Apache
/
activemq
mirror of https://github.com/apache/activemq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

https://issues.apache.org/jira/browse/AMQ-3883 - refactoring to make authoriation module with arbitrary group class configuration easier 

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1460766 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Bosanac Dejan 2013-03-25 17:08:58 +00:00
parent 091ee37b8e
commit 2f469c1744
5 changed files with 152 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java
View File

@ -16,23 +16,17 @@
*/ */
package org.apache.activemq.security; package org.apache.activemq.security;
import java.lang.reflect.Constructor; import org.apache.activemq.filter.DestinationMapEntry;
import java.lang.reflect.Method;
import java.util.Collections; import java.util.Collections;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
import java.util.StringTokenizer; import java.util.StringTokenizer;
import javax.annotation.PostConstruct;
import org.apache.activemq.filter.DestinationMapEntry;
/** /**
* Represents an entry in a {@link DefaultAuthorizationMap} for assigning * Represents an entry in a {@link DefaultAuthorizationMap} for assigning
* different operations (read, write, admin) of user roles to a specific * different operations (read, write, admin) of user roles to a specific
* destination or a hierarchical wildcard area of destinations. * destination or a hierarchical wildcard area of destinations.
*
* @org.apache.xbean.XBean
*
*/ */
@SuppressWarnings("rawtypes") @SuppressWarnings("rawtypes")
public class AuthorizationEntry extends DestinationMapEntry { public class AuthorizationEntry extends DestinationMapEntry {
@ -41,11 +35,11 @@ public class AuthorizationEntry extends DestinationMapEntry {
private Set<Object> writeACLs = emptySet(); private Set<Object> writeACLs = emptySet();
private Set<Object> adminACLs = emptySet(); private Set<Object> adminACLs = emptySet();
private String adminRoles; protected String adminRoles;
private String readRoles; protected String readRoles;
private String writeRoles; protected String writeRoles;
private String groupClass = "org.apache.activemq.jaas.GroupPrincipal"; private String groupClass;
public String getGroupClass() { public String getGroupClass() {
return groupClass; return groupClass;
@ -112,29 +106,9 @@ public class AuthorizationEntry extends DestinationMapEntry {
StringTokenizer iter = new StringTokenizer(roles, ","); StringTokenizer iter = new StringTokenizer(roles, ",");
while (iter.hasMoreTokens()) { while (iter.hasMoreTokens()) {
String name = iter.nextToken().trim(); String name = iter.nextToken().trim();
DefaultAuthorizationMap.createGroupPrincipal(name, getGroupClass()); String groupClass = (this.groupClass != null ? this.groupClass : DefaultAuthorizationMap.DEFAULT_GROUP_CLASS);
answer.add(DefaultAuthorizationMap.createGroupPrincipal(name, groupClass));
} }
return answer; return answer;
} }
/**
*
* @org.apache.xbean.InitMethod
*/
@PostConstruct
public void afterPropertiesSet() throws Exception {
if (adminRoles != null) {
setAdminACLs(parseACLs(adminRoles));
}
if (writeRoles != null) {
setWriteACLs(parseACLs(writeRoles));
}
if (readRoles != null) {
setReadACLs(parseACLs(readRoles));
}
}
} }

15
activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java
View File

@ -16,6 +16,10 @@
*/ */
package org.apache.activemq.security; package org.apache.activemq.security;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.filter.DestinationMap;
import org.apache.activemq.filter.DestinationMapEntry;
import java.lang.reflect.Constructor; import java.lang.reflect.Constructor;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.util.HashSet; import java.util.HashSet;
@ -23,26 +27,23 @@ import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.filter.DestinationMap;
import org.apache.activemq.filter.DestinationMapEntry;
/** /**
* Represents a destination based configuration of policies so that individual * Represents a destination based configuration of policies so that individual
* destinations or wildcard hierarchies of destinations can be configured using * destinations or wildcard hierarchies of destinations can be configured using
* different policies. Each entry in the map represents the authorization ACLs * different policies. Each entry in the map represents the authorization ACLs
* for each operation. * for each operation.
* *
* @org.apache.xbean.XBean element="authorizationMap"
* *
*/ */
public class DefaultAuthorizationMap extends DestinationMap implements AuthorizationMap { public class DefaultAuthorizationMap extends DestinationMap implements AuthorizationMap {
public static final String DEFAULT_GROUP_CLASS = "org.apache.activemq.jaas.GroupPrincipal";
private AuthorizationEntry defaultEntry; private AuthorizationEntry defaultEntry;
private TempDestinationAuthorizationEntry tempDestinationAuthorizationEntry; private TempDestinationAuthorizationEntry tempDestinationAuthorizationEntry;
private String groupClass = "org.apache.activemq.jaas.GroupPrincipal"; protected String groupClass = DEFAULT_GROUP_CLASS;
public DefaultAuthorizationMap() { public DefaultAuthorizationMap() {
} }
@ -160,8 +161,6 @@ public class DefaultAuthorizationMap extends DestinationMap implements Authoriza
/** /**
* Sets the individual entries on the authorization map * Sets the individual entries on the authorization map
*
* @org.apache.xbean.ElementType class="org.apache.activemq.security.AuthorizationEntry"
*/ */
@SuppressWarnings("rawtypes") @SuppressWarnings("rawtypes")
public void setAuthorizationEntries(List<DestinationMapEntry> entries) { public void setAuthorizationEntries(List<DestinationMapEntry> entries) {

11
activemq-karaf-itest/src/test/resources/org/apache/activemq/karaf/itest/activemq.xml
View File

@ -54,6 +54,17 @@
<plugins> <plugins>
<jaasAuthenticationPlugin configuration="karaf" /> <jaasAuthenticationPlugin configuration="karaf" />
<authorizationPlugin>
<map>
<authorizationMap groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal">
<authorizationEntries>
<authorizationEntry queue=">" read="admin" write="admin" admin="admin"/>
<authorizationEntry topic=">" read="admin" write="admin" admin="admin"/>
<authorizationEntry topic="ActiveMQ.Advisory.>" read="admin" write="admin" admin="admin"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins> </plugins>
<systemUsage> <systemUsage>

68
activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationEntry.java Normal file
View File

@ -0,0 +1,68 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.security;
import org.springframework.beans.factory.InitializingBean;
import javax.annotation.PostConstruct;
/**
* Represents an entry in a {@link DefaultAuthorizationMap} for assigning
* different operations (read, write, admin) of user roles to a specific
* destination or a hierarchical wildcard area of destinations.
*
* @org.apache.xbean.XBean element="authorizationEntry"
*
*/
public class XBeanAuthorizationEntry extends AuthorizationEntry implements InitializingBean {
@Override
public void setAdmin(String roles) throws Exception {
adminRoles = roles;
}
@Override
public void setRead(String roles) throws Exception {
readRoles = roles;
}
@Override
public void setWrite(String roles) throws Exception {
writeRoles = roles;
}
/**
*
* @org.apache.xbean.InitMethod
*/
@PostConstruct
public void afterPropertiesSet() throws Exception {
if (adminRoles != null) {
setAdminACLs(parseACLs(adminRoles));
}
if (writeRoles != null) {
setWriteACLs(parseACLs(writeRoles));
}
if (readRoles != null) {
setReadACLs(parseACLs(readRoles));
}
}
}

58
activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationMap.java Normal file
View File

@ -0,0 +1,58 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.security;
import org.apache.activemq.filter.DestinationMapEntry;
import org.springframework.beans.factory.InitializingBean;
import javax.annotation.PostConstruct;
import java.util.List;
/**
* @org.apache.xbean.XBean element="authorizationMap"
*/
public class XBeanAuthorizationMap extends DefaultAuthorizationMap implements InitializingBean {
protected List<DestinationMapEntry> authorizationEntries;
/**
*
* @org.apache.xbean.InitMethod
*/
@PostConstruct
public void afterPropertiesSet() throws Exception {
for (DestinationMapEntry entry : authorizationEntries) {
if (((XBeanAuthorizationEntry)entry).getGroupClass() == null) {
((XBeanAuthorizationEntry)entry).setGroupClass(groupClass);
}
((XBeanAuthorizationEntry)entry).afterPropertiesSet();
}
super.setEntries(authorizationEntries);
}
/**
* Sets the individual entries on the authorization map
*
* @org.apache.xbean.ElementType class="org.apache.activemq.security.AuthorizationEntry"
*/
@SuppressWarnings("rawtypes")
public void setAuthorizationEntries(List<DestinationMapEntry> entries) {
this.authorizationEntries = entries;
}
}