From 9027d4951614707786b0f0fae081a49a32828d09 Mon Sep 17 00:00:00 2001 From: Bosanac Dejan Date: Fri, 22 Mar 2013 15:08:51 +0000 Subject: [PATCH] https://issues.apache.org/jira/browse/AMQ-3883 - allow arbitrary group principal class to be used by authorization map git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1459834 13f79535-47bb-0310-9956-ffa450edef68 --- .../activemq/security/AuthorizationEntry.java | 39 +-------------- .../security/DefaultAuthorizationMap.java | 49 +++++++++++++++++++ .../SimpleCachedLDAPAuthorizationMap.java | 11 +++-- 3 files changed, 57 insertions(+), 42 deletions(-) diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java index b4a3d9be4e..d3e23378e8 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java +++ b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java @@ -111,45 +111,8 @@ public class AuthorizationEntry extends DestinationMapEntry { Set answer = new HashSet(); StringTokenizer iter = new StringTokenizer(roles, ","); while (iter.hasMoreTokens()) { - String name = iter.nextToken().trim(); - Object[] param = new Object[]{name}; - - try { - Class cls = Class.forName(groupClass); - - Constructor[] constructors = cls.getConstructors(); - int i; - for (i = 0; i < constructors.length; i++) { - Class[] paramTypes = constructors[i].getParameterTypes(); - if (paramTypes.length != 0 && paramTypes[0].equals(String.class)) { - break; - } - } - if (i < constructors.length) { - Object instance = constructors[i].newInstance(param); - answer.add(instance); - } else { - Object instance = cls.newInstance(); - Method[] methods = cls.getMethods(); - i = 0; - for (i = 0; i < methods.length; i++) { - Class[] paramTypes = methods[i].getParameterTypes(); - if (paramTypes.length != 0 && methods[i].getName().equals("setName") && paramTypes[0].equals(String.class)) { - break; - } - } - - if (i < methods.length) { - methods[i].invoke(instance, param); - answer.add(instance); - } else { - throw new NoSuchMethodException(); - } - } - } catch (Exception e) { - throw e; - } + DefaultAuthorizationMap.createGroupPrincipal(name, getGroupClass()); } return answer; } diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java b/activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java index 6de105813b..319c75e559 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java +++ b/activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java @@ -16,6 +16,8 @@ */ package org.apache.activemq.security; +import java.lang.reflect.Constructor; +import java.lang.reflect.Method; import java.util.HashSet; import java.util.Iterator; import java.util.List; @@ -40,6 +42,8 @@ public class DefaultAuthorizationMap extends DestinationMap implements Authoriza private TempDestinationAuthorizationEntry tempDestinationAuthorizationEntry; + private String groupClass = "org.apache.activemq.jaas.GroupPrincipal"; + public DefaultAuthorizationMap() { } @@ -186,4 +190,49 @@ public class DefaultAuthorizationMap extends DestinationMap implements Authoriza return entries; } + public String getGroupClass() { + return groupClass; + } + + public void setGroupClass(String groupClass) { + this.groupClass = groupClass; + } + + public static Object createGroupPrincipal(String name, String groupClass) throws Exception { + Object[] param = new Object[]{name}; + + Class cls = Class.forName(groupClass); + + Constructor[] constructors = cls.getConstructors(); + int i; + Object instance; + for (i = 0; i < constructors.length; i++) { + Class[] paramTypes = constructors[i].getParameterTypes(); + if (paramTypes.length != 0 && paramTypes[0].equals(String.class)) { + break; + } + } + if (i < constructors.length) { + instance = constructors[i].newInstance(param); + } else { + instance = cls.newInstance(); + Method[] methods = cls.getMethods(); + i = 0; + for (i = 0; i < methods.length; i++) { + Class[] paramTypes = methods[i].getParameterTypes(); + if (paramTypes.length != 0 && methods[i].getName().equals("setName") && paramTypes[0].equals(String.class)) { + break; + } + } + + if (i < methods.length) { + methods[i].invoke(instance, param); + } else { + throw new NoSuchMethodException(); + } + } + + return instance; + } + } diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java b/activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java index 9707773a7e..5bd2457b72 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java +++ b/activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java @@ -272,10 +272,7 @@ public class SimpleCachedLDAPAuthorizationMap extends DefaultAuthorizationMap { * {@link DestinationType#TEMP} or if the policy entry DN is malformed */ protected AuthorizationEntry getEntry(LdapName dn, DestinationType destinationType) { - AuthorizationEntry entry = null; - - switch (destinationType) { case TEMP: // handle temp entry @@ -405,7 +402,13 @@ public class SimpleCachedLDAPAuthorizationMap extends DefaultAuthorizationMap { + memberDn + " under entry " + result.getNameInNamespace()); } else if (principalName != null){ if (group && !user) { - members.add(new GroupPrincipal(principalName)); + try { + members.add(createGroupPrincipal(principalName, getGroupClass())); + } catch (Exception e) { + NamingException ne = new NamingException("Can't create a group " + principalName + " of class " + getGroupClass()); + ne.initCause(e); + throw ne; + } } else if (!group && user) { members.add(new UserPrincipal(principalName)); }