QPID-1304: implement the ACCESS section of SimpleXML ACL. Enables virtualhost level access control, giving the defined users full access to all artifacts in the vhost

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@825453 13f79535-47bb-0310-9956-ffa450edef68
author: Robert Gemmell <robbie@apache.org> 2009-10-15 10:08:56 +0000
committer: Robert Gemmell <robbie@apache.org> 2009-10-15 10:08:56 +0000
commit: 8246909e6c7025cf6487ffd4e7cb15bfa415f013 (patch)
tree: aac2117a19c06e53ba6f911130fa2ec5fab348ad
parent: 85ad542c1d5724cb5a1294f12e826a83972ef433 (diff)
download: qpid-python-8246909e6c7025cf6487ffd4e7cb15bfa415f013.tar.gz
4 files changed, 152 insertions, 12 deletions
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java b/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java
index d2bbb795e9..3e065f9a9b 100755
--- a/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java
@@ -53,6 +53,7 @@ public class PrincipalPermissions
     private static final int PUBLISH_EXCHANGES_KEY = 0;
 
     private Map _permissions;
+    private boolean _fullVHostAccess = false;
 
     private String _user;
 
@@ -82,6 +83,9 @@ public class PrincipalPermissions
     {
         switch (permission)
         {
+            case ACCESS:// Parameters : None
+                grantAccess(permission);
+                break;
             case CONSUME: // Parameters : AMQShortString queueName, Boolean Temporary, Boolean ownQueueOnly
                 grantConsume(permission, parameters);
                 break;
@@ -98,7 +102,6 @@ public class PrincipalPermissions
                 break;
             /* The other cases just fall through to no-op */
             case DELETE:
-            case ACCESS: // This is a no-op as the existence of this PrincipalPermission object is scoped per VHost for ACCESS
             case BIND: // All the details are currently included in the create setup.
             case PURGE:
             case UNBIND:
@@ -107,6 +110,11 @@ public class PrincipalPermissions
 
     }
 
+    private void grantAccess(Permission permission)
+    {
+        _fullVHostAccess = true;
+    }
+    
 	private void grantPublish(Permission permission, Object... parameters) {
 		Map publishRights = (Map) _permissions.get(permission);
 
@@ -353,9 +361,8 @@ public class PrincipalPermissions
 
         switch (permission)
         {
-            case ACCESS:
-                return AuthzResult.ALLOWED; // This is here for completeness but the SimpleXML ACLManager never calls it.
-                // The existence of this user specific PP can be validated in the map SimpleXML maintains.
+            case ACCESS://No Parameters 
+                return AuthzResult.ALLOWED; // The existence of this user-specific PP infers some level of access is authorised
             case BIND: // Parameters : QueueBindMethod , Exchange , AMQQueue, AMQShortString routingKey
                 return authoriseBind(parameters);
             case CREATEQUEUE:// Parameters : boolean autodelete, AMQShortString name
@@ -376,7 +383,14 @@ public class PrincipalPermissions
 
     }
 
-	private AuthzResult authoriseConsume(Permission permission, Object... parameters) {
+	private AuthzResult authoriseConsume(Permission permission, Object... parameters)
+	{
+	    if(_fullVHostAccess)
+	    {
+	        //user has been granted full access to the vhost
+	        return AuthzResult.ALLOWED;
+	    }
+	    
 		if (parameters.length == 1 && parameters[0] instanceof AMQQueue)
 		{
 		    AMQQueue queue = ((AMQQueue) parameters[0]);
@@ -434,8 +448,15 @@ public class PrincipalPermissions
 		return AuthzResult.DENIED;
 	}
 
-	private AuthzResult authorisePublish(Permission permission, Object... parameters) {
-		Map publishRights = (Map) _permissions.get(permission);
+	private AuthzResult authorisePublish(Permission permission, Object... parameters)
+	{
+	    if(_fullVHostAccess)
+	    {
+	        //user has been granted full access to the vhost
+	        return AuthzResult.ALLOWED;
+	    }
+
+	    Map publishRights = (Map) _permissions.get(permission);
 
 		if (publishRights == null)
 		{
@@ -494,7 +515,14 @@ public class PrincipalPermissions
 		}
 	}
 
-	private AuthzResult authoriseCreateExchange(Permission permission, Object... parameters) {
+	private AuthzResult authoriseCreateExchange(Permission permission, Object... parameters)
+	{
+        if(_fullVHostAccess)
+        {
+            //user has been granted full access to the vhost
+            return AuthzResult.ALLOWED;
+        }
+
 		Map rights = (Map) _permissions.get(permission);
 
 		AMQShortString exchangeName = (AMQShortString) parameters[0];
@@ -511,8 +539,15 @@ public class PrincipalPermissions
 		}
 	}
 
-	private AuthzResult authoriseCreateQueue(Permission permission, Object... parameters) {
-		Map createRights = (Map) _permissions.get(permission);
+	private AuthzResult authoriseCreateQueue(Permission permission, Object... parameters)
+	{
+        if(_fullVHostAccess)
+        {
+            //user has been granted full access to the vhost
+            return AuthzResult.ALLOWED;
+        }
+
+        Map createRights = (Map) _permissions.get(permission);
 
 		// If there are no create rights then deny request
 		if (createRights == null)
@@ -549,8 +584,15 @@ public class PrincipalPermissions
 		}
 	}
 
-	private AuthzResult authoriseBind(Object... parameters) {
-		Exchange exchange = (Exchange) parameters[1];
+	private AuthzResult authoriseBind(Object... parameters)
+	{
+        if(_fullVHostAccess)
+        {
+            //user has been granted full access to the vhost
+            return AuthzResult.ALLOWED;
+        }
+	    
+        Exchange exchange = (Exchange) parameters[1];
 
 		AMQQueue bind_queueName = (AMQQueue) parameters[2];
 		AMQShortString routingKey = (AMQShortString) parameters[3];
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java b/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java
index 2cc0c530de..d0514224f1 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java
@@ -85,8 +85,29 @@ public class SimpleXML implements ACLPlugin
         processConsume(config);
 
         processCreate(config);
+        
+        processAccess(config);
     }
 
+    private void processAccess(Configuration config)
+    {
+        Configuration accessConfig = config.subset("access_control_list.access");
+        
+        if(accessConfig.isEmpty())
+        {
+            //there is no access configuration to process
+            return;
+        }
+        
+        // Process users that have full access permission
+        String[] users = accessConfig.getStringArray("users.user");
+
+        for (String user : users)
+        {
+            grant(Permission.ACCESS, user);
+        }
+    }
+    
     /**
      * Publish format takes Exchange + Routing Key Pairs
      * 
diff --git a/java/broker/src/test/java/org/apache/qpid/server/security/access/PrincipalPermissionsTest.java b/java/broker/src/test/java/org/apache/qpid/server/security/access/PrincipalPermissionsTest.java
index 69c8ccaa5d..adfe9f52e4 100644
--- a/java/broker/src/test/java/org/apache/qpid/server/security/access/PrincipalPermissionsTest.java
+++ b/java/broker/src/test/java/org/apache/qpid/server/security/access/PrincipalPermissionsTest.java
@@ -165,4 +165,37 @@ public class PrincipalPermissionsTest extends TestCase
         assertEquals(AuthzResult.ALLOWED, _perms.authorise(Permission.PUBLISH, authArgs));
     }
     
+    public void testVhostAccess()
+    {
+        //Tests that granting a user Virtualhost level access allows all authorisation requests
+        //where previously they would be denied 
+        
+        //QPID-2133 createExchange rights currently allow all exchange creation unless rights for creating some
+        //specific exchanges are granted. Grant a specific exchange creation to cause all others to be denied.
+        Object[] createArgsCreateExchange = new Object[]{new AMQShortString("madeup"), _exchangeType};
+        Object[] authArgsCreateExchange = new Object[]{_exchangeName,_exchangeType};
+        assertEquals("Exchange creation was not allowed", AuthzResult.ALLOWED, _perms.authorise(Permission.CREATEEXCHANGE, authArgsCreateExchange));
+        _perms.grant(Permission.CREATEEXCHANGE, createArgsCreateExchange);
+        
+        Object[] authArgsPublish = new Object[]{_exchange, _routingKey};        
+        Object[] authArgsConsume = new Object[]{_queue};
+        Object[] authArgsCreateQueue = new Object[]{_autoDelete, _queueName};
+        QueueBindBodyImpl bind = new QueueBindBodyImpl(_ticket, _queueName, _exchangeName, _routingKey, _nowait, _arguments);
+        Object[] authArgsBind = new Object[]{bind, _exchange, _queue, _routingKey};
+        
+        assertEquals("Exchange creation was not denied", AuthzResult.DENIED, _perms.authorise(Permission.CREATEEXCHANGE, authArgsCreateExchange));
+        assertEquals("Publish was not denied", AuthzResult.DENIED, _perms.authorise(Permission.PUBLISH, authArgsPublish));
+        assertEquals("Consume creation was not denied", AuthzResult.DENIED, _perms.authorise(Permission.CONSUME, authArgsConsume));
+        assertEquals("Queue creation was not denied", AuthzResult.DENIED, _perms.authorise(Permission.CREATEQUEUE, authArgsCreateQueue));
+        //BIND pre-grant authorise check disabled due to QPID-1597
+        //assertEquals("Binding creation was not denied", AuthzResult.DENIED, _perms.authorise(Permission.BIND, authArgsBind));
+        
+        _perms.grant(Permission.ACCESS);
+
+        assertEquals("Exchange creation was not allowed", AuthzResult.ALLOWED, _perms.authorise(Permission.CREATEEXCHANGE, authArgsCreateExchange));
+        assertEquals("Publish was not allowed", AuthzResult.ALLOWED, _perms.authorise(Permission.PUBLISH, authArgsPublish));
+        assertEquals("Consume creation was not allowed", AuthzResult.ALLOWED, _perms.authorise(Permission.CONSUME, authArgsConsume));
+        assertEquals("Queue creation was not allowed", AuthzResult.ALLOWED, _perms.authorise(Permission.CREATEQUEUE, authArgsCreateQueue));
+        assertEquals("Binding creation was not allowed", AuthzResult.ALLOWED, _perms.authorise(Permission.BIND, authArgsBind));
+    }
 }
diff --git a/java/systests/src/main/java/org/apache/qpid/server/security/acl/SimpleACLTest.java b/java/systests/src/main/java/org/apache/qpid/server/security/acl/SimpleACLTest.java
index 091ef4de96..bee4a017fd 100644
--- a/java/systests/src/main/java/org/apache/qpid/server/security/acl/SimpleACLTest.java
+++ b/java/systests/src/main/java/org/apache/qpid/server/security/acl/SimpleACLTest.java
@@ -102,7 +102,51 @@ public class SimpleACLTest extends QpidTestCase implements ConnectionListener
             fail("Connection was not created due to:" + e);
         }
     }
+    
+    public void testAccessVhostAuthorisedGuest() throws IOException, Exception
+    {
+        //The 'guest' user normally has no access, as tested below in testAccessNoRights(), and so is unable to perform
+        //actions such as connecting (and by extension, creating a queue, and consuming from a queue etc). In order to test
+        //the vhost-wide 'access' right, we will now give the guest user 'access' ACL rights and perform various such actions.
+        setConfigurationProperty("virtualhosts.virtualhost.test.security.access_control_list.access.users.user", "guest");
+
+        setUpACLTest();
+        
+        try
+        {
+            //get a connection
+            Connection conn = getConnection("guest", "guest");
+            ((AMQConnection) conn).setConnectionListener(this);
+
+            Session sesh = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+
+            conn.start();
 
+            //create Queues and consumers for each
+            Queue namedQueue = sesh.createQueue("vhostAccessCreatedQueue" + getTestQueueName());
+            Queue tempQueue = sesh.createTemporaryQueue();
+            MessageConsumer consumer = sesh.createConsumer(namedQueue);
+            MessageConsumer tempConsumer = sesh.createConsumer(tempQueue);
+
+            //send a message to each queue (also causing an exchange declare)
+            MessageProducer sender = ((AMQSession)sesh).createProducer(null);
+            ((org.apache.qpid.jms.MessageProducer) sender).send(namedQueue, sesh.createTextMessage("test"),
+                                                                DeliveryMode.NON_PERSISTENT, 0, 0L, false, false, true);
+            ((org.apache.qpid.jms.MessageProducer) sender).send(tempQueue, sesh.createTextMessage("test"),
+                                                                DeliveryMode.NON_PERSISTENT, 0, 0L, false, false, true);
+
+            //consume the messages from the queues
+            consumer.receive(2000);
+            tempConsumer.receive(2000);
+
+            conn.close();
+        }
+        catch (Exception e)
+        {
+            fail("Test failed due to:" + e.getMessage());
+        }
+    }
+    
     public void testAccessNoRights() throws Exception
     {
     	setUpACLTest();
author	Robert Gemmell <robbie@apache.org>	2009-10-15 10:08:56 +0000
committer	Robert Gemmell <robbie@apache.org>	2009-10-15 10:08:56 +0000
commit	8246909e6c7025cf6487ffd4e7cb15bfa415f013 (patch)
tree	aac2117a19c06e53ba6f911130fa2ec5fab348ad
parent	85ad542c1d5724cb5a1294f12e826a83972ef433 (diff)
download	qpid-python-8246909e6c7025cf6487ffd4e7cb15bfa415f013.tar.gz