessagesTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/logging/messages/VirtualHostMessagesTest.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/logging/messages/VirtualHostMessagesTest.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/logging/messages/VirtualHostMessagesTest.java
Sat Mar 8 10:28:33 2014
@@ -40,10 +40,11 @@ public class VirtualHostMessagesTest ext
public void testVirtualhostClosed()
{
- _logMessage = VirtualHostMessages.CLOSED();
+ String name = "test";
+ _logMessage = VirtualHostMessages.CLOSED(name);
List<Object> log = performLog();
- String[] expected = {"Closed"};
+ String[] expected = {"Closed :", name};
validateLogMessage(log, "VHT-1002", expected);
}
Modified:
qpid/trunk/qpid/java/broker-core/src/velocity/templates/org/apache/qpid/server/logging/messages/LogMessages.vm
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/velocity/templates/org/apache/qpid/server/logging/messages/LogMessages.vm?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/velocity/templates/org/apache/qpid/server/logging/messages/LogMessages.vm
(original)
+++
qpid/trunk/qpid/java/broker-core/src/velocity/templates/org/apache/qpid/server/logging/messages/LogMessages.vm
Sat Mar 8 10:28:33 2014
@@ -20,7 +20,7 @@
*/
package ${package};
-import static
org.apache.qpid.server.logging.AbstractRootMessageLogger.DEFAULT_LOG_HIERARCHY_PREFIX;
+import static
org.apache.qpid.server.logging.AbstractMessageLogger.DEFAULT_LOG_HIERARCHY_PREFIX;
import org.apache.log4j.Logger;
import org.apache.qpid.server.configuration.BrokerProperties;
Modified:
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/MBeanInvocationHandlerImpl.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/MBeanInvocationHandlerImpl.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/MBeanInvocationHandlerImpl.java
(original)
+++
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/MBeanInvocationHandlerImpl.java
Sat Mar 8 10:28:33 2014
@@ -222,11 +222,7 @@ public class MBeanInvocationHandlerImpl
{
try
{
- Subject subject =
Subject.getSubject(AccessController.getContext());
- subject = new Subject(false, subject.getPrincipals(),
subject.getPublicCredentials(), subject.getPrivateCredentials());
-
subject.getPrincipals().addAll(SecurityManager.SYSTEM.getPrincipals());
-
- return Subject.doAs(subject, new
PrivilegedExceptionAction<Object>()
+ return
Subject.doAs(SecurityManager.getSubjectWithAddedSystemRights(), new
PrivilegedExceptionAction<Object>()
{
@Override
public Object run() throws IllegalAccessException,
InvocationTargetException
Modified:
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/ManagementLogonLogoffReporter.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/ManagementLogonLogoffReporter.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/ManagementLogonLogoffReporter.java
(original)
+++
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/ManagementLogonLogoffReporter.java
Sat Mar 8 10:28:33 2014
@@ -38,7 +38,6 @@ import org.apache.qpid.server.security.a
import java.rmi.server.RemoteServer;
import java.rmi.server.ServerNotActiveException;
import java.security.PrivilegedAction;
-import java.util.Collections;
public class ManagementLogonLogoffReporter implements NotificationListener,
NotificationFilter
{
@@ -63,31 +62,45 @@ public class ManagementLogonLogoffReport
LOGGER.debug("Notification connectionId : " + connectionId + "
type : " + type);
}
- String user =
_usernameAccessor.getUsernameForConnectionId(connectionId);
+ Subject subject =
_usernameAccessor.getSubjectConnectionId(connectionId);
+ if(subject == null)
+ {
+ subject = new Subject();
+ }
+ AuthenticatedPrincipal authenticatedPrincipal =
+
AuthenticatedPrincipal.getOptionalAuthenticatedPrincipalFromSubject(subject);
- // If user is still null, fallback to an unordered list of Principals
from the connection id.
- if (user == null)
+ String user;
+
+ if(authenticatedPrincipal != null)
{
+ user = authenticatedPrincipal.getName();
+ }
+ else
+ {
+ // If user is still null, fallback to an unordered list of
Principals from the connection id.
final String[] splitConnectionId = connectionId.split(" ");
user = splitConnectionId[1];
}
- Subject originalSubject = new Subject(false, Collections.singleton(new
AuthenticatedPrincipal(user)), Collections.emptySet(), Collections.emptySet());
- Subject subject;
- try
- {
- String clientHost = RemoteServer.getClientHost();
- subject = new Subject(false,
- originalSubject.getPrincipals(),
- originalSubject.getPublicCredentials(),
- originalSubject.getPrivateCredentials());
- subject.getPrincipals().add(new
JMXConnectionPrincipal(clientHost));
- subject.setReadOnly();
- }
- catch(ServerNotActiveException e)
+
+ if(subject.getPrincipals(JMXConnectionPrincipal.class).isEmpty())
{
- subject = originalSubject;
+ try
+ {
+ String clientHost = RemoteServer.getClientHost();
+ subject = new Subject(false,
+ subject.getPrincipals(),
+ subject.getPublicCredentials(),
+ subject.getPrivateCredentials());
+ subject.getPrincipals().add(new
JMXConnectionPrincipal(clientHost));
+ subject.setReadOnly();
+ }
+ catch(ServerNotActiveException e)
+ {
+ }
}
+
final String username = user;
Subject.doAs(subject, new PrivilegedAction<Object>()
{
Modified:
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/UsernameAccessor.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/UsernameAccessor.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/UsernameAccessor.java
(original)
+++
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/UsernameAccessor.java
Sat Mar 8 10:28:33 2014
@@ -19,8 +19,10 @@
*/
package org.apache.qpid.server.jmx;
+import javax.security.auth.Subject;
+
public interface UsernameAccessor
{
- public String getUsernameForConnectionId(String connectionId);
+ public Subject getSubjectConnectionId(String connectionId);
}
Modified:
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/UsernameCachingRMIJRMPServer.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/UsernameCachingRMIJRMPServer.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/UsernameCachingRMIJRMPServer.java
(original)
+++
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/UsernameCachingRMIJRMPServer.java
Sat Mar 8 10:28:33 2014
@@ -37,11 +37,9 @@ import javax.management.remote.rmi.RMICo
import javax.management.remote.rmi.RMIJRMPServerImpl;
import javax.security.auth.Subject;
-import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
-
/**
* An implementation of RMIJRMPServerImpl that caches the usernames of users
as they log-on
- * and makes the same available via {@link
UsernameAccessor#getUsernameForConnectionId(String)}.
+ * and makes the same available via {@link
UsernameAccessor#getSubjectConnectionId(String)}.
*
* Caller is responsible for installing this object as a {@link
NotificationListener} of the
* {@link JMXConnectorServer} so the cache entries are removed as the clients
disconnect.
@@ -50,7 +48,7 @@ import org.apache.qpid.server.security.a
public class UsernameCachingRMIJRMPServer extends RMIJRMPServerImpl implements
NotificationListener, NotificationFilter, UsernameAccessor
{
// ConnectionId is guaranteed to be unique per client connection,
according to the JMX spec.
- private final Map<String, String> _connectionIdUsernameMap = new
ConcurrentHashMap<String, String>();
+ private final Map<String, Subject> _connectionIdUsernameMap = new
ConcurrentHashMap<String, Subject>();
UsernameCachingRMIJRMPServer(int port, RMIClientSocketFactory csf,
RMIServerSocketFactory ssf,
Map<String, ?> env) throws IOException
@@ -62,13 +60,12 @@ public class UsernameCachingRMIJRMPServe
protected RMIConnection makeClient(String connectionId, Subject subject)
throws IOException
{
final RMIConnection makeClient = super.makeClient(connectionId,
subject);
- final AuthenticatedPrincipal authenticatedPrincipalFromSubject =
AuthenticatedPrincipal.getAuthenticatedPrincipalFromSubject(subject);
- _connectionIdUsernameMap.put(connectionId,
authenticatedPrincipalFromSubject.getName());
+ _connectionIdUsernameMap.put(connectionId, subject);
return makeClient;
}
@Override
- public String getUsernameForConnectionId(String connectionId)
+ public Subject getSubjectConnectionId(String connectionId)
{
return _connectionIdUsernameMap.get(connectionId);
}
Modified:
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/test/java/org/apache/qpid/server/jmx/ManagementLogonLogoffReporterTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-jmx/src/test/java/org/apache/qpid/server/jmx/ManagementLogonLogoffReporterTest.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/test/java/org/apache/qpid/server/jmx/ManagementLogonLogoffReporterTest.java
(original)
+++
qpid/trunk/qpid/java/broker-plugins/management-jmx/src/test/java/org/apache/qpid/server/jmx/ManagementLogonLogoffReporterTest.java
Sat Mar 8 10:28:33 2014
@@ -31,18 +31,22 @@ import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyString;
import javax.management.remote.JMXConnectionNotification;
+import javax.security.auth.Subject;
import org.apache.qpid.server.logging.EventLogger;
import org.apache.qpid.server.logging.LogMessage;
import org.apache.qpid.server.logging.MessageLogger;
import junit.framework.TestCase;
+import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
import org.mockito.ArgumentMatcher;
+import java.util.Collections;
+
public class ManagementLogonLogoffReporterTest extends TestCase
{
private static final String TEST_JMX_UNIQUE_CONNECTION_ID =
"jmxconnectionid1 jmxuser,group";
- private static final String TEST_USER = "jmxuser";
+ private static final Subject TEST_USER = new Subject(false,
Collections.singleton(new AuthenticatedPrincipal("jmxuser")),
Collections.emptySet(), Collections.emptySet());
private ManagementLogonLogoffReporter _reporter;
private UsernameAccessor _usernameAccessor;
@@ -62,7 +66,7 @@ public class ManagementLogonLogoffReport
public void testOpenedNotification()
{
-
when(_usernameAccessor.getUsernameForConnectionId(TEST_JMX_UNIQUE_CONNECTION_ID)).thenReturn(TEST_USER);
+
when(_usernameAccessor.getSubjectConnectionId(TEST_JMX_UNIQUE_CONNECTION_ID)).thenReturn(TEST_USER);
JMXConnectionNotification openNotification =
createMockNotification(TEST_JMX_UNIQUE_CONNECTION_ID, OPENED);
_reporter.handleNotification(openNotification, null);
@@ -86,7 +90,7 @@ public class ManagementLogonLogoffReport
public void testClosedNotification()
{
-
when(_usernameAccessor.getUsernameForConnectionId(TEST_JMX_UNIQUE_CONNECTION_ID)).thenReturn(TEST_USER);
+
when(_usernameAccessor.getSubjectConnectionId(TEST_JMX_UNIQUE_CONNECTION_ID)).thenReturn(TEST_USER);
JMXConnectionNotification closeNotification =
createMockNotification(TEST_JMX_UNIQUE_CONNECTION_ID, CLOSED);
_reporter.handleNotification(closeNotification, null);
Modified:
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/InternalBrokerHolder.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/InternalBrokerHolder.java?rev=1575506&r1=1575505&r2=1575506&view=diff
==============================================================================
---
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/InternalBrokerHolder.java
(original)
+++
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/InternalBrokerHolder.java
Sat Mar 8 10:28:33 2014
@@ -27,6 +27,7 @@ import org.apache.log4j.Logger;
import org.apache.qpid.server.Broker;
import org.apache.qpid.server.security.auth.TaskPrincipal;
+import org.apache.qpid.server.security.SecurityManager;
import javax.security.auth.Subject;
@@ -61,11 +62,7 @@ public class InternalBrokerHolder implem
{
LOGGER.info("Shutting down Broker instance");
- Subject subject =
org.apache.qpid.server.security.SecurityManager.SYSTEM;
- subject = new Subject(false, subject.getPrincipals(),
subject.getPublicCredentials(), subject.getPrivateCredentials());
- subject.getPrincipals().add(new TaskPrincipal("Shutdown"));
-
- Subject.doAs(subject, new PrivilegedAction<Object>()
+ Subject.doAs(SecurityManager.getSystemTaskSubject("Shutdown"), new
PrivilegedAction<Object>()
{
@Override
public Object run()
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
