summaryrefslogtreecommitdiff
path: root/java/broker-core/src/main/java/org/apache/qpid/server/security
diff options
context:
space:
mode:
Diffstat (limited to 'java/broker-core/src/main/java/org/apache/qpid/server/security')
-rw-r--r--java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java38
-rw-r--r--java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java75
-rw-r--r--java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java44
-rw-r--r--java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java66
-rw-r--r--java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java22
-rw-r--r--java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java17
-rw-r--r--java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramAuthUser.java8
7 files changed, 127 insertions, 143 deletions
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
index d4aeca0437..6e02e71cd4 100644
--- a/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
+++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
@@ -45,6 +45,7 @@ import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.apache.qpid.transport.network.security.ssl.QpidClientX509KeyManager;
@@ -86,12 +87,6 @@ public class FileKeyStoreImpl extends AbstractConfiguredObject<FileKeyStoreImpl>
}
@Override
- public State getState()
- {
- return State.ACTIVE;
- }
-
- @Override
public Object getAttribute(String name)
{
if(KeyStore.STATE.equals(name))
@@ -102,27 +97,28 @@ public class FileKeyStoreImpl extends AbstractConfiguredObject<FileKeyStoreImpl>
return super.getAttribute(name);
}
- @Override
- protected boolean setState(State desiredState)
+ @StateTransition(currentState = {State.ACTIVE, State.ERRORED}, desiredState = State.DELETED)
+ protected void doDelete()
{
- if(desiredState == State.DELETED)
- {
- // verify that it is not in use
- String storeName = getName();
+ // verify that it is not in use
+ String storeName = getName();
- Collection<Port> ports = new ArrayList<Port>(_broker.getPorts());
- for (Port port : ports)
+ Collection<Port> ports = new ArrayList<Port>(_broker.getPorts());
+ for (Port port : ports)
+ {
+ if (port.getKeyStore() == this)
{
- if (port.getKeyStore() == this)
- {
- throw new IntegrityViolationException("Key store '" + storeName + "' can't be deleted as it is in use by a port:" + port.getName());
- }
+ throw new IntegrityViolationException("Key store '" + storeName + "' can't be deleted as it is in use by a port:" + port.getName());
}
- deleted();
- return true;
}
+ deleted();
+ setState(State.DELETED);
+ }
- return false;
+ @StateTransition(currentState = {State.UNINITIALIZED, State.ERRORED}, desiredState = State.ACTIVE)
+ protected void doActivate()
+ {
+ setState(State.ACTIVE);
}
@Override
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
index 0596c21291..cb5aaacb07 100644
--- a/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
+++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
@@ -44,6 +44,7 @@ import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
@@ -85,60 +86,56 @@ public class FileTrustStoreImpl extends AbstractConfiguredObject<FileTrustStoreI
}
}
- @Override
- public State getState()
+ @StateTransition(currentState = {State.ACTIVE, State.ERRORED}, desiredState = State.DELETED)
+ protected void doDelete()
{
- return State.ACTIVE;
- }
+ // verify that it is not in use
+ String storeName = getName();
- @Override
- protected boolean setState(State desiredState)
- {
- if(desiredState == State.DELETED)
+ Collection<Port<?>> ports = new ArrayList<Port<?>>(_broker.getPorts());
+ for (Port port : ports)
{
- // verify that it is not in use
- String storeName = getName();
-
- Collection<Port<?>> ports = new ArrayList<Port<?>>(_broker.getPorts());
- for (Port port : ports)
+ Collection<TrustStore> trustStores = port.getTrustStores();
+ if(trustStores != null)
{
- Collection<TrustStore> trustStores = port.getTrustStores();
- if(trustStores != null)
+ for (TrustStore store : trustStores)
{
- for (TrustStore store : trustStores)
+ if(storeName.equals(store.getAttribute(TrustStore.NAME)))
{
- if(storeName.equals(store.getAttribute(TrustStore.NAME)))
- {
- throw new IntegrityViolationException("Trust store '"
- + storeName
- + "' can't be deleted as it is in use by a port: "
- + port.getName());
- }
+ throw new IntegrityViolationException("Trust store '"
+ + storeName
+ + "' can't be deleted as it is in use by a port: "
+ + port.getName());
}
}
}
+ }
- Collection<AuthenticationProvider> authenticationProviders = new ArrayList<AuthenticationProvider>(_broker.getAuthenticationProviders());
- for (AuthenticationProvider authProvider : authenticationProviders)
+ Collection<AuthenticationProvider> authenticationProviders = new ArrayList<AuthenticationProvider>(_broker.getAuthenticationProviders());
+ for (AuthenticationProvider authProvider : authenticationProviders)
+ {
+ if(authProvider.getAttributeNames().contains(SimpleLDAPAuthenticationManager.TRUST_STORE))
{
- if(authProvider.getAttributeNames().contains(SimpleLDAPAuthenticationManager.TRUST_STORE))
- {
- Object attributeType = authProvider.getAttribute(AuthenticationProvider.TYPE);
- Object attributeValue = authProvider.getAttribute(SimpleLDAPAuthenticationManager.TRUST_STORE);
- if (SimpleLDAPAuthenticationManager.PROVIDER_TYPE.equals(attributeType)
+ Object attributeType = authProvider.getAttribute(AuthenticationProvider.TYPE);
+ Object attributeValue = authProvider.getAttribute(SimpleLDAPAuthenticationManager.TRUST_STORE);
+ if (SimpleLDAPAuthenticationManager.PROVIDER_TYPE.equals(attributeType)
&& storeName.equals(attributeValue))
- {
- throw new IntegrityViolationException("Trust store '"
- + storeName
- + "' can't be deleted as it is in use by an authentication manager: "
- + authProvider.getName());
- }
+ {
+ throw new IntegrityViolationException("Trust store '"
+ + storeName
+ + "' can't be deleted as it is in use by an authentication manager: "
+ + authProvider.getName());
}
}
- deleted();
- return true;
}
- return false;
+ deleted();
+ setState(State.DELETED);
+ }
+
+ @StateTransition(currentState = {State.UNINITIALIZED, State.ERRORED}, desiredState = State.ACTIVE)
+ protected void doActivate()
+ {
+ setState(State.ACTIVE);
}
@Override
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java
index 299ba6c249..fddb856a39 100644
--- a/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java
+++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java
@@ -70,6 +70,7 @@ import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
@@ -183,12 +184,6 @@ public class NonJavaKeyStoreImpl extends AbstractConfiguredObject<NonJavaKeyStor
}
@Override
- public State getState()
- {
- return State.ACTIVE;
- }
-
- @Override
public Object getAttribute(String name)
{
if (KeyStore.STATE.equals(name))
@@ -199,30 +194,31 @@ public class NonJavaKeyStoreImpl extends AbstractConfiguredObject<NonJavaKeyStor
return super.getAttribute(name);
}
- @Override
- protected boolean setState(State desiredState)
+ @StateTransition(currentState = {State.ACTIVE, State.ERRORED}, desiredState = State.DELETED)
+ protected void doDelete()
{
- if (desiredState == State.DELETED)
- {
- // verify that it is not in use
- String storeName = getName();
+ // verify that it is not in use
+ String storeName = getName();
- Collection<Port> ports = new ArrayList<Port>(_broker.getPorts());
- for (Port port : ports)
+ Collection<Port> ports = new ArrayList<Port>(_broker.getPorts());
+ for (Port port : ports)
+ {
+ if (port.getKeyStore() == this)
{
- if (port.getKeyStore() == this)
- {
- throw new IntegrityViolationException("Key store '"
- + storeName
- + "' can't be deleted as it is in use by a port:"
- + port.getName());
- }
+ throw new IntegrityViolationException("Key store '"
+ + storeName
+ + "' can't be deleted as it is in use by a port:"
+ + port.getName());
}
- deleted();
- return true;
}
+ deleted();
+ setState(State.DELETED);
+ }
- return false;
+ @StateTransition(currentState = {State.UNINITIALIZED, State.ERRORED}, desiredState = State.ACTIVE)
+ protected void doActivate()
+ {
+ setState(State.ACTIVE);
}
@Override
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
index 4f7f913776..d757387a34 100644
--- a/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
+++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
@@ -49,6 +49,7 @@ import org.apache.log4j.Logger;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.AbstractConfiguredObject;
+import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.IntegrityViolationException;
@@ -58,7 +59,10 @@ import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.StateTransition;
+import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.security.access.Operation;
+import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
@ManagedObject( category = false )
@@ -168,12 +172,6 @@ public class NonJavaTrustStoreImpl
}
@Override
- public State getState()
- {
- return State.ACTIVE;
- }
-
- @Override
public Object getAttribute(String name)
{
if (KeyStore.STATE.equals(name))
@@ -184,30 +182,56 @@ public class NonJavaTrustStoreImpl
return super.getAttribute(name);
}
- @Override
- protected boolean setState(State desiredState)
+ @StateTransition(currentState = {State.ACTIVE, State.ERRORED}, desiredState = State.DELETED)
+ protected void doDelete()
{
- if (desiredState == State.DELETED)
+ // verify that it is not in use
+ String storeName = getName();
+
+ Collection<Port<?>> ports = new ArrayList<Port<?>>(_broker.getPorts());
+ for (Port port : ports)
{
- // verify that it is not in use
- String storeName = getName();
+ Collection<TrustStore> trustStores = port.getTrustStores();
+ if(trustStores != null)
+ {
+ for (TrustStore store : trustStores)
+ {
+ if(storeName.equals(store.getAttribute(TrustStore.NAME)))
+ {
+ throw new IntegrityViolationException("Trust store '"
+ + storeName
+ + "' can't be deleted as it is in use by a port: "
+ + port.getName());
+ }
+ }
+ }
+ }
- Collection<Port> ports = new ArrayList<Port>(_broker.getPorts());
- for (Port port : ports)
+ Collection<AuthenticationProvider> authenticationProviders = new ArrayList<AuthenticationProvider>(_broker.getAuthenticationProviders());
+ for (AuthenticationProvider authProvider : authenticationProviders)
+ {
+ if(authProvider.getAttributeNames().contains(SimpleLDAPAuthenticationManager.TRUST_STORE))
{
- if (port.getKeyStore() == this)
+ Object attributeType = authProvider.getAttribute(AuthenticationProvider.TYPE);
+ Object attributeValue = authProvider.getAttribute(SimpleLDAPAuthenticationManager.TRUST_STORE);
+ if (SimpleLDAPAuthenticationManager.PROVIDER_TYPE.equals(attributeType)
+ && storeName.equals(attributeValue))
{
- throw new IntegrityViolationException("Key store '"
- + storeName
- + "' can't be deleted as it is in use by a port:"
- + port.getName());
+ throw new IntegrityViolationException("Trust store '"
+ + storeName
+ + "' can't be deleted as it is in use by an authentication manager: "
+ + authProvider.getName());
}
}
- deleted();
- return true;
}
+ deleted();
+ setState(State.DELETED);
+ }
- return false;
+ @StateTransition(currentState = {State.UNINITIALIZED, State.ERRORED}, desiredState = State.ACTIVE)
+ protected void doActivate()
+ {
+ setState(State.ACTIVE);
}
@Override
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java
index 6fa93ed51a..69f0011302 100644
--- a/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java
+++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java
@@ -27,7 +27,6 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
-import java.util.concurrent.atomic.AtomicReference;
import org.apache.log4j.Logger;
@@ -56,7 +55,6 @@ public abstract class AbstractAuthenticationManager<T extends AbstractAuthentica
private final Broker _broker;
private PreferencesProvider _preferencesProvider;
- private AtomicReference<State> _state = new AtomicReference<State>(State.UNINITIALIZED);
@ManagedAttributeField
private List<String> _secureOnlyMechanisms;
@@ -139,12 +137,6 @@ public abstract class AbstractAuthenticationManager<T extends AbstractAuthentica
throw new IllegalConfigurationException("Cannot associate " + user + " with authentication provider " + this);
}
- @Override
- public State getState()
- {
- return _state.get();
- }
-
@SuppressWarnings("unchecked")
@Override
public <C extends ConfiguredObject> C addChild(Class<C> childClass, Map<String, Object> attributes, ConfiguredObject... otherParents)
@@ -185,7 +177,7 @@ public abstract class AbstractAuthenticationManager<T extends AbstractAuthentica
@StateTransition( currentState = State.UNINITIALIZED, desiredState = State.QUIESCED )
protected void startQuiesced()
{
- _state.set(State.QUIESCED);
+ setState(State.QUIESCED);
}
@StateTransition( currentState = { State.UNINITIALIZED, State.QUIESCED, State.QUIESCED }, desiredState = State.ACTIVE )
@@ -193,11 +185,11 @@ public abstract class AbstractAuthenticationManager<T extends AbstractAuthentica
{
try
{
- _state.set(State.ACTIVE);
+ setState(State.ACTIVE);
}
catch(RuntimeException e)
{
- _state.set(State.ERRORED);
+ setState(State.ERRORED);
if (_broker.isManagementMode())
{
LOGGER.warn("Failed to activate authentication provider: " + getName(), e);
@@ -234,16 +226,10 @@ public abstract class AbstractAuthenticationManager<T extends AbstractAuthentica
}
deleted();
- _state.set(State.DELETED);
+ setState(State.DELETED);
}
-
- protected boolean updateState(State from, State to)
- {
- return _state.compareAndSet(from, to);
- }
-
@Override
public Object getAttribute(final String name)
{
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
index 3197d78c2a..a6a2ea8d34 100644
--- a/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
+++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
@@ -117,7 +117,7 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal
}
catch(IllegalConfigurationException e)
{
- updateState(getState(), State.ERRORED);
+ setState(State.ERRORED);
}
}
@@ -378,7 +378,7 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal
{
initialise();
// if provider was previously in ERRORED state then set its state to ACTIVE
- updateState(State.ERRORED, State.ACTIVE);
+ setState(State.ACTIVE);
}
catch(RuntimeException e)
{
@@ -396,8 +396,6 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal
{
private final Principal _user;
- private State _state = State.UNINITIALIZED;
-
@ManagedAttributeField
private String _password;
@@ -447,13 +445,6 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal
}
}
-
- @Override
- public State getState()
- {
- return _state;
- }
-
@Override
public boolean changeAttribute(String name, Object expected, Object desired)
throws IllegalStateException, AccessControlException, IllegalArgumentException
@@ -469,7 +460,7 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal
@StateTransition(currentState = State.UNINITIALIZED, desiredState = State.ACTIVE)
private void activate()
{
- _state = State.ACTIVE;
+ setState(State.ACTIVE);
}
@StateTransition(currentState = State.ACTIVE, desiredState = State.DELETED)
@@ -485,7 +476,7 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal
preferencesProvider.deletePreferences(userName);
}
deleted();
- _state = State.DELETED;
+ setState(State.DELETED);
}
catch (AccountNotFoundException e)
{
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramAuthUser.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramAuthUser.java
index f28b46d1dd..1f80a84e4f 100644
--- a/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramAuthUser.java
+++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramAuthUser.java
@@ -59,7 +59,7 @@ class ScramAuthUser extends AbstractConfiguredObject<ScramAuthUser> implements U
{
throw new IllegalArgumentException("Scram SHA1 user names are restricted to characters in the ASCII charset");
}
-
+ setState(State.ACTIVE);
}
@Override
@@ -168,12 +168,6 @@ class ScramAuthUser extends AbstractConfiguredObject<ScramAuthUser> implements U
}
@Override
- public State getState()
- {
- return State.ACTIVE;
- }
-
- @Override
public <C extends ConfiguredObject> Collection<C> getChildren(final Class<C> clazz)
{
return Collections.emptySet();
View Lorry Controller Status