QPID-4753: move ACL config from broker attribute to a top level entity

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1469937 13f79535-47bb-0310-9956-ffa450edef68

4 files changed, 116 insertions, 49 deletions

diff --git a/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java b/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java
index 6f7885da94..451b1f9c40 100644
--- a/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java
+++ b/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java
@@ -29,6 +29,7 @@ import javax.security.auth.Subject;
 import org.apache.commons.configuration.ConfigurationException;
 import org.apache.commons.lang.ObjectUtils;
 import org.apache.log4j.Logger;
+import org.apache.qpid.server.configuration.IllegalConfigurationException;
 import org.apache.qpid.server.security.Result;
 import org.apache.qpid.server.security.SecurityManager;
 import org.apache.qpid.server.security.AccessControl;
@@ -44,6 +45,7 @@ public class DefaultAccessControl implements AccessControl
     private static final Logger _logger = Logger.getLogger(DefaultAccessControl.class);
 
     private RuleSet _ruleSet;
+    private File _aclFile;
 
     public DefaultAccessControl(String fileName)
     {
@@ -51,10 +53,8 @@ public class DefaultAccessControl implements AccessControl
         {
             _logger.debug("Creating AccessControl instance using file: " + fileName);
         }
-        File aclFile = new File(fileName);
 
-        ConfigurationFile configFile = new PlainConfiguration(aclFile);
-        _ruleSet = configFile.load();
+        _aclFile = new File(fileName);
     }
 
     DefaultAccessControl(RuleSet rs) throws ConfigurationException
@@ -62,6 +62,45 @@ public class DefaultAccessControl implements AccessControl
         _ruleSet = rs;
     }
 
+    public void open()
+    {
+        if(_aclFile != null)
+        {
+            if (!_aclFile.exists())
+            {
+                throw new IllegalConfigurationException("ACL file '" + _aclFile + "' is not found");
+            }
+
+            ConfigurationFile configFile = new PlainConfiguration(_aclFile);
+            _ruleSet = configFile.load();
+        }
+    }
+
+    @Override
+    public void close()
+    {
+        //no-op
+    }
+
+    @Override
+    public void onDelete()
+    {
+        //no-op
+    }
+
+    @Override
+    public void onCreate()
+    {
+        //verify file exists
+        if(_aclFile != null)
+        {
+            if (!_aclFile.exists())
+            {
+                throw new IllegalConfigurationException("ACL file '" + _aclFile + "' is not found");
+            }
+        }
+    }
+
     public Result getDefault()
     {
         return _ruleSet.getDefault();
@@ -119,4 +158,5 @@ public class DefaultAccessControl implements AccessControl
             return Result.DENIED;
         }
     }
+
 }
diff --git a/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactory.java b/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactory.java
index a3d7823caf..f4e041a8d2 100644
--- a/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactory.java
+++ b/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactory.java
@@ -20,40 +20,60 @@
  */
 package org.apache.qpid.server.security.access.plugins;
 
-import java.io.File;
+import static org.apache.qpid.server.security.access.FileAccessControlProviderConstants.ACL_FILE_PROVIDER_TYPE;
+import static org.apache.qpid.server.security.access.FileAccessControlProviderConstants.PATH;
+import static org.apache.qpid.server.util.MapValueConverter.getStringAttribute;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
 import java.util.Map;
 
 import org.apache.qpid.server.configuration.IllegalConfigurationException;
 import org.apache.qpid.server.plugin.AccessControlFactory;
 import org.apache.qpid.server.security.AccessControl;
+import org.apache.qpid.server.util.ResourceBundleLoader;
 
 public class DefaultAccessControlFactory implements AccessControlFactory
 {
-    public static final String ATTRIBUTE_ACL_FILE = "aclFile";
+    public static final String RESOURCE_BUNDLE = "org.apache.qpid.server.security.access.plugins.FileAccessControlProviderAttributeDescriptions";
+
+    public static final Collection<String> ATTRIBUTES = Collections.<String> unmodifiableList(Arrays.asList(
+            ATTRIBUTE_TYPE,
+            PATH
+            ));
 
-    public AccessControl createInstance(Map<String, Object> aclConfiguration)
+    public AccessControl createInstance(Map<String, Object> attributes)
     {
-        if (aclConfiguration != null)
+        if(attributes == null || !ACL_FILE_PROVIDER_TYPE.equals(attributes.get(ATTRIBUTE_TYPE)))
+        {
+            return null;
+        }
+
+        String path =  getStringAttribute(PATH, attributes, null);
+        if (path == null || "".equals(path.trim()))
         {
-            Object aclFile = aclConfiguration.get(ATTRIBUTE_ACL_FILE);
-            if (aclFile != null)
-            {
-                if (aclFile instanceof String)
-                {
-                    String aclPath = (String) aclFile;
-                    if (!new File(aclPath).exists())
-                    {
-                        throw new IllegalConfigurationException("ACL file '" + aclPath + "' is not found");
-                    }
-                    return new DefaultAccessControl(aclPath);
-                }
-                else
-                {
-                    throw new IllegalConfigurationException("Expected '" + ATTRIBUTE_ACL_FILE + "' attribute value of type String but was " + aclFile.getClass()
-                            + ": " + aclFile);
-                }
-            }
+            throw new IllegalConfigurationException("Path to ACL was not specified!");
         }
-        return null;
+
+        return new DefaultAccessControl(path);
+    }
+
+    @Override
+    public String getType()
+    {
+        return ACL_FILE_PROVIDER_TYPE;
+    }
+
+    @Override
+    public Collection<String> getAttributeNames()
+    {
+        return ATTRIBUTES;
+    }
+
+    @Override
+    public Map<String, String> getAttributeDescriptions()
+    {
+        return ResourceBundleLoader.getResources(RESOURCE_BUNDLE);
     }
 }
diff --git a/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/FileAccessControlProviderAttributeDescriptions.properties b/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/FileAccessControlProviderAttributeDescriptions.properties
new file mode 100644
index 0000000000..e847e90f57
--- /dev/null
+++ b/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/FileAccessControlProviderAttributeDescriptions.properties
@@ -0,0 +1,19 @@
+#
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License.
+
+path=File location*
\ No newline at end of file
diff --git a/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactoryTest.java b/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactoryTest.java
index ca1f19098f..2c55652f04 100644
--- a/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactoryTest.java
+++ b/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactoryTest.java
@@ -6,7 +6,9 @@ import java.util.Map;
 import java.util.regex.Pattern;
 
 import org.apache.qpid.server.configuration.IllegalConfigurationException;
+import org.apache.qpid.server.model.GroupProvider;
 import org.apache.qpid.server.security.AccessControl;
+import org.apache.qpid.server.security.access.FileAccessControlProviderConstants;
 import org.apache.qpid.test.utils.QpidTestCase;
 import org.apache.qpid.test.utils.TestFileUtils;
 
@@ -25,8 +27,10 @@ public class DefaultAccessControlFactoryTest extends QpidTestCase
         File aclFile = TestFileUtils.createTempFile(this, ".acl", "ACL ALLOW all all");
         DefaultAccessControlFactory factory = new DefaultAccessControlFactory();
         Map<String, Object> attributes = new HashMap<String, Object>();
-        attributes.put(DefaultAccessControlFactory.ATTRIBUTE_ACL_FILE, aclFile.getAbsolutePath());
+        attributes.put(GroupProvider.TYPE, FileAccessControlProviderConstants.ACL_FILE_PROVIDER_TYPE);
+        attributes.put(FileAccessControlProviderConstants.PATH, aclFile.getAbsolutePath());
         AccessControl acl = factory.createInstance(attributes);
+        acl.open();
 
         assertNotNull("ACL was not created from acl file: " + aclFile.getAbsolutePath(), acl);
     }
@@ -37,33 +41,17 @@ public class DefaultAccessControlFactoryTest extends QpidTestCase
         assertFalse("ACL file " + aclFile.getAbsolutePath() + " actually exists but should not", aclFile.exists());
         DefaultAccessControlFactory factory = new DefaultAccessControlFactory();
         Map<String, Object> attributes = new HashMap<String, Object>();
-        attributes.put(DefaultAccessControlFactory.ATTRIBUTE_ACL_FILE, aclFile.getAbsolutePath());
+        attributes.put(GroupProvider.TYPE, FileAccessControlProviderConstants.ACL_FILE_PROVIDER_TYPE);
+        attributes.put(FileAccessControlProviderConstants.PATH, aclFile.getAbsolutePath());
         try
         {
-            factory.createInstance(attributes);
-            fail("It should not be possible to create ACL from non existing file");
+            AccessControl control = factory.createInstance(attributes);
+            control.open();
+            fail("It should not be possible to create and initialise ACL with non existing file");
         }
         catch (IllegalConfigurationException e)
         {
-            assertTrue("Unexpected exception message", Pattern.matches("ACL file '.*' is not found", e.getMessage()));
-        }
-    }
-
-    public void testCreateInstanceWhenAclFileIsSpecifiedAsNonString()
-    {
-        DefaultAccessControlFactory factory = new DefaultAccessControlFactory();
-        Map<String, Object> attributes = new HashMap<String, Object>();
-        Integer aclFile = new Integer(0);
-        attributes.put(DefaultAccessControlFactory.ATTRIBUTE_ACL_FILE, aclFile);
-        try
-        {
-            factory.createInstance(attributes);
-            fail("It should not be possible to create ACL from Integer");
-        }
-        catch (IllegalConfigurationException e)
-        {
-            assertEquals("Unexpected exception message", "Expected '" + DefaultAccessControlFactory.ATTRIBUTE_ACL_FILE
-                    + "' attribute value of type String but was " + Integer.class + ": " + aclFile, e.getMessage());
+            assertTrue("Unexpected exception message: " + e.getMessage(), Pattern.matches("ACL file '.*' is not found", e.getMessage()));
         }
     }
 }