diff options
Diffstat (limited to 'java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ManagedUser.java')
-rw-r--r-- | java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ManagedUser.java | 199 |
1 files changed, 199 insertions, 0 deletions
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ManagedUser.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ManagedUser.java new file mode 100644 index 0000000000..c8884e15a8 --- /dev/null +++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ManagedUser.java @@ -0,0 +1,199 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.security.auth.manager; + +import java.security.AccessControlException; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +import org.apache.qpid.server.configuration.updater.VoidTask; +import org.apache.qpid.server.model.AbstractConfiguredObject; +import org.apache.qpid.server.model.ConfiguredObject; +import org.apache.qpid.server.model.ManagedAttributeField; +import org.apache.qpid.server.model.ManagedObject; +import org.apache.qpid.server.model.ManagedObjectFactoryConstructor; +import org.apache.qpid.server.model.PreferencesProvider; +import org.apache.qpid.server.model.State; +import org.apache.qpid.server.model.StateTransition; +import org.apache.qpid.server.model.User; +import org.apache.qpid.server.security.access.Operation; + +@ManagedObject( category = false, type = ManagedUser.MANAGED_USER_TYPE) +class ManagedUser extends AbstractConfiguredObject<ManagedUser> implements User<ManagedUser> +{ + public static final String MANAGED_USER_TYPE = "managed"; + + private ConfigModelPasswordManagingAuthenticationProvider<?> _authenticationManager; + @ManagedAttributeField + private String _password; + + @ManagedObjectFactoryConstructor + ManagedUser(final Map<String, Object> attributes, ConfigModelPasswordManagingAuthenticationProvider<?> parent) + { + super(parentsMap(parent), attributes); + _authenticationManager = parent; + + setState(State.ACTIVE); + } + + @Override + protected void onOpen() + { + super.onOpen(); + _authenticationManager.getUserMap().put(getName(), this); + } + + @Override + public void onValidate() + { + super.onValidate(); + _authenticationManager.validateUser(this); + if(!isDurable()) + { + throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable"); + } + } + + @Override + protected void validateChange(final ConfiguredObject<?> proxyForValidation, final Set<String> changedAttributes) + { + super.validateChange(proxyForValidation, changedAttributes); + if(changedAttributes.contains(DURABLE) && !proxyForValidation.isDurable()) + { + throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable"); + } + } + + @Override + protected void authoriseSetDesiredState(final State desiredState) throws AccessControlException + { + if(desiredState == State.DELETED) + { + _authenticationManager.getSecurityManager().authoriseUserOperation(Operation.DELETE, getName()); + } + + } + + @StateTransition(currentState = {State.ACTIVE}, desiredState = State.DELETED) + private void doDelete() + { + _authenticationManager.getUserMap().remove(getName()); + deleted(); + } + + + @Override + public void setAttributes(final Map<String, Object> attributes) + throws IllegalStateException, AccessControlException, IllegalArgumentException + { + runTask(new VoidTask() + { + + @Override + public void execute() + { + Map<String, Object> modifiedAttributes = new HashMap<String, Object>(attributes); + final String newPassword = (String) attributes.get(User.PASSWORD); + if (attributes.containsKey(User.PASSWORD) + && !newPassword.equals(getActualAttributes().get(User.PASSWORD))) + { + modifiedAttributes.put(User.PASSWORD, + _authenticationManager.createStoredPassword(newPassword)); + + } + ManagedUser.super.setAttributes(modifiedAttributes); + } + }); + + + } + + @Override + public String getPassword() + { + return _password; + } + + @Override + public void setPassword(final String password) + { + _authenticationManager.getSecurityManager().authoriseUserOperation(Operation.UPDATE, getName()); + + changeAttribute(User.PASSWORD, getAttribute(User.PASSWORD), + _authenticationManager.createStoredPassword(password)); + + } + + @Override + public <C extends ConfiguredObject> Collection<C> getChildren(final Class<C> clazz) + { + return Collections.emptySet(); + } + + @Override + public Map<String, Object> getPreferences() + { + PreferencesProvider<?> preferencesProvider = _authenticationManager.getPreferencesProvider(); + if (preferencesProvider == null) + { + return null; + } + return preferencesProvider.getPreferences(this.getName()); + } + + @Override + public Object getPreference(String name) + { + Map<String, Object> preferences = getPreferences(); + if (preferences == null) + { + return null; + } + return preferences.get(name); + } + + @Override + public Map<String, Object> setPreferences(Map<String, Object> preferences) + { + PreferencesProvider<?> preferencesProvider = _authenticationManager.getPreferencesProvider(); + if (preferencesProvider == null) + { + return null; + } + return preferencesProvider.setPreferences(this.getName(), preferences); + } + + @Override + public boolean deletePreferences() + { + PreferencesProvider preferencesProvider = _authenticationManager.getPreferencesProvider(); + if (preferencesProvider == null) + { + return false; + } + String[] deleted = preferencesProvider.deletePreferences(this.getName()); + return deleted.length == 1; + } + +} |