From 5ff6cecfde7c56686e6b9376084fe9b025a1b29a Mon Sep 17 00:00:00 2001 From: Robert Gemmell Date: Fri, 15 Jul 2011 08:55:58 +0000 Subject: QPID-3283: make Authentication Manager pluggable. Refactors AuthenticationManager and collaborators to allow of AuthenticationManager to be plugged in from the configuration XML. Change PrincipalDatabaseAuthenticationManager to become a pluggable implementation. This change removes support for the element within the config.xml. Existing use-cases are supported by the new element which enables use of the PDAM implementation. Also resolves QPID-1347. Applied patch by Keith Wall git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1147036 13f79535-47bb-0310-9956-ffa450edef68 --- .../security/access/FirewallConfigurationTest.java | 15 +- java/broker/etc/access | 19 -- java/broker/etc/config.xml | 6 +- java/broker/etc/passwdVhost | 19 -- .../server/configuration/ServerConfiguration.java | 29 +- .../org/apache/qpid/server/plugins/Plugin.java | 2 +- .../apache/qpid/server/plugins/PluginManager.java | 38 ++- .../qpid/server/registry/ApplicationRegistry.java | 71 +++-- .../qpid/server/registry/IApplicationRegistry.java | 3 - .../ConfigurationFilePrincipalDatabaseManager.java | 190 ----------- .../auth/database/PrincipalDatabaseManager.java | 35 --- .../PropertiesPrincipalDatabaseManager.java | 49 --- .../auth/manager/AuthenticationManager.java | 24 +- .../AuthenticationManagerPluginFactory.java | 32 ++ .../PrincipalDatabaseAuthenticationManager.java | 346 +++++++++++++++++---- .../sasl/AuthenticationProviderInitialiser.java | 21 -- .../qpid/server/virtualhost/VirtualHostImpl.java | 1 - .../configuration/ServerConfigurationTest.java | 113 ++----- ...PrincipalDatabaseAuthenticationManagerTest.java | 143 ++++++++- .../auth/rmi/RMIPasswordAuthenticatorTest.java | 12 +- .../qpid/server/util/TestApplicationRegistry.java | 45 ++- ...config-systests-ServerConfigurationTest-New.xml | 73 ----- ...config-systests-ServerConfigurationTest-Old.xml | 88 ------ java/systests/etc/config-systests-firewall-2.xml | 6 +- java/systests/etc/config-systests-firewall-3.xml | 6 +- .../virtualhosts-ServerConfigurationTest-New.xml | 45 --- 26 files changed, 667 insertions(+), 764 deletions(-) delete mode 100644 java/broker/etc/access delete mode 100644 java/broker/etc/passwdVhost delete mode 100644 java/broker/src/main/java/org/apache/qpid/server/security/auth/database/ConfigurationFilePrincipalDatabaseManager.java delete mode 100644 java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabaseManager.java delete mode 100644 java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PropertiesPrincipalDatabaseManager.java create mode 100644 java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerPluginFactory.java delete mode 100644 java/systests/etc/config-systests-ServerConfigurationTest-New.xml delete mode 100644 java/systests/etc/config-systests-ServerConfigurationTest-Old.xml delete mode 100644 java/systests/etc/virtualhosts-ServerConfigurationTest-New.xml (limited to 'java') diff --git a/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java b/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java index 24b8bbe36c..e078675efc 100644 --- a/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java +++ b/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java @@ -80,9 +80,8 @@ public class FirewallConfigurationTest extends QpidTestCase out.write("\t${QPID_WORK}/cache\n"); out.write("\tfalse\n"); out.write("\t\n"); - out.write("\t\t\n"); + out.write("\t\t\n"); out.write("\t\t\t\n"); - out.write("\t\t\t\tpasswordfile\n"); out.write("\t\t\t\torg.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase\n"); out.write("\t\t\t\t\n"); out.write("\t\t\t\t\t\n"); @@ -91,7 +90,7 @@ public class FirewallConfigurationTest extends QpidTestCase out.write("\t\t\t\t\t\n"); out.write("\t\t\t\t\n"); out.write("\t\t\t\n"); - out.write("\t\t\n"); + out.write("\t\t\n"); out.write("\t\t\n"); out.write("\t\t\t"); out.write("\t\t\n"); @@ -163,9 +162,8 @@ public class FirewallConfigurationTest extends QpidTestCase out.write("\t${QPID_HOME}/lib/plugins\n"); out.write("\tfalse\n"); out.write("\t\n"); - out.write("\t\t\n"); + out.write("\t\t\n"); out.write("\t\t\t\n"); - out.write("\t\t\t\tpasswordfile\n"); out.write("\t\t\t\torg.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase\n"); out.write("\t\t\t\t\n"); out.write("\t\t\t\t\t\n"); @@ -174,7 +172,7 @@ public class FirewallConfigurationTest extends QpidTestCase out.write("\t\t\t\t\t\n"); out.write("\t\t\t\t\n"); out.write("\t\t\t\n"); - out.write("\t\t\n"); + out.write("\t\t\n"); out.write("\t\t\n"); out.write("\t\t\t"); out.write("\t\t\n"); @@ -262,9 +260,8 @@ public class FirewallConfigurationTest extends QpidTestCase out.write("\t${QPID_HOME}/lib/plugins\n"); out.write("\tfalse\n"); out.write("\t\n"); - out.write("\t\t\n"); + out.write("\t\t\n"); out.write("\t\t\t\n"); - out.write("\t\t\t\tpasswordfile\n"); out.write("\t\t\t\torg.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase\n"); out.write("\t\t\t\t\n"); out.write("\t\t\t\t\t\n"); @@ -273,7 +270,7 @@ public class FirewallConfigurationTest extends QpidTestCase out.write("\t\t\t\t\t\n"); out.write("\t\t\t\t\n"); out.write("\t\t\t\n"); - out.write("\t\t\n"); + out.write("\t\t\n"); out.write("\t\t\n"); out.write("\t\t\t"); out.write("\t\t\n"); diff --git a/java/broker/etc/access b/java/broker/etc/access deleted file mode 100644 index 58b7443fa9..0000000000 --- a/java/broker/etc/access +++ /dev/null @@ -1,19 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -guest:localhost(rw),test(rw) \ No newline at end of file diff --git a/java/broker/etc/config.xml b/java/broker/etc/config.xml index f4758d77a8..61f1c832b1 100644 --- a/java/broker/etc/config.xml +++ b/java/broker/etc/config.xml @@ -62,10 +62,8 @@ - - + - passwordfile org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase @@ -74,7 +72,7 @@ - + diff --git a/java/broker/etc/passwdVhost b/java/broker/etc/passwdVhost deleted file mode 100644 index 48ce8299b6..0000000000 --- a/java/broker/etc/passwdVhost +++ /dev/null @@ -1,19 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -guest:guest:localhost,test diff --git a/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java b/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java index 14de7c1723..0621b87f0a 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java +++ b/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java @@ -217,6 +217,13 @@ public class ServerConfiguration extends ConfigurationPlugin implements SignalHa + (_configFile == null ? "" : " Configuration file : " + _configFile); throw new ConfigurationException(message); } + + if (getListValue("security.principal-databases.principal-database(0).class").size() > 0) + { + String message = "Validation error : security/principal-databases is no longer supported within the configuration xml." + + (_configFile == null ? "" : " Configuration file : " + _configFile); + throw new ConfigurationException(message); + } } /* @@ -514,28 +521,6 @@ public class ServerConfiguration extends ConfigurationPlugin implements SignalHa _virtualHosts.put(config.getName(), config); } - public List getPrincipalDatabaseNames() - { - return getListValue("security.principal-databases.principal-database.name"); - } - - public List getPrincipalDatabaseClass() - { - return getListValue("security.principal-databases.principal-database.class"); - } - - public List getPrincipalDatabaseAttributeNames(int index) - { - String name = "security.principal-databases.principal-database(" + index + ")." + "attributes.attribute.name"; - return getListValue(name); - } - - public List getPrincipalDatabaseAttributeValues(int index) - { - String name = "security.principal-databases.principal-database(" + index + ")." + "attributes.attribute.value"; - return getListValue(name); - } - public int getFrameSize() { return getIntValue("advanced.framesize", DEFAULT_FRAME_SIZE); diff --git a/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java b/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java index e7f9983fff..804a9d5027 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java +++ b/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java @@ -27,5 +27,5 @@ public interface Plugin /** * Provide Configuration to this plugin */ - public void configure(ConfigurationPlugin config); + public void configure(ConfigurationPlugin config) throws ConfigurationException; } diff --git a/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java b/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java index 4e40305dbb..c8a7b56ccb 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java +++ b/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java @@ -18,8 +18,16 @@ */ package org.apache.qpid.server.plugins; -import static org.apache.felix.framework.util.FelixConstants.*; -import static org.apache.felix.main.AutoProcessor.*; +import static org.apache.felix.framework.util.FelixConstants.SYSTEMBUNDLE_ACTIVATORS_PROP; +import static org.apache.felix.main.AutoProcessor.AUTO_DEPLOY_ACTION_PROPERY; +import static org.apache.felix.main.AutoProcessor.AUTO_DEPLOY_DIR_PROPERY; +import static org.apache.felix.main.AutoProcessor.AUTO_DEPLOY_INSTALL_VALUE; +import static org.apache.felix.main.AutoProcessor.AUTO_DEPLOY_START_VALUE; +import static org.apache.felix.main.AutoProcessor.process; +import static org.osgi.framework.Constants.FRAMEWORK_STORAGE; +import static org.osgi.framework.Constants.FRAMEWORK_STORAGE_CLEAN; +import static org.osgi.framework.Constants.FRAMEWORK_STORAGE_CLEAN_ONFIRSTINIT; +import static org.osgi.framework.Constants.FRAMEWORK_SYSTEMPACKAGES; import java.io.File; import java.util.ArrayList; @@ -35,18 +43,20 @@ import org.apache.felix.framework.util.StringMap; import org.apache.log4j.Logger; import org.apache.qpid.common.Closeable; import org.apache.qpid.server.configuration.TopicConfiguration; +import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory; import org.apache.qpid.server.configuration.plugins.SlowConsumerDetectionConfiguration.SlowConsumerDetectionConfigurationFactory; import org.apache.qpid.server.configuration.plugins.SlowConsumerDetectionPolicyConfiguration.SlowConsumerDetectionPolicyConfigurationFactory; import org.apache.qpid.server.configuration.plugins.SlowConsumerDetectionQueueConfiguration.SlowConsumerDetectionQueueConfigurationFactory; -import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory; import org.apache.qpid.server.exchange.ExchangeType; import org.apache.qpid.server.security.SecurityManager; import org.apache.qpid.server.security.SecurityPluginFactory; import org.apache.qpid.server.security.access.plugins.AllowAll; import org.apache.qpid.server.security.access.plugins.DenyAll; import org.apache.qpid.server.security.access.plugins.LegacyAccess; -import org.apache.qpid.server.virtualhost.plugins.VirtualHostPluginFactory; +import org.apache.qpid.server.security.auth.manager.AuthenticationManagerPluginFactory; +import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager; import org.apache.qpid.server.virtualhost.plugins.SlowConsumerDetection; +import org.apache.qpid.server.virtualhost.plugins.VirtualHostPluginFactory; import org.apache.qpid.server.virtualhost.plugins.policies.TopicDeletePolicy; import org.apache.qpid.slowconsumerdetection.policies.SlowConsumerPolicyPluginFactory; import org.osgi.framework.BundleActivator; @@ -72,6 +82,7 @@ public class PluginManager implements Closeable private ServiceTracker _configTracker = null; private ServiceTracker _virtualHostTracker = null; private ServiceTracker _policyTracker = null; + private ServiceTracker _authenticationManagerTracker = null; private Activator _activator; @@ -79,6 +90,7 @@ public class PluginManager implements Closeable private Map, ConfigurationPluginFactory> _configPlugins = new IdentityHashMap, ConfigurationPluginFactory>(); private Map _vhostPlugins = new HashMap(); private Map _policyPlugins = new HashMap(); + private Map> _authenticationManagerPlugins = new HashMap>(); public PluginManager(String pluginPath, String cachePath) throws Exception { @@ -97,7 +109,8 @@ public class PluginManager implements Closeable LegacyAccess.LegacyAccessConfiguration.FACTORY, new SlowConsumerDetectionConfigurationFactory(), new SlowConsumerDetectionPolicyConfigurationFactory(), - new SlowConsumerDetectionQueueConfigurationFactory())) + new SlowConsumerDetectionQueueConfigurationFactory(), + PrincipalDatabaseAuthenticationManager.PrincipalDatabaseAuthenticationManagerConfiguration.FACTORY)) { _configPlugins.put(configFactory.getParentPaths(), configFactory); } @@ -112,6 +125,12 @@ public class PluginManager implements Closeable _vhostPlugins.put(pluginFactory.getClass().getName(), pluginFactory); } + for (AuthenticationManagerPluginFactory pluginFactory : Arrays.asList( + PrincipalDatabaseAuthenticationManager.FACTORY)) + { + _authenticationManagerPlugins.put(pluginFactory.getPluginName(), pluginFactory); + } + // Check the plugin directory path is set and exist if (pluginPath == null) { @@ -232,6 +251,9 @@ public class PluginManager implements Closeable _policyTracker = new ServiceTracker(_activator.getContext(), SlowConsumerPolicyPluginFactory.class.getName(), null); _policyTracker.open(); + _authenticationManagerTracker = new ServiceTracker(_activator.getContext(), AuthenticationManagerPluginFactory.class.getName(), null); + _authenticationManagerTracker.open(); + _logger.info("Opened service trackers"); } @@ -302,6 +324,11 @@ public class PluginManager implements Closeable return getServices(_securityTracker, _securityPlugins); } + public Map> getAuthenticationManagerPlugins() + { + return getServices(_authenticationManagerTracker, _authenticationManagerPlugins); + } + public void close() { if (_felix != null) @@ -314,6 +341,7 @@ public class PluginManager implements Closeable _configTracker.close(); _virtualHostTracker.close(); _policyTracker.close(); + _authenticationManagerTracker.close(); } finally { diff --git a/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java b/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java index 3c6497d8be..7c804fc1fd 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java +++ b/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java @@ -21,7 +21,9 @@ package org.apache.qpid.server.registry; import java.net.InetSocketAddress; +import java.util.Collection; import java.util.HashMap; +import java.util.Iterator; import java.util.Map; import java.util.Timer; import java.util.TimerTask; @@ -52,12 +54,12 @@ import org.apache.qpid.server.logging.messages.BrokerMessages; import org.apache.qpid.server.logging.messages.VirtualHostMessages; import org.apache.qpid.server.management.ManagedObjectRegistry; import org.apache.qpid.server.management.NoopManagedObjectRegistry; +import org.apache.qpid.server.plugins.Plugin; import org.apache.qpid.server.plugins.PluginManager; import org.apache.qpid.server.security.SecurityManager; -import org.apache.qpid.server.security.auth.database.ConfigurationFilePrincipalDatabaseManager; -import org.apache.qpid.server.security.auth.database.PrincipalDatabaseManager; +import org.apache.qpid.server.security.SecurityManager.SecurityConfiguration; import org.apache.qpid.server.security.auth.manager.AuthenticationManager; -import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager; +import org.apache.qpid.server.security.auth.manager.AuthenticationManagerPluginFactory; import org.apache.qpid.server.stats.StatisticsCounter; import org.apache.qpid.server.transport.QpidAcceptor; import org.apache.qpid.server.virtualhost.VirtualHost; @@ -89,8 +91,6 @@ public abstract class ApplicationRegistry implements IApplicationRegistry protected SecurityManager _securityManager; - protected PrincipalDatabaseManager _databaseManager; - protected PluginManager _pluginManager; protected ConfigurationManager _configurationManager; @@ -253,11 +253,7 @@ public abstract class ApplicationRegistry implements IApplicationRegistry _securityManager = new SecurityManager(_configuration, _pluginManager); - createDatabaseManager(_configuration); - - _authenticationManager = new PrincipalDatabaseAuthenticationManager(); - - _databaseManager.initialiseManagement(_configuration); + _authenticationManager = createAuthenticationManager(); _managedObjectRegistry.start(); } @@ -280,9 +276,51 @@ public abstract class ApplicationRegistry implements IApplicationRegistry } } - protected void createDatabaseManager(ServerConfiguration configuration) throws Exception + /** + * Iterates across all discovered authentication manager factories, offering the security configuration to each. + * Expects exactly one authentication manager to configure and initialise itself. + * + * It is an error to configure more than one authentication manager, or to configure none. + * + * @return authentication manager + * @throws ConfigurationException + */ + protected AuthenticationManager createAuthenticationManager() throws ConfigurationException { - _databaseManager = new ConfigurationFilePrincipalDatabaseManager(_configuration); + final SecurityConfiguration securityConfiguration = _configuration.getConfiguration(SecurityConfiguration.class.getName()); + final Collection> factories = _pluginManager.getAuthenticationManagerPlugins().values(); + + if (factories.size() == 0) + { + throw new ConfigurationException("No authentication manager factory plugins found. Check the desired authentication" + + "manager plugin has been placed in the plugins directory."); + } + + AuthenticationManager authMgr = null; + + for (final Iterator> iterator = factories.iterator(); iterator.hasNext();) + { + final AuthenticationManagerPluginFactory factory = (AuthenticationManagerPluginFactory) iterator.next(); + final AuthenticationManager tmp = factory.newInstance(securityConfiguration); + if (tmp != null) + { + if (authMgr != null) + { + throw new ConfigurationException("Cannot configure more than one authentication manager." + + " Both " + tmp.getClass() + " and " + authMgr.getClass() + " are configured." + + " Remove configuration for one of the authentication manager, or remove the plugin JAR" + + " from the classpath."); + } + authMgr = tmp; + } + } + + if (authMgr == null) + { + throw new ConfigurationException("No authentication managers configured within the configure file."); + } + + return authMgr; } protected void initialiseVirtualHosts() throws Exception @@ -422,10 +460,6 @@ public abstract class ApplicationRegistry implements IApplicationRegistry //Shutdown virtualhosts close(_virtualHostRegistry); -// close(_accessManager); -// -// close(_databaseManager); - close(_authenticationManager); close(_managedObjectRegistry); @@ -487,11 +521,6 @@ public abstract class ApplicationRegistry implements IApplicationRegistry return _managedObjectRegistry; } - public PrincipalDatabaseManager getDatabaseManager() - { - return _databaseManager; - } - public AuthenticationManager getAuthenticationManager() { return _authenticationManager; diff --git a/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java b/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java index dbd3780c73..c27e0d19ec 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java +++ b/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java @@ -33,7 +33,6 @@ import org.apache.qpid.server.logging.RootMessageLogger; import org.apache.qpid.server.management.ManagedObjectRegistry; import org.apache.qpid.server.plugins.PluginManager; import org.apache.qpid.server.security.SecurityManager; -import org.apache.qpid.server.security.auth.database.PrincipalDatabaseManager; import org.apache.qpid.server.security.auth.manager.AuthenticationManager; import org.apache.qpid.server.stats.StatisticsGatherer; import org.apache.qpid.server.transport.QpidAcceptor; @@ -63,8 +62,6 @@ public interface IApplicationRegistry extends StatisticsGatherer ManagedObjectRegistry getManagedObjectRegistry(); - PrincipalDatabaseManager getDatabaseManager(); - AuthenticationManager getAuthenticationManager(); VirtualHostRegistry getVirtualHostRegistry(); diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/ConfigurationFilePrincipalDatabaseManager.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/ConfigurationFilePrincipalDatabaseManager.java deleted file mode 100644 index a22c66c73d..0000000000 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/ConfigurationFilePrincipalDatabaseManager.java +++ /dev/null @@ -1,190 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.server.security.auth.database; - -import java.io.FileNotFoundException; -import java.io.IOException; -import java.lang.reflect.Method; -import java.util.Collection; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.apache.commons.configuration.Configuration; -import org.apache.commons.configuration.ConfigurationException; - -import org.apache.log4j.Logger; - -import org.apache.qpid.configuration.PropertyUtils; -import org.apache.qpid.configuration.PropertyException; -import org.apache.qpid.server.configuration.ServerConfiguration; -import org.apache.qpid.server.registry.ApplicationRegistry; -import org.apache.qpid.server.security.auth.database.PrincipalDatabase; -import org.apache.qpid.server.security.auth.database.PrincipalDatabaseManager; -import org.apache.qpid.server.security.auth.management.AMQUserManagementMBean; -import org.apache.qpid.AMQException; - -import javax.management.JMException; - -public class ConfigurationFilePrincipalDatabaseManager implements PrincipalDatabaseManager -{ - private static final Logger _logger = Logger.getLogger(ConfigurationFilePrincipalDatabaseManager.class); - - Map _databases; - - public ConfigurationFilePrincipalDatabaseManager(ServerConfiguration _configuration) throws Exception - { - _logger.info("Initialising PrincipalDatabase authentication manager"); - _databases = initialisePrincipalDatabases(_configuration); - } - - private Map initialisePrincipalDatabases(ServerConfiguration _configuration) throws Exception - { - List databaseNames = _configuration.getPrincipalDatabaseNames(); - List databaseClasses = _configuration.getPrincipalDatabaseClass(); - Map databases = new HashMap(); - - if (databaseNames.size() == 0) - { - _logger.warn("No Principal databases specified. Broker running with NO AUTHENTICATION"); - } - - for (int i = 0; i < databaseNames.size(); i++) - { - Object o; - try - { - o = Class.forName(databaseClasses.get(i)).newInstance(); - } - catch (Exception e) - { - throw new Exception("Error initialising principal database: " + e, e); - } - - if (!(o instanceof PrincipalDatabase)) - { - throw new Exception("Principal databases must implement the PrincipalDatabase interface"); - } - - initialisePrincipalDatabase((PrincipalDatabase) o, _configuration, i); - - String name = databaseNames.get(i); - if ((name == null) || (name.length() == 0)) - { - throw new Exception("Principal database names must have length greater than or equal to one character"); - } - - PrincipalDatabase pd = databases.get(name); - if (pd != null) - { - throw new Exception("Duplicate principal database name not permitted"); - } - - _logger.info("Initialised principal database '" + name + "' successfully"); - databases.put(name, (PrincipalDatabase) o); - } - - return databases; - } - - private void initialisePrincipalDatabase(PrincipalDatabase principalDatabase, ServerConfiguration _configuration, int index) - throws FileNotFoundException, ConfigurationException - { - List argumentNames = _configuration.getPrincipalDatabaseAttributeNames(index); - List argumentValues = _configuration.getPrincipalDatabaseAttributeValues(index); - for (int i = 0; i < argumentNames.size(); i++) - { - String argName = argumentNames.get(i); - if ((argName == null) || (argName.length() == 0)) - { - throw new ConfigurationException("Argument names must have length >= 1 character"); - } - - if (Character.isLowerCase(argName.charAt(0))) - { - argName = Character.toUpperCase(argName.charAt(0)) + argName.substring(1); - } - - String methodName = "set" + argName; - Method method = null; - try - { - method = principalDatabase.getClass().getMethod(methodName, String.class); - } - catch (Exception e) - { - // do nothing.. as on error method will be null - } - - if (method == null) - { - throw new ConfigurationException("No method " + methodName + " found in class " - + principalDatabase.getClass() - + " hence unable to configure principal database. The method must be public and " - + "have a single String argument with a void return type"); - } - - try - { - method.invoke(principalDatabase, PropertyUtils.replaceProperties(argumentValues.get(i))); - } - catch (Exception ite) - { - if (ite instanceof ConfigurationException) - { - throw(ConfigurationException) ite; - } - else - { - throw new ConfigurationException(ite.getMessage(), ite); - } - } - } - } - - public Map getDatabases() - { - return _databases; - } - - public void initialiseManagement(ServerConfiguration config) throws ConfigurationException - { - try - { - AMQUserManagementMBean _mbean = new AMQUserManagementMBean(); - - - final Collection dbs = getDatabases().values(); - if (dbs.size() == 0) - { - throw new ConfigurationException("Principal-database not found"); - } - final PrincipalDatabase database = dbs.iterator().next(); - - _mbean.setPrincipalDatabase(database); - _mbean.register(); - } - catch (JMException e) - { - _logger.warn("User management disabled as unable to create MBean:" + e); - } - } -} diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabaseManager.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabaseManager.java deleted file mode 100644 index f9882f8810..0000000000 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabaseManager.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - * - */ -package org.apache.qpid.server.security.auth.database; - -import org.apache.qpid.server.configuration.ServerConfiguration; -import org.apache.qpid.server.security.auth.database.PrincipalDatabase; -import org.apache.commons.configuration.Configuration; -import org.apache.commons.configuration.ConfigurationException; - -import java.util.Map; - -public interface PrincipalDatabaseManager -{ - public Map getDatabases(); - - public void initialiseManagement(ServerConfiguration _configuration) throws ConfigurationException; -} diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PropertiesPrincipalDatabaseManager.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PropertiesPrincipalDatabaseManager.java deleted file mode 100644 index 8658101cd8..0000000000 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PropertiesPrincipalDatabaseManager.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - * - */ -package org.apache.qpid.server.security.auth.database; - -import org.apache.commons.configuration.ConfigurationException; -import org.apache.qpid.server.configuration.ServerConfiguration; - -import java.util.Map; -import java.util.Properties; -import java.util.HashMap; - -public class PropertiesPrincipalDatabaseManager implements PrincipalDatabaseManager -{ - - Map _databases = new HashMap(); - - public PropertiesPrincipalDatabaseManager(String name, Properties users) - { - _databases.put(name, new PropertiesPrincipalDatabase(users)); - } - - public Map getDatabases() - { - return _databases; - } - - public void initialiseManagement(ServerConfiguration _configuration) throws ConfigurationException - { - //todo - } -} diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java index c1ef4c8ff5..4c59c25d84 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java @@ -20,18 +20,36 @@ */ package org.apache.qpid.server.security.auth.manager; +import javax.security.auth.Subject; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; import org.apache.qpid.common.Closeable; +import org.apache.qpid.server.plugins.Plugin; import org.apache.qpid.server.security.auth.AuthenticationResult; /** - * The AuthenticationManager class is the entity responsible for - * determining the authenticity of user credentials. + * Implementations of the AuthenticationManager are responsible for determining + * the authenticity of a user's credentials. + * + * If the authentication is successful, the manager is responsible for producing a populated + * {@link Subject} containing the user's identity and zero or more principals representing + * groups to which the user belongs. + *

+ * The {@link #initialise()} method is responsible for registering SASL mechanisms required by + * the manager. The {@link #close()} method must reverse this registration. + * */ -public interface AuthenticationManager extends Closeable +public interface AuthenticationManager extends Closeable, Plugin { + /** The name for the required SASL Server mechanisms */ + public static final String PROVIDER_NAME= "AMQSASLProvider-Server"; + + /** + * Initialise the authentication plugin. + * + */ + void initialise(); /** * Gets the SASL mechanisms known to this manager. diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerPluginFactory.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerPluginFactory.java new file mode 100644 index 0000000000..a51f195761 --- /dev/null +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerPluginFactory.java @@ -0,0 +1,32 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.security.auth.manager; + +import org.apache.qpid.server.plugins.PluginFactory; + +/** + * Factory producing authentication producing configured, initialised authentication + * managers. + */ +public interface AuthenticationManagerPluginFactory extends PluginFactory +{ + +} diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java index d36bbc4f46..de0fd3d4e2 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java @@ -20,32 +20,64 @@ */ package org.apache.qpid.server.security.auth.manager; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.security.Security; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.TreeMap; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.AccountNotFoundException; +import javax.security.sasl.Sasl; +import javax.security.sasl.SaslException; +import javax.security.sasl.SaslServer; +import javax.security.sasl.SaslServerFactory; + +import org.apache.commons.configuration.Configuration; +import org.apache.commons.configuration.ConfigurationException; import org.apache.log4j.Logger; -import org.apache.qpid.server.registry.ApplicationRegistry; -import org.apache.qpid.server.security.auth.manager.AuthenticationManager; +import org.apache.qpid.configuration.PropertyException; +import org.apache.qpid.configuration.PropertyUtils; +import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin; +import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory; +import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; import org.apache.qpid.server.security.auth.database.PrincipalDatabase; -import org.apache.qpid.server.security.auth.sasl.JCAProvider; +import org.apache.qpid.server.security.auth.management.AMQUserManagementMBean; import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser; +import org.apache.qpid.server.security.auth.sasl.JCAProvider; import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal; -import org.apache.qpid.server.security.auth.AuthenticationResult; -import javax.security.auth.Subject; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.login.AccountNotFoundException; -import javax.security.sasl.SaslServerFactory; -import javax.security.sasl.SaslServer; -import javax.security.sasl.SaslException; -import javax.security.sasl.Sasl; -import java.util.Map; -import java.util.HashMap; -import java.util.TreeMap; -import java.security.Security; /** * Concrete implementation of the AuthenticationManager that determines if supplied - * user credentials match those appearing in a PrincipalDatabase. + * user credentials match those appearing in a PrincipalDatabase. The implementation + * of the PrincipalDatabase is determined from the configuration. + * + * This implementation also registers the JMX UserManagemement MBean. + * + * This plugin expects configuration such as: * + * 

+ * <pd-auth-manager>
+ *   <principal-database>
+ *      <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
+ *      <attributes>
+ *         <attribute>
+ *              <name>passwordFile</name>
+ *              <value>${conf}/passwd</value>
+ *          </attribute>
+ *      </attributes>
+ *   </principal-database>
+ * </pd-auth-manager>
+ *
*/ public class PrincipalDatabaseAuthenticationManager implements AuthenticationManager { @@ -55,58 +87,125 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan private String _mechanisms; /** Maps from the mechanism to the callback handler to use for handling those requests */ - private Map _callbackHandlerMap = new HashMap(); + private final Map _callbackHandlerMap = new HashMap(); /** * Maps from the mechanism to the properties used to initialise the server. See the method Sasl.createSaslServer for * details of the use of these properties. This map is populated during initialisation of each provider. */ - private Map> _serverCreationProperties = new HashMap>(); + private final Map> _serverCreationProperties = new HashMap>(); + + protected PrincipalDatabase _principalDatabase = null; - /** The name for the required SASL Server mechanisms */ - public static final String PROVIDER_NAME= "AMQSASLProvider-Server"; + protected AMQUserManagementMBean _mbean = null; - public PrincipalDatabaseAuthenticationManager() + public static final AuthenticationManagerPluginFactory FACTORY = new AuthenticationManagerPluginFactory() { - _logger.info("Initialising PrincipalDatabase authentication manager."); + public PrincipalDatabaseAuthenticationManager newInstance(final ConfigurationPlugin config) throws ConfigurationException + { + final PrincipalDatabaseAuthenticationManagerConfiguration configuration = config.getConfiguration(PrincipalDatabaseAuthenticationManagerConfiguration.class.getName()); - Map> providerMap = new TreeMap>(); + // If there is no configuration for this plugin then don't load it. + if (configuration == null) + { + _logger.info("No authentication-manager configuration found for PrincipalDatabaseAuthenticationManager"); + return null; + } + final PrincipalDatabaseAuthenticationManager pdam = new PrincipalDatabaseAuthenticationManager(); + pdam.configure(configuration); + pdam.initialise(); + return pdam; + } - initialiseAuthenticationMechanisms(providerMap, ApplicationRegistry.getInstance().getDatabaseManager().getDatabases()); + public Class getPluginClass() + { + return PrincipalDatabaseAuthenticationManager.class; + } - if (providerMap.size() > 0) + public String getPluginName() { - // Ensure we are used before the defaults - if (Security.insertProviderAt(new JCAProvider(PROVIDER_NAME, providerMap), 1) == -1) + return PrincipalDatabaseAuthenticationManager.class.getName(); + } + }; + + public static class PrincipalDatabaseAuthenticationManagerConfiguration extends ConfigurationPlugin { + + public static final ConfigurationPluginFactory FACTORY = new ConfigurationPluginFactory() + { + public List getParentPaths() { - _logger.error("Unable to load custom SASL providers. Qpid custom SASL authenticators unavailable."); + return Arrays.asList("security.pd-auth-manager"); } - else + + public ConfigurationPlugin newInstance(final String path, final Configuration config) throws ConfigurationException { - _logger.info("Additional SASL providers successfully registered."); + final ConfigurationPlugin instance = new PrincipalDatabaseAuthenticationManagerConfiguration(); + + instance.setConfiguration(path, config); + return instance; } + }; + public String[] getElementsProcessed() + { + return new String[] {"principal-database.class", + "principal-database.attributes.attribute.name", + "principal-database.attributes.attribute.value"}; } - else + + public void validateConfiguration() throws ConfigurationException { - _logger.warn("No additional SASL providers registered."); + } + + public String getPrincipalDatabaseClass() + { + return _configuration.getString("principal-database.class"); + } + + public Map getPdClassAttributeMap() throws ConfigurationException + { + final List argumentNames = _configuration.getList("principal-database.attributes.attribute.name"); + final List argumentValues = _configuration.getList("principal-database.attributes.attribute.value"); + final Map attributes = new HashMap(argumentNames.size()); + + for (int i = 0; i < argumentNames.size(); i++) + { + final String argName = argumentNames.get(i); + final String argValue = argumentValues.get(i); + + attributes.put(argName, argValue); + } + + return Collections.unmodifiableMap(attributes); } } - private void initialiseAuthenticationMechanisms(Map> providerMap, Map databases) + protected PrincipalDatabaseAuthenticationManager() { - if (databases.size() > 1) + } + + public void initialise() + { + final Map> providerMap = new TreeMap>(); + + initialiseAuthenticationMechanisms(providerMap, _principalDatabase); + + if (providerMap.size() > 0) { - _logger.warn("More than one principle database provided currently authentication mechanism will override each other."); + // Ensure we are used before the defaults + if (Security.insertProviderAt(new JCAProvider(PROVIDER_NAME, providerMap), 1) == -1) + { + _logger.error("Unable to load custom SASL providers. Qpid custom SASL authenticators unavailable."); + } + else + { + _logger.info("Additional SASL providers successfully registered."); + } } - - for (Map.Entry entry : databases.entrySet()) + else { - // fixme As the database now provide the mechanisms they support, they will ... - // overwrite each other in the map. There should only be one database per vhost. - // But currently we must have authentication before vhost definition. - initialiseAuthenticationMechanisms(providerMap, entry.getValue()); + _logger.warn("No additional SASL providers registered."); } } @@ -126,7 +225,6 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan private void initialiseAuthenticationMechanism(String mechanism, AuthenticationProviderInitialiser initialiser, Map> providerMap) - { if (_mechanisms == null) { @@ -147,6 +245,21 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan _logger.info("Initialised " + mechanism + " SASL provider successfully"); } + /** + * @see org.apache.qpid.server.plugins.Plugin#configure(org.apache.qpid.server.configuration.plugins.ConfigurationPlugin) + */ + public void configure(final ConfigurationPlugin config) throws ConfigurationException + { + final PrincipalDatabaseAuthenticationManagerConfiguration pdamConfig = (PrincipalDatabaseAuthenticationManagerConfiguration) config; + final String pdClazz = pdamConfig.getPrincipalDatabaseClass(); + + _logger.info("PrincipalDatabase concrete implementation : " + pdClazz); + + _principalDatabase = createPrincipalDatabaseImpl(pdClazz); + + configPrincipalDatabase(_principalDatabase, pdamConfig); + } + public String getMechanisms() { return _mechanisms; @@ -158,6 +271,9 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan _callbackHandlerMap.get(mechanism)); } + /** + * @see org.apache.qpid.server.security.auth.manager.AuthenticationManager#authenticate(SaslServer, byte[]) + */ public AuthenticationResult authenticate(SaslServer server, byte[] response) { try @@ -182,23 +298,14 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan } } - public void close() - { - _mechanisms = null; - Security.removeProvider(PROVIDER_NAME); - } - /** * @see org.apache.qpid.server.security.auth.manager.AuthenticationManager#authenticate(String, String) */ - @Override public AuthenticationResult authenticate(final String username, final String password) { - final PrincipalDatabase db = ApplicationRegistry.getInstance().getDatabaseManager().getDatabases().values().iterator().next(); - try { - if (db.verifyPassword(username, password.toCharArray())) + if (_principalDatabase.verifyPassword(username, password.toCharArray())) { final Subject subject = new Subject(); subject.getPrincipals().add(new UsernamePrincipal(username)); @@ -214,4 +321,139 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan return new AuthenticationResult(AuthenticationStatus.CONTINUE); } } + + public void close() + { + _mechanisms = null; + Security.removeProvider(PROVIDER_NAME); + } + + private PrincipalDatabase createPrincipalDatabaseImpl(final String pdClazz) throws ConfigurationException + { + try + { + return (PrincipalDatabase) Class.forName(pdClazz).newInstance(); + } + catch (InstantiationException ie) + { + throw new ConfigurationException("Cannot instantiate " + pdClazz, ie); + } + catch (IllegalAccessException iae) + { + throw new ConfigurationException("Cannot access " + pdClazz, iae); + } + catch (ClassNotFoundException cnfe) + { + throw new ConfigurationException("Cannot load " + pdClazz + " implementation", cnfe); + } + catch (ClassCastException cce) + { + throw new ConfigurationException("Expecting a " + PrincipalDatabase.class + " implementation", cce); + } + } + + private void configPrincipalDatabase(final PrincipalDatabase principalDatabase, final PrincipalDatabaseAuthenticationManagerConfiguration config) + throws ConfigurationException + { + + final Map attributes = config.getPdClassAttributeMap(); + + for (Iterator> iterator = attributes.entrySet().iterator(); iterator.hasNext();) + { + final Entry nameValuePair = iterator.next(); + final String methodName = generateSetterName(nameValuePair.getKey()); + final Method method; + try + { + method = principalDatabase.getClass().getMethod(methodName, String.class); + } + catch (Exception e) + { + throw new ConfigurationException("No method " + methodName + " found in class " + + principalDatabase.getClass() + + " hence unable to configure principal database. The method must be public and " + + "have a single String argument with a void return type", e); + } + try + { + method.invoke(principalDatabase, PropertyUtils.replaceProperties(nameValuePair.getValue())); + } + catch (IllegalArgumentException e) + { + throw new ConfigurationException(e.getMessage(), e); + } + catch (PropertyException e) + { + throw new ConfigurationException(e.getMessage(), e); + } + catch (IllegalAccessException e) + { + throw new ConfigurationException(e.getMessage(), e); + } + catch (InvocationTargetException e) + { + // QPID-1347.. InvocationTargetException wraps the checked exception thrown from the reflective + // method call. Pull out the underlying message and cause to make these more apparent to the user. + throw new ConfigurationException(e.getCause().getMessage(), e.getCause()); + } + } + } + + private String generateSetterName(String argName) throws ConfigurationException + { + if ((argName == null) || (argName.length() == 0)) + { + throw new ConfigurationException("Argument names must have length >= 1 character"); + } + + if (Character.isLowerCase(argName.charAt(0))) + { + argName = Character.toUpperCase(argName.charAt(0)) + argName.substring(1); + } + + final String methodName = "set" + argName; + return methodName; + } + + protected void setPrincipalDatabase(final PrincipalDatabase principalDatabase) + { + _principalDatabase = principalDatabase; + } + + protected void registerManagement() + { + try + { + _logger.info("Registering UserManagementMBean"); + + _mbean = new AMQUserManagementMBean(); + _mbean.setPrincipalDatabase(_principalDatabase); + _mbean.register(); + } + catch (Exception e) + { + _logger.warn("User management disabled as unable to create MBean:", e); + _mbean = null; + } + } + + protected void unregisterManagement() + { + try + { + if (_mbean != null) + { + _logger.info("Unregistering UserManagementMBean"); + _mbean.unregister(); + } + } + catch (Exception e) + { + _logger.warn("Failed to unregister User management MBean:", e); + } + finally + { + _mbean = null; + } + } } diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java index 89e545d6f5..bc5d8a4f2b 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java @@ -25,9 +25,6 @@ import java.util.Map; import javax.security.auth.callback.CallbackHandler; import javax.security.sasl.SaslServerFactory; -import org.apache.commons.configuration.Configuration; -import org.apache.qpid.server.security.auth.database.PrincipalDatabase; - public interface AuthenticationProviderInitialiser { /** @@ -36,24 +33,6 @@ public interface AuthenticationProviderInitialiser */ String getMechanismName(); - /** - * Initialise the authentication provider. - * @param baseConfigPath the path in the config file that points to any config options for this provider. Each - * provider can have its own set of configuration options - * @param configuration the Apache Commons Configuration instance used to configure this provider - * @param principalDatabases the set of principal databases that are available - * @throws Exception needs refined Exception is too broad. - */ - void initialise(String baseConfigPath, Configuration configuration, - Map principalDatabases) throws Exception; - - /** - * Initialise the authentication provider. - * @param db The principal database to initialise with - */ - void initialise(PrincipalDatabase db); - - /** * @return the callback handler that should be used to process authentication requests for this mechanism. This will * be called after initialise and will be stored by the authentication manager. The callback handler must be diff --git a/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java b/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java index 33c713c62a..52acd9085b 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java +++ b/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java @@ -72,7 +72,6 @@ import org.apache.qpid.server.registry.ApplicationRegistry; import org.apache.qpid.server.registry.IApplicationRegistry; import org.apache.qpid.server.security.SecurityManager; import org.apache.qpid.server.security.auth.manager.AuthenticationManager; -import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager; import org.apache.qpid.server.stats.StatisticsCounter; import org.apache.qpid.server.store.ConfigurationRecoveryHandler; import org.apache.qpid.server.store.DurableConfigurationStore; diff --git a/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java b/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java index c8a35e4405..b0893eb53f 100644 --- a/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java +++ b/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java @@ -25,7 +25,6 @@ import static org.apache.qpid.transport.ConnectionSettings.WILDCARD_ADDRESS; import java.io.File; import java.io.FileWriter; import java.io.IOException; -import java.util.List; import java.util.Locale; import org.apache.commons.configuration.ConfigurationException; @@ -111,76 +110,6 @@ public class ServerConfigurationTest extends QpidTestCase assertEquals("/path/to/cache", _serverConfig.getCacheDirectory()); } - public void testGetPrincipalDatabaseNames() throws ConfigurationException - { - // Check default - _serverConfig.initialise(); - assertEquals(0, _serverConfig.getPrincipalDatabaseNames().size()); - - // Check value we set - _config.setProperty("security.principal-databases.principal-database(0).name", "a"); - _config.setProperty("security.principal-databases.principal-database(1).name", "b"); - _serverConfig = new ServerConfiguration(_config); - _serverConfig.initialise(); - List dbs = _serverConfig.getPrincipalDatabaseNames(); - assertEquals(2, dbs.size()); - assertEquals("a", dbs.get(0)); - assertEquals("b", dbs.get(1)); - } - - public void testGetPrincipalDatabaseClass() throws ConfigurationException - { - // Check default - _serverConfig.initialise(); - assertEquals(0, _serverConfig.getPrincipalDatabaseClass().size()); - - // Check value we set - _config.setProperty("security.principal-databases.principal-database(0).class", "a"); - _config.setProperty("security.principal-databases.principal-database(1).class", "b"); - _serverConfig = new ServerConfiguration(_config); - _serverConfig.initialise(); - List dbs = _serverConfig.getPrincipalDatabaseClass(); - assertEquals(2, dbs.size()); - assertEquals("a", dbs.get(0)); - assertEquals("b", dbs.get(1)); - } - - public void testGetPrincipalDatabaseAttributeNames() throws ConfigurationException - { - // Check default - _serverConfig.initialise(); - assertEquals(0, _serverConfig.getPrincipalDatabaseAttributeNames(1).size()); - - // Check value we set - _config.setProperty("security.principal-databases.principal-database(0).attributes(0).attribute.name", "a"); - _config.setProperty("security.principal-databases.principal-database(0).attributes(1).attribute.name", "b"); - _serverConfig = new ServerConfiguration(_config); - _serverConfig.initialise(); - List dbs = _serverConfig.getPrincipalDatabaseAttributeNames(0); - assertEquals(2, dbs.size()); - assertEquals("a", dbs.get(0)); - assertEquals("b", dbs.get(1)); - } - - public void testGetPrincipalDatabaseAttributeValues() throws ConfigurationException - { - // Check default - _serverConfig.initialise(); - assertEquals(0, _serverConfig.getPrincipalDatabaseAttributeValues(1).size()); - - // Check value we set - _config.setProperty("security.principal-databases.principal-database(0).attributes(0).attribute.value", "a"); - _config.setProperty("security.principal-databases.principal-database(0).attributes(1).attribute.value", "b"); - _serverConfig = new ServerConfiguration(_config); - _serverConfig.initialise(); - List dbs = _serverConfig.getPrincipalDatabaseAttributeValues(0); - assertEquals(2, dbs.size()); - assertEquals("a", dbs.get(0)); - assertEquals("b", dbs.get(1)); - } - - - public void testGetFrameSize() throws ConfigurationException { // Check default @@ -720,9 +649,8 @@ public class ServerConfigurationTest extends QpidTestCase out.write("\n"); out.write("\tfalse\n"); out.write("\t\n"); - out.write("\t\t\n"); + out.write("\t\t\n"); out.write("\t\t\t\n"); - out.write("\t\t\t\tpasswordfile\n"); out.write("\t\t\t\torg.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase\n"); out.write("\t\t\t\t\n"); out.write("\t\t\t\t\t\n"); @@ -731,7 +659,7 @@ public class ServerConfigurationTest extends QpidTestCase out.write("\t\t\t\t\t\n"); out.write("\t\t\t\t\n"); out.write("\t\t\t\n"); - out.write("\t\t\n"); + out.write("\t\t\n"); out.write("\t\t\n"); out.write("\t\t\t"); out.write("\t\t\n"); @@ -767,9 +695,8 @@ public class ServerConfigurationTest extends QpidTestCase out.write("\n"); out.write("\tfalse\n"); out.write("\t\n"); - out.write("\t\t\n"); + out.write("\t\t\n"); out.write("\t\t\t\n"); - out.write("\t\t\t\tpasswordfile\n"); out.write("\t\t\t\torg.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase\n"); out.write("\t\t\t\t\n"); out.write("\t\t\t\t\t\n"); @@ -778,7 +705,7 @@ public class ServerConfigurationTest extends QpidTestCase out.write("\t\t\t\t\t\n"); out.write("\t\t\t\t\n"); out.write("\t\t\t\n"); - out.write("\t\t\n"); + out.write("\t\t\n"); out.write("\t\t\n"); out.write("\t\t\t"); out.write("\t\t\n"); @@ -869,9 +796,8 @@ public class ServerConfigurationTest extends QpidTestCase out.write("\n"); out.write("\tfalse\n"); out.write("\t\n"); - out.write("\t\t\n"); + out.write("\t\t\n"); out.write("\t\t\t\n"); - out.write("\t\t\t\tpasswordfile\n"); out.write("\t\t\t\torg.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase\n"); out.write("\t\t\t\t\n"); out.write("\t\t\t\t\t\n"); @@ -880,7 +806,7 @@ public class ServerConfigurationTest extends QpidTestCase out.write("\t\t\t\t\t\n"); out.write("\t\t\t\t\n"); out.write("\t\t\t\n"); - out.write("\t\t\n"); + out.write("\t\t\n"); out.write("\t\t\n"); out.write("\t\t\t"); out.write("\t\t\n"); @@ -1387,7 +1313,7 @@ public class ServerConfigurationTest extends QpidTestCase } /* - * Tests that the old element security.jmx.principal-databases (that used to define the + * Tests that the old element security.jmx.principal-database (that used to define the * principal database used for JMX authentication) is rejected. */ public void testManagementPrincipalDatabaseRejected() throws ConfigurationException @@ -1411,4 +1337,29 @@ public class ServerConfigurationTest extends QpidTestCase ce.getMessage()); } } + + /* + * Tests that the old element security.principal-databases. ... (that used to define + * principal databases) is rejected. + */ + public void testPrincipalDatabasesRejected() throws ConfigurationException + { + _serverConfig.initialise(); + + // Check value we set + _config.setProperty("security.principal-databases.principal-database.class", "myclass"); + _serverConfig = new ServerConfiguration(_config); + + try + { + _serverConfig.initialise(); + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + assertEquals("Incorrect error message", + "Validation error : security/principal-databases is no longer supported within the configuration xml.", + ce.getMessage()); + } + } } diff --git a/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java b/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java index ade27ed62b..b10442d7db 100644 --- a/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java +++ b/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java @@ -20,6 +20,10 @@ */ package org.apache.qpid.server.security.auth.manager; +import java.io.BufferedWriter; +import java.io.File; +import java.io.FileNotFoundException; +import java.io.FileWriter; import java.security.Provider; import java.security.Security; @@ -27,8 +31,13 @@ import javax.security.auth.Subject; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; +import org.apache.commons.configuration.CompositeConfiguration; +import org.apache.commons.configuration.ConfigurationException; +import org.apache.commons.configuration.XMLConfiguration; +import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; +import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase; import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal; import org.apache.qpid.server.util.InternalBrokerBaseCase; @@ -39,8 +48,10 @@ import org.apache.qpid.server.util.InternalBrokerBaseCase; */ public class PrincipalDatabaseAuthenticationManagerTest extends InternalBrokerBaseCase { - private PrincipalDatabaseAuthenticationManager _manager = null; - + private AuthenticationManager _manager = null; // Class under test + private String TEST_USERNAME = "guest"; + private String TEST_PASSWORD = "guest"; + /** * @see org.apache.qpid.server.util.InternalBrokerBaseCase#tearDown() */ @@ -62,7 +73,79 @@ public class PrincipalDatabaseAuthenticationManagerTest extends InternalBrokerBa { super.setUp(); - _manager = new PrincipalDatabaseAuthenticationManager(); + final String passwdFilename = createPasswordFile().getCanonicalPath(); + final ConfigurationPlugin config = getConfig(PlainPasswordFilePrincipalDatabase.class.getName(), + "passwordFile", passwdFilename); + + _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(config); + } + + /** + * Tests where the case where the config specifies a PD implementation + * that is not found. + */ + public void testPrincipalDatabaseImplementationNotFound() throws Exception + { + try + { + _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig("not.Found", null, null)); + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + // PASS + } + } + + /** + * Tests where the case where the config specifies a PD implementation + * of the wrong type. + */ + public void testPrincipalDatabaseImplementationWrongType() throws Exception + { + try + { + _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig(String.class.getName(), null, null)); // Not a PrincipalDatabase implementation + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + // PASS + } + } + + /** + * Tests the case where a setter with the desired name cannot be found. + */ + public void testPrincipalDatabaseSetterNotFound() throws Exception + { + try + { + _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig(PlainPasswordFilePrincipalDatabase.class.getName(), "noMethod", "test")); + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + // PASS + } + } + + /** + * QPID-1347. Make sure the exception message and stack trace is reasonable for an absent password file. + */ + public void testPrincipalDatabaseThrowsSetterFileNotFound() throws Exception + { + try + { + _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig(PlainPasswordFilePrincipalDatabase.class.getName(), "passwordFile", "/not/found")); + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + // PASS + assertNotNull("Expected an underlying cause", ce.getCause()); + assertEquals(FileNotFoundException.class, ce.getCause().getClass()); + } } /** @@ -72,8 +155,8 @@ public class PrincipalDatabaseAuthenticationManagerTest extends InternalBrokerBa { assertNotNull(_manager.getMechanisms()); // relies on those mechanisms attached to PropertiesPrincipalDatabaseManager - assertEquals("PLAIN CRAM-MD5", _manager.getMechanisms()); - + assertEquals("AMQPLAIN PLAIN CRAM-MD5", _manager.getMechanisms()); + Provider qpidProvider = Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME); assertNotNull(qpidProvider); } @@ -166,11 +249,11 @@ public class PrincipalDatabaseAuthenticationManagerTest extends InternalBrokerBa */ public void testClose() throws Exception { - assertEquals("PLAIN CRAM-MD5", _manager.getMechanisms()); + assertEquals("AMQPLAIN PLAIN CRAM-MD5", _manager.getMechanisms()); assertNotNull(Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME)); - + _manager.close(); - + // Check provider has been removed. assertNull(_manager.getMechanisms()); assertNull(Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME)); @@ -228,4 +311,48 @@ public class PrincipalDatabaseAuthenticationManagerTest extends InternalBrokerBa } }; } + + private ConfigurationPlugin getConfig(final String clazz, final String argName, final String argValue) throws Exception + { + final ConfigurationPlugin config = new PrincipalDatabaseAuthenticationManager.PrincipalDatabaseAuthenticationManagerConfiguration(); + + XMLConfiguration xmlconfig = new XMLConfiguration(); + xmlconfig.addProperty("pd-auth-manager.principal-database.class", clazz); + + if (argName != null) + { + xmlconfig.addProperty("pd-auth-manager.principal-database.attributes.attribute.name", argName); + xmlconfig.addProperty("pd-auth-manager.principal-database.attributes.attribute.value", argValue); + } + + // Create a CompositeConfiguration as this is what the broker uses + CompositeConfiguration composite = new CompositeConfiguration(); + composite.addConfiguration(xmlconfig); + config.setConfiguration("security", xmlconfig); + return config; + } + + private File createPasswordFile() throws Exception + { + BufferedWriter writer = null; + try + { + File testFile = File.createTempFile(this.getClass().getName(),"tmp"); + testFile.deleteOnExit(); + + writer = new BufferedWriter(new FileWriter(testFile)); + writer.write(TEST_USERNAME + ":" + TEST_PASSWORD); + writer.newLine(); + + return testFile; + + } + finally + { + if (writer != null) + { + writer.close(); + } + } + } } diff --git a/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java b/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java index 0403796a46..6dc7b19d3d 100644 --- a/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java +++ b/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java @@ -29,6 +29,7 @@ import javax.security.sasl.SaslServer; import junit.framework.TestCase; +import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; import org.apache.qpid.server.security.auth.manager.AuthenticationManager; @@ -210,6 +211,16 @@ public class RMIPasswordAuthenticatorTest extends TestCase { return new AuthenticationManager() { + public void configure(ConfigurationPlugin config) + { + throw new UnsupportedOperationException(); + } + + public void initialise() + { + throw new UnsupportedOperationException(); + } + public void close() { throw new UnsupportedOperationException(); @@ -246,5 +257,4 @@ public class RMIPasswordAuthenticatorTest extends TestCase } }; } - } diff --git a/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java b/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java index 31b4c20042..8fa820ad95 100644 --- a/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java +++ b/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java @@ -20,15 +20,18 @@ */ package org.apache.qpid.server.util; +import java.util.Properties; + import org.apache.commons.configuration.ConfigurationException; import org.apache.qpid.server.configuration.ServerConfiguration; import org.apache.qpid.server.logging.NullRootMessageLogger; import org.apache.qpid.server.logging.actors.BrokerActor; import org.apache.qpid.server.logging.actors.CurrentActor; +import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin; import org.apache.qpid.server.registry.ApplicationRegistry; -import org.apache.qpid.server.security.auth.database.PropertiesPrincipalDatabaseManager; - -import java.util.Properties; +import org.apache.qpid.server.security.auth.database.PropertiesPrincipalDatabase; +import org.apache.qpid.server.security.auth.manager.AuthenticationManager; +import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager; public class TestApplicationRegistry extends ApplicationRegistry { @@ -45,12 +48,42 @@ public class TestApplicationRegistry extends ApplicationRegistry super.initialise(); } - protected void createDatabaseManager(ServerConfiguration configuration) throws Exception + /** + * @see org.apache.qpid.server.registry.ApplicationRegistry#createAuthenticationManager() + */ + @Override + protected AuthenticationManager createAuthenticationManager() throws ConfigurationException { - Properties users = new Properties(); + final Properties users = new Properties(); users.put("guest","guest"); users.put("admin","admin"); - _databaseManager = new PropertiesPrincipalDatabaseManager("testPasswordFile", users); + + final PropertiesPrincipalDatabase ppd = new PropertiesPrincipalDatabase(users); + + AuthenticationManager pdam = new PrincipalDatabaseAuthenticationManager() + { + + /** + * @see org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager#configure(org.apache.qpid.server.configuration.plugins.ConfigurationPlugin) + */ + @Override + public void configure(ConfigurationPlugin config) throws ConfigurationException + { + // We don't pass configuration to this test instance. + } + + @Override + public void initialise() + { + setPrincipalDatabase(ppd); + + super.initialise(); + } + }; + + pdam.initialise(); + + return pdam; } } diff --git a/java/systests/etc/config-systests-ServerConfigurationTest-New.xml b/java/systests/etc/config-systests-ServerConfigurationTest-New.xml deleted file mode 100644 index 1c7c7bb60f..0000000000 --- a/java/systests/etc/config-systests-ServerConfigurationTest-New.xml +++ /dev/null @@ -1,73 +0,0 @@ - - - - - ${QPID_WORK} - ${QPID_HOME}/etc - ${conf} - ${QPID_HOME}/lib/plugins - ${QPID_WORK}/cache - - nio - 5672 - 32768 - 32768 - - - false - 8999 - - - - false - false - 65535 - false - - - - - - passwordfile - org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase - - - passwordFile - ${passwordDir}/passwd - - - - - - - ${conf}/virtualhosts-ServerConfigurationTest-New.xml - - - 0 - 2.0 - - - true - - - - diff --git a/java/systests/etc/config-systests-ServerConfigurationTest-Old.xml b/java/systests/etc/config-systests-ServerConfigurationTest-Old.xml deleted file mode 100644 index 56eaced9f7..0000000000 --- a/java/systests/etc/config-systests-ServerConfigurationTest-Old.xml +++ /dev/null @@ -1,88 +0,0 @@ - - - - -${QPID_WORK} -${QPID_HOME}/etc -${conf} -${QPID_HOME}/lib/plugins -${QPID_WORK}/cache - -nio -5672 -32768 -32768 - - -false -8999 - - - -false -false -65535 -false - - - - -passwordfile -org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase - - -passwordFile -${passwordDir}/passwd - - - - - -${conf}/virtualhosts-ServerConfigurationTest-New.xml -dev-only - -dev-only - - -org.apache.qpid.server.store.MemoryMessageStore -${work}/bdbstore/dev-only-store - - -amq.direct -102400 -20480 -60000 - -dev-queue - - - - - - -0 -2.0 - - -true - - diff --git a/java/systests/etc/config-systests-firewall-2.xml b/java/systests/etc/config-systests-firewall-2.xml index 2eedd65d54..f16cce6b85 100644 --- a/java/systests/etc/config-systests-firewall-2.xml +++ b/java/systests/etc/config-systests-firewall-2.xml @@ -61,10 +61,8 @@ - - + - passwordfile org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase @@ -73,7 +71,7 @@ - + false diff --git a/java/systests/etc/config-systests-firewall-3.xml b/java/systests/etc/config-systests-firewall-3.xml index fc7d9a4c76..71644e4185 100644 --- a/java/systests/etc/config-systests-firewall-3.xml +++ b/java/systests/etc/config-systests-firewall-3.xml @@ -61,10 +61,8 @@ - - + - passwordfile org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase @@ -73,7 +71,7 @@ - + false diff --git a/java/systests/etc/virtualhosts-ServerConfigurationTest-New.xml b/java/systests/etc/virtualhosts-ServerConfigurationTest-New.xml deleted file mode 100644 index 1b6845662b..0000000000 --- a/java/systests/etc/virtualhosts-ServerConfigurationTest-New.xml +++ /dev/null @@ -1,45 +0,0 @@ - - - - dev-only - - dev-only - - - amq.direct - - 102400 - 20480 - 60000 - - - dev-queue - - - - org.apache.qpid.server.store.MemoryMessageStore - ${QPID_WORK}/bdbstore/dev-only-store - - - - - \ No newline at end of file -- cgit v1.2.1