Fixing ReloadableProperties so that the groups file will be properly
reloaded on file modification. Added a test to verify.

Thanks to Nanchang Yang for providing the fix.
This commit is contained in:
Christopher L. Shannon (cshannon) 2016-03-16 14:48:42 +00:00
parent e2b4ca2c59
commit 2788bd5584
6 changed files with 132 additions and 40 deletions

View File

@ -73,6 +73,7 @@ public class PropertiesLoader {
return other instanceof FileNameKey && this.absPath.equals(((FileNameKey) other).absPath); return other instanceof FileNameKey && this.absPath.equals(((FileNameKey) other).absPath);
} }
@Override
public int hashCode() { public int hashCode() {
return this.absPath.hashCode(); return this.absPath.hashCode();
} }
@ -113,6 +114,7 @@ public class PropertiesLoader {
return baseDir; return baseDir;
} }
@Override
public String toString() { public String toString() {
return "PropsFile=" + absPath; return "PropsFile=" + absPath;
} }

View File

@ -50,6 +50,7 @@ public class ReloadableProperties {
try { try {
load(key.file(), props); load(key.file(), props);
invertedProps = null; invertedProps = null;
invertedValueProps = null;
if (key.isDebug()) { if (key.isDebug()) {
LOG.debug("Load of: " + key); LOG.debug("Load of: " + key);
} }

View File

@ -16,6 +16,7 @@
*/ */
package org.apache.activemq.jaas; package org.apache.activemq.jaas;
import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.net.URL; import java.net.URL;
@ -29,6 +30,8 @@ import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;
import org.apache.commons.io.FileUtils;
import junit.framework.TestCase; import junit.framework.TestCase;
@ -36,7 +39,7 @@ import junit.framework.TestCase;
* @version $Rev: $ $Date: $ * @version $Rev: $ $Date: $
*/ */
public class PropertiesLoginModuleTest extends TestCase { public class PropertiesLoginModuleTest extends TestCase {
static { static {
String path = System.getProperty("java.security.auth.login.config"); String path = System.getProperty("java.security.auth.login.config");
if (path == null) { if (path == null) {
@ -49,19 +52,7 @@ public class PropertiesLoginModuleTest extends TestCase {
} }
public void testLogin() throws LoginException { public void testLogin() throws LoginException {
LoginContext context = new LoginContext("PropertiesLogin", new CallbackHandler() { LoginContext context = new LoginContext("PropertiesLogin", new UserPassHandler("first", "secret"));
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback) callbacks[i]).setName("first");
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
}
});
context.login(); context.login();
Subject subject = context.getSubject(); Subject subject = context.getSubject();
@ -75,20 +66,55 @@ public class PropertiesLoginModuleTest extends TestCase {
assertEquals("Should have zero principals", 0, subject.getPrincipals().size()); assertEquals("Should have zero principals", 0, subject.getPrincipals().size());
} }
public void testLoginReload() throws Exception {
File targetPropDir = new File("target/loginReloadTest");
File sourcePropDir = new File("src/test/resources");
File usersFile = new File(targetPropDir, "users.properties");
File groupsFile = new File(targetPropDir, "groups.properties");
//Set up initial properties
FileUtils.copyFile(new File(sourcePropDir, "users.properties"), usersFile);
FileUtils.copyFile(new File(sourcePropDir, "groups.properties"), groupsFile);
LoginContext context = new LoginContext("PropertiesLoginReload",
new UserPassHandler("first", "secret"));
context.login();
Subject subject = context.getSubject();
//test initial principals
assertEquals("Should have three principals", 3, subject.getPrincipals().size());
assertEquals("Should have one user principal", 1, subject.getPrincipals(UserPrincipal.class).size());
assertEquals("Should have two group principals", 2, subject.getPrincipals(GroupPrincipal.class).size());
context.logout();
assertEquals("Should have zero principals", 0, subject.getPrincipals().size());
//Modify the file and test that the properties are reloaded
Thread.sleep(1000);
FileUtils.copyFile(new File(sourcePropDir, "usersReload.properties"), usersFile);
FileUtils.copyFile(new File(sourcePropDir, "groupsReload.properties"), groupsFile);
FileUtils.touch(usersFile);
FileUtils.touch(groupsFile);
//Use new password to verify users file was reloaded
context = new LoginContext("PropertiesLoginReload", new UserPassHandler("first", "secrets"));
context.login();
subject = context.getSubject();
//Check that the principals changed
assertEquals("Should have three principals", 2, subject.getPrincipals().size());
assertEquals("Should have one user principal", 1, subject.getPrincipals(UserPrincipal.class).size());
assertEquals("Should have one group principals", 1, subject.getPrincipals(GroupPrincipal.class).size());
context.logout();
assertEquals("Should have zero principals", 0, subject.getPrincipals().size());
}
public void testBadUseridLogin() throws Exception { public void testBadUseridLogin() throws Exception {
LoginContext context = new LoginContext("PropertiesLogin", new CallbackHandler() { LoginContext context = new LoginContext("PropertiesLogin", new UserPassHandler("BAD", "secret"));
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback) callbacks[i]).setName("BAD");
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
}
});
try { try {
context.login(); context.login();
fail("Should have thrown a FailedLoginException"); fail("Should have thrown a FailedLoginException");
@ -98,19 +124,8 @@ public class PropertiesLoginModuleTest extends TestCase {
} }
public void testBadPWLogin() throws Exception { public void testBadPWLogin() throws Exception {
LoginContext context = new LoginContext("PropertiesLogin", new CallbackHandler() { LoginContext context = new LoginContext("PropertiesLogin", new UserPassHandler("first", "BAD"));
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback) callbacks[i]).setName("first");
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback) callbacks[i]).setPassword("BAD".toCharArray());
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
}
});
try { try {
context.login(); context.login();
fail("Should have thrown a FailedLoginException"); fail("Should have thrown a FailedLoginException");
@ -118,4 +133,28 @@ public class PropertiesLoginModuleTest extends TestCase {
} }
} }
private static class UserPassHandler implements CallbackHandler {
private final String user;
private final String pass;
public UserPassHandler(final String user, final String pass) {
this.user = user;
this.pass = pass;
}
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback) callbacks[i]).setName(user);
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback) callbacks[i]).setPassword(pass.toCharArray());
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
}
}
} }

View File

@ -0,0 +1,20 @@
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
programmers=first
accounting=second

View File

@ -21,6 +21,15 @@ PropertiesLogin {
org.apache.activemq.jaas.properties.group="groups.properties"; org.apache.activemq.jaas.properties.group="groups.properties";
}; };
PropertiesLoginReload {
org.apache.activemq.jaas.PropertiesLoginModule required
debug=true
reload=true
baseDir="target/loginReloadTest/"
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};
LDAPLogin { LDAPLogin {
org.apache.activemq.jaas.LDAPLoginModule required org.apache.activemq.jaas.LDAPLoginModule required
debug=true debug=true

View File

@ -0,0 +1,21 @@
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
#different password than users.properties
first=secrets
second=password