diff options
Diffstat (limited to 'java/broker-core/src/main/java/org/apache/qpid/server/security')
7 files changed, 127 insertions, 143 deletions
diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java index d4aeca0437..6e02e71cd4 100644 --- a/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java +++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java @@ -45,6 +45,7 @@ import org.apache.qpid.server.model.ManagedObject; import org.apache.qpid.server.model.ManagedObjectFactoryConstructor; import org.apache.qpid.server.model.Port; import org.apache.qpid.server.model.State; +import org.apache.qpid.server.model.StateTransition; import org.apache.qpid.server.security.access.Operation; import org.apache.qpid.server.util.ServerScopedRuntimeException; import org.apache.qpid.transport.network.security.ssl.QpidClientX509KeyManager; @@ -86,12 +87,6 @@ public class FileKeyStoreImpl extends AbstractConfiguredObject<FileKeyStoreImpl> } @Override - public State getState() - { - return State.ACTIVE; - } - - @Override public Object getAttribute(String name) { if(KeyStore.STATE.equals(name)) @@ -102,27 +97,28 @@ public class FileKeyStoreImpl extends AbstractConfiguredObject<FileKeyStoreImpl> return super.getAttribute(name); } - @Override - protected boolean setState(State desiredState) + @StateTransition(currentState = {State.ACTIVE, State.ERRORED}, desiredState = State.DELETED) + protected void doDelete() { - if(desiredState == State.DELETED) - { - // verify that it is not in use - String storeName = getName(); + // verify that it is not in use + String storeName = getName(); - Collection<Port> ports = new ArrayList<Port>(_broker.getPorts()); - for (Port port : ports) + Collection<Port> ports = new ArrayList<Port>(_broker.getPorts()); + for (Port port : ports) + { + if (port.getKeyStore() == this) { - if (port.getKeyStore() == this) - { - throw new IntegrityViolationException("Key store '" + storeName + "' can't be deleted as it is in use by a port:" + port.getName()); - } + throw new IntegrityViolationException("Key store '" + storeName + "' can't be deleted as it is in use by a port:" + port.getName()); } - deleted(); - return true; } + deleted(); + setState(State.DELETED); + } - return false; + @StateTransition(currentState = {State.UNINITIALIZED, State.ERRORED}, desiredState = State.ACTIVE) + protected void doActivate() + { + setState(State.ACTIVE); } @Override diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java index 0596c21291..cb5aaacb07 100644 --- a/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java +++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java @@ -44,6 +44,7 @@ import org.apache.qpid.server.model.ManagedAttributeField; import org.apache.qpid.server.model.ManagedObjectFactoryConstructor; import org.apache.qpid.server.model.Port; import org.apache.qpid.server.model.State; +import org.apache.qpid.server.model.StateTransition; import org.apache.qpid.server.model.TrustStore; import org.apache.qpid.server.security.access.Operation; import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager; @@ -85,60 +86,56 @@ public class FileTrustStoreImpl extends AbstractConfiguredObject<FileTrustStoreI } } - @Override - public State getState() + @StateTransition(currentState = {State.ACTIVE, State.ERRORED}, desiredState = State.DELETED) + protected void doDelete() { - return State.ACTIVE; - } + // verify that it is not in use + String storeName = getName(); - @Override - protected boolean setState(State desiredState) - { - if(desiredState == State.DELETED) + Collection<Port<?>> ports = new ArrayList<Port<?>>(_broker.getPorts()); + for (Port port : ports) { - // verify that it is not in use - String storeName = getName(); - - Collection<Port<?>> ports = new ArrayList<Port<?>>(_broker.getPorts()); - for (Port port : ports) + Collection<TrustStore> trustStores = port.getTrustStores(); + if(trustStores != null) { - Collection<TrustStore> trustStores = port.getTrustStores(); - if(trustStores != null) + for (TrustStore store : trustStores) { - for (TrustStore store : trustStores) + if(storeName.equals(store.getAttribute(TrustStore.NAME))) { - if(storeName.equals(store.getAttribute(TrustStore.NAME))) - { - throw new IntegrityViolationException("Trust store '" - + storeName - + "' can't be deleted as it is in use by a port: " - + port.getName()); - } + throw new IntegrityViolationException("Trust store '" + + storeName + + "' can't be deleted as it is in use by a port: " + + port.getName()); } } } + } - Collection<AuthenticationProvider> authenticationProviders = new ArrayList<AuthenticationProvider>(_broker.getAuthenticationProviders()); - for (AuthenticationProvider authProvider : authenticationProviders) + Collection<AuthenticationProvider> authenticationProviders = new ArrayList<AuthenticationProvider>(_broker.getAuthenticationProviders()); + for (AuthenticationProvider authProvider : authenticationProviders) + { + if(authProvider.getAttributeNames().contains(SimpleLDAPAuthenticationManager.TRUST_STORE)) { - if(authProvider.getAttributeNames().contains(SimpleLDAPAuthenticationManager.TRUST_STORE)) - { - Object attributeType = authProvider.getAttribute(AuthenticationProvider.TYPE); - Object attributeValue = authProvider.getAttribute(SimpleLDAPAuthenticationManager.TRUST_STORE); - if (SimpleLDAPAuthenticationManager.PROVIDER_TYPE.equals(attributeType) + Object attributeType = authProvider.getAttribute(AuthenticationProvider.TYPE); + Object attributeValue = authProvider.getAttribute(SimpleLDAPAuthenticationManager.TRUST_STORE); + if (SimpleLDAPAuthenticationManager.PROVIDER_TYPE.equals(attributeType) && storeName.equals(attributeValue)) - { - throw new IntegrityViolationException("Trust store '" - + storeName - + "' can't be deleted as it is in use by an authentication manager: " - + authProvider.getName()); - } + { + throw new IntegrityViolationException("Trust store '" + + storeName + + "' can't be deleted as it is in use by an authentication manager: " + + authProvider.getName()); } } - deleted(); - return true; } - return false; + deleted(); + setState(State.DELETED); + } + + @StateTransition(currentState = {State.UNINITIALIZED, State.ERRORED}, desiredState = State.ACTIVE) + protected void doActivate() + { + setState(State.ACTIVE); } @Override diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java index 299ba6c249..fddb856a39 100644 --- a/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java +++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java @@ -70,6 +70,7 @@ import org.apache.qpid.server.model.ManagedObject; import org.apache.qpid.server.model.ManagedObjectFactoryConstructor; import org.apache.qpid.server.model.Port; import org.apache.qpid.server.model.State; +import org.apache.qpid.server.model.StateTransition; import org.apache.qpid.server.security.access.Operation; import org.apache.qpid.server.util.urlstreamhandler.data.Handler; @@ -183,12 +184,6 @@ public class NonJavaKeyStoreImpl extends AbstractConfiguredObject<NonJavaKeyStor } @Override - public State getState() - { - return State.ACTIVE; - } - - @Override public Object getAttribute(String name) { if (KeyStore.STATE.equals(name)) @@ -199,30 +194,31 @@ public class NonJavaKeyStoreImpl extends AbstractConfiguredObject<NonJavaKeyStor return super.getAttribute(name); } - @Override - protected boolean setState(State desiredState) + @StateTransition(currentState = {State.ACTIVE, State.ERRORED}, desiredState = State.DELETED) + protected void doDelete() { - if (desiredState == State.DELETED) - { - // verify that it is not in use - String storeName = getName(); + // verify that it is not in use + String storeName = getName(); - Collection<Port> ports = new ArrayList<Port>(_broker.getPorts()); - for (Port port : ports) + Collection<Port> ports = new ArrayList<Port>(_broker.getPorts()); + for (Port port : ports) + { + if (port.getKeyStore() == this) { - if (port.getKeyStore() == this) - { - throw new IntegrityViolationException("Key store '" - + storeName - + "' can't be deleted as it is in use by a port:" - + port.getName()); - } + throw new IntegrityViolationException("Key store '" + + storeName + + "' can't be deleted as it is in use by a port:" + + port.getName()); } - deleted(); - return true; } + deleted(); + setState(State.DELETED); + } - return false; + @StateTransition(currentState = {State.UNINITIALIZED, State.ERRORED}, desiredState = State.ACTIVE) + protected void doActivate() + { + setState(State.ACTIVE); } @Override diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java index 4f7f913776..d757387a34 100644 --- a/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java +++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java @@ -49,6 +49,7 @@ import org.apache.log4j.Logger; import org.apache.qpid.server.configuration.IllegalConfigurationException; import org.apache.qpid.server.model.AbstractConfiguredObject; +import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.model.ConfiguredObject; import org.apache.qpid.server.model.IntegrityViolationException; @@ -58,7 +59,10 @@ import org.apache.qpid.server.model.ManagedObject; import org.apache.qpid.server.model.ManagedObjectFactoryConstructor; import org.apache.qpid.server.model.Port; import org.apache.qpid.server.model.State; +import org.apache.qpid.server.model.StateTransition; +import org.apache.qpid.server.model.TrustStore; import org.apache.qpid.server.security.access.Operation; +import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager; import org.apache.qpid.server.util.urlstreamhandler.data.Handler; @ManagedObject( category = false ) @@ -168,12 +172,6 @@ public class NonJavaTrustStoreImpl } @Override - public State getState() - { - return State.ACTIVE; - } - - @Override public Object getAttribute(String name) { if (KeyStore.STATE.equals(name)) @@ -184,30 +182,56 @@ public class NonJavaTrustStoreImpl return super.getAttribute(name); } - @Override - protected boolean setState(State desiredState) + @StateTransition(currentState = {State.ACTIVE, State.ERRORED}, desiredState = State.DELETED) + protected void doDelete() { - if (desiredState == State.DELETED) + // verify that it is not in use + String storeName = getName(); + + Collection<Port<?>> ports = new ArrayList<Port<?>>(_broker.getPorts()); + for (Port port : ports) { - // verify that it is not in use - String storeName = getName(); + Collection<TrustStore> trustStores = port.getTrustStores(); + if(trustStores != null) + { + for (TrustStore store : trustStores) + { + if(storeName.equals(store.getAttribute(TrustStore.NAME))) + { + throw new IntegrityViolationException("Trust store '" + + storeName + + "' can't be deleted as it is in use by a port: " + + port.getName()); + } + } + } + } - Collection<Port> ports = new ArrayList<Port>(_broker.getPorts()); - for (Port port : ports) + Collection<AuthenticationProvider> authenticationProviders = new ArrayList<AuthenticationProvider>(_broker.getAuthenticationProviders()); + for (AuthenticationProvider authProvider : authenticationProviders) + { + if(authProvider.getAttributeNames().contains(SimpleLDAPAuthenticationManager.TRUST_STORE)) { - if (port.getKeyStore() == this) + Object attributeType = authProvider.getAttribute(AuthenticationProvider.TYPE); + Object attributeValue = authProvider.getAttribute(SimpleLDAPAuthenticationManager.TRUST_STORE); + if (SimpleLDAPAuthenticationManager.PROVIDER_TYPE.equals(attributeType) + && storeName.equals(attributeValue)) { - throw new IntegrityViolationException("Key store '" - + storeName - + "' can't be deleted as it is in use by a port:" - + port.getName()); + throw new IntegrityViolationException("Trust store '" + + storeName + + "' can't be deleted as it is in use by an authentication manager: " + + authProvider.getName()); } } - deleted(); - return true; } + deleted(); + setState(State.DELETED); + } - return false; + @StateTransition(currentState = {State.UNINITIALIZED, State.ERRORED}, desiredState = State.ACTIVE) + protected void doActivate() + { + setState(State.ACTIVE); } @Override diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java index 6fa93ed51a..69f0011302 100644 --- a/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java +++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java @@ -27,7 +27,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Set; -import java.util.concurrent.atomic.AtomicReference; import org.apache.log4j.Logger; @@ -56,7 +55,6 @@ public abstract class AbstractAuthenticationManager<T extends AbstractAuthentica private final Broker _broker; private PreferencesProvider _preferencesProvider; - private AtomicReference<State> _state = new AtomicReference<State>(State.UNINITIALIZED); @ManagedAttributeField private List<String> _secureOnlyMechanisms; @@ -139,12 +137,6 @@ public abstract class AbstractAuthenticationManager<T extends AbstractAuthentica throw new IllegalConfigurationException("Cannot associate " + user + " with authentication provider " + this); } - @Override - public State getState() - { - return _state.get(); - } - @SuppressWarnings("unchecked") @Override public <C extends ConfiguredObject> C addChild(Class<C> childClass, Map<String, Object> attributes, ConfiguredObject... otherParents) @@ -185,7 +177,7 @@ public abstract class AbstractAuthenticationManager<T extends AbstractAuthentica @StateTransition( currentState = State.UNINITIALIZED, desiredState = State.QUIESCED ) protected void startQuiesced() { - _state.set(State.QUIESCED); + setState(State.QUIESCED); } @StateTransition( currentState = { State.UNINITIALIZED, State.QUIESCED, State.QUIESCED }, desiredState = State.ACTIVE ) @@ -193,11 +185,11 @@ public abstract class AbstractAuthenticationManager<T extends AbstractAuthentica { try { - _state.set(State.ACTIVE); + setState(State.ACTIVE); } catch(RuntimeException e) { - _state.set(State.ERRORED); + setState(State.ERRORED); if (_broker.isManagementMode()) { LOGGER.warn("Failed to activate authentication provider: " + getName(), e); @@ -234,16 +226,10 @@ public abstract class AbstractAuthenticationManager<T extends AbstractAuthentica } deleted(); - _state.set(State.DELETED); + setState(State.DELETED); } - - protected boolean updateState(State from, State to) - { - return _state.compareAndSet(from, to); - } - @Override public Object getAttribute(final String name) { diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java index 3197d78c2a..a6a2ea8d34 100644 --- a/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java +++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java @@ -117,7 +117,7 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal } catch(IllegalConfigurationException e) { - updateState(getState(), State.ERRORED); + setState(State.ERRORED); } } @@ -378,7 +378,7 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal { initialise(); // if provider was previously in ERRORED state then set its state to ACTIVE - updateState(State.ERRORED, State.ACTIVE); + setState(State.ACTIVE); } catch(RuntimeException e) { @@ -396,8 +396,6 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal { private final Principal _user; - private State _state = State.UNINITIALIZED; - @ManagedAttributeField private String _password; @@ -447,13 +445,6 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal } } - - @Override - public State getState() - { - return _state; - } - @Override public boolean changeAttribute(String name, Object expected, Object desired) throws IllegalStateException, AccessControlException, IllegalArgumentException @@ -469,7 +460,7 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal @StateTransition(currentState = State.UNINITIALIZED, desiredState = State.ACTIVE) private void activate() { - _state = State.ACTIVE; + setState(State.ACTIVE); } @StateTransition(currentState = State.ACTIVE, desiredState = State.DELETED) @@ -485,7 +476,7 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal preferencesProvider.deletePreferences(userName); } deleted(); - _state = State.DELETED; + setState(State.DELETED); } catch (AccountNotFoundException e) { diff --git a/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramAuthUser.java b/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramAuthUser.java index f28b46d1dd..1f80a84e4f 100644 --- a/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramAuthUser.java +++ b/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramAuthUser.java @@ -59,7 +59,7 @@ class ScramAuthUser extends AbstractConfiguredObject<ScramAuthUser> implements U { throw new IllegalArgumentException("Scram SHA1 user names are restricted to characters in the ASCII charset"); } - + setState(State.ACTIVE); } @Override @@ -168,12 +168,6 @@ class ScramAuthUser extends AbstractConfiguredObject<ScramAuthUser> implements U } @Override - public State getState() - { - return State.ACTIVE; - } - - @Override public <C extends ConfiguredObject> Collection<C> getChildren(final Class<C> clazz) { return Collections.emptySet(); |