diff options
| author | Robert Gemmell <robbie@apache.org> | 2013-04-29 13:50:09 +0000 |
|---|---|---|
| committer | Robert Gemmell <robbie@apache.org> | 2013-04-29 13:50:09 +0000 |
| commit | d2eea8018ac69646fa42086bda543d9d1bc32fd9 (patch) | |
| tree | 893af91f54e23124ed9c73867ec724e21913c277 /java | |
| parent | 758cb3d8143635b60ae11e62c49e8e8f6781b1d2 (diff) | |
| download | qpid-python-d2eea8018ac69646fa42086bda543d9d1bc32fd9.tar.gz | |
QPID-4784: stop generating errors during creation of PDAM's due to duplicate sasl provider registration, simplify PDAM.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1477078 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'java')
21 files changed, 181 insertions, 641 deletions
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java index 81f26a3e2f..cb5bc54cd2 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java @@ -22,8 +22,6 @@ package org.apache.qpid.server.security.auth.database; import org.apache.log4j.Logger; import org.apache.qpid.server.security.auth.UsernamePrincipal; -import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser; -import org.apache.qpid.server.security.auth.sasl.UsernamePasswordInitialiser; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.login.AccountNotFoundException; @@ -44,27 +42,14 @@ import java.util.regex.Pattern; public abstract class AbstractPasswordFilePrincipalDatabase<U extends PasswordPrincipal> implements PrincipalDatabase { - private final Pattern _regexp = Pattern.compile(":"); - - private final Map<String, AuthenticationProviderInitialiser> _saslServers = - new HashMap<String, AuthenticationProviderInitialiser>(); - protected static final String DEFAULT_ENCODING = "utf-8"; + + private final Pattern _regexp = Pattern.compile(":"); private final Map<String, U> _userMap = new HashMap<String, U>(); private final ReentrantLock _userUpdate = new ReentrantLock(); private final Random _random = new Random(); private File _passwordFile; - - protected AbstractPasswordFilePrincipalDatabase(UsernamePasswordInitialiser... initialisers) - { - for(UsernamePasswordInitialiser initialiser : initialisers) - { - initialiser.initialise(this); - _saslServers.put(initialiser.getMechanismName(), initialiser); - } - } - public final void open(File passwordFile) throws IOException { getLogger().info("PasswordFile using file " + passwordFile.getAbsolutePath()); @@ -397,11 +382,6 @@ public abstract class AbstractPasswordFilePrincipalDatabase<U extends PasswordPr loadPasswordFile(); } - public Map<String, AuthenticationProviderInitialiser> getMechanisms() - { - return _saslServers; - } - public List<Principal> getUsers() { return new LinkedList<Principal>(_userMap.values()); diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java index 63eb768035..4f3892c2c6 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java @@ -20,13 +20,20 @@ */ package org.apache.qpid.server.security.auth.database; -import org.apache.log4j.Logger; +import java.security.Principal; +import java.util.HashMap; +import java.util.Map; + +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.AccountNotFoundException; +import javax.security.sasl.SaslException; +import javax.security.sasl.SaslServer; +import org.apache.log4j.Logger; import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HashedInitialiser; +import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HashedSaslServer; import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HexInitialiser; - -import javax.security.auth.login.AccountNotFoundException; -import java.security.Principal; +import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HexSaslServer; /** * Represents a user database where the account information is stored in a simple flat file. @@ -38,14 +45,20 @@ import java.security.Principal; public class Base64MD5PasswordFilePrincipalDatabase extends AbstractPasswordFilePrincipalDatabase<HashedUser> { private final Logger _logger = Logger.getLogger(Base64MD5PasswordFilePrincipalDatabase.class); + private String _mechanismsString; + private final Map<String, CallbackHandler> _callbackHandlerMap = new HashMap<String, CallbackHandler>(); public Base64MD5PasswordFilePrincipalDatabase() { - /** - * Create Authenticators for MD5 Password file. - */ - super(new CRAMMD5HashedInitialiser(), new CRAMMD5HexInitialiser()); + CRAMMD5HashedInitialiser crammd5HashedInitialiser = new CRAMMD5HashedInitialiser(); + crammd5HashedInitialiser.initialise(this); + _callbackHandlerMap.put(CRAMMD5HashedSaslServer.MECHANISM, crammd5HashedInitialiser.getCallbackHandler()); + + CRAMMD5HexInitialiser crammd5HexInitialiser = new CRAMMD5HexInitialiser(); + crammd5HexInitialiser.initialise(this); + _callbackHandlerMap.put(CRAMMD5HexSaslServer.MECHANISM, crammd5HexInitialiser.getCallbackHandler()); + _mechanismsString = CRAMMD5HashedSaslServer.MECHANISM + " " + CRAMMD5HexSaslServer.MECHANISM; } @@ -113,4 +126,31 @@ public class Base64MD5PasswordFilePrincipalDatabase extends AbstractPasswordFile return _logger; } + @Override + public String getMechanisms() + { + return _mechanismsString; + } + + @Override + public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException + { + CallbackHandler callbackHandler = _callbackHandlerMap.get(mechanism); + if(callbackHandler == null) + { + throw new SaslException("Unsupported mechanism: " + mechanism); + } + + //The SaslServers simply delegate to the built in CRAM-MD5 SaslServer + if(CRAMMD5HashedSaslServer.MECHANISM.equals(mechanism)) + { + return new CRAMMD5HashedSaslServer(mechanism, "AMQP", localFQDN, null, callbackHandler); + } + else if(CRAMMD5HexSaslServer.MECHANISM.equals(mechanism)) + { + return new CRAMMD5HexSaslServer(mechanism, "AMQP", localFQDN, null, callbackHandler); + } + + throw new SaslException("Unsupported mechanism: " + mechanism); + } } diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java index bfd04adb3f..34d2710472 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java @@ -20,14 +20,22 @@ */ package org.apache.qpid.server.security.auth.database; -import org.apache.log4j.Logger; +import java.security.Principal; +import java.util.HashMap; +import java.util.Map; + +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.AccountNotFoundException; +import javax.security.sasl.Sasl; +import javax.security.sasl.SaslException; +import javax.security.sasl.SaslServer; +import org.apache.log4j.Logger; import org.apache.qpid.server.security.auth.sasl.amqplain.AmqPlainInitialiser; +import org.apache.qpid.server.security.auth.sasl.amqplain.AmqPlainSaslServer; import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5Initialiser; import org.apache.qpid.server.security.auth.sasl.plain.PlainInitialiser; - -import javax.security.auth.login.AccountNotFoundException; -import java.security.Principal; +import org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer; /** * Represents a user database where the account information is stored in a simple flat file. @@ -40,13 +48,24 @@ public class PlainPasswordFilePrincipalDatabase extends AbstractPasswordFilePrin { private final Logger _logger = Logger.getLogger(PlainPasswordFilePrincipalDatabase.class); + private final Map<String, CallbackHandler> _callbackHandlerMap = new HashMap<String, CallbackHandler>(); + private String _mechanismsString; public PlainPasswordFilePrincipalDatabase() { - /** - * Create Authenticators for Plain Password file. - */ - super(new AmqPlainInitialiser(), new PlainInitialiser(), new CRAMMD5Initialiser()); + AmqPlainInitialiser amqPlainInitialiser = new AmqPlainInitialiser(); + amqPlainInitialiser.initialise(this); + _callbackHandlerMap.put(AmqPlainSaslServer.MECHANISM, amqPlainInitialiser.getCallbackHandler()); + + PlainInitialiser plainInitialiser = new PlainInitialiser(); + plainInitialiser.initialise(this); + _callbackHandlerMap.put(PlainSaslServer.MECHANISM, plainInitialiser.getCallbackHandler()); + + CRAMMD5Initialiser crammd5Initialiser = new CRAMMD5Initialiser(); + crammd5Initialiser.initialise(this); + _callbackHandlerMap.put(CRAMMD5Initialiser.MECHANISM, crammd5Initialiser.getCallbackHandler()); + + _mechanismsString = AmqPlainSaslServer.MECHANISM + " " + PlainSaslServer.MECHANISM + " " + CRAMMD5Initialiser.MECHANISM; } @@ -91,4 +110,37 @@ public class PlainPasswordFilePrincipalDatabase extends AbstractPasswordFilePrin { return _logger; } + + + @Override + public String getMechanisms() + { + return _mechanismsString; + } + + @Override + public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException + { + CallbackHandler callbackHandler = _callbackHandlerMap.get(mechanism); + if(callbackHandler == null) + { + throw new SaslException("Unsupported mechanism: " + mechanism); + } + + if(CRAMMD5Initialiser.MECHANISM.equals(mechanism)) + { + //simply delegate to the built in CRAM-MD5 SaslServer + return Sasl.createSaslServer(mechanism, "AMQP", localFQDN, null, callbackHandler); + } + else if(PlainSaslServer.MECHANISM.equals(mechanism)) + { + return new PlainSaslServer(callbackHandler); + } + else if(AmqPlainSaslServer.MECHANISM.equals(mechanism)) + { + return new AmqPlainSaslServer(callbackHandler); + } + + throw new SaslException("Unsupported mechanism: " + mechanism); + } } diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java index df770e84f8..7e3e28e4f8 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java @@ -24,6 +24,8 @@ import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialis import javax.security.auth.callback.PasswordCallback; import javax.security.auth.login.AccountNotFoundException; +import javax.security.sasl.SaslException; +import javax.security.sasl.SaslServer; import java.io.File; import java.io.IOException; @@ -100,8 +102,13 @@ public interface PrincipalDatabase */ void reload() throws IOException; - public Map<String, AuthenticationProviderInitialiser> getMechanisms(); + List<Principal> getUsers(); + /** + * Get the list of mechanisms supported for use with the PrincipalDatabase + * @return space separated list of supported Sasl mechanisms + */ + public String getMechanisms(); - List<Principal> getUsers(); + public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException; } diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java index ae3bc5131f..30626ce98c 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java @@ -28,14 +28,11 @@ import javax.security.sasl.SaslServer; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.UsernamePrincipal; -import org.apache.qpid.server.security.auth.sasl.anonymous.AnonymousInitialiser; import org.apache.qpid.server.security.auth.sasl.anonymous.AnonymousSaslServer; public class AnonymousAuthenticationManager implements AuthenticationManager { - private static final AnonymousInitialiser SASL_INITIALISER = new AnonymousInitialiser(); - - private static final String ANONYMOUS = SASL_INITIALISER.getMechanismName(); + private static final String ANONYMOUS = "ANONYMOUS"; public static final String ANONYMOUS_USERNAME = "ANONYMOUS"; diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java index 1576a73a82..67a4f348b1 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java @@ -34,16 +34,9 @@ import org.apache.qpid.server.security.auth.AuthenticationResult; * {@link AuthenticationResult} containing the user's main {@link Principal} and zero or * more other implementation-specific principals. * </p> - * <p> - * The {@link #initialise()} method is responsible for registering SASL mechanisms required by - * the manager. The {@link #close()} method must reverse this registration. - * </p> */ public interface AuthenticationManager extends Closeable { - /** The name for the required SASL Server mechanisms */ - public static final String PROVIDER_NAME= "AMQSASLProvider-Server"; - /** * Initialise the authentication plugin. * diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java index 788dfbe204..da6464a57e 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java @@ -24,51 +24,19 @@ import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; import java.security.Principal; -import org.apache.log4j.Logger; -import org.apache.qpid.server.configuration.IllegalConfigurationException; -import org.apache.qpid.server.security.auth.AuthenticationResult; -import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; -import org.apache.qpid.server.security.auth.database.PrincipalDatabase; -import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser; -import org.apache.qpid.server.security.auth.sasl.JCAProvider; -import org.apache.qpid.server.security.auth.UsernamePrincipal; - -import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.AccountNotFoundException; -import javax.security.sasl.Sasl; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; -import javax.security.sasl.SaslServerFactory; - -import java.security.Security; -import java.util.HashMap; -import java.util.Map; -import java.util.TreeMap; +import org.apache.qpid.server.configuration.IllegalConfigurationException; +import org.apache.qpid.server.security.auth.AuthenticationResult; +import org.apache.qpid.server.security.auth.UsernamePrincipal; +import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; +import org.apache.qpid.server.security.auth.database.PrincipalDatabase; -/** - * Concrete implementation of the AuthenticationManager that determines if supplied - * user credentials match those appearing in a PrincipalDatabase. The implementation - * of the PrincipalDatabase is determined from the configuration. - */ public class PrincipalDatabaseAuthenticationManager implements AuthenticationManager { - - private static final Logger _logger = Logger.getLogger(PrincipalDatabaseAuthenticationManager.class); - - /** The list of mechanisms, in the order in which they are configured (i.e. preferred order) */ - private String _mechanisms; - - /** Maps from the mechanism to the callback handler to use for handling those requests */ - private final Map<String, CallbackHandler> _callbackHandlerMap = new HashMap<String, CallbackHandler>(); - - /** - * Maps from the mechanism to the properties used to initialise the server. See the method Sasl.createSaslServer for - * details of the use of these properties. This map is populated during initialisation of each provider. - */ - private final Map<String, Map<String, ?>> _serverCreationProperties = new HashMap<String, Map<String, ?>>(); - private final PrincipalDatabase _principalDatabase; private final String _passwordFile; @@ -92,77 +60,16 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan { throw new IllegalConfigurationException("Cannot use password database at :" + _passwordFile, e); } - - final Map<String, Class<? extends SaslServerFactory>> providerMap = new TreeMap<String, Class<? extends SaslServerFactory>>(); - - initialiseAuthenticationMechanisms(providerMap, _principalDatabase); - - if (providerMap.size() > 0) - { - // Ensure we are used before the defaults - if (Security.insertProviderAt(new JCAProvider(PROVIDER_NAME, providerMap), 1) == -1) - { - _logger.error("Unable to load custom SASL providers. Qpid custom SASL authenticators unavailable."); - } - else - { - _logger.info("Additional SASL providers successfully registered."); - } - } - else - { - _logger.warn("No additional SASL providers registered."); - } - } - - private void initialiseAuthenticationMechanisms(Map<String, Class<? extends SaslServerFactory>> providerMap, PrincipalDatabase database) - { - if (database == null || database.getMechanisms().size() == 0) - { - _logger.warn("No Database or no mechanisms to initialise authentication"); - return; - } - - for (Map.Entry<String, AuthenticationProviderInitialiser> mechanism : database.getMechanisms().entrySet()) - { - initialiseAuthenticationMechanism(mechanism.getKey(), mechanism.getValue(), providerMap); - } - } - - private void initialiseAuthenticationMechanism(String mechanism, AuthenticationProviderInitialiser initialiser, - Map<String, Class<? extends SaslServerFactory>> providerMap) - { - if (_mechanisms == null) - { - _mechanisms = mechanism; - } - else - { - // simple append should be fine since the number of mechanisms is small and this is a one time initialisation - _mechanisms = _mechanisms + " " + mechanism; - } - _callbackHandlerMap.put(mechanism, initialiser.getCallbackHandler()); - _serverCreationProperties.put(mechanism, initialiser.getProperties()); - Class<? extends SaslServerFactory> factory = initialiser.getServerFactoryClassForJCARegistration(); - if (factory != null) - { - providerMap.put(mechanism, factory); - } - _logger.info("Initialised " + mechanism + " SASL provider successfully"); } public String getMechanisms() { - return _mechanisms; + return _principalDatabase.getMechanisms(); } public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException { - Map<String, ?> properties = _serverCreationProperties.get(mechanism); - CallbackHandler callbackHandler = _callbackHandlerMap.get(mechanism); - - return Sasl.createSaslServer(mechanism, "AMQP", localFQDN, properties, - callbackHandler); + return _principalDatabase.createSaslServer(mechanism, localFQDN, externalPrincipal); } /** @@ -215,8 +122,7 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan public void close() { - _mechanisms = null; - Security.removeProvider(PROVIDER_NAME); + } public PrincipalDatabase getPrincipalDatabase() diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java index 61cdf190b8..0db0d388d6 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java @@ -49,7 +49,6 @@ public class SimpleLDAPAuthenticationManager implements AuthenticationManager { private static final Logger _logger = Logger.getLogger(SimpleLDAPAuthenticationManager.class); - private static final String PLAIN_MECHANISM = "PLAIN"; private final String _providerSearchURL; private final String _providerAuthURL; private final String _searchContext; @@ -74,13 +73,13 @@ public class SimpleLDAPAuthenticationManager implements AuthenticationManager @Override public String getMechanisms() { - return PLAIN_MECHANISM; + return PlainSaslServer.MECHANISM; } @Override public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException { - if(PLAIN_MECHANISM.equals(mechanism)) + if(PlainSaslServer.MECHANISM.equals(mechanism)) { return new PlainSaslServer(new SimpleLDAPPlainCallbackHandler()); } diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java index c227aa14e8..4cbf5096df 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java @@ -21,8 +21,6 @@ package org.apache.qpid.server.security.auth.sasl; import javax.security.auth.callback.CallbackHandler; -import javax.security.sasl.SaslServerFactory; -import java.util.Map; public interface AuthenticationProviderInitialiser { @@ -38,17 +36,4 @@ public interface AuthenticationProviderInitialiser * fully threadsafe. */ CallbackHandler getCallbackHandler(); - - /** - * Get the properties that must be passed in to the Sasl.createSaslServer method. - * @return the properties, which may be null - */ - Map<String, ?> getProperties(); - - /** - * Get the class that is the server factory. This is used for the JCA registration. - * @return null if no JCA registration is required, otherwise return the class - * that will be used in JCA registration - */ - Class<? extends SaslServerFactory> getServerFactoryClassForJCARegistration(); } diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/JCAProvider.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/JCAProvider.java deleted file mode 100644 index 8711e1b385..0000000000 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/JCAProvider.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.server.security.auth.sasl; - -import javax.security.sasl.SaslServerFactory; -import java.security.Provider; -import java.util.Map; - -public class JCAProvider extends Provider -{ - public JCAProvider(String name, Map<String, Class<? extends SaslServerFactory>> providerMap) - { - super(name, 1.0, "A JCA provider that registers all " + - "AMQ SASL providers that want to be registered"); - register(providerMap); - } - - private void register(Map<String, Class<? extends SaslServerFactory>> providerMap) - { - for (Map.Entry<String, Class<? extends SaslServerFactory>> me : - providerMap.entrySet()) - { - put("SaslServerFactory." + me.getKey(), me.getValue().getName()); - } - } -} diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/UsernamePasswordInitialiser.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/UsernamePasswordInitialiser.java index b70a987107..f36ef1516c 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/UsernamePasswordInitialiser.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/UsernamePasswordInitialiser.java @@ -20,7 +20,6 @@ */ package org.apache.qpid.server.security.auth.sasl; -import org.apache.commons.configuration.Configuration; import org.apache.log4j.Logger; import org.apache.qpid.server.security.auth.UsernamePrincipal; @@ -35,7 +34,6 @@ import javax.security.auth.login.AccountNotFoundException; import javax.security.sasl.AuthorizeCallback; import java.io.IOException; import java.security.Principal; -import java.util.Map; public abstract class UsernamePasswordInitialiser implements AuthenticationProviderInitialiser { @@ -88,15 +86,6 @@ public abstract class UsernamePasswordInitialiser implements AuthenticationProvi } } - public void initialise(String baseConfigPath, Configuration configuration, - Map<String, PrincipalDatabase> principalDatabases) throws Exception - { - String principalDatabaseName = configuration.getString(baseConfigPath + ".principal-database"); - PrincipalDatabase db = principalDatabases.get(principalDatabaseName); - - initialise(db); - } - public void initialise(PrincipalDatabase db) { if (db == null) @@ -111,10 +100,4 @@ public abstract class UsernamePasswordInitialiser implements AuthenticationProvi { return _callbackHandler; } - - public Map<String, ?> getProperties() - { - // there are no properties required for the CRAM-MD5 implementation - return null; - } } diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/amqplain/AmqPlainInitialiser.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/amqplain/AmqPlainInitialiser.java index 860307215f..8f8686db88 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/amqplain/AmqPlainInitialiser.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/amqplain/AmqPlainInitialiser.java @@ -22,17 +22,10 @@ package org.apache.qpid.server.security.auth.sasl.amqplain; import org.apache.qpid.server.security.auth.sasl.UsernamePasswordInitialiser; -import javax.security.sasl.SaslServerFactory; - public class AmqPlainInitialiser extends UsernamePasswordInitialiser { public String getMechanismName() { return "AMQPLAIN"; } - - public Class<? extends SaslServerFactory> getServerFactoryClassForJCARegistration() - { - return AmqPlainSaslServerFactory.class; - } } diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/anonymous/AnonymousInitialiser.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/anonymous/AnonymousInitialiser.java deleted file mode 100644 index 83369a84c7..0000000000 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/anonymous/AnonymousInitialiser.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.server.security.auth.sasl.anonymous; - -import org.apache.qpid.server.security.auth.sasl.UsernamePasswordInitialiser; - -import javax.security.sasl.SaslServerFactory; - -public class AnonymousInitialiser extends UsernamePasswordInitialiser -{ - public String getMechanismName() - { - return "ANONYMOUS"; - } - - public Class<? extends SaslServerFactory> getServerFactoryClassForJCARegistration() - { - return AnonymousSaslServerFactory.class; - } -}
\ No newline at end of file diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HashedInitialiser.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HashedInitialiser.java index 842215c3eb..fc324b686a 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HashedInitialiser.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HashedInitialiser.java @@ -23,9 +23,6 @@ package org.apache.qpid.server.security.auth.sasl.crammd5; import org.apache.qpid.server.security.auth.database.PrincipalDatabase; import org.apache.qpid.server.security.auth.sasl.UsernamePasswordInitialiser; -import javax.security.sasl.SaslServerFactory; -import java.util.Map; - public class CRAMMD5HashedInitialiser extends UsernamePasswordInitialiser { public String getMechanismName() @@ -33,18 +30,8 @@ public class CRAMMD5HashedInitialiser extends UsernamePasswordInitialiser return CRAMMD5HashedSaslServer.MECHANISM; } - public Class<? extends SaslServerFactory> getServerFactoryClassForJCARegistration() - { - return CRAMMD5HashedServerFactory.class; - } - public void initialise(PrincipalDatabase passwordFile) { super.initialise(passwordFile); } - - public Map<String, ?> getProperties() - { - return null; - } } diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexInitialiser.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexInitialiser.java index 8467dad60a..c4c4b4e0cf 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexInitialiser.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexInitialiser.java @@ -20,19 +20,18 @@ */ package org.apache.qpid.server.security.auth.sasl.crammd5; -import org.apache.qpid.server.security.auth.database.PrincipalDatabase; -import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser; -import org.apache.qpid.server.security.auth.sasl.UsernamePasswordInitialiser; - -import javax.security.auth.callback.PasswordCallback; -import javax.security.auth.login.AccountNotFoundException; -import javax.security.sasl.SaslServerFactory; - import java.io.File; import java.io.IOException; import java.security.Principal; import java.util.List; -import java.util.Map; + +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.login.AccountNotFoundException; +import javax.security.sasl.SaslException; +import javax.security.sasl.SaslServer; + +import org.apache.qpid.server.security.auth.database.PrincipalDatabase; +import org.apache.qpid.server.security.auth.sasl.UsernamePasswordInitialiser; public class CRAMMD5HexInitialiser extends UsernamePasswordInitialiser { @@ -41,16 +40,6 @@ public class CRAMMD5HexInitialiser extends UsernamePasswordInitialiser return CRAMMD5HexSaslServer.MECHANISM; } - public Class<? extends SaslServerFactory> getServerFactoryClassForJCARegistration() - { - return CRAMMD5HexServerFactory.class; - } - - public Map<String, ?> getProperties() - { - return null; - } - public void initialise(PrincipalDatabase db) { super.initialise(new HexifyPrincipalDatabase(db)); @@ -127,11 +116,6 @@ public class CRAMMD5HexInitialiser extends UsernamePasswordInitialiser return _realPricipalDatabase.getUser(username); } - public Map<String, AuthenticationProviderInitialiser> getMechanisms() - { - return _realPricipalDatabase.getMechanisms(); - } - public List<Principal> getUsers() { return _realPricipalDatabase.getUsers(); @@ -147,6 +131,19 @@ public class CRAMMD5HexInitialiser extends UsernamePasswordInitialiser { throw new UnsupportedOperationException(); } + + @Override + public String getMechanisms() + { + return _realPricipalDatabase.getMechanisms(); + } + + @Override + public SaslServer createSaslServer(String mechanism, String localFQDN, + Principal externalPrincipal) throws SaslException + { + return _realPricipalDatabase.createSaslServer(mechanism, localFQDN, externalPrincipal); + } } } diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5Initialiser.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5Initialiser.java index 83e33d5491..70c13233b0 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5Initialiser.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5Initialiser.java @@ -20,52 +20,14 @@ */ package org.apache.qpid.server.security.auth.sasl.crammd5; -import org.apache.qpid.server.security.auth.database.PrincipalDatabase; import org.apache.qpid.server.security.auth.sasl.UsernamePasswordInitialiser; -import javax.security.sasl.SaslServerFactory; - public class CRAMMD5Initialiser extends UsernamePasswordInitialiser { - private HashDirection _hashDirection; - - public enum HashDirection - { - INCOMMING, PASSWORD_FILE - } - + public static final String MECHANISM = "CRAM-MD5"; public String getMechanismName() { - return "CRAM-MD5"; - } - - public Class<? extends SaslServerFactory> getServerFactoryClassForJCARegistration() - { - // since the CRAM-MD5 provider is registered as part of the JDK, we do not - // return the factory class here since we do not need to register it ourselves. - if (_hashDirection == HashDirection.PASSWORD_FILE) - { - return null; - } - else - { - //fixme we need a server that will correctly has the incomming plain text for comparison to file. - _logger.warn("we need a server that will correctly convert the incomming plain text for comparison to file."); - return null; - } + return MECHANISM; } - - public void initialise(PrincipalDatabase passwordFile) - { - initialise(passwordFile, HashDirection.PASSWORD_FILE); - } - - public void initialise(PrincipalDatabase passwordFile, HashDirection direction) - { - super.initialise(passwordFile); - - _hashDirection = direction; - } - } diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainInitialiser.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainInitialiser.java index 67676d363e..05acd3b27f 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainInitialiser.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainInitialiser.java @@ -22,17 +22,10 @@ package org.apache.qpid.server.security.auth.sasl.plain; import org.apache.qpid.server.security.auth.sasl.UsernamePasswordInitialiser; -import javax.security.sasl.SaslServerFactory; - public class PlainInitialiser extends UsernamePasswordInitialiser { public String getMechanismName() { return "PLAIN"; } - - public Class<? extends SaslServerFactory> getServerFactoryClassForJCARegistration() - { - return PlainSaslServerFactory.class; - } } diff --git a/java/broker/src/test/java/org/apache/qpid/server/model/BrokerShutdownTest.java b/java/broker/src/test/java/org/apache/qpid/server/model/BrokerShutdownTest.java deleted file mode 100644 index eb5c672eb8..0000000000 --- a/java/broker/src/test/java/org/apache/qpid/server/model/BrokerShutdownTest.java +++ /dev/null @@ -1,190 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.server.model; - -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; - -import org.apache.qpid.server.BrokerOptions; -import org.apache.qpid.server.configuration.ConfigurationEntry; -import org.apache.qpid.server.configuration.ConfigurationEntryStore; -import org.apache.qpid.server.configuration.ConfiguredObjectRecoverer; -import org.apache.qpid.server.configuration.RecovererProvider; -import org.apache.qpid.server.configuration.startup.DefaultRecovererProvider; -import org.apache.qpid.server.logging.LogRecorder; -import org.apache.qpid.server.logging.RootMessageLogger; -import org.apache.qpid.server.model.AuthenticationProvider; -import org.apache.qpid.server.model.Broker; -import org.apache.qpid.server.model.ConfiguredObject; -import org.apache.qpid.server.model.State; -import org.apache.qpid.server.configuration.updater.TaskExecutor; -import org.apache.qpid.server.plugin.AuthenticationManagerFactory; -import org.apache.qpid.server.security.auth.manager.PlainPasswordFileAuthenticationManagerFactory; -import org.apache.qpid.server.stats.StatisticsGatherer; -import org.apache.qpid.server.virtualhost.VirtualHostRegistry; -import org.apache.qpid.test.utils.QpidTestCase; -import org.apache.qpid.test.utils.TestFileUtils; - -import java.io.File; -import java.security.Provider; -import java.security.Security; -import java.util.Collections; -import java.util.HashMap; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.UUID; - -/** - * QPID-1390 : Test to validate that the AuthenticationManger can successfully unregister any new SASL providers when - * the broker is stopped. - */ -public class BrokerShutdownTest extends QpidTestCase -{ - private Provider[] _defaultProviders; - private Broker _broker; - private TaskExecutor _taskExecutor; - - @Override - public void setUp() throws Exception - { - // Get default providers - _defaultProviders = Security.getProviders(); - - super.setUp(); - - _taskExecutor = new TaskExecutor(); - _taskExecutor.start(); - - // Startup the new broker and register the new providers - _broker = startBroker(); - } - - @Override - public void tearDown() throws Exception - { - try - { - super.tearDown(); - } - finally - { - if (_taskExecutor != null) - { - _taskExecutor.stopImmediately(); - } - } - - } - - private Broker startBroker() throws Exception - { - ConfigurationEntryStore store = mock(ConfigurationEntryStore.class); - UUID brokerId = UUID.randomUUID(); - UUID authenticationProviderId = UUID.randomUUID(); - - ConfigurationEntry root = new ConfigurationEntry(brokerId, Broker.class.getSimpleName(), Collections.<String, Object> emptyMap(), - Collections.singleton(authenticationProviderId), store); - - File file = TestFileUtils.createTempFile(BrokerShutdownTest.this, ".db.users"); - Map<String, Object> attributes = new HashMap<String, Object>(); - attributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, PlainPasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); - attributes.put(PlainPasswordFileAuthenticationManagerFactory.ATTRIBUTE_PATH, file.getAbsolutePath()); - ConfigurationEntry authenticationProviderEntry = new ConfigurationEntry(authenticationProviderId, AuthenticationProvider.class.getSimpleName(), attributes, - Collections.<UUID> emptySet(), store); - - when(store.getRootEntry()).thenReturn(root); - when(store.getEntry(brokerId)).thenReturn(root); - when(store.getEntry(authenticationProviderId)).thenReturn(authenticationProviderEntry); - - // mocking the required object - StatisticsGatherer statisticsGatherer = mock(StatisticsGatherer.class); - VirtualHostRegistry virtualHostRegistry = mock(VirtualHostRegistry.class); - LogRecorder logRecorder = mock(LogRecorder.class); - RootMessageLogger rootMessageLogger = mock(RootMessageLogger.class); - - // recover the broker from the store - RecovererProvider provider = new DefaultRecovererProvider(statisticsGatherer, virtualHostRegistry, logRecorder, rootMessageLogger, _taskExecutor, mock(BrokerOptions.class)); - ConfiguredObjectRecoverer<? extends ConfiguredObject> brokerRecoverer = provider.getRecoverer(Broker.class.getSimpleName()); - - Broker broker = (Broker) brokerRecoverer.create(provider, store.getRootEntry()); - - // start broker - broker.setDesiredState(State.INITIALISING, State.ACTIVE); - return broker; - } - - private void stopBroker() - { - _broker.setDesiredState(State.ACTIVE, State.STOPPED); - } - - /** - * QPID-1399 : Ensure that the Authentication manager unregisters any SASL providers created during - * broker start-up. - * - */ - public void testAuthenticationMangerCleansUp() throws Exception - { - - // Get the providers after initialisation - Provider[] providersAfterInitialisation = Security.getProviders(); - - // Find the additions - List<Provider> additions = new LinkedList<Provider>(); - for (Provider afterInit : providersAfterInitialisation) - { - boolean found = false; - for (Provider defaultProvider : _defaultProviders) - { - if (defaultProvider == afterInit) - { - found = true; - break; - } - } - - // Record added registies - if (!found) - { - additions.add(afterInit); - } - } - - assertFalse("No new SASL mechanisms added by initialisation.", additions.isEmpty()); - - // Close the registry which will perform the close the - // AuthenticationManager - stopBroker(); - - // Validate that the SASL plugins have been removed. - Provider[] providersAfterClose = Security.getProviders(); - - assertTrue("No providers unregistered", providersAfterInitialisation.length > providersAfterClose.length); - - // Ensure that the additions are not still present after close(). - for (Provider afterClose : providersAfterClose) - { - assertFalse("Added provider not unregistered", additions.contains(afterClose)); - } - } - -} diff --git a/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java b/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java index b505b361fd..cba6058426 100644 --- a/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java +++ b/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java @@ -28,10 +28,6 @@ import java.io.File; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.security.Principal; -import java.security.Provider; -import java.security.Security; -import java.util.Collections; -import java.util.HashMap; import java.util.List; import java.util.Map; @@ -46,7 +42,6 @@ import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationS import org.apache.qpid.server.security.auth.UsernamePrincipal; import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase; import org.apache.qpid.server.security.auth.database.PrincipalDatabase; -import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser; import org.apache.qpid.server.security.auth.sasl.UsernamePasswordInitialiser; import org.apache.qpid.test.utils.QpidTestCase; @@ -56,6 +51,7 @@ import org.apache.qpid.test.utils.QpidTestCase; */ public class PrincipalDatabaseAuthenticationManagerTest extends QpidTestCase { + private static final String LOCALHOST = "localhost"; private static final String MOCK_MECH_NAME = "MOCK-MECH-NAME"; private static final UsernamePrincipal PRINCIPAL = new UsernamePrincipal("guest"); @@ -92,40 +88,8 @@ public class PrincipalDatabaseAuthenticationManagerTest extends QpidTestCase { _principalDatabase = mock(PrincipalDatabase.class); - AuthenticationProviderInitialiser _mockMechInitialiser = mock(AuthenticationProviderInitialiser.class); - Map<String, AuthenticationProviderInitialiser> _initialisers = Collections.singletonMap(MOCK_MECH_NAME, _mockMechInitialiser); - - when(_principalDatabase.getMechanisms()).thenReturn(_initialisers); - - _manager = new PrincipalDatabaseAuthenticationManager(_principalDatabase, _passwordFileLocation); - _manager.initialise(); - } - - private void setupMocksWithInitialiser() throws Exception - { - _principalDatabase = mock(PrincipalDatabase.class); - - UsernamePasswordInitialiser usernamePasswordInitialiser = new UsernamePasswordInitialiser() - { - @Override - public Class<? extends SaslServerFactory> getServerFactoryClassForJCARegistration() - { - return MySaslServerFactory.class; - } - - @Override - public String getMechanismName() - { - return MOCK_MECH_NAME; - } - }; - - Map<String,AuthenticationProviderInitialiser> initialisers = new HashMap<String, AuthenticationProviderInitialiser>(); - initialisers.put(MOCK_MECH_NAME, usernamePasswordInitialiser); - - when(_principalDatabase.getMechanisms()).thenReturn(initialisers); - - usernamePasswordInitialiser.initialise(_principalDatabase); + when(_principalDatabase.getMechanisms()).thenReturn(MOCK_MECH_NAME); + when(_principalDatabase.createSaslServer(MOCK_MECH_NAME, LOCALHOST, null)).thenReturn(new MySaslServer(false, true)); _manager = new PrincipalDatabaseAuthenticationManager(_principalDatabase, _passwordFileLocation); _manager.initialise(); @@ -175,32 +139,14 @@ public class PrincipalDatabaseAuthenticationManagerTest extends QpidTestCase } /** - * Tests that the PDAM registers SASL mechanisms correctly with the runtime. - */ - public void testRegisteredMechanisms() throws Exception - { - //Ensure we haven't registered anything yet (though this would really indicate a prior test failure!) - Provider qpidProvider = Security.getProvider(AuthenticationManager.PROVIDER_NAME); - assertNull(qpidProvider); - - setupMocksWithInitialiser(); - - assertNotNull(_manager.getMechanisms()); - assertEquals(MOCK_MECH_NAME, _manager.getMechanisms()); - - qpidProvider = Security.getProvider(AuthenticationManager.PROVIDER_NAME); - assertNotNull(qpidProvider); - } - - /** * Tests that the SASL factory method createSaslServer correctly * returns a non-null implementation. */ public void testSaslMechanismCreation() throws Exception { - setupMocksWithInitialiser(); + setupMocks(); - SaslServer server = _manager.createSaslServer(MOCK_MECH_NAME, "localhost", null); + SaslServer server = _manager.createSaslServer(MOCK_MECH_NAME, LOCALHOST, null); assertNotNull(server); // Merely tests the creation of the mechanism. Mechanisms themselves are tested // by their own tests. @@ -280,24 +226,6 @@ public class PrincipalDatabaseAuthenticationManagerTest extends QpidTestCase assertEquals(AuthenticationStatus.CONTINUE, result.getStatus()); } - /** - * Tests the ability to de-register the provider. - */ - public void testClose() throws Exception - { - setupMocksWithInitialiser(); - - assertEquals(MOCK_MECH_NAME, _manager.getMechanisms()); - assertNotNull(Security.getProvider(AuthenticationManager.PROVIDER_NAME)); - - _manager.close(); - - // Check provider has been removed. - assertNull(_manager.getMechanisms()); - assertNull(Security.getProvider(AuthenticationManager.PROVIDER_NAME)); - _manager = null; - } - public void testOnCreate() throws Exception { setupMocks(); diff --git a/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/CRAMMD5HexServerTest.java b/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/CRAMMD5HexServerTest.java index 629e1b4cf5..b3e929dd6c 100644 --- a/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/CRAMMD5HexServerTest.java +++ b/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/CRAMMD5HexServerTest.java @@ -69,7 +69,7 @@ public class CRAMMD5HexServerTest extends TestCase _saslServer = _saslFactory.createSaslServer(CRAMMD5HexSaslServer.MECHANISM, "AMQP", "localhost", - _initializer.getProperties(), + null, _initializer.getCallbackHandler()); assertNotNull("Unable to create saslServer with mechanism type " + CRAMMD5HexSaslServer.MECHANISM, _saslServer); diff --git a/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/TestPrincipalDatabase.java b/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/TestPrincipalDatabase.java index 5e66bc9336..17c63d738c 100644 --- a/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/TestPrincipalDatabase.java +++ b/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/TestPrincipalDatabase.java @@ -21,16 +21,17 @@ package org.apache.qpid.server.security.auth.sasl; -import org.apache.qpid.server.security.auth.database.PrincipalDatabase; - -import javax.security.auth.callback.PasswordCallback; -import javax.security.auth.login.AccountNotFoundException; - import java.io.File; import java.io.IOException; import java.security.Principal; import java.util.List; -import java.util.Map; + +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.login.AccountNotFoundException; +import javax.security.sasl.SaslException; +import javax.security.sasl.SaslServer; + +import org.apache.qpid.server.security.auth.database.PrincipalDatabase; public class TestPrincipalDatabase implements PrincipalDatabase { @@ -47,12 +48,6 @@ public class TestPrincipalDatabase implements PrincipalDatabase return false; } - public Map<String, AuthenticationProviderInitialiser> getMechanisms() - { - // TODO Auto-generated method stub - return null; - } - public Principal getUser(String username) { // TODO Auto-generated method stub @@ -94,4 +89,19 @@ public class TestPrincipalDatabase implements PrincipalDatabase // TODO Auto-generated method stub } + @Override + public String getMechanisms() + { + // TODO Auto-generated method stub + return null; + } + + @Override + public SaslServer createSaslServer(String mechanism, String localFQDN, + Principal externalPrincipal) throws SaslException + { + // TODO Auto-generated method stub + return null; + } + } |