summaryrefslogtreecommitdiff
path: root/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java
diff options
context:
space:
mode:
Diffstat (limited to 'trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java')
-rw-r--r--trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java323
1 files changed, 0 insertions, 323 deletions
diff --git a/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java b/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java
deleted file mode 100644
index 7d6ae285c5..0000000000
--- a/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java
+++ /dev/null
@@ -1,323 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- *
- */
-package org.apache.qpid.server.security.access;
-
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Map.Entry;
-
-import org.apache.commons.configuration.Configuration;
-import org.apache.commons.configuration.ConfigurationException;
-import org.apache.log4j.Logger;
-import org.apache.qpid.framing.AMQShortString;
-import org.apache.qpid.server.configuration.SecurityConfiguration;
-import org.apache.qpid.server.exchange.Exchange;
-import org.apache.qpid.server.plugins.PluginManager;
-import org.apache.qpid.server.queue.AMQQueue;
-import org.apache.qpid.server.security.access.ACLPlugin.AuthzResult;
-import org.apache.qpid.server.security.PrincipalHolder;
-import org.apache.qpid.server.virtualhost.VirtualHost;
-
-public class ACLManager
-{
- private static final Logger _logger = Logger.getLogger(ACLManager.class);
- private PluginManager _pluginManager;
- private Map<String, ACLPluginFactory> _allSecurityPlugins = new HashMap<String, ACLPluginFactory>();
- private Map<String, ACLPlugin> _globalPlugins = new HashMap<String, ACLPlugin>();
- private Map<String, ACLPlugin> _hostPlugins = new HashMap<String, ACLPlugin>();
-
- public ACLManager(SecurityConfiguration configuration, PluginManager manager) throws ConfigurationException
- {
- this(configuration, manager, null);
- }
-
- public ACLManager(SecurityConfiguration configuration, PluginManager manager, ACLPluginFactory securityPlugin) throws ConfigurationException
- {
- _pluginManager = manager;
-
- if (manager == null) // No plugin manager, no plugins
- {
- return;
- }
-
- _allSecurityPlugins = _pluginManager.getSecurityPlugins();
- if (securityPlugin != null)
- {
- _allSecurityPlugins.put(securityPlugin.getClass().getName(), securityPlugin);
- }
-
- configureGlobalPlugins(configuration);
- }
-
- public void configureHostPlugins(SecurityConfiguration hostConfig) throws ConfigurationException
- {
- _hostPlugins = configurePlugins(hostConfig);
- }
-
- public void configureGlobalPlugins(SecurityConfiguration configuration) throws ConfigurationException
- {
- _globalPlugins = configurePlugins(configuration);
- }
-
- public Map<String, ACLPlugin> configurePlugins(SecurityConfiguration hostConfig) throws ConfigurationException
- {
- Configuration securityConfig = hostConfig.getConfiguration();
- Map<String, ACLPlugin> plugins = new HashMap<String, ACLPlugin>();
- Iterator keys = securityConfig.getKeys();
- Collection<String> handledTags = new HashSet();
- while (keys.hasNext())
- {
- // Splitting the string is necessary here because of the way that getKeys() returns only
- // bottom level children
- String tag = ((String) keys.next()).split("\\.", 2)[0];
- if (!handledTags.contains(tag))
- {
- for (ACLPluginFactory plugin : _allSecurityPlugins.values())
- {
- if (plugin.supportsTag(tag))
- {
- _logger.info("Plugin handling security section "+tag+" is "+plugin);
- handledTags.add(tag);
- plugins.put(plugin.getClass().getName(), plugin.newInstance(securityConfig));
- }
- }
- }
- if (!handledTags.contains(tag))
- {
- _logger.warn("No plugin handled security section "+tag);
- }
- }
- return plugins;
- }
-
- public static Logger getLogger()
- {
- return _logger;
- }
-
- private abstract class AccessCheck
- {
- abstract AuthzResult allowed(ACLPlugin plugin);
- }
-
- private boolean checkAllPlugins(AccessCheck checker)
- {
- AuthzResult result = AuthzResult.ABSTAIN;
- HashMap<String, ACLPlugin> remainingPlugins = new HashMap<String, ACLPlugin>();
- remainingPlugins.putAll(_globalPlugins);
- for (Entry<String, ACLPlugin> plugin : _hostPlugins.entrySet())
- {
- result = checker.allowed(plugin.getValue());
- if (result == AuthzResult.DENIED)
- {
- // Something vetoed the access, we're done
- return false;
- }
- else if (result == AuthzResult.ALLOWED)
- {
- // Remove plugin from global check list since
- // host allow overrides global allow
- remainingPlugins.remove(plugin.getKey());
- }
- }
-
- for (ACLPlugin plugin : remainingPlugins.values())
- {
- result = checker.allowed(plugin);
- if (result == AuthzResult.DENIED)
- {
- return false;
- }
- }
- return true;
- }
-
- public boolean authoriseBind(final PrincipalHolder session, final Exchange exch, final AMQQueue queue,
- final AMQShortString routingKey)
- {
- return checkAllPlugins(new AccessCheck()
- {
-
- @Override
- AuthzResult allowed(ACLPlugin plugin)
- {
- return plugin.authoriseBind(session, exch, queue, routingKey);
- }
-
- });
- }
-
- public boolean authoriseConnect(final PrincipalHolder session, final VirtualHost virtualHost)
- {
- return checkAllPlugins(new AccessCheck()
- {
-
- @Override
- AuthzResult allowed(ACLPlugin plugin)
- {
- return plugin.authoriseConnect(session, virtualHost);
- }
-
- });
- }
-
- public boolean authoriseConsume(final PrincipalHolder session, final boolean noAck, final AMQQueue queue)
- {
- return checkAllPlugins(new AccessCheck()
- {
-
- @Override
- AuthzResult allowed(ACLPlugin plugin)
- {
- return plugin.authoriseConsume(session, noAck, queue);
- }
-
- });
- }
-
- public boolean authoriseConsume(final PrincipalHolder session, final boolean exclusive, final boolean noAck,
- final boolean noLocal, final boolean nowait, final AMQQueue queue)
- {
- return checkAllPlugins(new AccessCheck()
- {
-
- @Override
- AuthzResult allowed(ACLPlugin plugin)
- {
- return plugin.authoriseConsume(session, exclusive, noAck, noLocal, nowait, queue);
- }
-
- });
- }
-
- public boolean authoriseCreateExchange(final PrincipalHolder session, final boolean autoDelete,
- final boolean durable, final AMQShortString exchangeName, final boolean internal, final boolean nowait,
- final boolean passive, final AMQShortString exchangeType)
- {
- return checkAllPlugins(new AccessCheck()
- {
-
- @Override
- AuthzResult allowed(ACLPlugin plugin)
- {
- return plugin.authoriseCreateExchange(session, autoDelete, durable, exchangeName, internal, nowait,
- passive, exchangeType);
- }
-
- });
- }
-
- public boolean authoriseCreateQueue(final PrincipalHolder session, final boolean autoDelete,
- final boolean durable, final boolean exclusive, final boolean nowait, final boolean passive,
- final AMQShortString queue)
- {
- return checkAllPlugins(new AccessCheck()
- {
-
- @Override
- AuthzResult allowed(ACLPlugin plugin)
- {
- return plugin.authoriseCreateQueue(session, autoDelete, durable, exclusive, nowait, passive, queue);
- }
-
- });
- }
-
- public boolean authoriseDelete(final PrincipalHolder session, final AMQQueue queue)
- {
- return checkAllPlugins(new AccessCheck()
- {
-
- @Override
- AuthzResult allowed(ACLPlugin plugin)
- {
- return plugin.authoriseDelete(session, queue);
- }
-
- });
- }
-
- public boolean authoriseDelete(final PrincipalHolder session, final Exchange exchange)
- {
- return checkAllPlugins(new AccessCheck()
- {
-
- @Override
- AuthzResult allowed(ACLPlugin plugin)
- {
- return plugin.authoriseDelete(session, exchange);
- }
-
- });
- }
-
- public boolean authorisePublish(final PrincipalHolder session, final boolean immediate, final boolean mandatory,
- final AMQShortString routingKey, final Exchange e)
- {
- return checkAllPlugins(new AccessCheck()
- {
-
- @Override
- AuthzResult allowed(ACLPlugin plugin)
- {
- return plugin.authorisePublish(session, immediate, mandatory, routingKey, e);
- }
-
- });
- }
-
- public boolean authorisePurge(final PrincipalHolder session, final AMQQueue queue)
- {
- return checkAllPlugins(new AccessCheck()
- {
-
- @Override
- AuthzResult allowed(ACLPlugin plugin)
- {
- return plugin.authorisePurge(session, queue);
- }
-
- });
- }
-
- public boolean authoriseUnbind(final PrincipalHolder session, final Exchange exch,
- final AMQShortString routingKey, final AMQQueue queue)
- {
- return checkAllPlugins(new AccessCheck()
- {
-
- @Override
- AuthzResult allowed(ACLPlugin plugin)
- {
- return plugin.authoriseUnbind(session, exch, routingKey, queue);
- }
-
- });
- }
-
- public void addHostPlugin(ACLPlugin aclPlugin)
- {
- _hostPlugins.put(aclPlugin.getClass().getName(), aclPlugin);
- }
-}
View Lorry Controller Status