diff options
author | Alex Rudyy <orudyy@apache.org> | 2013-03-21 10:25:40 +0000 |
---|---|---|
committer | Alex Rudyy <orudyy@apache.org> | 2013-03-21 10:25:40 +0000 |
commit | b21968fb325e4980a783d630f4f651490a9e8576 (patch) | |
tree | 90ec5d0ec9fb08fe167171278c06d192ceb7e769 | |
parent | bef7da03ea1cacc98ae33e28f09b48fa9335204b (diff) | |
download | qpid-python-b21968fb325e4980a783d630f4f651490a9e8576.tar.gz |
QPID-4661: Add functionality to update broker fields affected by changes in attributes
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1459216 13f79535-47bb-0310-9956-ffa450edef68
3 files changed, 111 insertions, 13 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/startup/BrokerRecoverer.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/startup/BrokerRecoverer.java index 3d19e781e2..c9c8fc3688 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/startup/BrokerRecoverer.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/startup/BrokerRecoverer.java @@ -128,7 +128,7 @@ public class BrokerRecoverer implements ConfiguredObjectRecoverer<Broker> private AuthenticationProvider getAuthenticationProviderByName(BrokerAdapter broker, String authenticationProviderName) { - AuthenticationProvider provider = broker.getAuthenticationProviderByName(authenticationProviderName); + AuthenticationProvider provider = broker.findAuthenticationProviderByName(authenticationProviderName); if (provider == null) { throw new IllegalConfigurationException("Cannot find the authentication provider with name: " diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java index 1b894b1232..2d90bb4fc2 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java @@ -127,6 +127,7 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat private static final String DEFAULT_KEY_STORE_NAME = "defaultKeyStore"; private static final String DEFAULT_TRUST_STORE_NAME = "defaultTrustStore"; private static final String DEFAULT_GROUP_PROFIDER_NAME = "defaultGroupProvider"; + private static final String DEFAULT_PEER_STORE_NAME = "defaultPeerStore"; private static final String DUMMY_PASSWORD_MASK = "********"; @@ -192,7 +193,7 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat _authenticationProviderFactory = authenticationProviderFactory; _portFactory = portFactory; _securityManager = new SecurityManager((String)getAttribute(ACL_FILE)); - + addChangeListener(_securityManager); _defaultKeyStoreId = UUIDGenerator.generateBrokerChildUUID(KeyStore.class.getSimpleName(), DEFAULT_KEY_STORE_NAME); _defaultTrustStoreId = UUIDGenerator.generateBrokerChildUUID(TrustStore.class.getSimpleName(), DEFAULT_TRUST_STORE_NAME); createBrokerChildrenFromAttributes(); @@ -211,7 +212,11 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat UUID groupProviderId = UUIDGenerator.generateBrokerChildUUID(GroupProvider.class.getSimpleName(), DEFAULT_GROUP_PROFIDER_NAME); GroupProviderAdapter groupProviderAdapter = new GroupProviderAdapter(groupProviderId, groupManager, this); - addGroupProvider(groupProviderAdapter); + _groupProviders.put(DEFAULT_GROUP_PROFIDER_NAME, groupProviderAdapter); + } + else + { + _groupProviders.remove(DEFAULT_GROUP_PROFIDER_NAME); } Map<String, Object> actualAttributes = getActualAttributes(); String keyStorePath = (String) getAttribute(KEY_STORE_PATH); @@ -224,8 +229,12 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat keyStoreAttributes.put(KeyStore.TYPE, java.security.KeyStore.getDefaultType()); keyStoreAttributes.put(KeyStore.CERTIFICATE_ALIAS, getAttribute(KEY_STORE_CERT_ALIAS)); keyStoreAttributes.put(KeyStore.KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm()); - KeyStoreAdapter KeyStoreAdapter = new KeyStoreAdapter(_defaultKeyStoreId, this, keyStoreAttributes); - addKeyStore(KeyStoreAdapter); + KeyStoreAdapter keyStoreAdapter = new KeyStoreAdapter(_defaultKeyStoreId, this, keyStoreAttributes); + _keyStores.put(keyStoreAdapter.getId(), keyStoreAdapter); + } + else + { + _keyStores.remove(_defaultKeyStoreId); } String trustStorePath = (String) getAttribute(TRUST_STORE_PATH); if (trustStorePath != null) @@ -238,13 +247,17 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat trsustStoreAttributes.put(TrustStore.TYPE, java.security.KeyStore.getDefaultType()); trsustStoreAttributes.put(TrustStore.KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm()); TrustStoreAdapter trustStore = new TrustStoreAdapter(_defaultTrustStoreId, this, trsustStoreAttributes); - addTrustStore(trustStore); + _trustStores.put(trustStore.getId(), trustStore); + } + else + { + _trustStores.remove(_defaultTrustStoreId); } String peerStorePath = (String) getAttribute(PEER_STORE_PATH); + UUID peerStoreId = UUIDGenerator.generateBrokerChildUUID(TrustStore.class.getSimpleName(), DEFAULT_PEER_STORE_NAME); if (peerStorePath != null) { Map<String, Object> peerStoreAttributes = new HashMap<String, Object>(); - UUID peerStoreId = UUID.randomUUID(); peerStoreAttributes.put(TrustStore.NAME, peerStoreId.toString()); peerStoreAttributes.put(TrustStore.PATH, peerStorePath); peerStoreAttributes.put(TrustStore.PEERS_ONLY, Boolean.TRUE); @@ -252,7 +265,11 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat peerStoreAttributes.put(TrustStore.TYPE, java.security.KeyStore.getDefaultType()); peerStoreAttributes.put(TrustStore.KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm()); TrustStoreAdapter trustStore = new TrustStoreAdapter(peerStoreId, this, peerStoreAttributes); - addTrustStore(trustStore); + _trustStores.put(trustStore.getId(), trustStore); + } + else + { + _trustStores.remove(peerStoreId); } } @@ -282,7 +299,7 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat } } - public AuthenticationProvider getAuthenticationProviderByName(String authenticationProviderName) + public AuthenticationProvider findAuthenticationProviderByName(String authenticationProviderName) { Collection<AuthenticationProvider> providers = getAuthenticationProviders(); for (AuthenticationProvider authenticationProvider : providers) @@ -997,6 +1014,15 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat Map<String, Object> convertedAttributes = MapValueConverter.convert(attributes, ATTRIBUTE_TYPES); validateAttributes(convertedAttributes); super.changeAttributes(convertedAttributes); + + // the calls below are not thread safe but they should be fine in a management mode + // as there will be no user connected + createBrokerChildrenFromAttributes(); + String defaultProviderName = (String)getAttribute(DEFAULT_AUTHENTICATION_PROVIDER); + if (!_defaultAuthenticationProvider.getName().equals(defaultProviderName)) + { + _defaultAuthenticationProvider = findAuthenticationProviderByName(defaultProviderName); + } } private void validateAttributes(Map<String, Object> convertedAttributes) @@ -1019,7 +1045,7 @@ public class BrokerAdapter extends AbstractAdapter implements Broker, Configurat String defaultAuthenticationProvider = (String) convertedAttributes.get(DEFAULT_AUTHENTICATION_PROVIDER); if (defaultAuthenticationProvider != null) { - AuthenticationProvider provider = getAuthenticationProviderByName(defaultAuthenticationProvider); + AuthenticationProvider provider = findAuthenticationProviderByName(defaultAuthenticationProvider); if (provider == null) { throw new IllegalConfigurationException("Authentication provider with name " + defaultAuthenticationProvider diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java index 1a1cce171b..9ef1ae1a3a 100755 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java @@ -23,6 +23,10 @@ import org.apache.log4j.Logger; import org.apache.qpid.framing.AMQShortString; import org.apache.qpid.server.exchange.Exchange; +import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.model.ConfigurationChangeListener; +import org.apache.qpid.server.model.ConfiguredObject; +import org.apache.qpid.server.model.State; import org.apache.qpid.server.plugin.AccessControlFactory; import org.apache.qpid.server.plugin.QpidServiceLoader; import org.apache.qpid.server.queue.AMQQueue; @@ -46,9 +50,11 @@ import static org.apache.qpid.server.security.access.Operation.UNBIND; import javax.security.auth.Subject; import java.net.SocketAddress; +import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.LinkedHashMap; +import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.concurrent.ConcurrentHashMap; @@ -60,7 +66,7 @@ import java.util.concurrent.ConcurrentHashMap; * * @see AccessControl */ -public class SecurityManager +public class SecurityManager implements ConfigurationChangeListener { private static final Logger _logger = Logger.getLogger(SecurityManager.class); @@ -69,8 +75,9 @@ public class SecurityManager public static final ThreadLocal<Boolean> _accessChecksDisabled = new ClearingThreadLocal(false); - private Map<String, AccessControl> _globalPlugins = new HashMap<String, AccessControl>(); - private Map<String, AccessControl> _hostPlugins = new HashMap<String, AccessControl>(); + private Map<String, AccessControl> _globalPlugins = new ConcurrentHashMap<String, AccessControl>(); + private Map<String, AccessControl> _hostPlugins = new ConcurrentHashMap<String, AccessControl>(); + private Map<String, List<String>> _aclConfigurationToPluginNamesMapping = new ConcurrentHashMap<String, List<String>>(); /** * A special ThreadLocal, which calls remove() on itself whenever the value is @@ -130,14 +137,22 @@ public class SecurityManager public SecurityManager(String aclFile) { + configureACLPlugin(aclFile); + } + + private void configureACLPlugin(String aclFile) + { Map<String, Object> attributes = new HashMap<String, Object>(); attributes.put("aclFile", aclFile); + for (AccessControlFactory provider : (new QpidServiceLoader<AccessControlFactory>()).instancesOf(AccessControlFactory.class)) { AccessControl accessControl = provider.createInstance(attributes); if(accessControl != null) { addHostPlugin(accessControl); + + mapAclConfigurationToPluginName(aclFile, accessControl.getClass().getName()); } } @@ -147,6 +162,17 @@ public class SecurityManager } } + private void mapAclConfigurationToPluginName(String aclFile, String pluginName) + { + List<String> pluginNames = _aclConfigurationToPluginNamesMapping.get(aclFile); + if (pluginNames == null) + { + pluginNames = new ArrayList<String>(); + _aclConfigurationToPluginNamesMapping.put(aclFile, pluginNames); + } + pluginNames.add(pluginName); + } + public static Subject getThreadSubject() { return _subject.get(); @@ -477,4 +503,50 @@ public class SecurityManager _hostPlugins.put(plugin.getClass().getName(), plugin); } + @Override + public void stateChanged(ConfiguredObject object, State oldState, State newState) + { + // no op + } + + @Override + public void childAdded(ConfiguredObject object, ConfiguredObject child) + { + // no op + } + + @Override + public void childRemoved(ConfiguredObject object, ConfiguredObject child) + { + // no op + } + + @Override + public void attributeSet(ConfiguredObject object, String attributeName, Object oldAttributeValue, Object newAttributeValue) + { + if (object instanceof Broker && Broker.ACL_FILE.equals(attributeName)) + { + // the code below is not thread safe, however, it should be fine in a management mode + // as there will be no user connected + + if (oldAttributeValue != null) + { + List<String> pluginNames = _aclConfigurationToPluginNamesMapping.remove(oldAttributeValue); + if (pluginNames != null) + { + for (String name : pluginNames) + { + _hostPlugins.remove(name); + } + } + } + if (newAttributeValue != null) + { + configureACLPlugin((String)newAttributeValue); + } + _immediatePublishPropsCache.clear(); + _publishPropsCache.clear(); + } + } + } |