diff options
| author | Alex Rudyy <orudyy@apache.org> | 2013-01-21 18:22:06 +0000 |
|---|---|---|
| committer | Alex Rudyy <orudyy@apache.org> | 2013-01-21 18:22:06 +0000 |
| commit | fdd5fe40740adb4a9c829b635c15d4d9a0be4d0c (patch) | |
| tree | a8d88aea79cbc8124f2beabae65d32f7d2df198f | |
| parent | 372fcb0af6d6a78c5b1e1591478634e4bbde2754 (diff) | |
| download | qpid-python-fdd5fe40740adb4a9c829b635c15d4d9a0be4d0c.tar.gz | |
QPID-4390: Add groupFile attribute to broker to allow configuring of FileGroupProvider directly via broker attributes
git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/java-broker-config-qpid-4390@1436533 13f79535-47bb-0310-9956-ffa450edef68
8 files changed, 80 insertions, 49 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/store/XMLConfigurationEntryStore.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/store/XMLConfigurationEntryStore.java index aac469c571..022d3c7730 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/store/XMLConfigurationEntryStore.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/store/XMLConfigurationEntryStore.java @@ -129,6 +129,13 @@ public class XMLConfigurationEntryStore implements ConfigurationEntryStore brokerAttributes.put(Broker.STATISTICS_REPORTING_PERIOD, _serverConfiguration.getStatisticsReportingPeriod()); brokerAttributes.put(Broker.STATISTICS_REPORTING_RESET_ENABLED, _serverConfiguration.isStatisticsReportResetEnabled()); + Configuration fileGroupManagerConfig = _serverConfiguration.getConfig().subset("security.file-group-manager"); + if(fileGroupManagerConfig != null && !fileGroupManagerConfig.isEmpty()) + { + String file = fileGroupManagerConfig.getString("attributes.attribute.value"); + brokerAttributes.put(Broker.GROUP_FILE, file); + } + if (_serverConfiguration.getEnableSSL() && _serverConfiguration.getConnectorTrustStorePath() != null) { brokerAttributes.put(Broker.TRUST_STORE_PATH, _serverConfiguration.getConnectorTrustStorePath()); @@ -492,7 +499,7 @@ public class XMLConfigurationEntryStore implements ConfigurationEntryStore //createKeyStoreConfig(config, _rootChildren); //createTrustStoreConfig(config, _rootChildren); - createGroupProviderConfig(_configuration, _rootChildren); + //createGroupProviderConfig(_configuration, _rootChildren); createAuthenticationProviderConfig(_configuration, _rootChildren); createAmqpPortConfig(_serverConfiguration, _rootChildren, options); createManagementPortConfig(_serverConfiguration, _rootChildren, options); diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/Broker.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/Broker.java index 51940c06b5..717f702337 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/Broker.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/Broker.java @@ -86,6 +86,12 @@ public interface Broker extends ConfiguredObject String TRUST_STORE_PATH = "trustStorePath"; String TRUST_STORE_PASSWORD = "trustStorePassword"; + /* + * A temporary attributes to set the broker group file. + * TODO: Remove them after adding a full support to configure authorization providers via management layers. + */ + String GROUP_FILE = "groupFile"; + // Attributes Collection<String> AVAILABLE_ATTRIBUTES = Collections.unmodifiableList( @@ -126,7 +132,8 @@ public interface Broker extends ConfiguredObject KEY_STORE_PASSWORD, KEY_STORE_CERT_ALIAS, TRUST_STORE_PATH, - TRUST_STORE_PASSWORD + TRUST_STORE_PASSWORD, + GROUP_FILE )); //children diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java index 69b4a47164..a60e50d7c7 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java @@ -53,6 +53,8 @@ import org.apache.qpid.server.model.Statistics; import org.apache.qpid.server.model.TrustStore; import org.apache.qpid.server.model.UUIDGenerator; import org.apache.qpid.server.model.VirtualHost; +import org.apache.qpid.server.security.group.FileGroupManager; +import org.apache.qpid.server.security.group.GroupManager; import org.apache.qpid.server.security.group.GroupPrincipalAccessor; import org.apache.qpid.server.security.SecurityManager; import org.apache.qpid.server.security.SubjectCreator; @@ -94,6 +96,7 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat put(KEY_STORE_CERT_ALIAS, String.class); put(TRUST_STORE_PATH, String.class); put(TRUST_STORE_PASSWORD, String.class); + put(GROUP_FILE, String.class); }}); public static final int DEFAULT_STATISTICS_REPORTING_PERIOD = 0; @@ -113,6 +116,7 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat public static final String DEFAULT_NAME = "QpidBroker"; private static final String DEFAULT_KEY_STORE_NAME = "defaultKeyStore"; private static final String DEFAULT_TRUST_STORE_NAME = "defaultTrustStore"; + private static final String DEFAULT_GROUP_PROFIDER_NAME = "defaultGroupProvider"; private static final String DUMMY_PASSWORD_MASK = "********"; @@ -137,6 +141,7 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat + private final StatisticsGatherer _statisticsGatherer; private final VirtualHostRegistry _virtualHostRegistry; private final LogRecorder _logRecorder; @@ -156,6 +161,8 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat private final PortFactory _portFactory; private final SecurityManager _securityManager; + private final UUID _defaultKeyStoreId; + private final UUID _defaultTrustStoreId; public BrokerAdapter(UUID id, Map<String, Object> attributes, StatisticsGatherer statisticsGatherer, VirtualHostRegistry virtualHostRegistry, LogRecorder logRecorder, RootMessageLogger rootMessageLogger, AuthenticationProviderFactory authenticationProviderFactory, @@ -170,6 +177,52 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat _authenticationProviderFactory = authenticationProviderFactory; _portFactory = portFactory; _securityManager = new SecurityManager((String)getAttribute(ACL_FILE)); + + _defaultKeyStoreId = UUIDGenerator.generateBrokerChildUUID(KeyStore.class.getSimpleName(), DEFAULT_KEY_STORE_NAME); + _defaultTrustStoreId = UUIDGenerator.generateBrokerChildUUID(TrustStore.class.getSimpleName(), DEFAULT_TRUST_STORE_NAME); + createBrokerChildrenFromAttributes(); + } + + /* + * A temporary method to create broker children that can be only configured via broker attributes + */ + private void createBrokerChildrenFromAttributes() + { + String groupFile = (String) getAttribute(GROUP_FILE); + if (groupFile != null) + { + GroupManager groupManager = new FileGroupManager(groupFile); + UUID groupProviderId = UUIDGenerator.generateBrokerChildUUID(GroupProvider.class.getSimpleName(), + DEFAULT_GROUP_PROFIDER_NAME); + GroupProviderAdapter groupProviderAdapter = new GroupProviderAdapter(groupProviderId, groupManager, this); + addGroupProvider(groupProviderAdapter); + } + Map<String, Object> actualAttributes = getActualAttributes(); + String keyStorePath = (String) getAttribute(KEY_STORE_PATH); + if (keyStorePath != null) + { + Map<String, Object> keyStoreAttributes = new HashMap<String, Object>(); + keyStoreAttributes.put(KeyStore.NAME, DEFAULT_KEY_STORE_NAME); + keyStoreAttributes.put(KeyStore.PATH, keyStorePath); + keyStoreAttributes.put(KeyStore.PASSWORD, (String) actualAttributes.get(KEY_STORE_PASSWORD)); + keyStoreAttributes.put(KeyStore.TYPE, java.security.KeyStore.getDefaultType()); + keyStoreAttributes.put(KeyStore.CERTIFICATE_ALIAS, getAttribute(KEY_STORE_CERT_ALIAS)); + keyStoreAttributes.put(KeyStore.KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm()); + KeyStoreAdapter KeyStoreAdapter = new KeyStoreAdapter(_defaultKeyStoreId, this, keyStoreAttributes); + addKeyStore(KeyStoreAdapter); + } + String trustStorePath = (String) getAttribute(TRUST_STORE_PATH); + if (trustStorePath != null) + { + Map<String, Object> trsustStoreAttributes = new HashMap<String, Object>(); + trsustStoreAttributes.put(TrustStore.NAME, DEFAULT_TRUST_STORE_NAME); + trsustStoreAttributes.put(TrustStore.PATH, trustStorePath); + trsustStoreAttributes.put(TrustStore.PASSWORD, (String) actualAttributes.get(TRUST_STORE_PASSWORD)); + trsustStoreAttributes.put(TrustStore.TYPE, java.security.KeyStore.getDefaultType()); + trsustStoreAttributes.put(TrustStore.KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm()); + TrustStoreAdapter trustStore = new TrustStoreAdapter(_defaultTrustStoreId, this, trsustStoreAttributes); + addTrustStore(trustStore); + } } public Collection<VirtualHost> getVirtualHosts() @@ -847,42 +900,13 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat @Override public KeyStore getDefaultKeyStore() { - // TODO: throw exception when password/path are not set (except - // management only mode) - Map<String, Object> actualAttributes = getActualAttributes(); - String storePath = (String) actualAttributes.get(KEY_STORE_PATH); - if (storePath != null) - { - Map<String, Object> attributes = new HashMap<String, Object>(); - attributes.put(KeyStore.NAME, DEFAULT_KEY_STORE_NAME); - attributes.put(KeyStore.PATH, storePath); - attributes.put(KeyStore.PASSWORD, (String) actualAttributes.get(KEY_STORE_PASSWORD)); - attributes.put(KeyStore.TYPE, java.security.KeyStore.getDefaultType()); - attributes.put(KeyStore.CERTIFICATE_ALIAS, actualAttributes.get(KEY_STORE_CERT_ALIAS)); - attributes.put(KeyStore.KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm()); - return new KeyStoreAdapter(UUIDGenerator.generateBrokerChildUUID(KeyStore.class.getSimpleName(), - DEFAULT_KEY_STORE_NAME), this, attributes); - } - return null; + return _keyStores.get(_defaultKeyStoreId); } @Override public TrustStore getDefaultTrustStore() { - Map<String, Object> actualAttributes = getActualAttributes(); - String storePath = (String) actualAttributes.get(TRUST_STORE_PATH); - if (storePath != null) - { - Map<String, Object> attributes = new HashMap<String, Object>(); - attributes.put(TrustStore.NAME, DEFAULT_TRUST_STORE_NAME); - attributes.put(TrustStore.PATH, storePath); - attributes.put(TrustStore.PASSWORD, (String) actualAttributes.get(TRUST_STORE_PASSWORD)); - attributes.put(TrustStore.TYPE, java.security.KeyStore.getDefaultType()); - attributes.put(TrustStore.KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm()); - return new TrustStoreAdapter(UUIDGenerator.generateBrokerChildUUID(TrustStore.class.getSimpleName(), - DEFAULT_TRUST_STORE_NAME), this, attributes); - } - return null; + return _trustStores.get(_defaultTrustStoreId); } } diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/group/FileGroupManager.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/group/FileGroupManager.java index 5cc1085a0d..8295f28f9e 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/group/FileGroupManager.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/group/FileGroupManager.java @@ -25,7 +25,7 @@ import java.util.Collections; import java.util.HashSet; import java.util.Set; -import org.apache.commons.configuration.ConfigurationException; +import org.apache.qpid.server.configuration.IllegalConfigurationException; import org.apache.qpid.server.security.auth.UsernamePrincipal; /** @@ -49,7 +49,7 @@ public class FileGroupManager implements GroupManager private final FileGroupDatabase _groupDatabase; - public FileGroupManager(String groupFile) throws ConfigurationException + public FileGroupManager(String groupFile) { _groupDatabase = new FileGroupDatabase(); try @@ -58,7 +58,7 @@ public class FileGroupManager implements GroupManager } catch (IOException e) { - throw new ConfigurationException("Unable to set group file " + groupFile, e); + throw new IllegalConfigurationException("Unable to set group file " + groupFile, e); } } diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/group/FileGroupManagerFactory.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/group/FileGroupManagerFactory.java index b2c8c586e1..5c4730a9c8 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/group/FileGroupManagerFactory.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/group/FileGroupManagerFactory.java @@ -22,7 +22,6 @@ import static org.apache.qpid.server.util.MapValueConverter.getStringAttribute; import java.util.Map; -import org.apache.commons.configuration.ConfigurationException; import org.apache.commons.lang.StringUtils; import org.apache.qpid.server.configuration.IllegalConfigurationException; import org.apache.qpid.server.model.GroupProvider; @@ -46,14 +45,7 @@ public class FileGroupManagerFactory implements GroupManagerFactory { throw new IllegalConfigurationException("Path to file containing groups is not specified!"); } - try - { - return new FileGroupManager(groupFile); - } - catch (ConfigurationException e) - { - throw new RuntimeException(e); - } + return new FileGroupManager(groupFile); } } diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/FileGroupManagerTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/FileGroupManagerTest.java index e926d72607..b83d25b206 100644 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/FileGroupManagerTest.java +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/FileGroupManagerTest.java @@ -26,7 +26,7 @@ import java.security.Principal; import java.util.Properties; import java.util.Set; -import org.apache.commons.configuration.ConfigurationException; +import org.apache.qpid.server.configuration.IllegalConfigurationException; import org.apache.qpid.server.security.auth.UsernamePrincipal; import org.apache.qpid.test.utils.QpidTestCase; @@ -69,7 +69,7 @@ public class FileGroupManagerTest extends QpidTestCase _manager = new FileGroupManager(filePath); fail("expected exception was not thrown"); } - catch(ConfigurationException ce) + catch(IllegalConfigurationException ce) { assertNotNull(ce.getCause()); assertTrue(ce.getCause() instanceof FileNotFoundException); diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java index 3416a4b89c..7165ae4f18 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java @@ -56,6 +56,7 @@ public class BrokerRestHttpsTest extends QpidRestTestCase Asserts.assertAttributesPresent(brokerDetails, Broker.AVAILABLE_ATTRIBUTES, Broker.BYTES_RETAINED, Broker.PROCESS_PID, Broker.SUPPORTED_STORE_TYPES, Broker.CREATED, Broker.TIME_TO_LIVE, Broker.UPDATED, - Broker.ACL_FILE, Broker.KEY_STORE_CERT_ALIAS, Broker.TRUST_STORE_PATH, Broker.TRUST_STORE_PASSWORD); + Broker.ACL_FILE, Broker.KEY_STORE_CERT_ALIAS, Broker.TRUST_STORE_PATH, Broker.TRUST_STORE_PASSWORD, + Broker.GROUP_FILE); } } diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestTest.java index b6e60ad167..796421b4f4 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestTest.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestTest.java @@ -91,7 +91,7 @@ public class BrokerRestTest extends QpidRestTestCase Broker.BYTES_RETAINED, Broker.PROCESS_PID, Broker.SUPPORTED_STORE_TYPES, Broker.CREATED, Broker.TIME_TO_LIVE, Broker.UPDATED, Broker.ACL_FILE, Broker.KEY_STORE_PATH, Broker.KEY_STORE_PASSWORD, Broker.KEY_STORE_CERT_ALIAS, - Broker.TRUST_STORE_PATH, Broker.TRUST_STORE_PASSWORD); + Broker.TRUST_STORE_PATH, Broker.TRUST_STORE_PASSWORD, Broker.GROUP_FILE); assertEquals("Unexpected value of attribute " + Broker.BUILD_VERSION, QpidProperties.getBuildVersion(), brokerDetails.get(Broker.BUILD_VERSION)); |