summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKeith Wall <kwall@apache.org>2012-02-02 22:26:50 +0000
committerKeith Wall <kwall@apache.org>2012-02-02 22:26:50 +0000
commit323e2e53e21c5cabdb6790465a3358cdd0de3c73 (patch)
tree6419040e6b4dce32b79bd8a0247f74d40f230bd0
parent0837de3f63e5b59535edcbc737182e959d4b32ed (diff)
downloadqpid-python-323e2e53e21c5cabdb6790465a3358cdd0de3c73.tar.gz
QPID-3805: Remove allow-all/deny-all security plugins from Java Broker.
Remove allow-all/deny-all security plugins as equivilent functionality is offerred by the ACL plugin. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1239889 13f79535-47bb-0310-9956-ffa450edef68
Diffstat
-rw-r--r--qpid/doc/book/src/Security-Plugins.xml13
-rw-r--r--qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java7
-rw-r--r--qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/AllowAll.java96
-rw-r--r--qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/DenyAll.java100
-rw-r--r--qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/LegacyAccess.java8
5 files changed, 5 insertions, 219 deletions
diff --git a/qpid/doc/book/src/Security-Plugins.xml b/qpid/doc/book/src/Security-Plugins.xml
index 55cd651bb5..bf5cb726b3 100644
--- a/qpid/doc/book/src/Security-Plugins.xml
+++ b/qpid/doc/book/src/Security-Plugins.xml
@@ -608,17 +608,4 @@ if (!_vhost.getSecurityManager().accessObject("com.example.application", "Extens
</section>
</section>
</section>
- <section role="h2" label="SPD-Other-Security-Plugins">
- <title>Other Security Plugins</title>
- <para>
- There are two basic plugins provided internally by the broker, which can be
- found in the <code>org.apache.qpid.server.security.access.plugins</code> package.
- These are <code>AllowAll</code> and <code>DenyAll</code>. The <code>LegacyAccess</code>
- plugin is not normally required, and simply ignores legacy elements of the configuration
- file. The other two plugins are activated by the presence of an element in the
- <code>&lt;security /&gt;</code> section of the configuration or virtual hosts XML
- files. To deny all access by default, add the empty <code>&lt;deny-all /&gt;</code>
- element, and to allow all access, add <code>&lt;allow-all /&gt;</code>.
- </para>
- </section>
</section>
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
index 6e182d52a8..407ce57ad6 100644
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
@@ -39,8 +39,6 @@ import org.apache.qpid.server.configuration.plugins.SlowConsumerDetectionQueueCo
import org.apache.qpid.server.exchange.ExchangeType;
import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.SecurityPluginFactory;
-import org.apache.qpid.server.security.access.plugins.AllowAll;
-import org.apache.qpid.server.security.access.plugins.DenyAll;
import org.apache.qpid.server.security.access.plugins.LegacyAccess;
import org.apache.qpid.server.security.auth.manager.AuthenticationManagerPluginFactory;
import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager;
@@ -147,16 +145,13 @@ public class PluginManager implements Closeable
{
// Store all non-OSGi plugins
// A little gross that we have to add them here, but not all the plugins are OSGIfied
- for (SecurityPluginFactory<?> pluginFactory : Arrays.asList(
- AllowAll.FACTORY, DenyAll.FACTORY, LegacyAccess.FACTORY))
+ for (SecurityPluginFactory<?> pluginFactory : Arrays.asList(LegacyAccess.FACTORY))
{
_securityPlugins.put(pluginFactory.getPluginName(), pluginFactory);
}
for (ConfigurationPluginFactory configFactory : Arrays.asList(
TopicConfiguration.FACTORY,
SecurityManager.SecurityConfiguration.FACTORY,
- AllowAll.AllowAllConfiguration.FACTORY,
- DenyAll.DenyAllConfiguration.FACTORY,
LegacyAccess.LegacyAccessConfiguration.FACTORY,
new SlowConsumerDetectionConfigurationFactory(),
new SlowConsumerDetectionPolicyConfigurationFactory(),
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/AllowAll.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/AllowAll.java
deleted file mode 100644
index 8260e8d91e..0000000000
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/AllowAll.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.qpid.server.security.access.plugins;
-
-import org.apache.commons.configuration.Configuration;
-import org.apache.commons.configuration.ConfigurationException;
-
-import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
-import org.apache.qpid.server.security.Result;
-import org.apache.qpid.server.security.SecurityPluginFactory;
-
-import java.util.Arrays;
-import java.util.List;
-
-/** Always allow. */
-public class AllowAll extends BasicPlugin
-{
- public static class AllowAllConfiguration extends ConfigurationPlugin {
- public static final ConfigurationPluginFactory FACTORY = new ConfigurationPluginFactory()
- {
- public List<String> getParentPaths()
- {
- return Arrays.asList("security.allow-all", "virtualhosts.virtualhost.security.allow-all");
- }
-
- public ConfigurationPlugin newInstance(String path, Configuration config) throws ConfigurationException
- {
- ConfigurationPlugin instance = new AllowAllConfiguration();
- instance.setConfiguration(path, config);
- return instance;
- }
- };
-
- public String[] getElementsProcessed()
- {
- return new String[] { "" };
- }
-
- public void validateConfiguration() throws ConfigurationException
- {
- }
-
- }
-
- public static final SecurityPluginFactory<AllowAll> FACTORY = new SecurityPluginFactory<AllowAll>()
- {
- public AllowAll newInstance(ConfigurationPlugin config) throws ConfigurationException
- {
- AllowAllConfiguration configuration = config.getConfiguration(AllowAllConfiguration.class.getName());
-
- // If there is no configuration for this plugin then don't load it.
- if (configuration == null)
- {
- return null;
- }
-
- AllowAll plugin = new AllowAll();
- plugin.configure(configuration);
- return plugin;
- }
-
- public String getPluginName()
- {
- return AllowAll.class.getName();
- }
-
- public Class<AllowAll> getPluginClass()
- {
- return AllowAll.class;
- }
- };
-
- @Override
- public Result getDefault()
- {
- return Result.ALLOWED;
- }
-
-}
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/DenyAll.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/DenyAll.java
deleted file mode 100644
index 6d28699832..0000000000
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/DenyAll.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.qpid.server.security.access.plugins;
-
-import org.apache.commons.configuration.Configuration;
-import org.apache.commons.configuration.ConfigurationException;
-
-import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
-import org.apache.qpid.server.security.Result;
-import org.apache.qpid.server.security.SecurityPluginFactory;
-
-import java.util.Arrays;
-import java.util.List;
-
-/** Always Deny. */
-public class DenyAll extends BasicPlugin
-{
- public static class DenyAllConfiguration extends ConfigurationPlugin {
- public static final ConfigurationPluginFactory FACTORY = new ConfigurationPluginFactory()
- {
- public List<String> getParentPaths()
- {
- return Arrays.asList("security.deny-all", "virtualhosts.virtualhost.security.deny-all");
- }
-
- public ConfigurationPlugin newInstance(String path, Configuration config) throws ConfigurationException
- {
- ConfigurationPlugin instance = new DenyAllConfiguration();
- instance.setConfiguration(path, config);
- return instance;
- }
- };
-
- public String[] getElementsProcessed()
- {
- return new String[] { "" };
- }
-
- public void validateConfiguration() throws ConfigurationException
- {
- if (!getConfig().isEmpty())
- {
- throw new ConfigurationException("deny-all section takes no elements.");
- }
- }
-
- }
-
- public static final SecurityPluginFactory<DenyAll> FACTORY = new SecurityPluginFactory<DenyAll>()
- {
- public DenyAll newInstance(ConfigurationPlugin config) throws ConfigurationException
- {
- DenyAllConfiguration configuration = config.getConfiguration(DenyAllConfiguration.class.getName());
-
- // If there is no configuration for this plugin then don't load it.
- if (configuration == null)
- {
- return null;
- }
-
- DenyAll plugin = new DenyAll();
- plugin.configure(configuration);
- return plugin;
- }
-
- public String getPluginName()
- {
- return DenyAll.class.getName();
- }
-
- public Class<DenyAll> getPluginClass()
- {
- return DenyAll.class;
- }
- };
-
- @Override
- public Result getDefault()
- {
- return Result.DENIED;
- }
-
-}
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/LegacyAccess.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/LegacyAccess.java
index 11e4865f2e..4b7a2fb457 100644
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/LegacyAccess.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/LegacyAccess.java
@@ -28,7 +28,9 @@ import org.apache.qpid.server.security.SecurityPluginFactory;
import java.util.Arrays;
import java.util.List;
-/** Always Abstain. */
+/**
+ * The <code>LegacyAccess</code> plugin is used internally and simply ignores legacy elements of the configuration file.
+ */
public class LegacyAccess extends BasicPlugin
{
public static class LegacyAccessConfiguration extends ConfigurationPlugin {
@@ -36,9 +38,7 @@ public class LegacyAccess extends BasicPlugin
{
public List<String> getParentPaths()
{
- return Arrays.asList("security.jmx", "virtualhosts.virtualhost.security.jmx",
- "security.msg-auth", "virtualhosts.virtualhost.security.msg-auth",
- "security.principal-databases", "virtualhosts.virtualhost.security.principal-databases");
+ return Arrays.asList("security.msg-auth", "virtualhosts.virtualhost.security.msg-auth");
}
public ConfigurationPlugin newInstance(String path, Configuration config) throws ConfigurationException
View Lorry Controller Status