diff options
author | Alex Rudyy <orudyy@apache.org> | 2013-04-03 11:50:36 +0000 |
---|---|---|
committer | Alex Rudyy <orudyy@apache.org> | 2013-04-03 11:50:36 +0000 |
commit | 45fc3b612fe45ec01db5e6e6e65661b5d8898f1b (patch) | |
tree | fb8e07e544de7ea2168926b4ed7dda714f632e20 /qpid | |
parent | 24b2431ab0f4cdb639122a3f1d54d66a657ecbc7 (diff) | |
download | qpid-python-45fc3b612fe45ec01db5e6e6e65661b5d8898f1b.tar.gz |
QPID-4695: Add validation of configured object names and IDs
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1463933 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid')
7 files changed, 33 insertions, 5 deletions
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/resources/addAuthenticationProvider.html b/qpid/java/broker-plugins/management-http/src/main/java/resources/addAuthenticationProvider.html index f164ece082..90dd1f1090 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/resources/addAuthenticationProvider.html +++ b/qpid/java/broker-plugins/management-http/src/main/java/resources/addAuthenticationProvider.html @@ -25,7 +25,7 @@ <tr> <td class="tableContainer-labelCell" style="width: 300px;">Name*:</td> <td class="tableContainer-valueCell"><input type="text" required="true" name="name" - id="formAddAuthenticationProvider.name" placeholder="Name" + id="formAddAuthenticationProvider.name" placeholder="Name" regexp="^[\x20-\x2e\x30-\x7F]{1,255}$" dojoType="dijit.form.ValidationTextBox" missingMessage="A name must be supplied" /></div></td> </tr> </table> diff --git a/qpid/java/broker-plugins/management-http/src/main/java/resources/addExchange.html b/qpid/java/broker-plugins/management-http/src/main/java/resources/addExchange.html index 10ac5388ff..4a59cd2cbc 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/resources/addExchange.html +++ b/qpid/java/broker-plugins/management-http/src/main/java/resources/addExchange.html @@ -26,7 +26,7 @@ <td valign="top"><strong>Exchange Name*: </strong></td> <td><input type="text" required="true" name="name" id="formAddExchange.name" placeholder="Exchange Name" dojoType="dijit.form.ValidationTextBox" missingMessage="A name must be supplied" - data-dojo-props="regExp:'^(?!qpid\.|amq\.|\<\<default\>\>).*$', invalidMessage:'Reserved exchange name!'"/></td> + data-dojo-props="regExp:'^(?!qpid\.|amq\.|\<\<default\>\>)[\x20-\x2e\x30-\x7F]{1,255}$', invalidMessage:'Illegal or reserved exchange name!'"/></td> </tr> <tr> <td valign="top"><strong>Durable? </strong></td> diff --git a/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html b/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html index 11acccb2ac..c37b879bd5 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html +++ b/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html @@ -25,7 +25,7 @@ <div id="formAddPort:fields"> <input type="text" required="true" name="name" id="formAddPort.name" placeholder="Name" data-dojo-props="label: 'Name*:'" dojoType="dijit.form.ValidationTextBox" - missingMessage="A name must be supplied" /> + missingMessage="A name must be supplied" regexp="^[\x20-\x2e\x30-\x7F]{1,255}$"/> <input data-dojo-type="dijit.form.NumberSpinner" id="formAddPort.port" required="true" data-dojo-props="label: 'Port Number*:'" name="port" smallDelta="1" constraints="{min:1,max:65535,places:0, pattern: '#####'}" missingMessage="A port number must be supplied" /> diff --git a/qpid/java/broker-plugins/management-http/src/main/java/resources/addQueue.html b/qpid/java/broker-plugins/management-http/src/main/java/resources/addQueue.html index d396f28877..950809d5fc 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/resources/addQueue.html +++ b/qpid/java/broker-plugins/management-http/src/main/java/resources/addQueue.html @@ -25,7 +25,7 @@ <tr> <td valign="top"><strong>Queue Name*: </strong></td> <td><input type="text" required="true" name="name" id="formAddQueue.name" placeholder="Queue Name" - dojoType="dijit.form.ValidationTextBox" missingMessage="A name must be supplied" /></td> + dojoType="dijit.form.ValidationTextBox" missingMessage="A name must be supplied" regexp="^[\x20-\x2e\x30-\x7F]{1,255}$"/></td> </tr> <tr> <td valign="top"><strong>Durable? </strong></td> diff --git a/qpid/java/broker-plugins/management-http/src/main/java/resources/addVirtualHost.html b/qpid/java/broker-plugins/management-http/src/main/java/resources/addVirtualHost.html index d66e0e1b03..9b492ef26d 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/resources/addVirtualHost.html +++ b/qpid/java/broker-plugins/management-http/src/main/java/resources/addVirtualHost.html @@ -27,7 +27,7 @@ <td class="tableContainer-valueCell"> <input type="text" required="true" name="name" id="formAddVirtualHost.name" placeholder="Virtual Host Name" dojoType="dijit.form.ValidationTextBox" - missingMessage="A name must be supplied" /> + missingMessage="A name must be supplied" regexp="^[\x20-\x2e\x30-\x7F]{1,255}$"/> </td> </tr> </table> diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java index e57c8c2d16..05977a22af 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java @@ -32,6 +32,7 @@ import org.apache.qpid.server.model.ConfigurationChangeListener; import org.apache.qpid.server.model.ConfiguredObject; import org.apache.qpid.server.model.IllegalStateTransitionException; import org.apache.qpid.server.model.State; +import org.apache.qpid.server.configuration.IllegalConfigurationException; import org.apache.qpid.server.configuration.updater.ChangeAttributesTask; import org.apache.qpid.server.configuration.updater.ChangeStateTask; import org.apache.qpid.server.configuration.updater.CreateChildTask; @@ -40,6 +41,7 @@ import org.apache.qpid.server.configuration.updater.TaskExecutor; abstract class AbstractAdapter implements ConfiguredObject { + private static final Object ID = "id"; private final Map<String,Object> _attributes = new HashMap<String, Object>(); private final Map<Class<? extends ConfiguredObject>, ConfiguredObject> _parents = new HashMap<Class<? extends ConfiguredObject>, ConfiguredObject>(); @@ -347,6 +349,15 @@ abstract class AbstractAdapter implements ConfiguredObject protected void changeAttributes(final Map<String, Object> attributes) { + if (attributes.containsKey(ID)) + { + UUID id = getId(); + Object idAttributeValue = attributes.get(ID); + if (idAttributeValue != null && !idAttributeValue.equals(id)) + { + throw new IllegalConfigurationException("Cannot change existing configured object id"); + } + } Collection<String> names = getAttributeNames(); for (String name : names) { diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/AuthenticationProviderRestTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/AuthenticationProviderRestTest.java index 4ba2069dfd..09408572d7 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/AuthenticationProviderRestTest.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/AuthenticationProviderRestTest.java @@ -24,6 +24,7 @@ import java.io.File; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.UUID; import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.LifetimePolicy; @@ -90,6 +91,22 @@ public class AuthenticationProviderRestTest extends QpidRestTestCase assertProvider(false, AnonymousAuthenticationManagerFactory.PROVIDER_TYPE, provider); } + public void testUpdateAuthenticationProviderIdFails() throws Exception + { + String providerName = "test-provider"; + Map<String, Object> attributes = new HashMap<String, Object>(); + attributes.put(AuthenticationProvider.NAME, providerName); + attributes.put(AuthenticationProvider.TYPE, AnonymousAuthenticationManagerFactory.PROVIDER_TYPE); + + int responseCode = getRestTestHelper().submitRequest("/rest/authenticationprovider/" + providerName, "PUT", attributes); + assertEquals("Unexpected response code", 201, responseCode); + + attributes.put(AuthenticationProvider.ID, UUID.randomUUID()); + + responseCode = getRestTestHelper().submitRequest("/rest/authenticationprovider/" + providerName, "PUT", attributes); + assertEquals("Update with new ID should fail", 409, responseCode); + } + public void testDeleteOfDefaultAuthenticationProviderFails() throws Exception { String providerName = TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER; |