diff options
author | Keith Wall <kwall@apache.org> | 2015-02-24 13:12:57 +0000 |
---|---|---|
committer | Keith Wall <kwall@apache.org> | 2015-02-24 13:12:57 +0000 |
commit | e1c2dac46c9b7b8e28be8c56e683bd49b4870652 (patch) | |
tree | 4285bca19f3fc96d065a80a4dcaf56708ab18d56 | |
parent | 798a6097d9a949aff1f62ee31c8d9d1a4d1b5e12 (diff) | |
download | qpid-python-e1c2dac46c9b7b8e28be8c56e683bd49b4870652.tar.gz |
QPID-6364: [Java Broker] Keystore data url must be a secure attribute
Merged from trunk with command:
svn merge -c 1661165 https://svn.apache.org/repos/asf/qpid/trunk
git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/0.32@1661933 13f79535-47bb-0310-9956-ffa450edef68
4 files changed, 20 insertions, 5 deletions
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java index 3ec60604c3..74982acb4b 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java @@ -44,7 +44,6 @@ import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.CopyOnWriteArrayList; import java.util.concurrent.atomic.AtomicReference; -import java.util.regex.Pattern; import javax.security.auth.Subject; @@ -1137,9 +1136,7 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im if(attr != null && (attr.isAutomated() || attr.isDerived())) { Object value = attr.getValue((X)this); - Pattern secureValueFilter = attr.getSecureValueFilter(); - if(value != null && attr.isSecure() && !SecurityManager.isSystemProcess() && - (secureValueFilter == null || secureValueFilter.matcher(value.toString()).matches())) + if(value != null && !SecurityManager.isSystemProcess() && attr.isSecureValue(value)) { return SECURE_VALUES.get(value.getClass()); } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/ConfiguredObjectAttribute.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/ConfiguredObjectAttribute.java index 4f15d612f9..94610a6cb5 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/ConfiguredObjectAttribute.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/ConfiguredObjectAttribute.java @@ -52,6 +52,23 @@ public abstract class ConfiguredObjectAttribute<C extends ConfiguredObject, T> e public abstract Pattern getSecureValueFilter(); + public boolean isSecureValue(Object value) + { + if (isSecure()) + { + Pattern filter = getSecureValueFilter(); + if (filter == null) + { + return true; + } + else + { + return filter.matcher(String.valueOf(value)).matches(); + } + } + return false; + } + public T convert(final Object value, C object) { final AttributeValueConverter<T> converter = getConverter(); diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverter.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverter.java index d02b85df7f..0f1b7d03e9 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverter.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverter.java @@ -162,7 +162,7 @@ public class ConfiguredObjectToMapConverter .getAttributeTypes(confObject.getClass()) .get(name); - if (attribute.isSecure() && !(isSecureTransport && extractAsConfig)) + if (attribute.isSecureValue(value) && !(isSecureTransport && extractAsConfig)) { // do not expose actual secure attribute value // getAttribute() returns encoded value diff --git a/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverterTest.java b/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverterTest.java index b3c9bd911f..5fb73c8ee4 100644 --- a/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverterTest.java +++ b/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/servlet/rest/ConfiguredObjectToMapConverterTest.java @@ -313,6 +313,7 @@ public class ConfiguredObjectToMapConverterTest extends TestCase Map<String, ConfiguredObjectAttribute<?, ?>> attributeTypes = typeRegistry.getAttributeTypes(TestChild.class); ConfiguredObjectAttribute secureAttribute = mock(ConfiguredObjectAttribute.class); when(secureAttribute.isSecure()).thenReturn(true); + when(secureAttribute.isSecureValue(any())).thenReturn(true); when(attributeTypes.get(eq("secureAttribute"))).thenReturn(secureAttribute); TestChild mockChild = mock(TestChild.class); |