git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1176580 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Timothy A. Bish 2011-09-27 19:59:07 +00:00
parent bef9984b21
commit 3dbc9c9548
18 changed files with 175 additions and 187 deletions

View File

@ -20,6 +20,7 @@ import java.util.List;
import org.apache.activemq.command.ActiveMQDestination; import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.filter.DestinationMap; import org.apache.activemq.filter.DestinationMap;
import org.apache.activemq.filter.DestinationMapEntry;
/** /**
* Represents a destination based configuration of policies so that individual * Represents a destination based configuration of policies so that individual
@ -59,7 +60,7 @@ public class PolicyMap extends DestinationMap {
this.defaultEntry = defaultEntry; this.defaultEntry = defaultEntry;
} }
protected Class getEntryClass() { protected Class<? extends DestinationMapEntry> getEntryClass() {
return PolicyEntry.class; return PolicyEntry.class;
} }
} }

View File

@ -23,14 +23,15 @@ package org.apache.activemq.filter;
* *
* *
*/ */
@SuppressWarnings("rawtypes")
public class DefaultDestinationMapEntry extends DestinationMapEntry { public class DefaultDestinationMapEntry extends DestinationMapEntry {
private Object value; private DestinationMapEntry value;
public Object getValue() { public DestinationMapEntry getValue() {
return value; return value;
} }
public void setValue(Object value) { public void setValue(DestinationMapEntry value) {
this.value = value; this.value = value;
} }

View File

@ -17,7 +17,6 @@
package org.apache.activemq.filter; package org.apache.activemq.filter;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import java.util.SortedSet; import java.util.SortedSet;
@ -57,6 +56,7 @@ public class DestinationMap {
* @return a List of matching values or an empty list if there are no * @return a List of matching values or an empty list if there are no
* matching values. * matching values.
*/ */
@SuppressWarnings({ "rawtypes", "unchecked" })
public synchronized Set get(ActiveMQDestination key) { public synchronized Set get(ActiveMQDestination key) {
if (key.isComposite()) { if (key.isComposite()) {
ActiveMQDestination[] destinations = key.getCompositeDestinations(); ActiveMQDestination[] destinations = key.getCompositeDestinations();
@ -136,10 +136,10 @@ public class DestinationMap {
* A helper method to allow the destination map to be populated from a * A helper method to allow the destination map to be populated from a
* dependency injection framework such as Spring * dependency injection framework such as Spring
*/ */
protected void setEntries(List entries) { @SuppressWarnings({ "rawtypes" })
for (Iterator iter = entries.iterator(); iter.hasNext();) { protected void setEntries(List<DestinationMapEntry> entries) {
Object element = (Object)iter.next(); for (Object element : entries) {
Class type = getEntryClass(); Class<? extends DestinationMapEntry> type = getEntryClass();
if (type.isInstance(element)) { if (type.isInstance(element)) {
DestinationMapEntry entry = (DestinationMapEntry)element; DestinationMapEntry entry = (DestinationMapEntry)element;
put(entry.getDestination(), entry.getValue()); put(entry.getDestination(), entry.getValue());
@ -155,10 +155,12 @@ public class DestinationMap {
* restrict the type of allowed entries to make a type safe destination map * restrict the type of allowed entries to make a type safe destination map
* for custom policies. * for custom policies.
*/ */
protected Class getEntryClass() { @SuppressWarnings({ "rawtypes" })
protected Class<? extends DestinationMapEntry> getEntryClass() {
return DestinationMapEntry.class; return DestinationMapEntry.class;
} }
@SuppressWarnings({ "rawtypes", "unchecked" })
protected Set findWildcardMatches(ActiveMQDestination key) { protected Set findWildcardMatches(ActiveMQDestination key) {
String[] paths = key.getDestinationPaths(); String[] paths = key.getDestinationPaths();
Set answer = new HashSet(); Set answer = new HashSet();
@ -170,6 +172,7 @@ public class DestinationMap {
* @param key * @param key
* @return * @return
*/ */
@SuppressWarnings({ "rawtypes", "unchecked" })
public Set removeAll(ActiveMQDestination key) { public Set removeAll(ActiveMQDestination key) {
Set rc = new HashSet(); Set rc = new HashSet();
if (key.isComposite()) { if (key.isComposite()) {
@ -192,6 +195,7 @@ public class DestinationMap {
* @param destination the destination to find the value for * @param destination the destination to find the value for
* @return the largest matching value or null if no value matches * @return the largest matching value or null if no value matches
*/ */
@SuppressWarnings({ "rawtypes", "unchecked" })
public Object chooseValue(ActiveMQDestination destination) { public Object chooseValue(ActiveMQDestination destination) {
Set set = get(destination); Set set = get(destination);
if (set == null || set.isEmpty()) { if (set == null || set.isEmpty()) {

View File

@ -27,13 +27,13 @@ import org.apache.activemq.command.*;
* *
* @org.apache.xbean.XBean * @org.apache.xbean.XBean
*/ */
public abstract class DestinationMapEntry implements Comparable { public abstract class DestinationMapEntry<T> implements Comparable<T> {
private ActiveMQDestination destination; private ActiveMQDestination destination;
public int compareTo(Object that) { public int compareTo(Object that) {
if (that instanceof DestinationMapEntry) { if (that instanceof DestinationMapEntry) {
DestinationMapEntry thatEntry = (DestinationMapEntry)that; DestinationMapEntry<?> thatEntry = (DestinationMapEntry<?>)that;
return ActiveMQDestination.compare(destination, thatEntry.destination); return ActiveMQDestination.compare(destination, thatEntry.destination);
} else if (that == null) { } else if (that == null) {
return 1; return 1;
@ -84,7 +84,7 @@ public abstract class DestinationMapEntry implements Comparable {
} }
} }
public Object getValue() { public Comparable<T> getValue() {
return this; return this;
} }
} }

View File

@ -20,7 +20,6 @@ import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
@ -34,10 +33,10 @@ public class DestinationMapNode implements DestinationNode {
protected static final String ANY_CHILD = DestinationMap.ANY_CHILD; protected static final String ANY_CHILD = DestinationMap.ANY_CHILD;
protected static final String ANY_DESCENDENT = DestinationMap.ANY_DESCENDENT; protected static final String ANY_DESCENDENT = DestinationMap.ANY_DESCENDENT;
// we synchornize at the DestinationMap level // we synchronize at the DestinationMap level
private DestinationMapNode parent; private DestinationMapNode parent;
private List values = new ArrayList(); private List<Object> values = new ArrayList<Object>();
private Map childNodes = new HashMap(); private Map<String, DestinationNode> childNodes = new HashMap<String, DestinationNode>();
private String path = "Root"; private String path = "Root";
// private DestinationMapNode anyChild; // private DestinationMapNode anyChild;
private int pathLength; private int pathLength;
@ -55,14 +54,14 @@ public class DestinationMapNode implements DestinationNode {
* Returns the child node for the given named path or null if it does not * Returns the child node for the given named path or null if it does not
* exist * exist
*/ */
public DestinationMapNode getChild(String path) { public DestinationNode getChild(String path) {
return (DestinationMapNode)childNodes.get(path); return childNodes.get(path);
} }
/** /**
* Returns the child nodes * Returns the child nodes
*/ */
public Collection getChildren() { public Collection<DestinationNode> getChildren() {
return childNodes.values(); return childNodes.values();
} }
@ -84,18 +83,10 @@ public class DestinationMapNode implements DestinationNode {
return answer; return answer;
} }
/**
* Returns the node which represents all children (i.e. the * node)
*/
// public DestinationMapNode getAnyChildNode() {
// if (anyChild == null) {
// anyChild = createChildNode();
// }
// return anyChild;
// }
/** /**
* Returns a mutable List of the values available at this node in the tree * Returns a mutable List of the values available at this node in the tree
*/ */
@SuppressWarnings({ "rawtypes", "unchecked" })
public List getValues() { public List getValues() {
return values; return values;
} }
@ -103,6 +94,7 @@ public class DestinationMapNode implements DestinationNode {
/** /**
* Returns a mutable List of the values available at this node in the tree * Returns a mutable List of the values available at this node in the tree
*/ */
@SuppressWarnings({ "rawtypes", "unchecked" })
public List removeValues() { public List removeValues() {
ArrayList v = new ArrayList(values); ArrayList v = new ArrayList(values);
// parent.getAnyChildNode().getValues().removeAll(v); // parent.getAnyChildNode().getValues().removeAll(v);
@ -111,22 +103,22 @@ public class DestinationMapNode implements DestinationNode {
return v; return v;
} }
@SuppressWarnings({ "rawtypes", "unchecked" })
public Set removeDesendentValues() { public Set removeDesendentValues() {
Set answer = new HashSet(); Set answer = new HashSet();
removeDesendentValues(answer); removeDesendentValues(answer);
return answer; return answer;
} }
@SuppressWarnings({ "rawtypes", "unchecked" })
protected void removeDesendentValues(Set answer) { protected void removeDesendentValues(Set answer) {
// if (anyChild != null) {
// anyChild.removeDesendentValues(answer);
// }
answer.addAll(removeValues()); answer.addAll(removeValues());
} }
/** /**
* Returns a list of all the values from this node down the tree * Returns a list of all the values from this node down the tree
*/ */
@SuppressWarnings({ "rawtypes", "unchecked" })
public Set getDesendentValues() { public Set getDesendentValues() {
Set answer = new HashSet(); Set answer = new HashSet();
appendDescendantValues(answer); appendDescendantValues(answer);
@ -137,12 +129,6 @@ public class DestinationMapNode implements DestinationNode {
if (idx >= paths.length) { if (idx >= paths.length) {
values.add(value); values.add(value);
} else { } else {
// if (idx == paths.length - 1) {
// getAnyChildNode().getValues().add(value);
// }
// else {
// getAnyChildNode().add(paths, idx + 1, value);
// }
getChildOrCreate(paths[idx]).add(paths, idx + 1, value); getChildOrCreate(paths[idx]).add(paths, idx + 1, value);
} }
} }
@ -152,17 +138,11 @@ public class DestinationMapNode implements DestinationNode {
values.remove(value); values.remove(value);
pruneIfEmpty(); pruneIfEmpty();
} else { } else {
// if (idx == paths.length - 1) {
// getAnyChildNode().getValues().remove(value);
// }
// else {
// getAnyChildNode().remove(paths, idx + 1, value);
// }
getChildOrCreate(paths[idx]).remove(paths, ++idx, value); getChildOrCreate(paths[idx]).remove(paths, ++idx, value);
} }
} }
public void removeAll(Set answer, String[] paths, int startIndex) { public void removeAll(Set<DestinationNode> answer, String[] paths, int startIndex) {
DestinationNode node = this; DestinationNode node = this;
int size = paths.length; int size = paths.length;
for (int i = startIndex; i < size && node != null; i++) { for (int i = startIndex; i < size && node != null; i++) {
@ -188,20 +168,14 @@ public class DestinationMapNode implements DestinationNode {
} }
@SuppressWarnings({ "rawtypes", "unchecked" })
public void appendDescendantValues(Set answer) { public void appendDescendantValues(Set answer) {
answer.addAll(values); answer.addAll(values);
// lets add all the children too // lets add all the children too
Iterator iter = childNodes.values().iterator(); for(DestinationNode child : childNodes.values()) {
while (iter.hasNext()) {
DestinationNode child = (DestinationNode)iter.next();
child.appendDescendantValues(answer); child.appendDescendantValues(answer);
} }
// TODO???
// if (anyChild != null) {
// anyChild.appendDescendantValues(answer);
// }
} }
/** /**
@ -214,11 +188,12 @@ public class DestinationMapNode implements DestinationNode {
/** /**
* Matches any entries in the map containing wildcards * Matches any entries in the map containing wildcards
*/ */
@SuppressWarnings({ "rawtypes", "unchecked" })
public void appendMatchingWildcards(Set answer, String[] paths, int idx) { public void appendMatchingWildcards(Set answer, String[] paths, int idx) {
if (idx - 1 > pathLength) { if (idx - 1 > pathLength) {
return; return;
} }
DestinationMapNode wildCardNode = getChild(ANY_CHILD); DestinationNode wildCardNode = getChild(ANY_CHILD);
if (wildCardNode != null) { if (wildCardNode != null) {
wildCardNode.appendMatchingValues(answer, paths, idx + 1); wildCardNode.appendMatchingValues(answer, paths, idx + 1);
} }
@ -228,7 +203,7 @@ public class DestinationMapNode implements DestinationNode {
} }
} }
public void appendMatchingValues(Set answer, String[] paths, int startIndex) { public void appendMatchingValues(Set<DestinationNode> answer, String[] paths, int startIndex) {
DestinationNode node = this; DestinationNode node = this;
boolean couldMatchAny = true; boolean couldMatchAny = true;
int size = paths.length; int size = paths.length;

View File

@ -25,21 +25,21 @@ import java.util.Set;
* *
*/ */
public interface DestinationNode { public interface DestinationNode {
void appendMatchingValues(Set answer, String[] paths, int startIndex); void appendMatchingValues(Set<DestinationNode> answer, String[] paths, int startIndex);
void appendMatchingWildcards(Set answer, String[] paths, int startIndex); void appendMatchingWildcards(Set<DestinationNode> answer, String[] paths, int startIndex);
void appendDescendantValues(Set answer); void appendDescendantValues(Set<DestinationNode> answer);
Collection getDesendentValues(); Collection<DestinationNode> getDesendentValues();
DestinationNode getChild(String path); DestinationNode getChild(String path);
Collection getValues(); Collection<DestinationNode> getValues();
Collection getChildren(); Collection<DestinationNode> getChildren();
Collection removeDesendentValues(); Collection<DestinationNode> removeDesendentValues();
Collection removeValues(); Collection<DestinationNode> removeValues();
} }

View File

@ -33,6 +33,7 @@ import org.apache.activemq.filter.DestinationMapEntry;
* @org.apache.xbean.XBean * @org.apache.xbean.XBean
* *
*/ */
@SuppressWarnings("rawtypes")
public class AuthorizationEntry extends DestinationMapEntry { public class AuthorizationEntry extends DestinationMapEntry {
private Set<Object> readACLs = emptySet(); private Set<Object> readACLs = emptySet();
@ -109,21 +110,18 @@ public class AuthorizationEntry extends DestinationMapEntry {
Set<Object> answer = new HashSet<Object>(); Set<Object> answer = new HashSet<Object>();
StringTokenizer iter = new StringTokenizer(roles, ","); StringTokenizer iter = new StringTokenizer(roles, ",");
while (iter.hasMoreTokens()) { while (iter.hasMoreTokens()) {
String name = iter.nextToken().trim();
Class[] paramClass = new Class[1];
paramClass[0] = String.class;
Object[] param = new Object[1]; String name = iter.nextToken().trim();
param[0] = name; Object[] param = new Object[]{name};
try { try {
Class cls = Class.forName(groupClass); Class<?> cls = Class.forName(groupClass);
Constructor[] constructors = cls.getConstructors(); Constructor<?>[] constructors = cls.getConstructors();
int i; int i;
for (i = 0; i < constructors.length; i++) { for (i = 0; i < constructors.length; i++) {
Class[] paramTypes = constructors[i].getParameterTypes(); Class<?>[] paramTypes = constructors[i].getParameterTypes();
if (paramTypes.length != 0 && paramTypes[0].equals(paramClass[0])) { if (paramTypes.length != 0 && paramTypes[0].equals(String.class)) {
break; break;
} }
} }
@ -135,8 +133,8 @@ public class AuthorizationEntry extends DestinationMapEntry {
Method[] methods = cls.getMethods(); Method[] methods = cls.getMethods();
i = 0; i = 0;
for (i = 0; i < methods.length; i++) { for (i = 0; i < methods.length; i++) {
Class[] paramTypes = methods[i].getParameterTypes(); Class<?>[] paramTypes = methods[i].getParameterTypes();
if (paramTypes.length != 0 && methods[i].getName().equals("setName") && paramTypes[0].equals(paramClass[0])) { if (paramTypes.length != 0 && methods[i].getName().equals("setName") && paramTypes[0].equals(String.class)) {
break; break;
} }
} }

View File

@ -19,6 +19,7 @@ package org.apache.activemq.security;
import org.apache.activemq.command.ActiveMQDestination; import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.command.ActiveMQQueue; import org.apache.activemq.command.ActiveMQQueue;
import org.apache.activemq.command.ActiveMQTopic; import org.apache.activemq.command.ActiveMQTopic;
import org.apache.activemq.filter.DestinationMapEntry;
import org.apache.activemq.jaas.GroupPrincipal; import org.apache.activemq.jaas.GroupPrincipal;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -32,7 +33,6 @@ import javax.naming.directory.*;
import javax.naming.event.*; import javax.naming.event.*;
import java.util.*; import java.util.*;
/** /**
* A {@link DefaultAuthorizationMap} implementation which uses LDAP to initialize and update * A {@link DefaultAuthorizationMap} implementation which uses LDAP to initialize and update
* *
@ -97,10 +97,9 @@ public class CachedLDAPAuthorizationMap extends DefaultAuthorizationMap implemen
return context; return context;
} }
HashMap<ActiveMQDestination, AuthorizationEntry> entries = new HashMap<ActiveMQDestination, AuthorizationEntry>(); HashMap<ActiveMQDestination, AuthorizationEntry> entries = new HashMap<ActiveMQDestination, AuthorizationEntry>();
@SuppressWarnings("rawtypes")
public void query() throws Exception { public void query() throws Exception {
try { try {
context = open(); context = open();
@ -111,14 +110,14 @@ public class CachedLDAPAuthorizationMap extends DefaultAuthorizationMap implemen
final SearchControls constraints = new SearchControls(); final SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration results = context.search("ou=Destination,ou=ActiveMQ," + baseDn, "(|(cn=admin)(cn=write)(cn=read))", constraints); NamingEnumeration<?> results = context.search("ou=Destination,ou=ActiveMQ," + baseDn, "(|(cn=admin)(cn=write)(cn=read))", constraints);
while (results.hasMore()) { while (results.hasMore()) {
SearchResult result = (SearchResult) results.next(); SearchResult result = (SearchResult) results.next();
AuthorizationEntry entry = getEntry(result.getNameInNamespace()); AuthorizationEntry entry = getEntry(result.getNameInNamespace());
applyACL(entry, result); applyACL(entry, result);
} }
setEntries(new ArrayList(entries.values())); setEntries(new ArrayList<DestinationMapEntry>(entries.values()));
updated(); updated();
} }
@ -175,8 +174,8 @@ public class CachedLDAPAuthorizationMap extends DefaultAuthorizationMap implemen
// find members // find members
Attribute cn = result.getAttributes().get("cn"); Attribute cn = result.getAttributes().get("cn");
Attribute member = result.getAttributes().get("member"); Attribute member = result.getAttributes().get("member");
NamingEnumeration memberEnum = member.getAll(); NamingEnumeration<?> memberEnum = member.getAll();
HashSet members = new HashSet(); HashSet<Object> members = new HashSet<Object>();
while (memberEnum.hasMoreElements()) { while (memberEnum.hasMoreElements()) {
String elem = (String) memberEnum.nextElement(); String elem = (String) memberEnum.nextElement();
members.add(new GroupPrincipal(elem.replaceAll("cn=", ""))); members.add(new GroupPrincipal(elem.replaceAll("cn=", "")));
@ -229,7 +228,6 @@ public class CachedLDAPAuthorizationMap extends DefaultAuthorizationMap implemen
public void objectAdded(NamingEvent namingEvent) { public void objectAdded(NamingEvent namingEvent) {
LOG.debug("Adding object: " + namingEvent.getNewBinding()); LOG.debug("Adding object: " + namingEvent.getNewBinding());
SearchResult result = (SearchResult)namingEvent.getNewBinding(); SearchResult result = (SearchResult)namingEvent.getNewBinding();
String cn = null;
if (!isPriviledge(result)) return; if (!isPriviledge(result)) return;
AuthorizationEntry entry = getEntry(result.getName()); AuthorizationEntry entry = getEntry(result.getName());
if (entry != null) { if (entry != null) {
@ -253,11 +251,11 @@ public class CachedLDAPAuthorizationMap extends DefaultAuthorizationMap implemen
String[] cns = result.getName().split(","); String[] cns = result.getName().split(",");
if (!isPriviledge(result)) return; if (!isPriviledge(result)) return;
if (cns[0].equalsIgnoreCase("cn=admin")) { if (cns[0].equalsIgnoreCase("cn=admin")) {
entry.setAdminACLs(new HashSet()); entry.setAdminACLs(new HashSet<Object>());
} else if (cns[0].equalsIgnoreCase("cn=write")) { } else if (cns[0].equalsIgnoreCase("cn=write")) {
entry.setWriteACLs(new HashSet()); entry.setWriteACLs(new HashSet<Object>());
} else if (cns[0].equalsIgnoreCase("cn=read")) { } else if (cns[0].equalsIgnoreCase("cn=read")) {
entry.setReadACLs(new HashSet()); entry.setReadACLs(new HashSet<Object>());
} else { } else {
LOG.warn("Policy not removed! Unknown privilege " + result.getName()); LOG.warn("Policy not removed! Unknown privilege " + result.getName());
} }

View File

@ -23,6 +23,7 @@ import java.util.Set;
import org.apache.activemq.command.ActiveMQDestination; import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.filter.DestinationMap; import org.apache.activemq.filter.DestinationMap;
import org.apache.activemq.filter.DestinationMapEntry;
/** /**
* Represents a destination based configuration of policies so that individual * Represents a destination based configuration of policies so that individual
@ -42,7 +43,8 @@ public class DefaultAuthorizationMap extends DestinationMap implements Authoriza
public DefaultAuthorizationMap() { public DefaultAuthorizationMap() {
} }
public DefaultAuthorizationMap(List authorizationEntries) { @SuppressWarnings("rawtypes")
public DefaultAuthorizationMap(List<DestinationMapEntry> authorizationEntries) {
setAuthorizationEntries(authorizationEntries); setAuthorizationEntries(authorizationEntries);
} }
@ -127,7 +129,8 @@ public class DefaultAuthorizationMap extends DestinationMap implements Authoriza
* *
* @org.apache.xbean.ElementType class="org.apache.activemq.security.AuthorizationEntry" * @org.apache.xbean.ElementType class="org.apache.activemq.security.AuthorizationEntry"
*/ */
public void setAuthorizationEntries(List entries) { @SuppressWarnings("rawtypes")
public void setAuthorizationEntries(List<DestinationMapEntry> entries) {
super.setEntries(entries); super.setEntries(entries);
} }
@ -139,10 +142,12 @@ public class DefaultAuthorizationMap extends DestinationMap implements Authoriza
this.defaultEntry = defaultEntry; this.defaultEntry = defaultEntry;
} }
protected Class<AuthorizationEntry> getEntryClass() { @SuppressWarnings("rawtypes")
protected Class<? extends DestinationMapEntry> getEntryClass() {
return AuthorizationEntry.class; return AuthorizationEntry.class;
} }
@SuppressWarnings("unchecked")
protected Set<AuthorizationEntry> getAllEntries(ActiveMQDestination destination) { protected Set<AuthorizationEntry> getAllEntries(ActiveMQDestination destination) {
Set<AuthorizationEntry> entries = get(destination); Set<AuthorizationEntry> entries = get(destination);
if (defaultEntry != null) { if (defaultEntry != null) {

View File

@ -19,7 +19,6 @@ package org.apache.activemq.security;
import java.security.Principal; import java.security.Principal;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.CallbackHandler;
@ -89,10 +88,9 @@ public class JaasCertificateAuthenticationBroker extends BrokerFilter {
String dnName = ""; String dnName = "";
for (Iterator iter = subject.getPrincipals().iterator(); iter.hasNext();) { for (Principal principal : subject.getPrincipals()) {
Principal nextPrincipal = (Principal)iter.next(); if (principal instanceof UserPrincipal) {
if (nextPrincipal instanceof UserPrincipal) { dnName = ((UserPrincipal)principal).getName();
dnName = ((UserPrincipal)nextPrincipal).getName();
break; break;
} }
} }

View File

@ -115,25 +115,25 @@ public class LDAPAuthorizationMap implements AuthorizationMap {
writeAttribute = "uniqueMember"; writeAttribute = "uniqueMember";
} }
public LDAPAuthorizationMap(Map options) { public LDAPAuthorizationMap(Map<String,String> options) {
initialContextFactory = (String)options.get(INITIAL_CONTEXT_FACTORY); initialContextFactory = options.get(INITIAL_CONTEXT_FACTORY);
connectionURL = (String)options.get(CONNECTION_URL); connectionURL = options.get(CONNECTION_URL);
connectionUsername = (String)options.get(CONNECTION_USERNAME); connectionUsername = options.get(CONNECTION_USERNAME);
connectionPassword = (String)options.get(CONNECTION_PASSWORD); connectionPassword = options.get(CONNECTION_PASSWORD);
connectionProtocol = (String)options.get(CONNECTION_PROTOCOL); connectionProtocol = options.get(CONNECTION_PROTOCOL);
authentication = (String)options.get(AUTHENTICATION); authentication = options.get(AUTHENTICATION);
adminBase = (String)options.get(ADMIN_BASE); adminBase = options.get(ADMIN_BASE);
adminAttribute = (String)options.get(ADMIN_ATTRIBUTE); adminAttribute = options.get(ADMIN_ATTRIBUTE);
readBase = (String)options.get(READ_BASE); readBase = options.get(READ_BASE);
readAttribute = (String)options.get(READ_ATTRIBUTE); readAttribute = options.get(READ_ATTRIBUTE);
writeBase = (String)options.get(WRITE_BASE); writeBase = options.get(WRITE_BASE);
writeAttribute = (String)options.get(WRITE_ATTRIBUTE); writeAttribute = options.get(WRITE_ATTRIBUTE);
String topicSearchMatching = (String)options.get(TOPIC_SEARCH_MATCHING); String topicSearchMatching = options.get(TOPIC_SEARCH_MATCHING);
String topicSearchSubtree = (String)options.get(TOPIC_SEARCH_SUBTREE); String topicSearchSubtree = options.get(TOPIC_SEARCH_SUBTREE);
String queueSearchMatching = (String)options.get(QUEUE_SEARCH_MATCHING); String queueSearchMatching = options.get(QUEUE_SEARCH_MATCHING);
String queueSearchSubtree = (String)options.get(QUEUE_SEARCH_SUBTREE); String queueSearchSubtree = options.get(QUEUE_SEARCH_SUBTREE);
topicSearchMatchingFormat = new MessageFormat(topicSearchMatching); topicSearchMatchingFormat = new MessageFormat(topicSearchMatching);
queueSearchMatchingFormat = new MessageFormat(queueSearchMatching); queueSearchMatchingFormat = new MessageFormat(queueSearchMatching);
topicSearchSubtreeBool = Boolean.valueOf(topicSearchSubtree).booleanValue(); topicSearchSubtreeBool = Boolean.valueOf(topicSearchSubtree).booleanValue();
@ -413,7 +413,7 @@ public class LDAPAuthorizationMap implements AuthorizationMap {
try { try {
Set<GroupPrincipal> roles = new HashSet<GroupPrincipal>(); Set<GroupPrincipal> roles = new HashSet<GroupPrincipal>();
Set<String> acls = new HashSet<String>(); Set<String> acls = new HashSet<String>();
NamingEnumeration results = context.search(destinationBase, roleBase, constraints); NamingEnumeration<?> results = context.search(destinationBase, roleBase, constraints);
while (results.hasMore()) { while (results.hasMore()) {
SearchResult result = (SearchResult)results.next(); SearchResult result = (SearchResult)results.next();
Attributes attrs = result.getAttributes(); Attributes attrs = result.getAttributes();
@ -445,7 +445,7 @@ public class LDAPAuthorizationMap implements AuthorizationMap {
if (attr == null) { if (attr == null) {
return values; return values;
} }
NamingEnumeration e = attr.getAll(); NamingEnumeration<?> e = attr.getAll();
while (e.hasMore()) { while (e.hasMore()) {
String value = (String)e.next(); String value = (String)e.next();
values.add(value); values.add(value);

View File

@ -16,6 +16,7 @@
*/ */
package org.apache.activemq.security; package org.apache.activemq.security;
import java.security.Principal;
import java.util.Collections; import java.util.Collections;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator; import java.util.Iterator;
@ -37,9 +38,8 @@ public abstract class SecurityContext {
return true; return true;
} }
@SuppressWarnings("unchecked") public Set<Principal> getPrincipals() {
public Set<?> getPrincipals() { return Collections.emptySet();
return Collections.EMPTY_SET;
} }
}; };
@ -53,10 +53,10 @@ public abstract class SecurityContext {
} }
public boolean isInOneOf(Set<?> allowedPrincipals) { public boolean isInOneOf(Set<?> allowedPrincipals) {
Iterator allowedIter = allowedPrincipals.iterator(); Iterator<?> allowedIter = allowedPrincipals.iterator();
HashSet<?> userPrincipals = new HashSet<Object>(getPrincipals()); HashSet<?> userPrincipals = new HashSet<Object>(getPrincipals());
while (allowedIter.hasNext()) { while (allowedIter.hasNext()) {
Iterator userIter = userPrincipals.iterator(); Iterator<?> userIter = userPrincipals.iterator();
Object allowedPrincipal = allowedIter.next(); Object allowedPrincipal = allowedIter.next();
while (userIter.hasNext()) { while (userIter.hasNext()) {
if (allowedPrincipal.equals(userIter.next())) if (allowedPrincipal.equals(userIter.next()))
@ -66,7 +66,7 @@ public abstract class SecurityContext {
return false; return false;
} }
public abstract Set<?> getPrincipals(); public abstract Set<Principal> getPrincipals();
public String getUserName() { public String getUserName() {
return userName; return userName;

View File

@ -16,6 +16,7 @@
*/ */
package org.apache.activemq.security; package org.apache.activemq.security;
import java.security.Principal;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator; import java.util.Iterator;
import java.util.Map; import java.util.Map;
@ -38,11 +39,11 @@ public class SimpleAuthenticationBroker extends BrokerFilter {
private boolean anonymousAccessAllowed = false; private boolean anonymousAccessAllowed = false;
private String anonymousUser; private String anonymousUser;
private String anonymousGroup; private String anonymousGroup;
private final Map userPasswords; private final Map<String,String> userPasswords;
private final Map userGroups; private final Map<String,Set<Principal>> userGroups;
private final CopyOnWriteArrayList<SecurityContext> securityContexts = new CopyOnWriteArrayList<SecurityContext>(); private final CopyOnWriteArrayList<SecurityContext> securityContexts = new CopyOnWriteArrayList<SecurityContext>();
public SimpleAuthenticationBroker(Broker next, Map userPasswords, Map userGroups) { public SimpleAuthenticationBroker(Broker next, Map<String,String> userPasswords, Map<String,Set<Principal>> userGroups) {
super(next); super(next);
this.userPasswords = userPasswords; this.userPasswords = userPasswords;
this.userGroups = userGroups; this.userGroups = userGroups;
@ -68,22 +69,22 @@ public class SimpleAuthenticationBroker extends BrokerFilter {
if (anonymousAccessAllowed && info.getUserName() == null && info.getPassword() == null) { if (anonymousAccessAllowed && info.getUserName() == null && info.getPassword() == null) {
info.setUserName(anonymousUser); info.setUserName(anonymousUser);
s = new SecurityContext(info.getUserName()) { s = new SecurityContext(info.getUserName()) {
public Set getPrincipals() { public Set<Principal> getPrincipals() {
Set groups = new HashSet(); Set<Principal> groups = new HashSet<Principal>();
groups.add(new GroupPrincipal(anonymousGroup)); groups.add(new GroupPrincipal(anonymousGroup));
return groups; return groups;
} }
}; };
} else { } else {
String pw = (String) userPasswords.get(info.getUserName()); String pw = userPasswords.get(info.getUserName());
if (pw == null || !pw.equals(info.getPassword())) { if (pw == null || !pw.equals(info.getPassword())) {
throw new SecurityException( throw new SecurityException(
"User name [" + info.getUserName() + "] or password is invalid."); "User name [" + info.getUserName() + "] or password is invalid.");
} }
final Set groups = (Set) userGroups.get(info.getUserName()); final Set<Principal> groups = userGroups.get(info.getUserName());
s = new SecurityContext(info.getUserName()) { s = new SecurityContext(info.getUserName()) {
public Set<?> getPrincipals() { public Set<Principal> getPrincipals() {
return groups; return groups;
} }
}; };

View File

@ -16,6 +16,7 @@
*/ */
package org.apache.activemq.security; package org.apache.activemq.security;
import java.security.Principal;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator; import java.util.Iterator;
@ -40,7 +41,7 @@ import org.apache.activemq.jaas.GroupPrincipal;
*/ */
public class SimpleAuthenticationPlugin implements BrokerPlugin { public class SimpleAuthenticationPlugin implements BrokerPlugin {
private Map<String, String> userPasswords; private Map<String, String> userPasswords;
private Map<String, Set<GroupPrincipal>> userGroups; private Map<String, Set<Principal>> userGroups;
private static final String DEFAULT_ANONYMOUS_USER = "anonymous"; private static final String DEFAULT_ANONYMOUS_USER = "anonymous";
private static final String DEFAULT_ANONYMOUS_GROUP = "anonymous"; private static final String DEFAULT_ANONYMOUS_GROUP = "anonymous";
private String anonymousUser = DEFAULT_ANONYMOUS_USER; private String anonymousUser = DEFAULT_ANONYMOUS_USER;
@ -50,7 +51,7 @@ public class SimpleAuthenticationPlugin implements BrokerPlugin {
public SimpleAuthenticationPlugin() { public SimpleAuthenticationPlugin() {
} }
public SimpleAuthenticationPlugin(List users) { public SimpleAuthenticationPlugin(List<?> users) {
setUsers(users); setUsers(users);
} }
@ -62,7 +63,7 @@ public class SimpleAuthenticationPlugin implements BrokerPlugin {
return broker; return broker;
} }
public Map<String, Set<GroupPrincipal>> getUserGroups() { public Map<String, Set<Principal>> getUserGroups() {
return userGroups; return userGroups;
} }
@ -71,13 +72,13 @@ public class SimpleAuthenticationPlugin implements BrokerPlugin {
* *
* @org.apache.xbean.ElementType class="org.apache.activemq.security.AuthenticationUser" * @org.apache.xbean.ElementType class="org.apache.activemq.security.AuthenticationUser"
*/ */
public void setUsers(List users) { public void setUsers(List<?> users) {
userPasswords = new HashMap<String, String>(); userPasswords = new HashMap<String, String>();
userGroups = new HashMap<String, Set<GroupPrincipal>>(); userGroups = new HashMap<String, Set<Principal>>();
for (Iterator it = users.iterator(); it.hasNext();) { for (Iterator<?> it = users.iterator(); it.hasNext();) {
AuthenticationUser user = (AuthenticationUser)it.next(); AuthenticationUser user = (AuthenticationUser)it.next();
userPasswords.put(user.getUsername(), user.getPassword()); userPasswords.put(user.getUsername(), user.getPassword());
Set<GroupPrincipal> groups = new HashSet<GroupPrincipal>(); Set<Principal> groups = new HashSet<Principal>();
StringTokenizer iter = new StringTokenizer(user.getGroups(), ","); StringTokenizer iter = new StringTokenizer(user.getGroups(), ",");
while (iter.hasMoreTokens()) { while (iter.hasMoreTokens()) {
String name = iter.nextToken().trim(); String name = iter.nextToken().trim();
@ -104,7 +105,7 @@ public class SimpleAuthenticationPlugin implements BrokerPlugin {
* Sets the groups a user is in. The key is the user name and the value is a * Sets the groups a user is in. The key is the user name and the value is a
* Set of groups * Set of groups
*/ */
public void setUserGroups(Map<String, Set<GroupPrincipal>> userGroups) { public void setUserGroups(Map<String, Set<Principal>> userGroups) {
this.userGroups = userGroups; this.userGroups = userGroups;
} }

View File

@ -21,7 +21,7 @@ package org.apache.activemq.filter;
* *
* *
*/ */
public class DummyPolicyEntry extends DestinationMapEntry { public class DummyPolicyEntry extends DestinationMapEntry<String> {
private String description; private String description;
@ -33,7 +33,7 @@ public class DummyPolicyEntry extends DestinationMapEntry {
this.description = description; this.description = description;
} }
public Object getValue() { public Comparable<String> getValue() {
return description; return description;
} }

View File

@ -22,6 +22,7 @@ import java.util.Set;
import junit.framework.TestCase; import junit.framework.TestCase;
import org.apache.activemq.command.ActiveMQQueue; import org.apache.activemq.command.ActiveMQQueue;
import org.apache.activemq.filter.DestinationMapEntry;
import org.apache.activemq.jaas.GroupPrincipal; import org.apache.activemq.jaas.GroupPrincipal;
/** /**
@ -37,7 +38,7 @@ public class AuthorizationMapTest extends TestCase {
public void testAuthorizationMap() { public void testAuthorizationMap() {
AuthorizationMap map = createAuthorizationMap(); AuthorizationMap map = createAuthorizationMap();
Set readACLs = map.getReadACLs(new ActiveMQQueue("USERS.FOO.BAR")); Set<?> readACLs = map.getReadACLs(new ActiveMQQueue("USERS.FOO.BAR"));
assertEquals("set size: " + readACLs, 2, readACLs.size()); assertEquals("set size: " + readACLs, 2, readACLs.size());
assertTrue("Contains users group", readACLs.contains(ADMINS)); assertTrue("Contains users group", readACLs.contains(ADMINS));
assertTrue("Contains users group", readACLs.contains(USERS)); assertTrue("Contains users group", readACLs.contains(USERS));
@ -47,21 +48,22 @@ public class AuthorizationMapTest extends TestCase {
public void testAuthorizationMapWithTempDest() { public void testAuthorizationMapWithTempDest() {
AuthorizationMap map = createAuthorizationMapWithTempDest(); AuthorizationMap map = createAuthorizationMapWithTempDest();
Set readACLs = map.getReadACLs(new ActiveMQQueue("USERS.FOO.BAR")); Set<?> readACLs = map.getReadACLs(new ActiveMQQueue("USERS.FOO.BAR"));
assertEquals("set size: " + readACLs, 2, readACLs.size()); assertEquals("set size: " + readACLs, 2, readACLs.size());
assertTrue("Contains users group", readACLs.contains(ADMINS)); assertTrue("Contains users group", readACLs.contains(ADMINS));
assertTrue("Contains users group", readACLs.contains(USERS)); assertTrue("Contains users group", readACLs.contains(USERS));
Set tempAdminACLs = map.getTempDestinationAdminACLs(); Set<?> tempAdminACLs = map.getTempDestinationAdminACLs();
assertEquals("set size: " + tempAdminACLs, 1, tempAdminACLs.size()); assertEquals("set size: " + tempAdminACLs, 1, tempAdminACLs.size());
assertTrue("Contains users group", tempAdminACLs.contains(TEMP_DESTINATION_ADMINS)); assertTrue("Contains users group", tempAdminACLs.contains(TEMP_DESTINATION_ADMINS));
} }
@SuppressWarnings("rawtypes")
protected AuthorizationMap createAuthorizationMap() { protected AuthorizationMap createAuthorizationMap() {
DefaultAuthorizationMap answer = new DefaultAuthorizationMap(); DefaultAuthorizationMap answer = new DefaultAuthorizationMap();
List<AuthorizationEntry> entries = new ArrayList<AuthorizationEntry>(); List<DestinationMapEntry> entries = new ArrayList<DestinationMapEntry>();
AuthorizationEntry entry = new AuthorizationEntry(); AuthorizationEntry entry = new AuthorizationEntry();
entry.setGroupClass("org.apache.activemq.jaas.GroupPrincipal"); entry.setGroupClass("org.apache.activemq.jaas.GroupPrincipal");
@ -88,10 +90,11 @@ public class AuthorizationMapTest extends TestCase {
return answer; return answer;
} }
@SuppressWarnings("rawtypes")
protected AuthorizationMap createAuthorizationMapWithTempDest() { protected AuthorizationMap createAuthorizationMapWithTempDest() {
DefaultAuthorizationMap answer = new DefaultAuthorizationMap(); DefaultAuthorizationMap answer = new DefaultAuthorizationMap();
List<AuthorizationEntry> entries = new ArrayList<AuthorizationEntry>(); List<DestinationMapEntry> entries = new ArrayList<DestinationMapEntry>();
AuthorizationEntry entry = new AuthorizationEntry(); AuthorizationEntry entry = new AuthorizationEntry();
entry.setQueue(">"); entry.setQueue(">");

View File

@ -17,9 +17,12 @@
package org.apache.activemq.security; package org.apache.activemq.security;
import java.net.URL; import java.net.URL;
import java.security.Principal;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import junit.framework.Test; import junit.framework.Test;
import org.apache.activemq.CombinationTestSupport; import org.apache.activemq.CombinationTestSupport;
@ -28,7 +31,6 @@ import org.apache.activemq.broker.BrokerPlugin;
import org.apache.activemq.broker.BrokerService; import org.apache.activemq.broker.BrokerService;
import org.apache.activemq.command.ActiveMQQueue; import org.apache.activemq.command.ActiveMQQueue;
import org.apache.activemq.command.ActiveMQTopic; import org.apache.activemq.command.ActiveMQTopic;
import org.apache.activemq.command.MessageSendTest;
import org.apache.activemq.filter.DestinationMap; import org.apache.activemq.filter.DestinationMap;
import org.apache.activemq.jaas.GroupPrincipal; import org.apache.activemq.jaas.GroupPrincipal;
import org.slf4j.Logger; import org.slf4j.Logger;
@ -113,10 +115,10 @@ public class SimpleSecurityBrokerSystemTest extends SecurityTestSupport {
u.put("user", "password"); u.put("user", "password");
u.put("guest", "password"); u.put("guest", "password");
HashMap<String, HashSet<Object>> groups = new HashMap<String, HashSet<Object>>(); Map<String, Set<Principal>> groups = new HashMap<String, Set<Principal>>();
groups.put("system", new HashSet<Object>(Arrays.asList(new Object[] {ADMINS, USERS}))); groups.put("system", new HashSet<Principal>(Arrays.asList(new Principal[] {ADMINS, USERS})));
groups.put("user", new HashSet<Object>(Arrays.asList(new Object[] {USERS}))); groups.put("user", new HashSet<Principal>(Arrays.asList(new Principal[] {USERS})));
groups.put("guest", new HashSet<Object>(Arrays.asList(new Object[] {GUESTS}))); groups.put("guest", new HashSet<Principal>(Arrays.asList(new Principal[] {GUESTS})));
return new SimpleAuthenticationBroker(broker, u, groups); return new SimpleAuthenticationBroker(broker, u, groups);
} }

View File

@ -17,6 +17,7 @@
package org.apache.activemq.security; package org.apache.activemq.security;
import java.security.Principal;
import java.util.Set; import java.util.Set;
public class StubSecurityContext extends SecurityContext { public class StubSecurityContext extends SecurityContext {
@ -24,7 +25,7 @@ public class StubSecurityContext extends SecurityContext {
super(""); super("");
} }
public Set<?> getPrincipals() { public Set<Principal> getPrincipals() {
return null; return null;
} }
} }