QPID-4661: Add functionality to update broker fields affected by changes in attributes

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1459216 13f79535-47bb-0310-9956-ffa450edef68
author: Alex Rudyy <orudyy@apache.org> 2013-03-21 10:25:40 +0000
committer: Alex Rudyy <orudyy@apache.org> 2013-03-21 10:25:40 +0000
commit: b21968fb325e4980a783d630f4f651490a9e8576 (patch)
tree: 90ec5d0ec9fb08fe167171278c06d192ceb7e769
parent: bef7da03ea1cacc98ae33e28f09b48fa9335204b (diff)
download: qpid-python-b21968fb325e4980a783d630f4f651490a9e8576.tar.gz
3 files changed, 111 insertions, 13 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/startup/BrokerRecoverer.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/startup/BrokerRecoverer.java
index 3d19e781e2..c9c8fc3688 100644
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/startup/BrokerRecoverer.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/startup/BrokerRecoverer.java
@@ -128,7 +128,7 @@ public class BrokerRecoverer implements ConfiguredObjectRecoverer<Broker>
 
     private AuthenticationProvider getAuthenticationProviderByName(BrokerAdapter broker, String authenticationProviderName)
     {
-        AuthenticationProvider provider = broker.getAuthenticationProviderByName(authenticationProviderName);
+        AuthenticationProvider provider = broker.findAuthenticationProviderByName(authenticationProviderName);
         if (provider == null)
         {
             throw new IllegalConfigurationException("Cannot find the authentication provider with name: "
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
index 1b894b1232..2d90bb4fc2 100644
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
@@ -127,6 +127,7 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat
     private static final String DEFAULT_KEY_STORE_NAME = "defaultKeyStore";
     private static final String DEFAULT_TRUST_STORE_NAME = "defaultTrustStore";
     private static final String DEFAULT_GROUP_PROFIDER_NAME = "defaultGroupProvider";
+    private static final String DEFAULT_PEER_STORE_NAME = "defaultPeerStore";
 
     private static final String DUMMY_PASSWORD_MASK = "********";
 
@@ -192,7 +193,7 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat
         _authenticationProviderFactory = authenticationProviderFactory;
         _portFactory = portFactory;
         _securityManager = new SecurityManager((String)getAttribute(ACL_FILE));
-
+        addChangeListener(_securityManager);
         _defaultKeyStoreId = UUIDGenerator.generateBrokerChildUUID(KeyStore.class.getSimpleName(), DEFAULT_KEY_STORE_NAME);
         _defaultTrustStoreId = UUIDGenerator.generateBrokerChildUUID(TrustStore.class.getSimpleName(), DEFAULT_TRUST_STORE_NAME);
         createBrokerChildrenFromAttributes();
@@ -211,7 +212,11 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat
             UUID groupProviderId = UUIDGenerator.generateBrokerChildUUID(GroupProvider.class.getSimpleName(),
                     DEFAULT_GROUP_PROFIDER_NAME);
             GroupProviderAdapter groupProviderAdapter = new GroupProviderAdapter(groupProviderId, groupManager, this);
-            addGroupProvider(groupProviderAdapter);
+            _groupProviders.put(DEFAULT_GROUP_PROFIDER_NAME, groupProviderAdapter);
+        }
+        else
+        {
+            _groupProviders.remove(DEFAULT_GROUP_PROFIDER_NAME);
         }
         Map<String, Object> actualAttributes = getActualAttributes();
         String keyStorePath = (String) getAttribute(KEY_STORE_PATH);
@@ -224,8 +229,12 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat
             keyStoreAttributes.put(KeyStore.TYPE, java.security.KeyStore.getDefaultType());
             keyStoreAttributes.put(KeyStore.CERTIFICATE_ALIAS, getAttribute(KEY_STORE_CERT_ALIAS));
             keyStoreAttributes.put(KeyStore.KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm());
-            KeyStoreAdapter KeyStoreAdapter = new KeyStoreAdapter(_defaultKeyStoreId, this, keyStoreAttributes);
-            addKeyStore(KeyStoreAdapter);
+            KeyStoreAdapter keyStoreAdapter = new KeyStoreAdapter(_defaultKeyStoreId, this, keyStoreAttributes);
+            _keyStores.put(keyStoreAdapter.getId(), keyStoreAdapter);
+        }
+        else
+        {
+            _keyStores.remove(_defaultKeyStoreId);
         }
         String trustStorePath = (String) getAttribute(TRUST_STORE_PATH);
         if (trustStorePath != null)
@@ -238,13 +247,17 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat
             trsustStoreAttributes.put(TrustStore.TYPE, java.security.KeyStore.getDefaultType());
             trsustStoreAttributes.put(TrustStore.KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm());
             TrustStoreAdapter trustStore = new TrustStoreAdapter(_defaultTrustStoreId, this, trsustStoreAttributes);
-            addTrustStore(trustStore);
+            _trustStores.put(trustStore.getId(), trustStore);
+        }
+        else
+        {
+            _trustStores.remove(_defaultTrustStoreId);
         }
         String peerStorePath = (String) getAttribute(PEER_STORE_PATH);
+        UUID peerStoreId = UUIDGenerator.generateBrokerChildUUID(TrustStore.class.getSimpleName(), DEFAULT_PEER_STORE_NAME);
         if (peerStorePath != null)
         {
             Map<String, Object> peerStoreAttributes = new HashMap<String, Object>();
-            UUID peerStoreId = UUID.randomUUID();
             peerStoreAttributes.put(TrustStore.NAME, peerStoreId.toString());
             peerStoreAttributes.put(TrustStore.PATH, peerStorePath);
             peerStoreAttributes.put(TrustStore.PEERS_ONLY, Boolean.TRUE);
@@ -252,7 +265,11 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat
             peerStoreAttributes.put(TrustStore.TYPE, java.security.KeyStore.getDefaultType());
             peerStoreAttributes.put(TrustStore.KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm());
             TrustStoreAdapter trustStore = new TrustStoreAdapter(peerStoreId, this, peerStoreAttributes);
-            addTrustStore(trustStore);
+            _trustStores.put(trustStore.getId(), trustStore);
+        }
+        else
+        {
+            _trustStores.remove(peerStoreId);
         }
     }
 
@@ -282,7 +299,7 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat
         }
     }
 
-    public AuthenticationProvider getAuthenticationProviderByName(String authenticationProviderName)
+    public AuthenticationProvider findAuthenticationProviderByName(String authenticationProviderName)
     {
         Collection<AuthenticationProvider> providers = getAuthenticationProviders();
         for (AuthenticationProvider authenticationProvider : providers)
@@ -997,6 +1014,15 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat
         Map<String, Object> convertedAttributes = MapValueConverter.convert(attributes, ATTRIBUTE_TYPES);
         validateAttributes(convertedAttributes);
         super.changeAttributes(convertedAttributes);
+
+        // the calls below are not thread safe but they should be fine in a management mode
+        // as there will be no user connected
+        createBrokerChildrenFromAttributes();
+        String defaultProviderName = (String)getAttribute(DEFAULT_AUTHENTICATION_PROVIDER);
+        if (!_defaultAuthenticationProvider.getName().equals(defaultProviderName))
+        {
+            _defaultAuthenticationProvider = findAuthenticationProviderByName(defaultProviderName);
+        }
     }
 
     private void validateAttributes(Map<String, Object> convertedAttributes)
@@ -1019,7 +1045,7 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat
         String defaultAuthenticationProvider = (String) convertedAttributes.get(DEFAULT_AUTHENTICATION_PROVIDER);
         if (defaultAuthenticationProvider != null)
         {
-            AuthenticationProvider provider = getAuthenticationProviderByName(defaultAuthenticationProvider);
+            AuthenticationProvider provider = findAuthenticationProviderByName(defaultAuthenticationProvider);
             if (provider == null)
             {
                 throw new IllegalConfigurationException("Authentication provider with name " + defaultAuthenticationProvider
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java
index 1a1cce171b..9ef1ae1a3a 100755
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java
@@ -23,6 +23,10 @@ import org.apache.log4j.Logger;
 import org.apache.qpid.framing.AMQShortString;
 import org.apache.qpid.server.exchange.Exchange;
 
+import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.ConfigurationChangeListener;
+import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.plugin.AccessControlFactory;
 import org.apache.qpid.server.plugin.QpidServiceLoader;
 import org.apache.qpid.server.queue.AMQQueue;
@@ -46,9 +50,11 @@ import static org.apache.qpid.server.security.access.Operation.UNBIND;
 
 import javax.security.auth.Subject;
 import java.net.SocketAddress;
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.concurrent.ConcurrentHashMap;
@@ -60,7 +66,7 @@ import java.util.concurrent.ConcurrentHashMap;
  *
  * @see AccessControl
  */
-public class SecurityManager
+public class SecurityManager implements ConfigurationChangeListener
 {
     private static final Logger _logger = Logger.getLogger(SecurityManager.class);
 
@@ -69,8 +75,9 @@ public class SecurityManager
 
     public static final ThreadLocal<Boolean> _accessChecksDisabled = new ClearingThreadLocal(false);
 
-    private Map<String, AccessControl> _globalPlugins = new HashMap<String, AccessControl>();
-    private Map<String, AccessControl> _hostPlugins = new HashMap<String, AccessControl>();
+    private Map<String, AccessControl> _globalPlugins = new ConcurrentHashMap<String, AccessControl>();
+    private Map<String, AccessControl> _hostPlugins = new ConcurrentHashMap<String, AccessControl>();
+    private Map<String, List<String>> _aclConfigurationToPluginNamesMapping = new ConcurrentHashMap<String, List<String>>();
 
     /**
      * A special ThreadLocal, which calls remove() on itself whenever the value is
@@ -130,14 +137,22 @@ public class SecurityManager
 
     public SecurityManager(String aclFile)
     {
+        configureACLPlugin(aclFile);
+    }
+
+    private void configureACLPlugin(String aclFile)
+    {
         Map<String, Object> attributes = new HashMap<String, Object>();
         attributes.put("aclFile", aclFile);
+
         for (AccessControlFactory provider : (new QpidServiceLoader<AccessControlFactory>()).instancesOf(AccessControlFactory.class))
         {
             AccessControl accessControl = provider.createInstance(attributes);
             if(accessControl != null)
             {
                 addHostPlugin(accessControl);
+
+                mapAclConfigurationToPluginName(aclFile, accessControl.getClass().getName());
             }
         }
 
@@ -147,6 +162,17 @@ public class SecurityManager
         }
     }
 
+    private void mapAclConfigurationToPluginName(String aclFile, String pluginName)
+    {
+         List<String> pluginNames =  _aclConfigurationToPluginNamesMapping.get(aclFile);
+        if (pluginNames == null)
+        {
+            pluginNames = new ArrayList<String>();
+            _aclConfigurationToPluginNamesMapping.put(aclFile, pluginNames);
+        }
+        pluginNames.add(pluginName);
+    }
+
     public static Subject getThreadSubject()
     {
         return _subject.get();
@@ -477,4 +503,50 @@ public class SecurityManager
         _hostPlugins.put(plugin.getClass().getName(), plugin);
     }
 
+    @Override
+    public void stateChanged(ConfiguredObject object, State oldState, State newState)
+    {
+        // no op
+    }
+
+    @Override
+    public void childAdded(ConfiguredObject object, ConfiguredObject child)
+    {
+        // no op
+    }
+
+    @Override
+    public void childRemoved(ConfiguredObject object, ConfiguredObject child)
+    {
+        // no op
+    }
+
+    @Override
+    public void attributeSet(ConfiguredObject object, String attributeName, Object oldAttributeValue, Object newAttributeValue)
+    {
+        if (object instanceof Broker && Broker.ACL_FILE.equals(attributeName))
+        {
+            // the code below is not thread safe, however, it should be fine in a management mode
+            // as there will be no user connected
+
+            if (oldAttributeValue != null)
+            {
+                List<String> pluginNames = _aclConfigurationToPluginNamesMapping.remove(oldAttributeValue);
+                if (pluginNames != null)
+                {
+                    for (String name : pluginNames)
+                    {
+                        _hostPlugins.remove(name);
+                    }
+                }
+            }
+            if (newAttributeValue != null)
+            {
+                configureACLPlugin((String)newAttributeValue);
+            }
+            _immediatePublishPropsCache.clear();
+            _publishPropsCache.clear();
+        }
+    }
+
 }
author	Alex Rudyy <orudyy@apache.org>	2013-03-21 10:25:40 +0000
committer	Alex Rudyy <orudyy@apache.org>	2013-03-21 10:25:40 +0000
commit	b21968fb325e4980a783d630f4f651490a9e8576 (patch)
tree	90ec5d0ec9fb08fe167171278c06d192ceb7e769
parent	bef7da03ea1cacc98ae33e28f09b48fa9335204b (diff)
download	qpid-python-b21968fb325e4980a783d630f4f651490a9e8576.tar.gz