diff options
| author | Robert Godfrey <rgodfrey@apache.org> | 2014-03-08 10:28:33 +0000 |
|---|---|---|
| committer | Robert Godfrey <rgodfrey@apache.org> | 2014-03-08 10:28:33 +0000 |
| commit | c7ed759b025963ad2645b4da7e5b90d104a35948 (patch) | |
| tree | 10ea20c7768eaf0839cf3ba4793a5a6f326bfd16 /qpid/java/broker-core/src | |
| parent | dbc2cf98b3ecbb42eea0fa218faca1f974b25bcb (diff) | |
| download | qpid-python-c7ed759b025963ad2645b4da7e5b90d104a35948.tar.gz | |
QPID-5611 : Ensure the appropriate principals are available at the time of all event logging
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1575506 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/java/broker-core/src')
16 files changed, 127 insertions, 91 deletions
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/Broker.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/Broker.java index 69d3950ce4..ffa1d65ec2 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/Broker.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/Broker.java @@ -86,12 +86,9 @@ public class Broker public void startup(final BrokerOptions options) throws Exception { - Subject subject = SecurityManager.SYSTEM; - subject = new Subject(false, subject.getPrincipals(), subject.getPublicCredentials(), subject.getPrivateCredentials()); - subject.getPrincipals().add(new TaskPrincipal("Broker")); _eventLogger = new EventLogger(new SystemOutMessageLogger()); - Subject.doAs(subject, new PrivilegedExceptionAction<Object>() + Subject.doAs(SecurityManager.getSystemTaskSubject("Broker"), new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception @@ -282,11 +279,7 @@ public class Broker { public void run() { - - Subject subject = SecurityManager.SYSTEM; - subject = new Subject(false, subject.getPrincipals(), subject.getPublicCredentials(), subject.getPrivateCredentials()); - subject.getPrincipals().add(new TaskPrincipal("Shutdown")); - Subject.doAs(subject, new PrivilegedAction<Object>() + Subject.doAs(SecurityManager.getSystemTaskSubject("Shutdown"), new PrivilegedAction<Object>() { @Override public Object run() diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHostMessages.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHostMessages.java index d1a90f0b91..a53927c283 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHostMessages.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHostMessages.java @@ -64,16 +64,21 @@ public class VirtualHostMessages /** * Log a VirtualHost message of the Format: - * <pre>VHT-1002 : Closed</pre> + * <pre>VHT-1002 : Closed : {0}</pre> * Optional values are contained in [square brackets] and are numbered * sequentially in the method call. * */ - public static LogMessage CLOSED() + public static LogMessage CLOSED(String param1) { String rawMessage = _messages.getString("CLOSED"); - final String message = rawMessage; + final Object[] messageArguments = {param1}; + // Create a new MessageFormat to ensure thread safety. + // Sharing a MessageFormat and using applyPattern is not thread safe + MessageFormat formatter = new MessageFormat(rawMessage, _currentLocale); + + final String message = formatter.format(messageArguments); return new LogMessage() { @@ -187,16 +192,21 @@ public class VirtualHostMessages /** * Log a VirtualHost message of the Format: - * <pre>VHT-1005 : Unexpected fatal error</pre> + * <pre>VHT-1005 : {0} Unexpected fatal error</pre> * Optional values are contained in [square brackets] and are numbered * sequentially in the method call. * */ - public static LogMessage ERRORED() + public static LogMessage ERRORED(String param1) { String rawMessage = _messages.getString("ERRORED"); - final String message = rawMessage; + final Object[] messageArguments = {param1}; + // Create a new MessageFormat to ensure thread safety. + // Sharing a MessageFormat and using applyPattern is not thread safe + MessageFormat formatter = new MessageFormat(rawMessage, _currentLocale); + + final String message = formatter.format(messageArguments); return new LogMessage() { diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHost_logmessages.properties b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHost_logmessages.properties index 5695026cbc..8cd15f0120 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHost_logmessages.properties +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/logging/messages/VirtualHost_logmessages.properties @@ -20,9 +20,9 @@ # # 0 - name CREATED = VHT-1001 : Created : {0} -CLOSED = VHT-1002 : Closed +CLOSED = VHT-1002 : Closed : {0} STATS_DATA = VHT-1003 : {0} : {1,choice,0#delivered|1#received} : {2,number,#.###} kB/s peak : {3,number,#} bytes total STATS_MSGS = VHT-1004 : {0} : {1,choice,0#delivered|1#received} : {2,number,#.###} msg/s peak : {3,number,#} msgs total -ERRORED = VHT-1005 : Unexpected fatal error
\ No newline at end of file +ERRORED = VHT-1005 : {0} Unexpected fatal error
\ No newline at end of file diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java index 6a8405649a..05d907e03d 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java @@ -41,7 +41,6 @@ import org.apache.qpid.server.configuration.IllegalConfigurationException; import org.apache.qpid.server.configuration.updater.TaskExecutor; import org.apache.qpid.server.logging.EventLogger; import org.apache.qpid.server.logging.LogRecorder; -import org.apache.qpid.server.logging.MessageLogger; import org.apache.qpid.server.logging.messages.BrokerMessages; import org.apache.qpid.server.model.*; import org.apache.qpid.server.plugin.PreferencesProviderFactory; @@ -477,7 +476,7 @@ public class BrokerAdapter<X extends Broker<X>> extends AbstractConfiguredObject // permission has already been granted to create the virtual host // disable further access check on other operations, e.g. create exchange - Subject.doAs(SecurityManager.SYSTEM, new PrivilegedAction<Object>() + Subject.doAs(SecurityManager.getSubjectWithAddedSystemRights(), new PrivilegedAction<Object>() { @Override public Object run() diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java index 663d177541..181568ea5d 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java @@ -22,6 +22,7 @@ import java.lang.reflect.Type; import java.security.AccessControlException; import java.security.AccessController; import java.security.Principal; +import java.security.PrivilegedAction; import java.util.*; import java.util.concurrent.ConcurrentSkipListSet; import java.util.concurrent.CopyOnWriteArrayList; @@ -55,6 +56,8 @@ import org.apache.qpid.server.message.ServerMessage; import org.apache.qpid.server.protocol.AMQSessionModel; import org.apache.qpid.server.consumer.Consumer; import org.apache.qpid.server.consumer.ConsumerTarget; +import org.apache.qpid.server.security.*; +import org.apache.qpid.server.security.SecurityManager; import org.apache.qpid.server.security.auth.AuthenticatedPrincipal; import org.apache.qpid.server.store.DurableConfigurationStoreHelper; import org.apache.qpid.server.store.StorableMessageMetaData; @@ -985,60 +988,72 @@ public abstract class AbstractQueue _totalMessagesReceived.incrementAndGet(); - QueueEntry entry; + final QueueConsumer<?> exclusiveSub = _exclusiveSubscriber; - entry = _entries.add(message); + final QueueEntry entry = _entries.add(message); if(action != null || (exclusiveSub == null && _queueRunner.isIdle())) { /* - - iterate over consumers and if any is at the end of the queue and can deliver this message, then deliver the message - + * iterate over consumers and if any is at the end of the queue and can deliver this message, + * then deliver the message */ - QueueConsumerList.ConsumerNode node = _consumerList.getMarkedNode(); - QueueConsumerList.ConsumerNode nextNode = node.findNext(); - if (nextNode == null) - { - nextNode = _consumerList.getHead().findNext(); - } - while (nextNode != null) - { - if (_consumerList.updateMarkedNode(node, nextNode)) - { - break; - } - else - { - node = _consumerList.getMarkedNode(); - nextNode = node.findNext(); - if (nextNode == null) - { - nextNode = _consumerList.getHead().findNext(); - } - } - } - - // always do one extra loop after we believe we've finished - // this catches the case where we *just* miss an update - int loops = 2; - - while (entry.isAvailable() && loops != 0) - { - if (nextNode == null) - { - loops--; - nextNode = _consumerList.getHead(); - } - else - { - // if consumer at end, and active, offer - QueueConsumer<?> sub = nextNode.getConsumer(); - deliverToConsumer(sub, entry); - } - nextNode = nextNode.findNext(); - } + Subject.doAs(SecurityManager.getSystemTaskSubject("Immediate Delivery"), + new PrivilegedAction<Object>() + { + @Override + public Object run() + { + + QueueConsumerList.ConsumerNode node = _consumerList.getMarkedNode(); + QueueConsumerList.ConsumerNode nextNode = node.findNext(); + if (nextNode == null) + { + nextNode = _consumerList.getHead().findNext(); + } + while (nextNode != null) + { + if (_consumerList.updateMarkedNode(node, nextNode)) + { + break; + } + else + { + node = _consumerList.getMarkedNode(); + nextNode = node.findNext(); + if (nextNode == null) + { + nextNode = _consumerList.getHead().findNext(); + } + } + } + // always do one extra loop after we believe we've finished + // this catches the case where we *just* miss an update + int loops = 2; + + while (entry.isAvailable() && loops != 0) + { + if (nextNode == null) + { + loops--; + nextNode = _consumerList.getHead(); + } + else + { + // if consumer at end, and active, offer + final QueueConsumer<?> sub = nextNode.getConsumer(); + deliverToConsumer(sub, entry); + + + } + nextNode = nextNode.findNext(); + + } + + return null; + } + }); } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueConsumerImpl.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueConsumerImpl.java index ebddc6318d..645262e227 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueConsumerImpl.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueConsumerImpl.java @@ -92,7 +92,7 @@ class QueueConsumerImpl { public void stateChanged(QueueConsumerImpl sub, State oldState, State newState) { - _eventLogger.message(SubscriptionMessages.STATE(newState.toString())); + _eventLogger.message(QueueConsumerImpl.this, SubscriptionMessages.STATE(newState.toString())); } }; @ManagedAttributeField diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueRunner.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueRunner.java index 4d21e9d23a..f3f644b2f9 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueRunner.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueRunner.java @@ -28,6 +28,8 @@ import java.util.concurrent.atomic.AtomicInteger; import java.util.concurrent.atomic.AtomicLong; import org.apache.log4j.Logger; +import org.apache.qpid.server.security.*; +import org.apache.qpid.server.security.SecurityManager; import org.apache.qpid.server.security.auth.TaskPrincipal; import org.apache.qpid.server.util.ConnectionScopedRuntimeException; import org.apache.qpid.transport.TransportException; @@ -66,10 +68,7 @@ public class QueueRunner implements Runnable { if(_scheduled.compareAndSet(SCHEDULED,RUNNING)) { - Subject subject = new Subject(false, org.apache.qpid.server.security.SecurityManager.SYSTEM.getPrincipals(), Collections - .emptySet(), Collections.emptySet()); - subject.getPrincipals().add(new TaskPrincipal("Queue Delivery")); - Subject.doAs(subject, new PrivilegedAction<Object>() + Subject.doAs(SecurityManager.getSystemTaskSubject("Queue Delivery"), new PrivilegedAction<Object>() { @Override public Object run() diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/SubFlushRunner.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/SubFlushRunner.java index 610c5f8202..73a23cd53e 100755 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/SubFlushRunner.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/SubFlushRunner.java @@ -62,9 +62,7 @@ class SubFlushRunner implements Runnable { if(_scheduled.compareAndSet(SCHEDULED, RUNNING)) { - Subject subject = new Subject(false, SecurityManager.SYSTEM.getPrincipals(), Collections.emptySet(), Collections.emptySet()); - subject.getPrincipals().add(new TaskPrincipal("Sub. Delivery")); - Subject.doAs(subject, new PrivilegedAction<Object>() + Subject.doAs(SecurityManager.getSystemTaskSubject("Sub. Delivery"), new PrivilegedAction<Object>() { @Override public Object run() diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java index e3e2ec272c..6add2cef21 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java @@ -151,10 +151,7 @@ public class ApplicationRegistry implements IApplicationRegistry { _reset = reset; _logger = logger; - _subject = new Subject(false, SecurityManager.SYSTEM.getPrincipals(), Collections.emptySet(), Collections.emptySet()); - _subject.getPrincipals().add(new TaskPrincipal("Statistics")); - _subject.setReadOnly(); - + _subject = SecurityManager.getSystemTaskSubject("Statistics"); } public void run() diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java index ba07fb56a7..c45b7bb2be 100755 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java @@ -34,6 +34,7 @@ import org.apache.qpid.server.security.access.ObjectProperties; import org.apache.qpid.server.security.access.ObjectType; import org.apache.qpid.server.security.access.Operation; import org.apache.qpid.server.security.access.OperationLoggingDetails; +import org.apache.qpid.server.security.auth.TaskPrincipal; import javax.security.auth.Subject; @@ -69,7 +70,7 @@ public class SecurityManager implements ConfigurationChangeListener { private static final Logger _logger = Logger.getLogger(SecurityManager.class); - public static final Subject SYSTEM = new Subject(true, + private static final Subject SYSTEM = new Subject(true, Collections.singleton(new SystemPrincipal()), Collections.emptySet(), Collections.emptySet()); @@ -107,6 +108,31 @@ public class SecurityManager implements ConfigurationChangeListener } } + public static Subject getSubjectWithAddedSystemRights() + { + Subject subject = Subject.getSubject(AccessController.getContext()); + if(subject == null) + { + subject = new Subject(); + } + else + { + subject = new Subject(false, subject.getPrincipals(), subject.getPublicCredentials(), subject.getPrivateCredentials()); + } + subject.getPrincipals().addAll(SYSTEM.getPrincipals()); + subject.setReadOnly(); + return subject; + } + + + public static Subject getSystemTaskSubject(String taskName) + { + Subject subject = new Subject(false, SYSTEM.getPrincipals(), SYSTEM.getPublicCredentials(), SYSTEM.getPrivateCredentials()); + subject.getPrincipals().add(new TaskPrincipal(taskName)); + subject.setReadOnly(); + return subject; + } + private void configureVirtualHostAclPlugin(String aclFile, String vhostName) { if(aclFile != null) diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java index 650abd360c..a4719f6058 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java @@ -714,7 +714,7 @@ public abstract class AbstractVirtualHost implements VirtualHost, IConnectionReg _state = State.STOPPED; - _eventLogger.message(VirtualHostMessages.CLOSED()); + _eventLogger.message(VirtualHostMessages.CLOSED(getName())); } protected void closeStorage() @@ -921,7 +921,7 @@ public abstract class AbstractVirtualHost implements VirtualHost, IConnectionReg { if (state == State.ERRORED) { - _eventLogger.message(VirtualHostMessages.ERRORED()); + _eventLogger.message(VirtualHostMessages.ERRORED(getName())); } } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/HouseKeepingTask.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/HouseKeepingTask.java index 83ef437410..6e5ac79559 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/HouseKeepingTask.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/HouseKeepingTask.java @@ -22,6 +22,8 @@ package org.apache.qpid.server.virtualhost; import org.apache.log4j.Logger; +import org.apache.qpid.server.security.*; +import org.apache.qpid.server.security.SecurityManager; import org.apache.qpid.server.security.auth.TaskPrincipal; import javax.security.auth.Subject; @@ -42,11 +44,7 @@ public abstract class HouseKeepingTask implements Runnable { _virtualHost = vhost; _name = _virtualHost.getName() + ":" + this.getClass().getSimpleName(); - _subject = new Subject(false, org.apache.qpid.server.security.SecurityManager.SYSTEM.getPrincipals(), Collections - .emptySet(), Collections.emptySet()); - _subject.getPrincipals().add(new TaskPrincipal(_name)); - _subject.setReadOnly(); - + _subject = SecurityManager.getSystemTaskSubject(_name); } final public void run() diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/KeyStoreRecovererTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/KeyStoreRecovererTest.java index 1a204292b7..55dc225326 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/KeyStoreRecovererTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/KeyStoreRecovererTest.java @@ -63,7 +63,7 @@ public class KeyStoreRecovererTest extends TestCase assertEquals(id, keyStore.getId()); //verify we can retrieve the actual password using the method - Subject.doAs(SecurityManager.SYSTEM, new PrivilegedAction<Object>() + Subject.doAs(SecurityManager.getSubjectWithAddedSystemRights(), new PrivilegedAction<Object>() { @Override public Object run() diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/TrustStoreRecovererTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/TrustStoreRecovererTest.java index 6ba53007dd..5e0ce9dbc4 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/TrustStoreRecovererTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/TrustStoreRecovererTest.java @@ -59,7 +59,7 @@ public class TrustStoreRecovererTest extends QpidTestCase assertNotNull("Trust store configured object is not created", trustStore); assertEquals(id, trustStore.getId()); - Subject.doAs(SecurityManager.SYSTEM, new PrivilegedAction<Object>() + Subject.doAs(SecurityManager.getSubjectWithAddedSystemRights(), new PrivilegedAction<Object>() { @Override public Object run() diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/logging/messages/VirtualHostMessagesTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/logging/messages/VirtualHostMessagesTest.java index c1068b4a0b..5a272ff481 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/logging/messages/VirtualHostMessagesTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/logging/messages/VirtualHostMessagesTest.java @@ -40,10 +40,11 @@ public class VirtualHostMessagesTest extends AbstractTestMessages public void testVirtualhostClosed() { - _logMessage = VirtualHostMessages.CLOSED(); + String name = "test"; + _logMessage = VirtualHostMessages.CLOSED(name); List<Object> log = performLog(); - String[] expected = {"Closed"}; + String[] expected = {"Closed :", name}; validateLogMessage(log, "VHT-1002", expected); } diff --git a/qpid/java/broker-core/src/velocity/templates/org/apache/qpid/server/logging/messages/LogMessages.vm b/qpid/java/broker-core/src/velocity/templates/org/apache/qpid/server/logging/messages/LogMessages.vm index 803c2151da..6a97f7facd 100644 --- a/qpid/java/broker-core/src/velocity/templates/org/apache/qpid/server/logging/messages/LogMessages.vm +++ b/qpid/java/broker-core/src/velocity/templates/org/apache/qpid/server/logging/messages/LogMessages.vm @@ -20,7 +20,7 @@ */ package ${package}; -import static org.apache.qpid.server.logging.AbstractRootMessageLogger.DEFAULT_LOG_HIERARCHY_PREFIX; +import static org.apache.qpid.server.logging.AbstractMessageLogger.DEFAULT_LOG_HIERARCHY_PREFIX; import org.apache.log4j.Logger; import org.apache.qpid.server.configuration.BrokerProperties; |