diff options
author | Keith Wall <kwall@apache.org> | 2015-04-10 09:57:39 +0000 |
---|---|---|
committer | Keith Wall <kwall@apache.org> | 2015-04-10 09:57:39 +0000 |
commit | 60c56cbf7bf8afd5dc577480853e7214cb60b3e2 (patch) | |
tree | 472e786d636fd51ae12ea0061596ec7e0b64d811 | |
parent | b187311574bbf087f376256d237173b38a84fdbc (diff) | |
download | qpid-python-60c56cbf7bf8afd5dc577480853e7214cb60b3e2.tar.gz |
QPID-6485: [Java Broker] Remove superfluous find/get methods from the Broker configured object
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1672602 13f79535-47bb-0310-9956-ffa450edef68
13 files changed, 69 insertions, 215 deletions
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java index 2a6c87c140..2427e96cd4 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java @@ -20,15 +20,12 @@ */ package org.apache.qpid.server.model; -import java.net.SocketAddress; import java.util.Collection; -import org.apache.qpid.server.configuration.updater.TaskExecutor; import org.apache.qpid.server.logging.EventLogger; import org.apache.qpid.server.logging.EventLoggerProvider; import org.apache.qpid.server.logging.LogRecorder; import org.apache.qpid.server.security.SecurityManager; -import org.apache.qpid.server.security.SubjectCreator; import org.apache.qpid.server.stats.StatisticsGatherer; @ManagedObject( defaultType = "broker" ) @@ -176,31 +173,14 @@ public interface Broker<X extends Broker<X>> extends ConfiguredObject<X>, EventL */ LogRecorder getLogRecorder(); - AuthenticationProvider<?> findAuthenticationProviderByName(String authenticationProviderName); - VirtualHost<?,?,?> findVirtualHostByName(String name); - KeyStore<?> findKeyStoreByName(String name); - - TrustStore<?> findTrustStoreByName(String name); - - /** - * Get the SubjectCreator for the given socket address. - * TODO: move the authentication related functionality into host aliases and AuthenticationProviders - * - * @param localAddress The (listening) socket address for which the AuthenticationManager is required - * @param secure - */ - SubjectCreator getSubjectCreator(SocketAddress localAddress, final boolean secure); - Collection<KeyStore<?>> getKeyStores(); Collection<TrustStore<?>> getTrustStores(); boolean isManagementMode(); - AuthenticationProvider<?> getAuthenticationProvider(SocketAddress localAddress); - EventLogger getEventLogger(); void setEventLogger(EventLogger eventLogger); diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java index 3b3ae59a1a..09e911d627 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java @@ -20,8 +20,6 @@ */ package org.apache.qpid.server.model.adapter; -import java.net.InetSocketAddress; -import java.net.SocketAddress; import java.security.AccessControlException; import java.security.PrivilegedAction; import java.util.Collection; @@ -50,11 +48,9 @@ import org.apache.qpid.server.logging.LogRecorder; import org.apache.qpid.server.logging.messages.BrokerMessages; import org.apache.qpid.server.logging.messages.VirtualHostMessages; import org.apache.qpid.server.model.*; -import org.apache.qpid.server.model.port.AbstractPortWithAuthProvider; import org.apache.qpid.server.plugin.ConfigurationSecretEncrypterFactory; import org.apache.qpid.server.plugin.PluggableFactoryLoader; import org.apache.qpid.server.security.SecurityManager; -import org.apache.qpid.server.security.SubjectCreator; import org.apache.qpid.server.security.auth.manager.SimpleAuthenticationManager; import org.apache.qpid.server.stats.StatisticsCounter; import org.apache.qpid.server.stats.StatisticsGatherer; @@ -432,7 +428,7 @@ public class BrokerAdapter extends AbstractConfiguredObject<BrokerAdapter> imple @Override public synchronized void assignTargetSizes() { - long totalTarget = getContextValue(Long.class,BROKER_FLOW_TO_DISK_THRESHOLD); + long totalTarget = getContextValue(Long.class, BROKER_FLOW_TO_DISK_THRESHOLD); long totalSize = 0l; Collection<VirtualHostNode<?>> vhns = getVirtualHostNodes(); Map<VirtualHost<?,?,?>,Long> vhs = new HashMap<>(); @@ -549,7 +545,7 @@ public class BrokerAdapter extends AbstractConfiguredObject<BrokerAdapter> imple @Override public <C extends ConfiguredObject> C addChild(final Class<C> childClass, final Map<String, Object> attributes, final ConfiguredObject... otherParents) { - return runTask( new Task<C>() + return runTask(new Task<C>() { @Override public C execute() @@ -864,36 +860,6 @@ public class BrokerAdapter extends AbstractConfiguredObject<BrokerAdapter> imple } @Override - public SubjectCreator getSubjectCreator(SocketAddress localAddress, final boolean secure) - { - AuthenticationProvider provider = getAuthenticationProvider(localAddress); - - if(provider == null) - { - throw new IllegalConfigurationException("Unable to determine authentication provider for address: " + localAddress); - } - - return provider.getSubjectCreator(secure); - } - - @Override - public AuthenticationProvider<?> getAuthenticationProvider(SocketAddress localAddress) - { - InetSocketAddress inetSocketAddress = (InetSocketAddress)localAddress; - AuthenticationProvider provider = null; - Collection<Port<?>> ports = getPorts(); - for (Port<?> p : ports) - { - if (p instanceof AbstractPortWithAuthProvider && inetSocketAddress.getPort() == p.getPort()) - { - provider = ((AbstractPortWithAuthProvider<?>) p).getAuthenticationProvider(); - break; - } - } - return provider; - } - - @Override public Collection<KeyStore<?>> getKeyStores() { Collection children = getChildren(KeyStore.class); diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/jmx/JMXPasswordAuthenticator.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/jmx/JMXPasswordAuthenticator.java index 5b07ac9932..d20cc3294b 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/jmx/JMXPasswordAuthenticator.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/jmx/JMXPasswordAuthenticator.java @@ -20,7 +20,6 @@ */ package org.apache.qpid.server.security.auth.jmx; -import java.net.SocketAddress; import java.rmi.server.RemoteServer; import java.rmi.server.ServerNotActiveException; import java.security.PrivilegedAction; @@ -28,14 +27,13 @@ import java.security.PrivilegedAction; import javax.management.remote.JMXAuthenticator; import javax.security.auth.Subject; -import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.security.SecurityManager; import org.apache.qpid.server.security.SubjectCreator; import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; import org.apache.qpid.server.security.auth.SubjectAuthenticationResult; public class JMXPasswordAuthenticator implements JMXAuthenticator { - static final String UNABLE_TO_LOOKUP = "The broker was unable to lookup the user details"; static final String SHOULD_BE_STRING_ARRAY = "User details should be String[]"; static final String SHOULD_HAVE_2_ELEMENTS = "User details should have 2 elements, username, password"; static final String SHOULD_BE_NON_NULL = "Supplied username and password should be non-null"; @@ -43,15 +41,14 @@ public class JMXPasswordAuthenticator implements JMXAuthenticator static final String CREDENTIALS_REQUIRED = "User details are required. " + "Please ensure you are using an up to date management console to connect."; - private final Broker _broker; - private final SocketAddress _address; - private final boolean _secure; + private final SubjectCreator _subjectCreator; + private final SecurityManager _securityManager; - public JMXPasswordAuthenticator(Broker broker, SocketAddress address, final boolean secure) + + public JMXPasswordAuthenticator(SubjectCreator subjectCreator, SecurityManager securityManager) { - _broker = broker; - _address = address; - _secure = secure; + _subjectCreator = subjectCreator; + _securityManager = securityManager; } public Subject authenticate(Object credentials) throws SecurityException @@ -59,8 +56,8 @@ public class JMXPasswordAuthenticator implements JMXAuthenticator validateCredentials(credentials); final String[] userCredentials = (String[]) credentials; - final String username = (String) userCredentials[0]; - final String password = (String) userCredentials[1]; + final String username = userCredentials[0]; + final String password = userCredentials[1]; final Subject authenticatedSubject = doAuthentication(username, password); doManagementAuthorisation(authenticatedSubject); @@ -97,13 +94,7 @@ public class JMXPasswordAuthenticator implements JMXAuthenticator throw new SecurityException(SHOULD_BE_NON_NULL); } - SubjectCreator subjectCreator = _broker.getSubjectCreator(_address, _secure); - if (subjectCreator == null) - { - throw new SecurityException("Can't get subject creator for " + _address); - } - - final SubjectAuthenticationResult result = subjectCreator.authenticate(username, password); + final SubjectAuthenticationResult result = _subjectCreator.authenticate(username, password); if (AuthenticationStatus.ERROR.equals(result.getStatus())) { @@ -143,7 +134,7 @@ public class JMXPasswordAuthenticator implements JMXAuthenticator @Override public Object run() { - _broker.getSecurityManager().accessManagement(); + _securityManager.accessManagement(); return null; } }); diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/adapter/PortFactoryTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/adapter/PortFactoryTest.java index 5dbd082152..ee22520b58 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/adapter/PortFactoryTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/adapter/PortFactoryTest.java @@ -392,8 +392,6 @@ public class PortFactoryTest extends QpidTestCase attributes.put(Port.PROTOCOLS, Collections.singleton(Protocol.RMI)); _attributes.put(Port.KEY_STORE, keyStoreName); - when(_broker.findKeyStoreByName(keyStoreName)).thenReturn(_keyStore); - try { _port = _factory.create(Port.class, attributes, _broker); diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/jmx/JMXPasswordAuthenticatorTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/jmx/JMXPasswordAuthenticatorTest.java index bb02070748..dd37960b65 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/jmx/JMXPasswordAuthenticatorTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/jmx/JMXPasswordAuthenticatorTest.java @@ -20,24 +20,18 @@ */ package org.apache.qpid.server.security.auth.jmx; -import static org.mockito.Matchers.anyBoolean; import static org.mockito.Matchers.anyString; -import static org.mockito.Matchers.any; import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; -import java.net.InetSocketAddress; -import java.net.SocketAddress; import java.security.AccessControlException; import java.security.Principal; -import java.util.regex.Pattern; import javax.security.auth.Subject; import junit.framework.TestCase; -import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.security.SubjectCreator; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; @@ -54,7 +48,6 @@ public class JMXPasswordAuthenticatorTest extends TestCase private static final String USERNAME = "guest"; private static final String PASSWORD = "password"; - private final Broker _broker = mock(Broker.class); private final SecurityManager _securityManager = mock(SecurityManager.class); private final Subject _loginSubject = new Subject(); private final String[] _credentials = new String[] {USERNAME, PASSWORD}; @@ -64,18 +57,12 @@ public class JMXPasswordAuthenticatorTest extends TestCase private SubjectCreator _usernamePasswordOkaySubjectCreator = createMockSubjectCreator(true, null); private SubjectCreator _badPasswordSubjectCreator = createMockSubjectCreator(false, null); - protected void setUp() throws Exception - { - when(_broker.getSecurityManager()).thenReturn(_securityManager); - _rmipa = new JMXPasswordAuthenticator(_broker, new InetSocketAddress(8999), false); - } - /** * Tests a successful authentication. Ensures that the expected subject is returned. */ public void testAuthenticationSuccess() { - when(_broker.getSubjectCreator(any(SocketAddress.class), anyBoolean())).thenReturn(_usernamePasswordOkaySubjectCreator); + _rmipa = new JMXPasswordAuthenticator(_usernamePasswordOkaySubjectCreator, _securityManager); Subject newSubject = _rmipa.authenticate(_credentials); assertSame("Subject must be unchanged", _loginSubject, newSubject); @@ -86,7 +73,7 @@ public class JMXPasswordAuthenticatorTest extends TestCase */ public void testUsernameOrPasswordInvalid() { - when(_broker.getSubjectCreator(any(SocketAddress.class), anyBoolean())).thenReturn(_badPasswordSubjectCreator); + _rmipa = new JMXPasswordAuthenticator(_badPasswordSubjectCreator, _securityManager); try { @@ -102,7 +89,7 @@ public class JMXPasswordAuthenticatorTest extends TestCase public void testAuthorisationFailure() { - when(_broker.getSubjectCreator(any(SocketAddress.class), anyBoolean())).thenReturn(_usernamePasswordOkaySubjectCreator); + _rmipa = new JMXPasswordAuthenticator(_usernamePasswordOkaySubjectCreator, _securityManager); doThrow(new AccessControlException(USER_NOT_AUTHORISED_FOR_MANAGEMENT)).when(_securityManager).accessManagement(); try @@ -121,7 +108,7 @@ public class JMXPasswordAuthenticatorTest extends TestCase { final Exception mockAuthException = new Exception("Mock Auth system failure"); SubjectCreator subjectCreator = createMockSubjectCreator(false, mockAuthException); - when(_broker.getSubjectCreator(any(SocketAddress.class), anyBoolean())).thenReturn(subjectCreator); + _rmipa = new JMXPasswordAuthenticator(subjectCreator, _securityManager); try { @@ -134,104 +121,6 @@ public class JMXPasswordAuthenticatorTest extends TestCase } } - /** - * Tests case where authentication manager is not set. - */ - public void testNullSubjectCreator() throws Exception - { - when(_broker.getSubjectCreator(any(SocketAddress.class), anyBoolean())).thenReturn(null); - - try - { - _rmipa.authenticate(_credentials); - fail("SecurityException expected due to lack of authentication manager"); - } - catch (SecurityException se) - { - assertTrue("Unexpected exception message", Pattern.matches("Can't get subject creator for .*:8999", se.getMessage())); - } - } - - /** - * Tests case where arguments are non-Strings.. - */ - public void testWithNonStringArrayArgument() - { - // Test handling of non-string credential's - final Object[] objCredentials = new Object[]{USERNAME, PASSWORD}; - try - { - _rmipa.authenticate(objCredentials); - fail("SecurityException expected due to non string[] credentials"); - } - catch (SecurityException se) - { - assertEquals("Unexpected exception message", - JMXPasswordAuthenticator.SHOULD_BE_STRING_ARRAY, se.getMessage()); - } - } - - /** - * Tests case where there are too many, too few or null arguments. - */ - public void testWithIllegalNumberOfArguments() - { - String[] credentials; - - // Test handling of incorrect number of credentials - try - { - credentials = new String[]{USERNAME, PASSWORD, PASSWORD}; - _rmipa.authenticate(credentials); - fail("SecurityException expected due to supplying wrong number of credentials"); - } - catch (SecurityException se) - { - assertEquals("Unexpected exception message", - JMXPasswordAuthenticator.SHOULD_HAVE_2_ELEMENTS, se.getMessage()); - } - - // Test handling of null credentials - try - { - //send a null array - credentials = null; - _rmipa.authenticate(credentials); - fail("SecurityException expected due to not supplying an array of credentials"); - } - catch (SecurityException se) - { - assertEquals("Unexpected exception message", - JMXPasswordAuthenticator.CREDENTIALS_REQUIRED, se.getMessage()); - } - - try - { - //send a null password - credentials = new String[]{USERNAME, null}; - _rmipa.authenticate(credentials); - fail("SecurityException expected due to sending a null password"); - } - catch (SecurityException se) - { - assertEquals("Unexpected exception message", - JMXPasswordAuthenticator.SHOULD_BE_NON_NULL, se.getMessage()); - } - - try - { - //send a null username - credentials = new String[]{null, PASSWORD}; - _rmipa.authenticate(credentials); - fail("SecurityException expected due to sending a null username"); - } - catch (SecurityException se) - { - assertEquals("Unexpected exception message", - JMXPasswordAuthenticator.SHOULD_BE_NON_NULL, se.getMessage()); - } - } - private SubjectCreator createMockSubjectCreator(final boolean successfulAuth, final Exception exception) { SubjectCreator subjectCreator = mock(SubjectCreator.class); diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/util/BrokerTestHelper.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/util/BrokerTestHelper.java index 84d2050450..b187207ed6 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/util/BrokerTestHelper.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/util/BrokerTestHelper.java @@ -20,13 +20,10 @@ */ package org.apache.qpid.server.util; -import static org.mockito.Matchers.any; -import static org.mockito.Matchers.anyBoolean; import static org.mockito.Matchers.eq; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; -import java.net.SocketAddress; import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Collection; @@ -89,7 +86,6 @@ public class BrokerTestHelper when(broker.getConnection_sessionCountLimit()).thenReturn(1); when(broker.getConnection_closeWhenNoRoute()).thenReturn(false); when(broker.getId()).thenReturn(UUID.randomUUID()); - when(broker.getSubjectCreator(any(SocketAddress.class), anyBoolean())).thenReturn(subjectCreator); when(broker.getSecurityManager()).thenReturn(new SecurityManager(broker, false)); when(broker.getObjectFactory()).thenReturn(objectFactory); when(broker.getModel()).thenReturn(objectFactory.getModel()); diff --git a/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ProtocolEngineCreator_0_10.java b/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ProtocolEngineCreator_0_10.java index 4231045afd..08eb06111e 100644 --- a/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ProtocolEngineCreator_0_10.java +++ b/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ProtocolEngineCreator_0_10.java @@ -30,6 +30,7 @@ import org.apache.qpid.server.model.Transport; import org.apache.qpid.server.model.port.AmqpPort; import org.apache.qpid.server.plugin.PluggableService; import org.apache.qpid.server.plugin.ProtocolEngineCreator; +import org.apache.qpid.server.security.SubjectCreator; import org.apache.qpid.transport.ConnectionDelegate; import org.apache.qpid.transport.network.NetworkConnection; @@ -76,11 +77,10 @@ public class ProtocolEngineCreator_0_10 implements ProtocolEngineCreator { fqdn = ((InetSocketAddress) address).getHostName(); } - final ConnectionDelegate connDelegate = new ServerConnectionDelegate(broker, - fqdn, broker.getSubjectCreator(address, transport.isSecure()) - ); + SubjectCreator subjectCreator = port.getAuthenticationProvider().getSubjectCreator(transport.isSecure()); + ConnectionDelegate connDelegate = new ServerConnectionDelegate(broker, fqdn, subjectCreator); - ServerConnection conn = new ServerConnection(id,broker, port, transport); + ServerConnection conn = new ServerConnection(id, broker, port, transport); conn.setConnectionDelegate(connDelegate); conn.setRemoteAddress(network.getRemoteAddress()); diff --git a/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQProtocolEngine.java b/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQProtocolEngine.java index f1e9f400f4..b1f2a6e841 100644 --- a/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQProtocolEngine.java +++ b/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQProtocolEngine.java @@ -485,7 +485,8 @@ public class AMQProtocolEngine implements ServerProtocolEngine, setProtocolVersion(pv); StringBuilder mechanismBuilder = new StringBuilder(); - for(String mechanismName : _broker.getSubjectCreator(getLocalAddress(), _transport.isSecure()).getMechanisms()) + SubjectCreator subjectCreator = _port.getAuthenticationProvider().getSubjectCreator(_transport.isSecure()); + for(String mechanismName : subjectCreator.getMechanisms()) { if(mechanismBuilder.length() != 0) { @@ -1899,7 +1900,7 @@ public class AMQProtocolEngine implements ServerProtocolEngine, public SubjectCreator getSubjectCreator() { - return _broker.getSubjectCreator(getLocalAddress(), getTransport().isSecure()); + return _port.getAuthenticationProvider().getSubjectCreator(getTransport().isSecure()); } public EventLogger getEventLogger() diff --git a/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ProtocolEngine_1_0_0_SASL.java b/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ProtocolEngine_1_0_0_SASL.java index dc9564cc9f..013126cfe0 100644 --- a/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ProtocolEngine_1_0_0_SASL.java +++ b/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ProtocolEngine_1_0_0_SASL.java @@ -232,7 +232,7 @@ public class ProtocolEngine_1_0_0_SASL implements ServerProtocolEngine, FrameOut Container container = new Container(_broker.getId().toString()); - SubjectCreator subjectCreator = _broker.getSubjectCreator(getLocalAddress(), _transport.isSecure()); + SubjectCreator subjectCreator = _port.getAuthenticationProvider().getSubjectCreator(_transport.isSecure()); _endpoint = new ConnectionEndpoint(container, asSaslServerProvider(subjectCreator)); _endpoint.setLogger(new ConnectionEndpoint.FrameReceiptLogger() { diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java index 4639236d60..f9293a33b0 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java @@ -22,6 +22,7 @@ package org.apache.qpid.server.management.plugin; import java.io.IOException; import java.io.Writer; +import java.net.InetSocketAddress; import java.net.SocketAddress; import java.security.GeneralSecurityException; import java.util.ArrayList; @@ -556,7 +557,18 @@ public class HttpManagement extends AbstractPluginAdapter<HttpManagement> implem @Override public AuthenticationProvider getAuthenticationProvider(SocketAddress localAddress) { - return getBroker().getAuthenticationProvider(localAddress); + InetSocketAddress inetSocketAddress = (InetSocketAddress)localAddress; + AuthenticationProvider provider = null; + Collection<Port<?>> ports = getBroker().getPorts(); + for (Port<?> p : ports) + { + if (p instanceof HttpPort && inetSocketAddress.getPort() == p.getPort()) + { + provider = ((HttpPort<?>) p).getAuthenticationProvider(); + break; + } + } + return provider; } @Override diff --git a/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/HttpManagementTest.java b/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/HttpManagementTest.java index aa3ebe055d..d1b923048b 100644 --- a/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/HttpManagementTest.java +++ b/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/HttpManagementTest.java @@ -25,6 +25,7 @@ import static org.mockito.Mockito.when; import java.net.InetSocketAddress; import java.net.SocketAddress; +import java.util.Collections; import java.util.HashMap; import java.util.Map; import java.util.UUID; @@ -39,6 +40,7 @@ import org.apache.qpid.server.model.ConfiguredObject; import org.apache.qpid.server.model.ConfiguredObjectFactory; import org.apache.qpid.server.model.ConfiguredObjectFactoryImpl; import org.apache.qpid.server.model.State; +import org.apache.qpid.server.model.port.HttpPort; import org.apache.qpid.test.utils.QpidTestCase; public class HttpManagementTest extends QpidTestCase @@ -115,7 +117,10 @@ public class HttpManagementTest extends QpidTestCase { SocketAddress localAddress = InetSocketAddress.createUnresolved("localhost", 8080); AuthenticationProvider brokerAuthenticationProvider = mock(AuthenticationProvider.class); - when(_broker.getAuthenticationProvider(localAddress)).thenReturn(brokerAuthenticationProvider); + HttpPort port = mock(HttpPort.class); + when(port.getPort()).thenReturn(8080); + when(port.getAuthenticationProvider()).thenReturn(brokerAuthenticationProvider); + when(_broker.getPorts()).thenReturn(Collections.singletonList(port)); AuthenticationProvider authenticationProvider = _management.getAuthenticationProvider(localAddress); assertEquals("Unexpected subject creator", brokerAuthenticationProvider, authenticationProvider); } diff --git a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java index 36b3a0a058..381295a18a 100644 --- a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java +++ b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java @@ -23,7 +23,6 @@ package org.apache.qpid.server.jmx; import java.io.IOException; import java.lang.management.ManagementFactory; import java.net.InetAddress; -import java.net.InetSocketAddress; import java.net.UnknownHostException; import java.rmi.AlreadyBoundException; import java.rmi.NoSuchObjectException; @@ -57,8 +56,10 @@ import org.apache.qpid.server.logging.EventLogger; import org.apache.qpid.server.logging.messages.ManagementConsoleMessages; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.model.KeyStore; -import org.apache.qpid.server.model.Port; import org.apache.qpid.server.model.Transport; +import org.apache.qpid.server.model.port.JmxPort; +import org.apache.qpid.server.model.port.RmiPort; +import org.apache.qpid.server.security.SubjectCreator; import org.apache.qpid.server.security.auth.jmx.JMXPasswordAuthenticator; import org.apache.qpid.server.util.ServerScopedRuntimeException; @@ -78,12 +79,12 @@ public class JMXManagedObjectRegistry implements ManagedObjectRegistry private Registry _rmiRegistry; private final Broker _broker; - private final Port _registryPort; - private final Port _connectorPort; + private final RmiPort _registryPort; + private final JmxPort _connectorPort; public JMXManagedObjectRegistry( Broker broker, - Port connectorPort, Port registryPort, + JmxPort connectorPort, RmiPort registryPort, JMXManagementPlugin jmxManagement) { _broker = broker; @@ -158,8 +159,14 @@ public class JMXManagedObjectRegistry implements ManagedObjectRegistry int jmxPortConnectorServer = _connectorPort.getPort(); //add a JMXAuthenticator implementation the env map to authenticate the RMI based JMX connector server - JMXPasswordAuthenticator rmipa = new JMXPasswordAuthenticator(_broker, new InetSocketAddress(jmxPortConnectorServer), connectorSslEnabled); - HashMap<String,Object> connectorEnv = new HashMap<String,Object>(); + SubjectCreator subjectCreator =_connectorPort.getAuthenticationProvider().getSubjectCreator(connectorSslEnabled); + if (subjectCreator == null) + { + throw new SecurityException("Can't get subject creator for " + _connectorPort); + } + + JMXPasswordAuthenticator rmipa = new JMXPasswordAuthenticator(subjectCreator, _broker.getSecurityManager()); + HashMap<String,Object> connectorEnv = new HashMap<>(); connectorEnv.put(JMXConnectorServer.AUTHENTICATOR, rmipa); System.setProperty("java.rmi.server.randomIDs", "true"); diff --git a/qpid/java/systests/src/test/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngineFactoryTest.java b/qpid/java/systests/src/test/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngineFactoryTest.java index a1e30ac83e..936939dcdf 100644 --- a/qpid/java/systests/src/test/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngineFactoryTest.java +++ b/qpid/java/systests/src/test/java/org/apache/qpid/server/protocol/MultiVersionProtocolEngineFactoryTest.java @@ -33,10 +33,12 @@ import java.util.EnumSet; import java.util.Iterator; import java.util.Set; +import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.model.Port; import org.apache.qpid.server.model.Protocol; import org.apache.qpid.server.model.port.AmqpPort; +import org.apache.qpid.server.security.SubjectCreator; import org.apache.qpid.server.util.BrokerTestHelper; import org.apache.qpid.server.virtualhost.VirtualHostImpl; import org.apache.qpid.test.utils.QpidTestCase; @@ -45,7 +47,6 @@ import org.apache.qpid.transport.network.NetworkConnection; public class MultiVersionProtocolEngineFactoryTest extends QpidTestCase { - private VirtualHostImpl _virtualHost; private Broker _broker; @Override @@ -154,11 +155,19 @@ public class MultiVersionProtocolEngineFactoryTest extends QpidTestCase { Set<Protocol> protocols = getAllAMQPProtocols(); + SubjectCreator subjectCreator = mock(SubjectCreator.class); + + AuthenticationProvider<?> authProvider = mock(AuthenticationProvider.class); + when(authProvider.getSubjectCreator(false)).thenReturn(subjectCreator); + AmqpPort<?> port = mock(AmqpPort.class); when(port.canAcceptNewConnection(any(SocketAddress.class))).thenReturn(true); when(port.getContextValue(eq(Integer.class), eq(AmqpPort.PORT_MAX_MESSAGE_SIZE))).thenReturn(AmqpPort.DEFAULT_MAX_MESSAGE_SIZE); + when(port.getAuthenticationProvider()).thenReturn(authProvider); + + - when(port.getContextValue(eq(Long.class),eq(Port.CONNECTION_MAXIMUM_AUTHENTICATION_DELAY))).thenReturn(10000l); + when(port.getContextValue(eq(Long.class), eq(Port.CONNECTION_MAXIMUM_AUTHENTICATION_DELAY))).thenReturn(10000l); MultiVersionProtocolEngineFactory factory = new MultiVersionProtocolEngineFactory(_broker, protocols, null, port, org.apache.qpid.server.model.Transport.TCP); |