From 5e8965d59c1fe8cf80ce34862ddad3d3a861f83a Mon Sep 17 00:00:00 2001 From: Alex Rudyy Date: Wed, 20 Mar 2013 17:07:58 +0000 Subject: QPID-4661: Add UI into java broker web management console to edit broker attributes git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1458956 13f79535-47bb-0310-9956-ffa450edef68 --- .../adapter/AuthenticationProviderAdapter.java | 2 +- .../qpid/server/model/adapter/BrokerAdapter.java | 136 +++++++++++++++++++-- 2 files changed, 125 insertions(+), 13 deletions(-) (limited to 'java/broker') diff --git a/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java b/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java index 16c6cb7e5e..1323655f3c 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java +++ b/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java @@ -198,7 +198,7 @@ public abstract class AuthenticationProviderAdapter Collection getChildren(Class clazz) { - return null; + return Collections.emptySet(); } @Override diff --git a/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java b/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java index 1492982708..1b894b1232 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java +++ b/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java @@ -24,6 +24,7 @@ import java.lang.reflect.Type; import java.net.InetSocketAddress; import java.net.SocketAddress; import java.security.AccessControlException; +import java.security.KeyStoreException; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -32,6 +33,7 @@ import java.util.Map; import java.util.UUID; import javax.net.ssl.KeyManagerFactory; +import java.security.cert.Certificate; import org.apache.log4j.Logger; import org.apache.qpid.common.QpidProperties; @@ -66,6 +68,7 @@ import org.apache.qpid.server.stats.StatisticsGatherer; import org.apache.qpid.server.store.MessageStoreCreator; import org.apache.qpid.server.util.MapValueConverter; import org.apache.qpid.server.virtualhost.VirtualHostRegistry; +import org.apache.qpid.transport.network.security.ssl.SSLUtil; public class BrokerAdapter extends AbstractAdapter implements Broker, ConfigurationChangeListener { @@ -146,7 +149,10 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat put(Broker.NAME, DEFAULT_NAME); }}); - + private String[] POSITIVE_NUMERIC_ATTRIBUTES = { ALERT_THRESHOLD_MESSAGE_AGE, ALERT_THRESHOLD_MESSAGE_COUNT, + ALERT_THRESHOLD_QUEUE_DEPTH, ALERT_THRESHOLD_MESSAGE_SIZE, ALERT_REPEAT_GAP, FLOW_CONTROL_SIZE_BYTES, + FLOW_CONTROL_RESUME_SIZE_BYTES, MAXIMUM_DELIVERY_ATTEMPTS, HOUSEKEEPING_CHECK_PERIOD, SESSION_COUNT_LIMIT, + HEART_BEAT_DELAY, STATISTICS_REPORTING_PERIOD }; private final StatisticsGatherer _statisticsGatherer; @@ -674,17 +680,13 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat { return _authenticationProviderFactory.getSupportedAuthenticationProviders(); } - else if (DEFAULT_AUTHENTICATION_PROVIDER.equals(name)) - { - return _defaultAuthenticationProvider == null ? null : _defaultAuthenticationProvider.getName(); - } - else if (KEY_STORE_PASSWORD.equals(name)) + else if (KEY_STORE_PASSWORD.equals(name) || TRUST_STORE_PASSWORD.equals(name) || PEER_STORE_PASSWORD.equals(name)) { - return DUMMY_PASSWORD_MASK; - } - else if (TRUST_STORE_PASSWORD.equals(name)) - { - return DUMMY_PASSWORD_MASK; + if (getActualAttributes().get(name) != null) + { + return DUMMY_PASSWORD_MASK; + } + return null; } return super.getAttribute(name); } @@ -990,6 +992,116 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat @Override protected void changeAttributes(Map attributes) { - super.changeAttributes(MapValueConverter.convert(attributes, ATTRIBUTE_TYPES)); + //TODO: Add ACL check + //TODO: Add management mode check + Map convertedAttributes = MapValueConverter.convert(attributes, ATTRIBUTE_TYPES); + validateAttributes(convertedAttributes); + super.changeAttributes(convertedAttributes); + } + + private void validateAttributes(Map convertedAttributes) + { + String aclFile = (String) convertedAttributes.get(ACL_FILE); + if (aclFile != null) + { + // create a security manager to validate the ACL specified in file + new SecurityManager(aclFile); + } + String groupFile = (String) convertedAttributes.get(GROUP_FILE); + if (groupFile != null) + { + // create a group manager to validate the groups specified in file + new FileGroupManager(groupFile); + } + validateKeyStoreAttributes(convertedAttributes, "key store", KEY_STORE_PATH, KEY_STORE_PASSWORD, KEY_STORE_CERT_ALIAS); + validateKeyStoreAttributes(convertedAttributes, "trust store", TRUST_STORE_PATH, TRUST_STORE_PASSWORD, null); + validateKeyStoreAttributes(convertedAttributes, "peer store", PEER_STORE_PATH, PEER_STORE_PASSWORD, null); + String defaultAuthenticationProvider = (String) convertedAttributes.get(DEFAULT_AUTHENTICATION_PROVIDER); + if (defaultAuthenticationProvider != null) + { + AuthenticationProvider provider = getAuthenticationProviderByName(defaultAuthenticationProvider); + if (provider == null) + { + throw new IllegalConfigurationException("Authentication provider with name " + defaultAuthenticationProvider + + " canot be set as a default as it does not exist"); + } + } + String defaultVirtualHost = (String) convertedAttributes.get(DEFAULT_VIRTUAL_HOST); + if (defaultVirtualHost != null) + { + VirtualHost foundHost = findVirtualHostByName(defaultVirtualHost); + if (foundHost == null) + { + throw new IllegalConfigurationException("Virtual host with name " + defaultVirtualHost + + " cannot be set as a default as it does not exist"); + } + } + Long queueFlowControlSize = (Long) convertedAttributes.get(FLOW_CONTROL_SIZE_BYTES); + if (queueFlowControlSize != null && queueFlowControlSize > 0) + { + Long queueFlowControlResumeSize = (Long) convertedAttributes.get(FLOW_CONTROL_RESUME_SIZE_BYTES); + if (queueFlowControlResumeSize == null) + { + throw new IllegalConfigurationException("Flow control resume size attribute is not specified with flow control size attribute"); + } + if (queueFlowControlResumeSize >= queueFlowControlSize) + { + throw new IllegalConfigurationException("Flow control resume size should be less then flow control size"); + } + } + for (String attributeName : POSITIVE_NUMERIC_ATTRIBUTES) + { + Number value = (Number) convertedAttributes.get(attributeName); + if (value != null && value.longValue() < 0) + { + throw new IllegalConfigurationException("Only positive integer value can be specified for the attribute " + + attributeName); + } + } + } + + private void validateKeyStoreAttributes(Map convertedAttributes, String type, String pathAttribute, + String passwordAttribute, String aliasAttribute) + { + String keyStoreFile = (String) convertedAttributes.get(pathAttribute); + if (keyStoreFile != null) + { + String password = (String) convertedAttributes.get(passwordAttribute); + if (password == null) + { + password = (String) getActualAttributes().get(passwordAttribute); + } + java.security.KeyStore keyStore = null; + try + { + keyStore = SSLUtil.getInitializedKeyStore(keyStoreFile, password, java.security.KeyStore.getDefaultType()); + } + catch (Exception e) + { + throw new IllegalConfigurationException("Cannot instantiate " + type + " at " + keyStoreFile, e); + } + if (aliasAttribute != null) + { + String alias = (String) convertedAttributes.get(aliasAttribute); + if (alias != null) + { + Certificate cert = null; + try + { + cert = keyStore.getCertificate(alias); + } + catch (KeyStoreException e) + { + // key store should be initialized above + throw new RuntimeException("Key store has not been initialized", e); + } + if (cert == null) + { + throw new IllegalConfigurationException("Cannot find a certificate with alias " + alias + "in " + type + + " : " + keyStoreFile); + } + } + } + } } } -- cgit v1.2.1