From 2f469c1744bbdec54d6c9b90a37ee726409f280a Mon Sep 17 00:00:00 2001
From: Bosanac Dejan <dejanb@apache.org>
Date: Mon, 25 Mar 2013 17:08:58 +0000
Subject: [PATCH] https://issues.apache.org/jira/browse/AMQ-3883 - refactoring
 to make authoriation module with arbitrary group class configuration easier

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1460766 13f79535-47bb-0310-9956-ffa450edef68
---
 .../activemq/security/AuthorizationEntry.java | 42 +++---------
 .../security/DefaultAuthorizationMap.java     | 15 ++--
 .../apache/activemq/karaf/itest/activemq.xml  | 11 +++
 .../security/XBeanAuthorizationEntry.java     | 68 +++++++++++++++++++
 .../security/XBeanAuthorizationMap.java       | 58 ++++++++++++++++
 5 files changed, 152 insertions(+), 42 deletions(-)
 create mode 100644 activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationEntry.java
 create mode 100644 activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationMap.java

diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java
index d3e23378e8..846732cd11 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java
@@ -16,23 +16,17 @@
  */
 package org.apache.activemq.security;
 
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
+import org.apache.activemq.filter.DestinationMapEntry;
+
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.StringTokenizer;
 
-import javax.annotation.PostConstruct;
-import org.apache.activemq.filter.DestinationMapEntry;
-
 /**
  * Represents an entry in a {@link DefaultAuthorizationMap} for assigning
  * different operations (read, write, admin) of user roles to a specific
  * destination or a hierarchical wildcard area of destinations.
- *
- * @org.apache.xbean.XBean
- *
  */
 @SuppressWarnings("rawtypes")
 public class AuthorizationEntry extends DestinationMapEntry {
@@ -41,11 +35,11 @@ public class AuthorizationEntry extends DestinationMapEntry {
     private Set<Object> writeACLs = emptySet();
     private Set<Object> adminACLs = emptySet();
 
-    private String adminRoles;
-    private String readRoles;
-    private String writeRoles;
+    protected String adminRoles;
+    protected String readRoles;
+    protected String writeRoles;
 
-    private String groupClass = "org.apache.activemq.jaas.GroupPrincipal";
+    private String groupClass;
 
     public String getGroupClass() {
         return groupClass;
@@ -112,29 +106,9 @@ public class AuthorizationEntry extends DestinationMapEntry {
         StringTokenizer iter = new StringTokenizer(roles, ",");
         while (iter.hasMoreTokens()) {
             String name = iter.nextToken().trim();
-            DefaultAuthorizationMap.createGroupPrincipal(name, getGroupClass());
+            String groupClass = (this.groupClass != null ? this.groupClass : DefaultAuthorizationMap.DEFAULT_GROUP_CLASS);
+            answer.add(DefaultAuthorizationMap.createGroupPrincipal(name, groupClass));
         }
         return answer;
     }
-
-    /**
-     *
-     * @org.apache.xbean.InitMethod
-     */
-    @PostConstruct
-    public void afterPropertiesSet() throws Exception {
-
-        if (adminRoles != null) {
-            setAdminACLs(parseACLs(adminRoles));
-        }
-
-        if (writeRoles != null) {
-            setWriteACLs(parseACLs(writeRoles));
-        }
-
-        if (readRoles != null) {
-            setReadACLs(parseACLs(readRoles));
-        }
-
-    }
 }
diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java b/activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java
index 319c75e559..91bb4b25b8 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java
@@ -16,6 +16,10 @@
  */
 package org.apache.activemq.security;
 
+import org.apache.activemq.command.ActiveMQDestination;
+import org.apache.activemq.filter.DestinationMap;
+import org.apache.activemq.filter.DestinationMapEntry;
+
 import java.lang.reflect.Constructor;
 import java.lang.reflect.Method;
 import java.util.HashSet;
@@ -23,26 +27,23 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
-import org.apache.activemq.command.ActiveMQDestination;
-import org.apache.activemq.filter.DestinationMap;
-import org.apache.activemq.filter.DestinationMapEntry;
-
 /**
  * Represents a destination based configuration of policies so that individual
  * destinations or wildcard hierarchies of destinations can be configured using
  * different policies. Each entry in the map represents the authorization ACLs
  * for each operation.
  *
- * @org.apache.xbean.XBean element="authorizationMap"
  *
  */
 public class DefaultAuthorizationMap extends DestinationMap implements AuthorizationMap {
 
+    public static final String DEFAULT_GROUP_CLASS = "org.apache.activemq.jaas.GroupPrincipal";
+
     private AuthorizationEntry defaultEntry;
 
     private TempDestinationAuthorizationEntry tempDestinationAuthorizationEntry;
 
-    private String groupClass = "org.apache.activemq.jaas.GroupPrincipal";
+    protected String groupClass = DEFAULT_GROUP_CLASS;
 
     public DefaultAuthorizationMap() {
     }
@@ -160,8 +161,6 @@ public class DefaultAuthorizationMap extends DestinationMap implements Authoriza
 
     /**
      * Sets the individual entries on the authorization map
-     *
-     * @org.apache.xbean.ElementType class="org.apache.activemq.security.AuthorizationEntry"
      */
     @SuppressWarnings("rawtypes")
     public void setAuthorizationEntries(List<DestinationMapEntry> entries) {
diff --git a/activemq-karaf-itest/src/test/resources/org/apache/activemq/karaf/itest/activemq.xml b/activemq-karaf-itest/src/test/resources/org/apache/activemq/karaf/itest/activemq.xml
index 34c9669c0d..d8ad21782f 100644
--- a/activemq-karaf-itest/src/test/resources/org/apache/activemq/karaf/itest/activemq.xml
+++ b/activemq-karaf-itest/src/test/resources/org/apache/activemq/karaf/itest/activemq.xml
@@ -54,6 +54,17 @@
 
         <plugins>
             <jaasAuthenticationPlugin configuration="karaf" />
+            <authorizationPlugin>
+              <map>
+                <authorizationMap groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal">
+                  <authorizationEntries>
+                    <authorizationEntry queue=">" read="admin" write="admin" admin="admin"/>
+                    <authorizationEntry topic=">" read="admin" write="admin" admin="admin"/>
+                    <authorizationEntry topic="ActiveMQ.Advisory.>" read="admin" write="admin" admin="admin"/>
+                  </authorizationEntries>
+                </authorizationMap>
+              </map>
+            </authorizationPlugin>
         </plugins>
 
         <systemUsage>
diff --git a/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationEntry.java b/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationEntry.java
new file mode 100644
index 0000000000..9d4fc82a89
--- /dev/null
+++ b/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationEntry.java
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.security;
+
+import org.springframework.beans.factory.InitializingBean;
+
+import javax.annotation.PostConstruct;
+
+/**
+ * Represents an entry in a {@link DefaultAuthorizationMap} for assigning
+ * different operations (read, write, admin) of user roles to a specific
+ * destination or a hierarchical wildcard area of destinations.
+ *
+ * @org.apache.xbean.XBean element="authorizationEntry"
+ *
+ */
+public class XBeanAuthorizationEntry extends AuthorizationEntry implements InitializingBean {
+
+    @Override
+    public void setAdmin(String roles) throws Exception {
+        adminRoles = roles;
+    }
+
+    @Override
+    public void setRead(String roles) throws Exception {
+        readRoles = roles;
+    }
+
+    @Override
+    public void setWrite(String roles) throws Exception {
+        writeRoles = roles;
+    }
+
+    /**
+     *
+     * @org.apache.xbean.InitMethod
+     */
+    @PostConstruct
+    public void afterPropertiesSet() throws Exception {
+
+        if (adminRoles != null) {
+            setAdminACLs(parseACLs(adminRoles));
+        }
+
+        if (writeRoles != null) {
+            setWriteACLs(parseACLs(writeRoles));
+        }
+
+        if (readRoles != null) {
+            setReadACLs(parseACLs(readRoles));
+        }
+    }
+
+}
diff --git a/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationMap.java b/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationMap.java
new file mode 100644
index 0000000000..e9b227d791
--- /dev/null
+++ b/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationMap.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.security;
+
+import org.apache.activemq.filter.DestinationMapEntry;
+import org.springframework.beans.factory.InitializingBean;
+
+import javax.annotation.PostConstruct;
+import java.util.List;
+
+
+/**
+ *  @org.apache.xbean.XBean element="authorizationMap"
+ */
+public class XBeanAuthorizationMap extends DefaultAuthorizationMap implements InitializingBean {
+
+    protected List<DestinationMapEntry> authorizationEntries;
+
+    /**
+     *
+     * @org.apache.xbean.InitMethod
+     */
+    @PostConstruct
+    public void afterPropertiesSet() throws Exception {
+        for (DestinationMapEntry entry : authorizationEntries) {
+            if (((XBeanAuthorizationEntry)entry).getGroupClass() == null) {
+                ((XBeanAuthorizationEntry)entry).setGroupClass(groupClass);
+            }
+            ((XBeanAuthorizationEntry)entry).afterPropertiesSet();
+        }
+        super.setEntries(authorizationEntries);
+    }
+
+    /**
+     * Sets the individual entries on the authorization map
+     *
+     * @org.apache.xbean.ElementType class="org.apache.activemq.security.AuthorizationEntry"
+     */
+    @SuppressWarnings("rawtypes")
+    public void setAuthorizationEntries(List<DestinationMapEntry> entries) {
+        this.authorizationEntries = entries;
+    }
+
+}