QPID-1583: Add test for reloading external firewall rules, fix buglets this test exposed.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@749315 13f79535-47bb-0310-9956-ffa450edef68
author: Aidan Skinner <aidan@apache.org> 2009-03-02 14:30:25 +0000
committer: Aidan Skinner <aidan@apache.org> 2009-03-02 14:30:25 +0000
commit: 4d6ed6d75a3a28c71f39a36c002088709e0a899c (patch)
tree: 9fea8c5b5bf3b27d089552ab33777862e6b6da75 /java/broker/src/main
parent: 0aa67abbb5b6bcdcd9c85079685f262d8e9dd20f (diff)
download: qpid-python-4d6ed6d75a3a28c71f39a36c002088709e0a899c.tar.gz
8 files changed, 50 insertions, 15 deletions
diff --git a/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java b/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
index 1b7919e8b7..5d8fa3e9d7 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
@@ -35,6 +35,7 @@ import org.apache.qpid.server.security.access.ACLPluginFactory;
 import org.apache.qpid.server.security.access.plugins.AllowAll;
 import org.apache.qpid.server.security.access.plugins.DenyAll;
 import org.apache.qpid.server.security.access.plugins.SimpleXML;
+import org.apache.qpid.server.security.access.plugins.network.FirewallPlugin;
 import org.osgi.framework.BundleActivator;
 import org.osgi.framework.BundleException;
 import org.osgi.util.tracker.ServiceTracker;
@@ -165,6 +166,7 @@ public class PluginManager
             _securityPlugins.put(SimpleXML.class.getName(), SimpleXML.FACTORY);
             _securityPlugins.put(AllowAll.class.getName(), AllowAll.FACTORY);
             _securityPlugins.put(DenyAll.class.getName(), DenyAll.FACTORY);
+            _securityPlugins.put(FirewallPlugin.class.getName(), FirewallPlugin.FACTORY);
         }
         return _securityPlugins;
     }
diff --git a/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java b/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
index 477beeadcb..22b4623ae1 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
@@ -24,6 +24,7 @@ import java.net.InetSocketAddress;
 import java.util.HashMap;
 import java.util.Map;
 
+import org.apache.commons.configuration.ConfigurationException;
 import org.apache.log4j.Logger;
 import org.apache.mina.common.IoAcceptor;
 import org.apache.qpid.server.configuration.ServerConfiguration;
@@ -261,7 +262,7 @@ public abstract class ApplicationRegistry implements IApplicationRegistry
         return _virtualHostRegistry;
     }
 
-    public ACLManager getAccessManager()
+    public ACLManager getAccessManager() throws ConfigurationException
     {
         return new ACLManager(_configuration.getSecurityConfiguration(), _pluginManager);
     }
diff --git a/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java b/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java
index a1f30c6eed..bbfda3addc 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java
@@ -24,6 +24,7 @@ import java.util.Collection;
 import java.net.InetSocketAddress;
 
 import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
 import org.apache.qpid.server.configuration.ServerConfiguration;
 import org.apache.qpid.server.management.ManagedObjectRegistry;
 import org.apache.qpid.server.plugins.PluginManager;
@@ -64,7 +65,7 @@ public interface IApplicationRegistry
 
     VirtualHostRegistry getVirtualHostRegistry();
 
-    ACLManager getAccessManager();
+    ACLManager getAccessManager() throws ConfigurationException;
 
     PluginManager getPluginManager();
 
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java b/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java
index 57c6098874..6f7f66fad2 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java
@@ -28,6 +28,7 @@ import java.util.Map;
 import java.util.Map.Entry;
 
 import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
 import org.apache.log4j.Logger;
 import org.apache.qpid.framing.AMQShortString;
 import org.apache.qpid.server.configuration.SecurityConfiguration;
@@ -49,12 +50,12 @@ public class ACLManager
     private Map<String, ACLPlugin> _globalPlugins = new HashMap<String, ACLPlugin>();
     private Map<String, ACLPlugin> _hostPlugins = new HashMap<String, ACLPlugin>();
 
-    public ACLManager(SecurityConfiguration configuration, PluginManager manager)
+    public ACLManager(SecurityConfiguration configuration, PluginManager manager) throws ConfigurationException
     {
         this(configuration, manager, null);
     }
 
-    public ACLManager(SecurityConfiguration configuration, PluginManager manager, ACLPluginFactory securityPlugin)
+    public ACLManager(SecurityConfiguration configuration, PluginManager manager, ACLPluginFactory securityPlugin) throws ConfigurationException
     {
         _pluginManager = manager;
 
@@ -73,12 +74,12 @@ public class ACLManager
     }
 
 
-    public void configureHostPlugins(SecurityConfiguration hostConfig)
+    public void configureHostPlugins(SecurityConfiguration hostConfig) throws ConfigurationException
     {
         _hostPlugins = configurePlugins(hostConfig);
     }
     
-    public Map<String, ACLPlugin> configurePlugins(SecurityConfiguration hostConfig)
+    public Map<String, ACLPlugin> configurePlugins(SecurityConfiguration hostConfig) throws ConfigurationException
     {
         Configuration securityConfig = hostConfig.getConfiguration();
         Map<String, ACLPlugin> plugins = new HashMap<String, ACLPlugin>();
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPlugin.java b/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPlugin.java
index ca760f3360..032184ec39 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPlugin.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPlugin.java
@@ -21,6 +21,7 @@
 package org.apache.qpid.server.security.access;
 
 import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
 import org.apache.qpid.framing.AMQShortString;
 import org.apache.qpid.server.exchange.Exchange;
 import org.apache.qpid.server.protocol.AMQProtocolSession;
@@ -36,7 +37,7 @@ public interface ACLPlugin
         ABSTAIN        
     }
 
-    void setConfiguration(Configuration config);
+    void setConfiguration(Configuration config) throws ConfigurationException;
 
     // These return true if the plugin thinks the action should be allowed, and false if not. 
     
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPluginFactory.java b/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPluginFactory.java
index aee6af93d0..256f093477 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPluginFactory.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPluginFactory.java
@@ -21,12 +21,13 @@
 package org.apache.qpid.server.security.access;
 
 import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
 
 public interface ACLPluginFactory
 {
 
     public boolean supportsTag(String name);
     
-    public ACLPlugin newInstance(Configuration config);
+    public ACLPlugin newInstance(Configuration config) throws ConfigurationException;
     
 }
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallFactory.java b/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallFactory.java
index 7fcf4a0494..a1a399e5bf 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallFactory.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallFactory.java
@@ -21,6 +21,7 @@
 package org.apache.qpid.server.security.access.plugins.network;
 
 import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
 import org.apache.qpid.server.security.access.ACLPlugin;
 import org.apache.qpid.server.security.access.ACLPluginFactory;
 
@@ -28,7 +29,7 @@ public class FirewallFactory implements ACLPluginFactory
 {
 
     @Override
-    public ACLPlugin newInstance(Configuration config)
+    public ACLPlugin newInstance(Configuration config) throws ConfigurationException
     {
         FirewallPlugin plugin = new FirewallPlugin();
         plugin.setConfiguration(config);
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallPlugin.java b/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallPlugin.java
index cb8b6f6fed..39397966f0 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallPlugin.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallPlugin.java
@@ -23,12 +23,18 @@ package org.apache.qpid.server.security.access.plugins.network;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
+import java.util.Iterator;
 import java.util.List;
 import java.util.regex.Pattern;
 
+import org.apache.commons.configuration.CompositeConfiguration;
 import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.XMLConfiguration;
 import org.apache.qpid.server.protocol.AMQMinaProtocolSession;
 import org.apache.qpid.server.protocol.AMQProtocolSession;
+import org.apache.qpid.server.security.access.ACLPlugin;
+import org.apache.qpid.server.security.access.ACLPluginFactory;
 import org.apache.qpid.server.security.access.plugins.AbstractACLPlugin;
 import org.apache.qpid.server.virtualhost.VirtualHost;
 import org.apache.qpid.util.NetMatcher;
@@ -36,6 +42,21 @@ import org.apache.qpid.util.NetMatcher;
 public class FirewallPlugin extends AbstractACLPlugin
 {
 
+    public static final ACLPluginFactory FACTORY = new ACLPluginFactory()
+    {
+        public boolean supportsTag(String name)
+        {
+            return name.startsWith("firewall");
+        }
+
+        public ACLPlugin newInstance(Configuration config) throws ConfigurationException
+        {
+            FirewallPlugin plugin = new FirewallPlugin();
+            plugin.setConfiguration(config);
+            return plugin;
+        }
+    };
+    
     public class FirewallRule
     {
 
@@ -149,7 +170,7 @@ public class FirewallPlugin extends AbstractACLPlugin
     }
 
     @Override
-    public void setConfiguration(Configuration config)
+    public void setConfiguration(Configuration config) throws ConfigurationException
     {
         // Get default action
         String defaultAction = config.getString("[@default-action]");
@@ -165,15 +186,21 @@ public class FirewallPlugin extends AbstractACLPlugin
         {
             _default = AuthzResult.DENIED;
         }
+        CompositeConfiguration finalConfig = new CompositeConfiguration(config);
+        
+        List subFiles = config.getList("firewall.xml[@fileName]");
+        for (Object subFile : subFiles)
+        {
+            finalConfig.addConfiguration(new XMLConfiguration((String) subFile));
+        }
 
-        int numRules = config.getList("rule[@access]").size(); // all rules must
-        // have an access
-        // attribute
+        // all rules must have an access attribute
+        int numRules = finalConfig.getList("rule[@access]").size(); 
         _rules = new FirewallRule[numRules];
         for (int i = 0; i < numRules; i++)
         {
-            FirewallRule rule = new FirewallRule(config.getString("rule(" + i + ")[@access]"), config.getList("rule("
-                    + i + ")[@network]"), config.getList("rule(" + i + ")[@hostname]"));
+            FirewallRule rule = new FirewallRule(finalConfig.getString("rule(" + i + ")[@access]"), finalConfig.getList("rule("
+                    + i + ")[@network]"), finalConfig.getList("rule(" + i + ")[@hostname]"));
             _rules[i] = rule;
         }
     }
author	Aidan Skinner <aidan@apache.org>	2009-03-02 14:30:25 +0000
committer	Aidan Skinner <aidan@apache.org>	2009-03-02 14:30:25 +0000
commit	4d6ed6d75a3a28c71f39a36c002088709e0a899c (patch)
tree	9fea8c5b5bf3b27d089552ab33777862e6b6da75 /java/broker/src/main
parent	0aa67abbb5b6bcdcd9c85079685f262d8e9dd20f (diff)
download	qpid-python-4d6ed6d75a3a28c71f39a36c002088709e0a899c.tar.gz