https://issues.apache.org/jira/browse/AMQ-3883 - allow arbitrary group principal class to be used by authorization map

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1459834 13f79535-47bb-0310-9956-ffa450edef68

activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java

@@ -111,45 +111,8 @@ public class AuthorizationEntry extends DestinationMapEntry {
         Set<Object> answer = new HashSet<Object>();
         StringTokenizer iter = new StringTokenizer(roles, ",");
         while (iter.hasMoreTokens()) {
-
             String name = iter.nextToken().trim();
-            Object[] param = new Object[]{name};
-
-            try {
-                Class<?> cls = Class.forName(groupClass);
-
-                Constructor<?>[] constructors = cls.getConstructors();
-                int i;
-                for (i = 0; i < constructors.length; i++) {
-                    Class<?>[] paramTypes = constructors[i].getParameterTypes();
-                    if (paramTypes.length != 0 && paramTypes[0].equals(String.class)) {
-                        break;
-                    }
-                }
-                if (i < constructors.length) {
-                    Object instance = constructors[i].newInstance(param);
-                    answer.add(instance);
-                } else {
-                    Object instance = cls.newInstance();
-                    Method[] methods = cls.getMethods();
-                    i = 0;
-                    for (i = 0; i < methods.length; i++) {
-                        Class<?>[] paramTypes = methods[i].getParameterTypes();
-                        if (paramTypes.length != 0 && methods[i].getName().equals("setName") && paramTypes[0].equals(String.class)) {
-                            break;
-                        }
-                    }
-
-                    if (i < methods.length) {
-                        methods[i].invoke(instance, param);
-                        answer.add(instance);
-                    } else {
-                        throw new NoSuchMethodException();
-                    }
-                }
-            } catch (Exception e) {
-                throw e;
-            }
+            DefaultAuthorizationMap.createGroupPrincipal(name, getGroupClass());
         }
         return answer;
     }

activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java

@@ -16,6 +16,8 @@
  */
 package org.apache.activemq.security;
 
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Method;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
@@ -40,6 +42,8 @@ public class DefaultAuthorizationMap extends DestinationMap implements Authoriza
 
     private TempDestinationAuthorizationEntry tempDestinationAuthorizationEntry;
 
+    private String groupClass = "org.apache.activemq.jaas.GroupPrincipal";
+
     public DefaultAuthorizationMap() {
     }
 
@@ -186,4 +190,49 @@ public class DefaultAuthorizationMap extends DestinationMap implements Authoriza
         return entries;
     }
 
+    public String getGroupClass() {
+        return groupClass;
+    }
+
+    public void setGroupClass(String groupClass) {
+        this.groupClass = groupClass;
+    }
+
+    public static Object createGroupPrincipal(String name, String groupClass) throws Exception {
+        Object[] param = new Object[]{name};
+
+        Class<?> cls = Class.forName(groupClass);
+
+        Constructor<?>[] constructors = cls.getConstructors();
+        int i;
+        Object instance;
+        for (i = 0; i < constructors.length; i++) {
+            Class<?>[] paramTypes = constructors[i].getParameterTypes();
+            if (paramTypes.length != 0 && paramTypes[0].equals(String.class)) {
+                break;
+            }
+        }
+        if (i < constructors.length) {
+            instance = constructors[i].newInstance(param);
+        } else {
+            instance = cls.newInstance();
+            Method[] methods = cls.getMethods();
+            i = 0;
+            for (i = 0; i < methods.length; i++) {
+                Class<?>[] paramTypes = methods[i].getParameterTypes();
+                if (paramTypes.length != 0 && methods[i].getName().equals("setName") && paramTypes[0].equals(String.class)) {
+                    break;
+                }
+            }
+
+            if (i < methods.length) {
+                methods[i].invoke(instance, param);
+            } else {
+                throw new NoSuchMethodException();
+            }
+        }
+
+        return instance;
+    }
+
 }

activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java

@@ -272,10 +272,7 @@ public class SimpleCachedLDAPAuthorizationMap extends DefaultAuthorizationMap {
      *             {@link DestinationType#TEMP} or if the policy entry DN is malformed
      */
     protected AuthorizationEntry getEntry(LdapName dn, DestinationType destinationType) {
-        
         AuthorizationEntry entry = null;
-        
-        
         switch (destinationType) {
             case TEMP:
                 // handle temp entry
@@ -405,7 +402,13 @@ public class SimpleCachedLDAPAuthorizationMap extends DefaultAuthorizationMap {
                         + memberDn + " under entry " + result.getNameInNamespace());
             } else if (principalName != null){
                 if (group && !user) {
-                    members.add(new GroupPrincipal(principalName));
+                    try {
+                        members.add(createGroupPrincipal(principalName, getGroupClass()));
+                    } catch (Exception e) {
+                        NamingException ne = new NamingException("Can't create a group " + principalName + " of class " + getGroupClass());
+                        ne.initCause(e);
+                        throw ne;
+                    }
                 } else if (!group && user) {
                     members.add(new UserPrincipal(principalName));
                 }