diff options
Diffstat (limited to 'java/broker/src/main/java/org')
5 files changed, 29 insertions, 72 deletions
diff --git a/java/broker/src/main/java/org/apache/qpid/server/configuration/VirtualHostConfiguration.java b/java/broker/src/main/java/org/apache/qpid/server/configuration/VirtualHostConfiguration.java index 48f2d776bb..a710230616 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/configuration/VirtualHostConfiguration.java +++ b/java/broker/src/main/java/org/apache/qpid/server/configuration/VirtualHostConfiguration.java @@ -306,7 +306,13 @@ public class VirtualHostConfiguration extends ConfigurationPlugin @Override public void validateConfiguration() throws ConfigurationException { - //Currently doesn't do validation + // QPID-3249. Support for specifying authentication name at vhost level is no longer supported. + if (getListValue("security.authentication.name").size() > 0) + { + String message = "Validation error : security/authentication/name is no longer a supported element within the configuration xml." + + " It appears in virtual host definition : " + _name; + throw new ConfigurationException(message); + } } public int getHouseKeepingThreadCount() diff --git a/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java b/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java index 72b2a68450..b6df0cc0a6 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java +++ b/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java @@ -287,7 +287,7 @@ public abstract class ApplicationRegistry implements IApplicationRegistry createDatabaseManager(_configuration); - _authenticationManager = new PrincipalDatabaseAuthenticationManager(null, null); + _authenticationManager = new PrincipalDatabaseAuthenticationManager(); _databaseManager.initialiseManagement(_configuration); diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java index bc771162fd..39e1e07c57 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java @@ -26,6 +26,10 @@ import javax.security.sasl.SaslServer; import org.apache.qpid.common.Closeable; import org.apache.qpid.server.security.auth.AuthenticationResult; +/** + * The AuthenticationManager class is the entity responsible for + * determining the authenticity of user credentials. + */ public interface AuthenticationManager extends Closeable { String getMechanisms(); diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java index 2a967f02af..d10ad2c170 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java @@ -21,9 +21,6 @@ package org.apache.qpid.server.security.auth.manager; import org.apache.log4j.Logger; -import org.apache.commons.configuration.Configuration; -import org.apache.commons.configuration.ConfigurationException; -import org.apache.qpid.server.configuration.VirtualHostConfiguration; import org.apache.qpid.server.registry.ApplicationRegistry; import org.apache.qpid.server.security.auth.manager.AuthenticationManager; import org.apache.qpid.server.security.auth.database.PrincipalDatabase; @@ -41,6 +38,11 @@ import java.util.HashMap; import java.util.TreeMap; import java.security.Security; +/** + * Concrete implementation of the AuthenticationManager that determines if supplied + * user credentials match those appearing in a PrincipalDatabase. + * + */ public class PrincipalDatabaseAuthenticationManager implements AuthenticationManager { private static final Logger _logger = Logger.getLogger(PrincipalDatabaseAuthenticationManager.class); @@ -57,47 +59,17 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan */ private Map<String, Map<String, ?>> _serverCreationProperties = new HashMap<String, Map<String, ?>>(); - private AuthenticationManager _default = null; /** The name for the required SASL Server mechanisms */ public static final String PROVIDER_NAME= "AMQSASLProvider-Server"; - public PrincipalDatabaseAuthenticationManager(String name, VirtualHostConfiguration hostConfig) throws Exception + public PrincipalDatabaseAuthenticationManager() { - _logger.info("Initialising " + (name == null ? "Default" : "'" + name + "'") - + " PrincipalDatabase authentication manager."); - - // Fixme This should be done per Vhost but allowing global hack isn't right but ... - // required as authentication is done before Vhost selection + _logger.info("Initialising PrincipalDatabase authentication manager."); Map<String, Class<? extends SaslServerFactory>> providerMap = new TreeMap<String, Class<? extends SaslServerFactory>>(); - if (name == null || hostConfig == null) - { - initialiseAuthenticationMechanisms(providerMap, ApplicationRegistry.getInstance().getDatabaseManager().getDatabases()); - } - else - { - String databaseName = hostConfig.getAuthenticationDatabase(); - - if (databaseName == null) - { - - _default = ApplicationRegistry.getInstance().getAuthenticationManager(); - return; - } - else - { - PrincipalDatabase database = ApplicationRegistry.getInstance().getDatabaseManager().getDatabases().get(databaseName); - - if (database == null) - { - throw new ConfigurationException("Requested database:" + databaseName + " was not found"); - } - - initialiseAuthenticationMechanisms(providerMap, database); - } - } + initialiseAuthenticationMechanisms(providerMap, ApplicationRegistry.getInstance().getDatabaseManager().getDatabases()); if (providerMap.size() > 0) { @@ -116,11 +88,9 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan { _logger.warn("No additional SASL providers registered."); } - } - - private void initialiseAuthenticationMechanisms(Map<String, Class<? extends SaslServerFactory>> providerMap, Map<String, PrincipalDatabase> databases) throws Exception + private void initialiseAuthenticationMechanisms(Map<String, Class<? extends SaslServerFactory>> providerMap, Map<String, PrincipalDatabase> databases) { if (databases.size() > 1) { @@ -136,7 +106,7 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan } } - private void initialiseAuthenticationMechanisms(Map<String, Class<? extends SaslServerFactory>> providerMap, PrincipalDatabase database) throws Exception + private void initialiseAuthenticationMechanisms(Map<String, Class<? extends SaslServerFactory>> providerMap, PrincipalDatabase database) { if (database == null || database.getMechanisms().size() == 0) { @@ -152,7 +122,7 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan private void initialiseAuthenticationMechanism(String mechanism, AuthenticationProviderInitialiser initialiser, Map<String, Class<? extends SaslServerFactory>> providerMap) - throws Exception + { if (_mechanisms == null) { @@ -175,41 +145,17 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan public String getMechanisms() { - if (_default != null) - { - // Use the default AuthenticationManager if present - return _default.getMechanisms(); - } - else - { - return _mechanisms; - } + return _mechanisms; } public SaslServer createSaslServer(String mechanism, String localFQDN) throws SaslException { - if (_default != null) - { - // Use the default AuthenticationManager if present - return _default.createSaslServer(mechanism, localFQDN); - } - else - { - return Sasl.createSaslServer(mechanism, "AMQP", localFQDN, _serverCreationProperties.get(mechanism), - _callbackHandlerMap.get(mechanism)); - } - + return Sasl.createSaslServer(mechanism, "AMQP", localFQDN, _serverCreationProperties.get(mechanism), + _callbackHandlerMap.get(mechanism)); } public AuthenticationResult authenticate(SaslServer server, byte[] response) { - // Use the default AuthenticationManager if present - if (_default != null) - { - return _default.authenticate(server, response); - } - - try { // Process response from the client @@ -232,6 +178,7 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan public void close() { + _mechanisms = null; Security.removeProvider(PROVIDER_NAME); } } diff --git a/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java b/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java index 8ce4121b97..33c713c62a 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java +++ b/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java @@ -101,7 +101,7 @@ public class VirtualHostImpl implements VirtualHost private AMQBrokerManagerMBean _brokerMBean; - private AuthenticationManager _authenticationManager; + private final AuthenticationManager _authenticationManager; private SecurityManager _securityManager; @@ -248,7 +248,7 @@ public class VirtualHostImpl implements VirtualHost initialiseMessageStore(hostConfig); } - _authenticationManager = new PrincipalDatabaseAuthenticationManager(_name, _configuration); + _authenticationManager = ApplicationRegistry.getInstance().getAuthenticationManager(); _brokerMBean = new AMQBrokerManagerMBean(_virtualHostMBean); _brokerMBean.register(); |