summaryrefslogtreecommitdiff
path: root/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java
diff options
context:
space:
mode:
Diffstat (limited to 'qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java')
-rw-r--r--qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java431
1 files changed, 0 insertions, 431 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java
deleted file mode 100644
index c09cdc33f5..0000000000
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java
+++ /dev/null
@@ -1,431 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- *
- */
-
-package org.apache.qpid.server.security.access.plugins;
-
-import org.apache.commons.configuration.Configuration;
-import org.apache.log4j.Logger;
-import org.apache.qpid.AMQConnectionException;
-import org.apache.qpid.framing.AMQMethodBody;
-import org.apache.qpid.framing.AMQShortString;
-import org.apache.qpid.framing.BasicConsumeBody;
-import org.apache.qpid.framing.BasicPublishBody;
-
-import org.apache.qpid.protocol.AMQConstant;
-import org.apache.qpid.server.exchange.Exchange;
-import org.apache.qpid.server.protocol.AMQProtocolSession;
-import org.apache.qpid.server.security.access.ACLManager;
-import org.apache.qpid.server.security.access.ACLPlugin;
-import org.apache.qpid.server.security.access.AccessResult;
-import org.apache.qpid.server.security.access.Permission;
-import org.apache.qpid.server.security.access.PrincipalPermissions;
-
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
-/**
- * This uses the default
- */
-public class SimpleXML implements ACLPlugin
-{
- private static final Logger _logger = ACLManager.getLogger();
-
- private Map<String, PrincipalPermissions> _users;
-
- public SimpleXML()
- {
- _users = new ConcurrentHashMap<String, PrincipalPermissions>();
- }
-
- public void setConfiguaration(Configuration config)
- {
- _logger.info("SimpleXML Configuration");
-
- processConfig(config);
- }
-
- private void processConfig(Configuration config)
- {
- processPublish(config);
-
- processConsume(config);
-
- processCreate(config);
- }
-
- /**
- * Publish format takes
- * Exchange + Routing Key Pairs
- *
- * @param config XML Configuration
- */
- private void processPublish(Configuration config)
- {
- Configuration publishConfig = config.subset("security.access_control_list.publish");
-
- //Process users that have full publish permission
- String[] users = publishConfig.getStringArray("users.user");
-
- for (String user : users)
- {
- grant(Permission.PUBLISH, user);
- _logger.info("PUBLISH:GRANTED:USER:" + user + " for all destinations");
- }
-
- // Process exchange limited users
- int exchangeCount = 0;
- Configuration exchangeConfig = publishConfig.subset("exchanges.exchange(" + exchangeCount + ")");
-
- while (!exchangeConfig.isEmpty())
- {
- //Get Exchange Name
- AMQShortString exchangeName = new AMQShortString(exchangeConfig.getString("name"));
-
- //Get Routing Keys
- int keyCount = 0;
- Configuration routingkeyConfig = exchangeConfig.subset("routing_keys.routing_key(" + keyCount + ")");
-
- while (!routingkeyConfig.isEmpty())
- {
- //Get RoutingKey Value
- AMQShortString routingKeyValue = new AMQShortString(routingkeyConfig.getString("value"));
-
- //Apply Exchange + RoutingKey permissions to Users
- users = routingkeyConfig.getStringArray("users.user");
- for (String user : users)
- {
- grant(Permission.PUBLISH, user, exchangeName, routingKeyValue);
- _logger.info("PUBLISH:GRANTED:USER:" + user + " on Exchange '" + exchangeName + "' for key '" + routingKeyValue + "'");
- }
-
- //Apply permissions to Groups
-
- // Check for more configs
- keyCount++;
- routingkeyConfig = exchangeConfig.subset("routing_keys.routing_key(" + keyCount + ")");
- }
-
- //Apply Exchange wide permissions to Users
- users = exchangeConfig.getStringArray("exchange(" + exchangeCount + ").users.user");
-
- for (String user : users)
- {
- grant(Permission.PUBLISH, user, exchangeName);
- _logger.info("PUBLISH:GRANTED:USER:" + user + " on Exchange:" + exchangeName);
- }
-
- //Apply permissions to Groups
- exchangeCount++;
- exchangeConfig = publishConfig.subset("exchanges.exchange(" + exchangeCount + ")");
- }
- }
-
- private void grant(Permission permission, String user, Object... parameters)
- {
- PrincipalPermissions permissions = _users.get(user);
-
- if (permissions == null)
- {
- permissions = new PrincipalPermissions(user);
- }
-
- _users.put(user, permissions);
- permissions.grant(permission, parameters);
- }
-
- private void processConsume(Configuration config)
- {
- Configuration consumeConfig = config.subset("security.access_control_list.consume");
-
- // Process queue limited users
- int queueCount = 0;
- Configuration queueConfig = consumeConfig.subset("queues.queue(" + queueCount + ")");
-
- while (!queueConfig.isEmpty())
- {
- //Get queue Name
- AMQShortString queueName = new AMQShortString(queueConfig.getString("name"));
- // if there is no name then there may be a temporary element
- boolean temporary = queueConfig.containsKey("temporary");
- boolean ownQueues = queueConfig.containsKey("own_queues");
-
- //Process permissions for this queue
- String[] users = queueConfig.getStringArray("users.user");
- for (String user : users)
- {
- grant(Permission.CONSUME, user, queueName, temporary, ownQueues);
- if (temporary)
- {
- if (ownQueues)
- {
- _logger.info("CONSUME:GRANTED:USER:" + user + " on temporary queues owned by user.");
- }
- else
- {
- _logger.info("CONSUME:GRANTED:USER:" + user + " on all temporary queues.");
- }
- }
- else
- {
- _logger.info("CONSUME:GRANTED:USER:" + user + " on queue '" + queueName + "'");
- }
- }
-
- //See if we have another config
- queueCount++;
- queueConfig = consumeConfig.subset("queues.queue(" + queueCount + ")");
- }
-
- // Process users that have full consume permission
- String[] users = consumeConfig.getStringArray("users.user");
-
- for (String user : users)
- {
- grant(Permission.CONSUME, user);
- _logger.info("CONSUME:GRANTED:USER:" + user + " from all queues.");
- }
- }
-
- private void processCreate(Configuration config)
- {
- Configuration createConfig = config.subset("security.access_control_list.create");
-
- // Process create permissions for queue creation
- int queueCount = 0;
- Configuration queueConfig = createConfig.subset("queues.queue(" + queueCount + ")");
-
- while (!queueConfig.isEmpty())
- {
- //Get queue Name
- AMQShortString queueName = new AMQShortString(queueConfig.getString("name"));
-
- // if there is no name then there may be a temporary element
- boolean temporary = queueConfig.containsKey("temporary");
-
- int exchangeCount = 0;
- Configuration exchangeConfig = queueConfig.subset("exchanges.exchange(" + exchangeCount + ")");
-
- while (!exchangeConfig.isEmpty())
- {
-
- AMQShortString exchange = new AMQShortString(exchangeConfig.getString("name"));
- AMQShortString routingKey = new AMQShortString(exchangeConfig.getString("routing_key"));
-
- //Process permissions for this queue
- String[] users = exchangeConfig.getStringArray("users.user");
- for (String user : users)
- {
- grant(Permission.CREATE, user, temporary,
- (queueName.equals("") ? null : queueName),
- (exchange.equals("") ? null : exchange),
- (routingKey.equals("") ? null : routingKey));
-
- _logger.info("CREATE :GRANTED:USER:" + user + " for "
- + (queueName.equals("") ? "" : "queue '" + queueName + "' ")
- + (exchange.equals("") ? "" : "exchange '" + exchange + "' ")
- + (routingKey.equals("") ? "" : " rk '" + routingKey + "' ")
- + (temporary ? " temporary:" + temporary : ""));
- }
-
- //See if we have another config
- exchangeCount++;
- exchangeConfig = queueConfig.subset("exchanges.exchange(" + exchangeCount + ")");
- }
-
- // Process users that are not bound to an exchange
- String[] users = queueConfig.getStringArray("users.user");
-
- for (String user : users)
- {
- grant(Permission.CREATE, user, temporary, queueName);
- if (temporary)
- {
- _logger.info("CREATE :GRANTED:USER:" + user + " from temporary queues on any exchange.");
- }
- else
- {
- _logger.info("CREATE :GRANTED:USER:" + user + " from queue '" + queueName + "' on any exchange.");
- }
- }
-
- //See if we have another config
- queueCount++;
- queueConfig = createConfig.subset("queues.queue(" + queueCount + ")");
- }
-
- // Process create permissions for exchange creation
- int exchangeCount = 0;
- Configuration exchangeConfig = createConfig.subset("exchanges.exchange(" + exchangeCount + ")");
-
- while (!exchangeConfig.isEmpty())
- {
- AMQShortString exchange = new AMQShortString(exchangeConfig.getString("name"));
- AMQShortString clazz = new AMQShortString(exchangeConfig.getString("class"));
-
- //Process permissions for this queue
- String[] users = exchangeConfig.getStringArray("users.user");
- for (String user : users)
- {
- grant(Permission.CREATE, user, exchange, clazz);
- _logger.info("CREATE:GRANTED:USER:" + user + " for exchange '" + exchange + ":class:'" + clazz);
- }
-
- //See if we have another config
- exchangeCount++;
- exchangeConfig = queueConfig.subset("exchanges.exchange(" + exchangeCount + ")");
- }
-
- // Process users that have full create permission
- String[] users = createConfig.getStringArray("users.user");
-
- for (String user : users)
- {
- grant(Permission.CREATE, user);
- _logger.info("CREATE:GRANTED:USER:" + user + " from all queues & exchanges.");
- }
-
-
- }
-
- public String getPluginName()
- {
- return "Simple";
- }
-
- public AccessResult authorise(AMQProtocolSession session, Permission permission, AMQMethodBody body, Object... parameters) throws AMQConnectionException
- {
- String error = "";
-
- if (ACLManager.getLogger().isInfoEnabled())
- {
- ACLManager.getLogger().info("Simple Authorisation processing user:" + session.getAuthorizedID() + " for :" + permission.toString()
- + " on " + body.getClass().getSimpleName()
- + (parameters == null || parameters.length == 0 ? "" : "-" + AllowAll.accessablesToString(parameters)));
- }
-
- String username = session.getAuthorizedID().getName();
-
- //Get the Users Permissions
- PrincipalPermissions permissions = _users.get(username);
-
- _logger.warn("Processing :" + permission + " for:" + username + ":" + permissions+":"+parameters.length);
-
- if (permissions != null)
- {
- switch (permission)
- {
- case ACCESS:
- _logger.warn("GRANTED:"+permission);
- return new AccessResult(this, AccessResult.AccessStatus.GRANTED);
- case BIND: // Body QueueDeclareBody - Parameters : Exchange, Queue, QueueName
- // Body QueueBindBody - Paramters : Exchange, Queue, QueueName
- if (parameters.length == 3)
- {
- // Parameters : Exchange, Queue, RoutingKey
- if (permissions.authorise(Permission.BIND, body, parameters[0], parameters[1], parameters[2]))
- {
- _logger.warn("GRANTED:"+permission);
- return new AccessResult(this, AccessResult.AccessStatus.GRANTED);
- }
- }
- break;
- case CONSUME: // Parameters : none
- if (parameters.length == 1 && permissions.authorise(Permission.CONSUME, parameters[0]))
- {
- _logger.warn("GRANTED:"+permission);
- return new AccessResult(this, AccessResult.AccessStatus.GRANTED);
- }
- break;
- case CREATE: // Body : QueueDeclareBody | ExchangeDeclareBody - Parameters : none
- if (permissions.authorise(Permission.CREATE, body))
- {
- _logger.warn("GRANTED:"+permission);
- return new AccessResult(this, AccessResult.AccessStatus.GRANTED);
- }
- break;
- case PUBLISH: // Body : BasicPublishBody Parameters : exchange
- if (parameters.length == 1 && parameters[0] instanceof Exchange)
- {
- if (permissions.authorise(Permission.PUBLISH, ((Exchange) parameters[0]).getName(),
- ((BasicPublishBody) body).getRoutingKey()))
- {
- _logger.warn("GRANTED:"+permission);
- return new AccessResult(this, AccessResult.AccessStatus.GRANTED);
- }
- }
- break;
- case PURGE:
- break;
- case DELETE:
- break;
- case UNBIND:
- break;
- }
- }
-
- _logger.warn("Access Denied for :" + permission + " for:" + username + ":" + permissions);
- //todo potential refactor this ConnectionException Out of here
- throw body.getConnectionException(AMQConstant.ACCESS_REFUSED, error);
- }
-
-//todo use or lose
-// if (accessObject instanceof VirtualHost)
-// {
-// VirtualHostAccess[] hosts = lookupVirtualHost(user.getName());
-//
-// if (hosts != null)
-// {
-// for (VirtualHostAccess host : hosts)
-// {
-// if (accessObject.getAccessableName().equals(host.getVirtualHost()))
-// {
-// if (host.getAccessRights().allows(rights))
-// {
-// return new AccessResult(this, AccessResult.AccessStatus.GRANTED);
-// }
-// else
-// {
-// return new AccessResult(this, AccessResult.AccessStatus.REFUSED);
-// }
-// }
-// }
-// }
-// }
-// else if (accessObject instanceof AMQQueue)
-// {
-// String[] queues = lookupQueue(username, ((AMQQueue) accessObject).getVirtualHost());
-//
-// if (queues != null)
-// {
-// for (String queue : queues)
-// {
-// if (accessObject.getAccessableName().equals(queue))
-// {
-// return new AccessResult(this, AccessResult.AccessStatus.GRANTED);
-// }
-// }
-// }
-// }
-
-// return new AccessResult(this, AccessResult.AccessStatus.REFUSED);
-// }
-
-}
View Lorry Controller Status