QPID-3310 - Principal/Subject refactoring.

Refactoring to the connection/session objects to pass the Subject from Authentication tier to Access tier, rather than just the Principal. Change the access-control to be able to make access decisions based on Groups from the Authentication tier whilst retaining support for groups declared within the ACL file itself. Improve unit tests. Applied patch by Keith Wall <keith.wall@gmail.com> git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1146079 13f79535-47bb-0310-9956-ffa450edef68
author: Robert Gemmell <robbie@apache.org> 2011-07-13 14:53:08 +0000
committer: Robert Gemmell <robbie@apache.org> 2011-07-13 14:53:08 +0000
commit: 6f97615e2ed577dd12f6ed677680feb24ce350dc (patch)
tree: 7726db27aa3dd272d0b8c4f94cb9fb6e2268ece1 /java/common/src
parent: 2242564d9827fdf010ddbe98d0f8dd4457bce478 (diff)
download: qpid-python-6f97615e2ed577dd12f6ed677680feb24ce350dc.tar.gz
2 files changed, 31 insertions, 27 deletions
diff --git a/java/common/src/main/java/org/apache/qpid/transport/Connection.java b/java/common/src/main/java/org/apache/qpid/transport/Connection.java
index 609611e3fb..f4e3a10f92 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/Connection.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/Connection.java
@@ -120,7 +120,6 @@ public class Connection extends ConnectionInvoker
     private SaslServer saslServer;
     private SaslClient saslClient;
     private int idleTimeout = 0;
-    private String _authorizationID;
     private Map<String,Object> _serverProperties;
     private String userID;
     private ConnectionSettings conSettings;
@@ -661,16 +660,6 @@ public class Connection extends ConnectionInvoker
         return idleTimeout;
     }
 
-    public void setAuthorizationID(String authorizationID)
-    {
-        _authorizationID = authorizationID;
-    }
-
-    public String getAuthorizationID()
-    {
-        return _authorizationID;
-    }
-
     public String getUserID()
     {
         return userID;
diff --git a/java/common/src/main/java/org/apache/qpid/transport/ServerDelegate.java b/java/common/src/main/java/org/apache/qpid/transport/ServerDelegate.java
index f21df251da..11af86f412 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/ServerDelegate.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/ServerDelegate.java
@@ -75,10 +75,7 @@ public class ServerDelegate extends ConnectionDelegate
 
         if (mechanism == null || mechanism.length() == 0)
         {
-            conn.connectionTune
-                (getChannelMax(),
-                 org.apache.qpid.transport.network.ConnectionBinding.MAX_FRAME_SIZE,
-                 0, getHeartbeatMax());
+            tuneAuthorizedConnection(conn);
             return;
         }
 
@@ -97,8 +94,7 @@ public class ServerDelegate extends ConnectionDelegate
         }
         catch (SaslException e)
         {
-            conn.exception(e);
-            conn.connectionClose(ConnectionCloseCode.CONNECTION_FORCED, e.getMessage());
+            connectionAuthFailed(conn, e);
         }
     }
 
@@ -109,33 +105,52 @@ public class ServerDelegate extends ConnectionDelegate
         return ss;
     }
 
-    private void secure(Connection conn, byte[] response)
+    protected void secure(final SaslServer ss, final Connection conn, final byte[] response)
     {
-        SaslServer ss = conn.getSaslServer();
         try
         {
             byte[] challenge = ss.evaluateResponse(response);
             if (ss.isComplete())
             {
                 ss.dispose();
-                conn.connectionTune
-                    (getChannelMax(),
-                     org.apache.qpid.transport.network.ConnectionBinding.MAX_FRAME_SIZE,
-                     0, getHeartbeatMax());
-                conn.setAuthorizationID(ss.getAuthorizationID());
+                tuneAuthorizedConnection(conn);
             }
             else
             {
-                conn.connectionSecure(challenge);
+                connectionAuthContinue(conn, challenge);
             }
         }
         catch (SaslException e)
         {
-            conn.exception(e);
-            conn.connectionClose(ConnectionCloseCode.CONNECTION_FORCED, e.getMessage());
+            connectionAuthFailed(conn, e);
         }
     }
 
+    protected void connectionAuthFailed(final Connection conn, Exception e)
+    {
+        conn.exception(e);
+        conn.connectionClose(ConnectionCloseCode.CONNECTION_FORCED, e.getMessage());
+    }
+
+    protected void connectionAuthContinue(final Connection conn, byte[] challenge)
+    {
+        conn.connectionSecure(challenge);
+    }
+
+    protected void tuneAuthorizedConnection(final Connection conn)
+    {
+        conn.connectionTune
+            (getChannelMax(),
+             org.apache.qpid.transport.network.ConnectionBinding.MAX_FRAME_SIZE,
+             0, getHeartbeatMax());
+    }
+    
+    protected void secure(final Connection conn, final byte[] response)
+    {
+        final SaslServer ss = conn.getSaslServer();
+        secure(ss, conn, response);
+    }
+
     protected int getHeartbeatMax()
     {
         return 0xFFFF;
author	Robert Gemmell <robbie@apache.org>	2011-07-13 14:53:08 +0000
committer	Robert Gemmell <robbie@apache.org>	2011-07-13 14:53:08 +0000
commit	6f97615e2ed577dd12f6ed677680feb24ce350dc (patch)
tree	7726db27aa3dd272d0b8c4f94cb9fb6e2268ece1 /java/common/src
parent	2242564d9827fdf010ddbe98d0f8dd4457bce478 (diff)
download	qpid-python-6f97615e2ed577dd12f6ed677680feb24ce350dc.tar.gz