[jboss-cvs] JBoss Messaging SVN: r3702 - in trunk: docs/examples/embedded/src/org/jboss/example/embedded and 15 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Feb 12 06:24:19 EST 2008
Author: ataylor
Date: 2008-02-12 06:24:18 -0500 (Tue, 12 Feb 2008)
New Revision: 3702
Added:
trunk/src/main/org/jboss/jms/server/container/SecurityManager.java
Removed:
trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java
trunk/src/main/org/jboss/jms/server/plugin/
Modified:
trunk/docs/examples/common/src/org/jboss/example/jms/common/ExampleSupport.java
trunk/docs/examples/embedded/src/org/jboss/example/embedded/EmbeddedExample.java
trunk/src/etc/server/default/deploy/jbm-beans.xml
trunk/src/etc/server/default/deploy/jbm-jndi.xml
trunk/src/etc/server/default/deploy/queues.xml
trunk/src/main/org/jboss/jms/client/JBossSession.java
trunk/src/main/org/jboss/jms/destination/JBossQueue.java
trunk/src/main/org/jboss/jms/destination/JBossTemporaryQueue.java
trunk/src/main/org/jboss/jms/destination/JBossTemporaryTopic.java
trunk/src/main/org/jboss/jms/destination/JBossTopic.java
trunk/src/main/org/jboss/jms/jndi/JNDIObjectDeployer.java
trunk/src/main/org/jboss/jms/server/endpoint/ServerSessionEndpoint.java
trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java
trunk/src/main/org/jboss/messaging/core/Configuration.java
trunk/src/main/org/jboss/messaging/core/FileConfiguration.java
trunk/src/main/org/jboss/messaging/core/MessagingServer.java
trunk/src/main/org/jboss/messaging/core/impl/server/MessagingServerImpl.java
trunk/src/main/org/jboss/messaging/deployers/security/SecurityDeployer.java
trunk/tests/build.xml
trunk/tests/src/org/jboss/jms/server/test/unit/ConfigurationTest.java
trunk/tests/src/org/jboss/test/messaging/jms/SecurityTest.java
trunk/tests/src/org/jboss/test/messaging/jms/TemporaryDestinationTest.java
trunk/tests/src/org/jboss/test/messaging/tools/container/LocalTestServer.java
Log:
refactoring of security and removal of JMSUsermanager
Modified: trunk/docs/examples/common/src/org/jboss/example/jms/common/ExampleSupport.java
===================================================================
--- trunk/docs/examples/common/src/org/jboss/example/jms/common/ExampleSupport.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/docs/examples/common/src/org/jboss/example/jms/common/ExampleSupport.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -41,7 +41,7 @@
ClientConnection del = jbconn.getConnection();
- return del.getServerID();
+ return 0;
}
public static void assertEquals(Object o, Object o2)
Modified: trunk/docs/examples/embedded/src/org/jboss/example/embedded/EmbeddedExample.java
===================================================================
--- trunk/docs/examples/embedded/src/org/jboss/example/embedded/EmbeddedExample.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/docs/examples/embedded/src/org/jboss/example/embedded/EmbeddedExample.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -25,17 +25,15 @@
import javax.jms.Session;
-import org.jboss.jms.client.api.ClientConnection;
-import org.jboss.jms.client.api.ClientConnectionFactory;
-import org.jboss.jms.client.api.ClientConsumer;
-import org.jboss.jms.client.api.ClientSession;
+import org.jboss.jms.client.api.*;
import org.jboss.jms.client.impl.ClientConnectionFactoryImpl;
-import org.jboss.messaging.core.Destination;
+import org.jboss.jms.message.JBossTextMessage;
import org.jboss.messaging.core.DestinationType;
import org.jboss.messaging.core.Message;
import org.jboss.messaging.core.MessagingServer;
-import org.jboss.messaging.core.impl.DestinationImpl;
+import org.jboss.messaging.core.Queue;
import org.jboss.messaging.core.impl.MessageImpl;
+import org.jboss.messaging.core.impl.QueueImpl;
import org.jboss.messaging.core.impl.server.MessagingServerImpl;
import org.jboss.messaging.core.remoting.RemotingConfiguration;
@@ -49,19 +47,19 @@
RemotingConfiguration remotingConf = new RemotingConfiguration(TCP, "localhost", 5400);
MessagingServer messagingServer = new MessagingServerImpl(remotingConf);
messagingServer.start();
- messagingServer.createQueue("Queue1");
ClientConnectionFactory cf = new ClientConnectionFactoryImpl(remotingConf);
ClientConnection clientConnection = cf.createConnection(null, null);
- ClientSession clientSession = clientConnection.createClientSession(false, Session.AUTO_ACKNOWLEDGE, false);
+ ClientSession clientSession = clientConnection.createClientSession(false, true, true, 0);
+ clientSession.createQueue("Queue1", "Queue1", null, false, false);
+ ClientProducer clientProducer = clientSession.createProducer();
- MessageImpl message = new MessageImpl();
- Destination destination = new DestinationImpl(DestinationType.QUEUE, "Queue1", false);
- message.putHeader(org.jboss.messaging.core.Message.TEMP_DEST_HEADER_NAME, destination);
- message.setPayload("hello".getBytes());
- clientSession.send(message);
-
- ClientConsumer clientConsumer = clientSession.createClientConsumer(destination, null, false, null);
+ ClientConsumer clientConsumer = clientSession.createConsumer("Queue1", null, false, false, true);
clientConnection.start();
+ MessageImpl message = new MessageImpl(JBossTextMessage.TYPE, true, 0, System.currentTimeMillis(), (byte) 1);
+ message.setPayload("Hello".getBytes());
+ clientProducer.send("Queue1", message);
+
+
Message m = clientConsumer.receive(0);
System.out.println("m = " + new String(m.getPayload()));
clientConnection.close();
Modified: trunk/src/etc/server/default/deploy/jbm-beans.xml
===================================================================
--- trunk/src/etc/server/default/deploy/jbm-beans.xml 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/etc/server/default/deploy/jbm-beans.xml 2008-02-12 11:24:18 UTC (rev 3702)
@@ -20,9 +20,6 @@
<property name="persistenceManager">
<inject bean="PersistenceManager"/>
</property>
- <property name="jmsUserManager">
- <inject bean="JMSUserManager"/>
- </property>
<property name="remotingService">
<inject bean="RemotingService"/>
</property>
@@ -61,37 +58,7 @@
<property name="memoryCacheSize">-1</property>
</bean>
-
- <bean name="JMSUserManager" class="org.jboss.jms.server.plugin.JDBCJMSUserManager">
- <property name="createTablesOnStartup">true</property>
- <property name="ds">
- <inject bean="ServiceLocator" property="dataSource"/>
- </property>
- <property name="tm">
- <inject bean="ServiceLocator" property="transactionManager"/>
- </property>
- <property name="sqlProperties">
- <map class="java.util.Properties" keyClass="java.lang.String" valueClass="java.lang.String">
- <entry>
- <key>POPULATE.TABLES.1</key>
- <value>INSERT INTO JBM_USER (USER_ID,PASSWD,CLIENTID) VALUES ('dilbert','dogbert','dilbert-id')
- </value>
- </entry>
- <entry>
- <key>POPULATE.TABLES.2</key>
- <value>INSERT INTO JBM_USER (USER_ID,PASSWD,CLIENTID) VALUES ('guest','guest')
- </value>
- </entry>
- <entry>
- <key>POPULATE.TABLES.3</key>
- <value>INSERT INTO JBM_ROLE (ROLE_ID, USER_ID) VALUES ('guest','guest')
- </value>
- </entry>
- </map>
- </property>
- </bean>
-
<bean name="RemotingService" class="org.jboss.messaging.core.remoting.impl.mina.MinaService">
<constructor>
<parameter>
Modified: trunk/src/etc/server/default/deploy/jbm-jndi.xml
===================================================================
--- trunk/src/etc/server/default/deploy/jbm-jndi.xml 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/etc/server/default/deploy/jbm-jndi.xml 2008-02-12 11:24:18 UTC (rev 3702)
@@ -27,8 +27,8 @@
<supports-load-balancing>true</supports-load-balancing>
</connection-factory>
- <connection-factory name="jboss.messaging.connectionfactory:service=MyExampleConnectionFactory">
- <entry name="/acme/MyExampleConnectionFactory"/>
+ <connection-factory name="MyExampleConnectionFactory">
+ <entry name="/MyExampleConnectionFactory"/>
<entry name="/acme/MyExampleConnectionFactoryDupe"/>
<entry name="java:/xyz/CF1"/>
<entry name="java:/connectionfactories/acme/connection_factory"/>
@@ -106,4 +106,6 @@
<entry name="/topic/testDistributedTopic"/>
</topic>
+ <clientid name="testClientId" user="testUser" id="testId"/>
+
</deployment>
\ No newline at end of file
Modified: trunk/src/etc/server/default/deploy/queues.xml
===================================================================
--- trunk/src/etc/server/default/deploy/queues.xml 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/etc/server/default/deploy/queues.xml 2008-02-12 11:24:18 UTC (rev 3702)
@@ -1,79 +1,91 @@
<deployment>
- <security match="topics.testTopic">
+ <security match="topicjms.testTopic">
<permission type="create" roles="durpublisher"/>
<permission type="read" roles="guest,publisher,durpublisher"/>
<permission type="write" roles="guest,publisher,durpublisher"/>
</security>
- <security match="topics.securedTopic">
+ <security match="topicjms.securedTopic">
<permission type="write" roles="publisher"/>
<permission type="read" roles="publisher"/>
</security>
- <security match="topics.testDurableTopic">
+ <security match="topicjms.testDurableTopic">
<permission type="create" roles="durpublisher"/>
<permission type="read" roles="guest,publisher,durpublisher"/>
<permission type="write" roles="guest,publisher,durpublisher"/>
</security>
- <security match="queues.testQueue">
+ <security match="queuejms.testQueue">
<permission type="read" roles="guest,publisher"/>
<permission type="write" roles="guest,publisher"/>
</security>
- <security match="queues.NoSuchQueue">
+ <security match="queuejms.NoSuchQueue">
<permission type="read" roles="guest,publisher"/>
<permission type="write" roles="guest,publisher"/>
</security>
- <security match="topics.NoSuchTopic">
+ <security match="topicjms.NoSuchTopic">
<permission type="read" roles="guest,publisher"/>
<permission type="write" roles="guest,publisher"/>
</security>
- <!--this will catch any word i.e. queues.anything-->
- <!--<security match="queues.^">
+ <security match="queuetempjms.*">
+ <permission type="create" roles="guest,def"/>
+ <permission type="read" roles="guest,def"/>
+ <permission type="write" roles="guest,def"/>
+ </security>
+
+ <security match="topictempjms.*">
+ <permission type="create" roles="guest,def"/>
+ <permission type="read" roles="guest,def"/>
+ <permission type="write" roles="guest,def"/>
+ </security>
+
+ <!--this will catch any word i.e. queuejms.anything-->
+ <!--<security match="queuejms.^">
<permission type="read" roles="guest,publisher"/>
<permission type="write" roles="guest,publisher"/>
</security>-->
- <!--this will catch any word i.e. queues.anything-->
- <!--<security match="topics.^">
+ <!--this will catch any word i.e. queuejms.anything-->
+ <!--<security match="topicjms.^">
<permission type="read" roles="guest,publisher"/>
<permission type="write" roles="guest,publisher"/>
</security>-->
<!--default security to catch all-->
<security match="*">
- <permission type="create" roles="guest"/>
- <permission type="read" roles="guest"/>
- <permission type="write" roles="guest"/>
+ <permission type="create" roles="guest,def"/>
+ <permission type="read" roles="guest,def"/>
+ <permission type="write" roles="guest,def"/>
</security>
- <queue-settings match="queues.QueueWithOwnDLQAndExpiryQueue">
+ <queue-settings match="queuejms.QueueWithOwnDLQAndExpiryQueue">
<dlq>PrivateDLQ</dlq>
<expiry-queue>PrivateExpiryQueue</expiry-queue>
</queue-settings>
- <queue-settings match="topics.TopicWithOwnDLQAndExpiryQueue">
+ <queue-settings match="topicjms.TopicWithOwnDLQAndExpiryQueue">
<dlq>PrivateDLQ</dlq>
<expiry-queue>PrivateExpiryQueue</expiry-queue>
</queue-settings>
- <queue-settings match="queues.QueueWithOwnRedeliveryDelay">
+ <queue-settings match="queuejms.QueueWithOwnRedeliveryDelay">
<redelivery-delay>5000</redelivery-delay>
</queue-settings>
- <queue-settings match="topics.TopicWithOwnRedeliveryDelay">
+ <queue-settings match="topicjms.TopicWithOwnRedeliveryDelay">
<redelivery-delay>5000</redelivery-delay>
</queue-settings>
- <queue-settings match="queues.testDistributedQueue">
+ <queue-settings match="queuejms.testDistributedQueue">
<clustered>true</clustered>
</queue-settings>
- <queue-settings match="topics.testDistributedTopic">
+ <queue-settings match="topicjms.testDistributedTopic">
<clustered>true</clustered>
</queue-settings>
Modified: trunk/src/main/org/jboss/jms/client/JBossSession.java
===================================================================
--- trunk/src/main/org/jboss/jms/client/JBossSession.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/main/org/jboss/jms/client/JBossSession.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -673,7 +673,7 @@
session.createQueue(queue.getAddress(), queue.getAddress(), null, false, true);
- session.addAddress(queue.getAddress());
+ //session.addAddress(queue.getAddress());
return queue;
}
Modified: trunk/src/main/org/jboss/jms/destination/JBossQueue.java
===================================================================
--- trunk/src/main/org/jboss/jms/destination/JBossQueue.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/main/org/jboss/jms/destination/JBossQueue.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -49,7 +49,12 @@
{
super(JMS_QUEUE_ADDRESS_PREFIX + name, name);
}
-
+
+ public JBossQueue(String address, String name)
+ {
+ super(address, name);
+ }
+
// Queue implementation ------------------------------------------
public String getQueueName() throws JMSException
Modified: trunk/src/main/org/jboss/jms/destination/JBossTemporaryQueue.java
===================================================================
--- trunk/src/main/org/jboss/jms/destination/JBossTemporaryQueue.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/main/org/jboss/jms/destination/JBossTemporaryQueue.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -37,7 +37,8 @@
// Constants -----------------------------------------------------
private static final long serialVersionUID = 8957042889037273330L;
-
+
+ private static final String JMS_TEMP_QUEUE_ADDRESS_PREFIX = "queuetempjms.";
// Static --------------------------------------------------------
// Attributes ----------------------------------------------------
@@ -48,7 +49,7 @@
public JBossTemporaryQueue(JBossSession session, String name)
{
- super(name);
+ super(JMS_TEMP_QUEUE_ADDRESS_PREFIX + name, name);
this.session = session;
}
Modified: trunk/src/main/org/jboss/jms/destination/JBossTemporaryTopic.java
===================================================================
--- trunk/src/main/org/jboss/jms/destination/JBossTemporaryTopic.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/main/org/jboss/jms/destination/JBossTemporaryTopic.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -38,6 +38,7 @@
private static final long serialVersionUID = -8455283004195652511L;
+ private static final String JMS_TEMP_TOPIC_ADDRESS_PREFIX = "topictempjms.";
// Static --------------------------------------------------------
// Attributes ----------------------------------------------------
@@ -48,7 +49,7 @@
public JBossTemporaryTopic(JBossSession session, String name)
{
- super(name);
+ super(JMS_TEMP_TOPIC_ADDRESS_PREFIX + name, name);
this.session = session;
}
Modified: trunk/src/main/org/jboss/jms/destination/JBossTopic.java
===================================================================
--- trunk/src/main/org/jboss/jms/destination/JBossTopic.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/main/org/jboss/jms/destination/JBossTopic.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -54,7 +54,12 @@
{
super(JMS_TOPIC_ADDRESS_PREFIX + name, name);
}
-
+
+ public JBossTopic(String address, String name)
+ {
+ super(address, name);
+ }
+
// Topic implementation ------------------------------------------
public String getTopicName() throws JMSException
Modified: trunk/src/main/org/jboss/jms/jndi/JNDIObjectDeployer.java
===================================================================
--- trunk/src/main/org/jboss/jms/jndi/JNDIObjectDeployer.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/main/org/jboss/jms/jndi/JNDIObjectDeployer.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -28,10 +28,15 @@
import org.jboss.logging.Logger;
import org.jboss.messaging.core.MessagingServer;
import org.jboss.messaging.core.remoting.RemotingConfiguration;
+import org.jboss.messaging.core.remoting.Interceptor;
+import org.jboss.messaging.core.remoting.wireformat.Packet;
+import org.jboss.messaging.core.remoting.wireformat.PacketType;
+import org.jboss.messaging.core.remoting.wireformat.CreateConnectionRequest;
import org.jboss.messaging.deployers.Deployer;
import org.jboss.messaging.deployers.DeploymentManager;
import org.jboss.messaging.util.JNDIUtil;
import org.jboss.messaging.util.Version;
+import org.jboss.messaging.util.MessagingException;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
@@ -61,6 +66,8 @@
*/
MessagingServer messagingServer;
+// UserManager userManager = new UserManager();
+
private static final String CLIENTID_ELEMENT = "client-id";
private static final String DUPS_OK_BATCH_SIZE_ELEMENT = "dups-ok-batch-size";
private static final String PREFETECH_SIZE_ELEMENT = "prefetch-size";
@@ -106,7 +113,8 @@
*/
public void stop() throws Exception
{
- DeploymentManager.getInstance().unregisterDeployable(this);
+ super.stop();
+ DeploymentManager.getInstance().unregisterDeployable(this);
}
/**
@@ -153,9 +161,9 @@
{
initialContext.lookup(jndiName);
//throw new InvalidDestinationException("Destination " + jndiName + " already exists");
-
+
log.warn("Destination " + jndiName + " already exists");
-
+
return;
}
catch (NameNotFoundException e)
@@ -192,7 +200,7 @@
NodeList attributes = node.getChildNodes();
boolean cfStrictTck = false;
- int prefetchSize = 150;
+ int prefetchSize = 150;
String clientID = null;
int dupsOKBatchSize = 1000;
for (int j = 0; j < attributes.getLength(); j++)
Deleted: trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -1,211 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.jms.server.container;
-
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.jms.JMSSecurityException;
-
-import org.jboss.jms.server.SecurityStore;
-import org.jboss.jms.server.endpoint.ServerConnectionEndpoint;
-import org.jboss.jms.server.security.CheckType;
-import org.jboss.messaging.util.Logger;
-import org.jboss.messaging.util.MessagingException;
-
-/**
- * This aspect enforces the JBossMessaging JMS security policy.
- *
- * This aspect is PER_INSTANCE
- *
- * For performance reasons we cache access rights in the interceptor for a maximum of
- * INVALIDATION_INTERVAL milliseconds.
- * This is because we don't want to do a full authentication and authorization on every send,
- * for example, since this will drastically reduce performance.
- * This means any changes to security data won't be reflected until INVALIDATION_INTERVAL
- * milliseconds later.
- *
- * @author <a href="mailto:tim.fox at jboss.com">Tim Fox</a>
- * @author <a href="mailto:ovidiu at feodorov.com">Ovidiu Feodorov</a>
- * @version <tt>$Revision 1.1 $</tt>
- *
- * $Id$
- */
-public class SecurityAspect
-{
- // Constants -----------------------------------------------------
-
- private static final Logger log = Logger.getLogger(SecurityAspect.class);
-
- // Static --------------------------------------------------------
-
- // Attributes ----------------------------------------------------
-
- private boolean trace = log.isTraceEnabled();
-
- private Set<String> readCache;
-
- private Set<String> writeCache;
-
- private Set createCache;
-
- //TODO Make this configurable
- private static final long INVALIDATION_INTERVAL = 15000;
-
- private long lastCheck;
-
- // Constructors --------------------------------------------------
-
- // Public --------------------------------------------------------
- public SecurityAspect()
- {
- readCache = new HashSet<String>();
-
- writeCache = new HashSet<String>();
-
- createCache = new HashSet<String>();
- }
-
- // Package protected ---------------------------------------------
-
- // Protected -----------------------------------------------------
-
- // Private -------------------------------------------------------
-
- public boolean checkCached(String dest, CheckType checkType)
- {
- long now = System.currentTimeMillis();
-
- boolean granted = false;
-
- if (now - lastCheck > INVALIDATION_INTERVAL)
- {
- readCache.clear();
-
- writeCache.clear();
-
- createCache.clear();
- }
- else
- {
- switch (checkType.type)
- {
- case CheckType.TYPE_READ:
- {
- granted = readCache.contains(dest);
- break;
- }
- case CheckType.TYPE_WRITE:
- {
- granted = writeCache.contains(dest);
- break;
- }
- case CheckType.TYPE_CREATE:
- {
- granted = createCache.contains(dest);
- break;
- }
- default:
- {
- throw new IllegalArgumentException("Invalid checkType:" + checkType);
- }
- }
- }
-
- lastCheck = now;
-
- return granted;
- }
-
- public void check(String dest, CheckType checkType, ServerConnectionEndpoint conn)
- throws MessagingException
- {
- if (trace) { log.trace("checking access permissions to " + dest); }
-
- if (checkCached(dest, checkType))
- {
- // OK
- return;
- }
-
- SecurityStore sm = conn.getSecurityManager();
-
- // Authenticate. Successful autentication will place a new SubjectContext on thread local,
- // which will be used in the authorization process. However, we need to make sure we clean up
- // thread local immediately after we used the information, otherwise some other people
- // security my be screwed up, on account of thread local security stack being corrupted.
-
- sm.authenticate(conn.getUsername(), conn.getPassword());
-
- // Authorize
- try
- {
- if (!sm.authorize(conn.getUsername(), dest, checkType))
- {
- String msg = "User: " + conn.getUsername() +
- " is not authorized to " +
- (checkType == CheckType.READ ? "read from" :
- checkType == CheckType.WRITE ? "write to" : "create durable sub on") +
- " destination " + dest;
-
- throw new MessagingException(MessagingException.SECURITY_EXCEPTION, msg);
- }
- }
- finally
- {
- // pop the Messaging SecurityContext, it did its job
- SecurityActions.popSubjectContext();
- }
-
- // if we get here we're granted, add to the cache
-
- switch (checkType.type)
- {
- case CheckType.TYPE_READ:
- {
- readCache.add(dest);
- break;
- }
- case CheckType.TYPE_WRITE:
- {
- writeCache.add(dest);
- break;
- }
- case CheckType.TYPE_CREATE:
- {
- createCache.add(dest);
- break;
- }
- default:
- {
- throw new IllegalArgumentException("Invalid checkType:" + checkType);
- }
- }
- }
-
- // Inner classes -------------------------------------------------
-
-}
-
-
-
-
Copied: trunk/src/main/org/jboss/jms/server/container/SecurityManager.java (from rev 3698, trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java)
===================================================================
--- trunk/src/main/org/jboss/jms/server/container/SecurityManager.java (rev 0)
+++ trunk/src/main/org/jboss/jms/server/container/SecurityManager.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -0,0 +1,209 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.jms.server.container;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.jboss.jms.server.SecurityStore;
+import org.jboss.jms.server.endpoint.ServerConnectionEndpoint;
+import org.jboss.jms.server.security.CheckType;
+import org.jboss.messaging.util.Logger;
+import org.jboss.messaging.util.MessagingException;
+
+/**
+ * This aspect enforces the JBossMessaging JMS security policy.
+ *
+ * This aspect is PER_INSTANCE
+ *
+ * For performance reasons we cache access rights in the interceptor for a maximum of
+ * INVALIDATION_INTERVAL milliseconds.
+ * This is because we don't want to do a full authentication and authorization on every send,
+ * for example, since this will drastically reduce performance.
+ * This means any changes to security data won't be reflected until INVALIDATION_INTERVAL
+ * milliseconds later.
+ *
+ * @author <a href="mailto:tim.fox at jboss.com">Tim Fox</a>
+ * @author <a href="mailto:ovidiu at feodorov.com">Ovidiu Feodorov</a>
+ * @version <tt>$Revision 1.1 $</tt>
+ *
+ * $Id$
+ */
+public class SecurityManager
+{
+ // Constants -----------------------------------------------------
+
+ private static final Logger log = Logger.getLogger(java.lang.SecurityManager.class);
+
+ // Static --------------------------------------------------------
+
+ // Attributes ----------------------------------------------------
+
+ private boolean trace = log.isTraceEnabled();
+
+ private Set<String> readCache;
+
+ private Set<String> writeCache;
+
+ private Set createCache;
+
+ //TODO Make this configurable
+ private static final long INVALIDATION_INTERVAL = 15000;
+
+ private long lastCheck;
+
+ // Constructors --------------------------------------------------
+
+ // Public --------------------------------------------------------
+ public SecurityManager()
+ {
+ readCache = new HashSet<String>();
+
+ writeCache = new HashSet<String>();
+
+ createCache = new HashSet<String>();
+ }
+
+ // Package protected ---------------------------------------------
+
+ // Protected -----------------------------------------------------
+
+ // Private -------------------------------------------------------
+
+ public boolean checkCached(String dest, CheckType checkType)
+ {
+ long now = System.currentTimeMillis();
+
+ boolean granted = false;
+
+ if (now - lastCheck > INVALIDATION_INTERVAL)
+ {
+ readCache.clear();
+
+ writeCache.clear();
+
+ createCache.clear();
+ }
+ else
+ {
+ switch (checkType.type)
+ {
+ case CheckType.TYPE_READ:
+ {
+ granted = readCache.contains(dest);
+ break;
+ }
+ case CheckType.TYPE_WRITE:
+ {
+ granted = writeCache.contains(dest);
+ break;
+ }
+ case CheckType.TYPE_CREATE:
+ {
+ granted = createCache.contains(dest);
+ break;
+ }
+ default:
+ {
+ throw new IllegalArgumentException("Invalid checkType:" + checkType);
+ }
+ }
+ }
+
+ lastCheck = now;
+
+ return granted;
+ }
+
+ public void check(String address, CheckType checkType, ServerConnectionEndpoint conn)
+ throws MessagingException
+ {
+ if (trace) { log.trace("checking access permissions to " + address); }
+
+ if (checkCached(address, checkType))
+ {
+ // OK
+ return;
+ }
+
+ SecurityStore sm = conn.getSecurityManager();
+
+ // Authenticate. Successful autentication will place a new SubjectContext on thread local,
+ // which will be used in the authorization process. However, we need to make sure we clean up
+ // thread local immediately after we used the information, otherwise some other people
+ // security my be screwed up, on account of thread local security stack being corrupted.
+
+ sm.authenticate(conn.getUsername(), conn.getPassword());
+
+ // Authorize
+ try
+ {
+ if (!sm.authorize(conn.getUsername(), address, checkType))
+ {
+ String msg = "User: " + conn.getUsername() +
+ " is not authorized to " +
+ (checkType == CheckType.READ ? "read from" :
+ checkType == CheckType.WRITE ? "write to" : "create durable sub on") +
+ " destination " + address;
+
+ throw new MessagingException(MessagingException.SECURITY_EXCEPTION, msg);
+ }
+ }
+ finally
+ {
+ // pop the Messaging SecurityContext, it did its job
+ SecurityActions.popSubjectContext();
+ }
+
+ // if we get here we're granted, add to the cache
+
+ switch (checkType.type)
+ {
+ case CheckType.TYPE_READ:
+ {
+ readCache.add(address);
+ break;
+ }
+ case CheckType.TYPE_WRITE:
+ {
+ writeCache.add(address);
+ break;
+ }
+ case CheckType.TYPE_CREATE:
+ {
+ createCache.add(address);
+ break;
+ }
+ default:
+ {
+ throw new IllegalArgumentException("Invalid checkType:" + checkType);
+ }
+ }
+ }
+
+ // Inner classes -------------------------------------------------
+
+}
+
+
+
+
Property changes on: trunk/src/main/org/jboss/jms/server/container/SecurityManager.java
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Name: svn:eol-style
+ native
Modified: trunk/src/main/org/jboss/jms/server/endpoint/ServerSessionEndpoint.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/endpoint/ServerSessionEndpoint.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/main/org/jboss/jms/server/endpoint/ServerSessionEndpoint.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -61,7 +61,7 @@
import javax.transaction.xa.XAResource;
import javax.transaction.xa.Xid;
-import org.jboss.jms.server.container.SecurityAspect;
+import org.jboss.jms.server.container.SecurityManager;
import org.jboss.jms.server.security.CheckType;
import org.jboss.messaging.core.Binding;
import org.jboss.messaging.core.Delivery;
@@ -114,16 +114,16 @@
/**
* Session implementation
- *
+ *
* @author <a href="mailto:tim.fox at jboss.com">Tim Fox</a> Parts derived from
* JBM 1.x ServerSessionEndpoint by
- *
+ *
* @author <a href="mailto:ovidiu at feodorov.com">Ovidiu Feodorov</a>
* @author <a href="mailto:tim.fox at jboss.com">Tim Fox</a>
* @author <a href="mailto:clebert.suconic at jboss.com">Clebert Suconic</a>
* @author <a href="mailto:jmesnil at redhat.com">Jeff Mesnil</a>
* @version <tt>$Revision$</tt>
- *
+ *
* $Id$
*/
public class ServerSessionEndpoint
@@ -131,7 +131,8 @@
// Constants
// ------------------------------------------------------------------------------------
- private static final Logger log = Logger.getLogger(ServerSessionEndpoint.class);
+ private static final Logger log = Logger
+ .getLogger(ServerSessionEndpoint.class);
// Static
// ---------------------------------------------------------------------------------------
@@ -139,7 +140,7 @@
// Attributes
// -----------------------------------------------------------------------------------
- private final SecurityAspect security = new SecurityAspect();
+ private final SecurityManager security = new SecurityManager();
private final boolean trace = log.isTraceEnabled();
@@ -218,7 +219,7 @@
if (browsers.remove(browserId) == null)
{
throw new IllegalStateException("Cannot find browser with id " + browserId + " to remove");
- }
+ }
}
void removeConsumer(String consumerId) throws Exception
@@ -226,9 +227,9 @@
if (consumers.remove(consumerId) == null)
{
throw new IllegalStateException("Cannot find consumer with id " + consumerId + " to remove");
- }
+ }
}
-
+
synchronized void handleDelivery(MessageReference ref, ServerConsumerEndpoint consumer, PacketSender sender) throws Exception
{
// FIXME - we shouldn't have to pass in the packet Sender - this should be
@@ -245,7 +246,7 @@
void setStarted(boolean s) throws Exception
{
Map<String, ServerConsumerEndpoint> consumersClone = new HashMap<String, ServerConsumerEndpoint>(consumers);
-
+
for (ServerConsumerEndpoint consumer: consumersClone.values())
{
consumer.setStarted(s);
@@ -267,7 +268,7 @@
public void close() throws Exception
{
Map<String, ServerConsumerEndpoint> consumersClone = new HashMap<String, ServerConsumerEndpoint>(consumers);
-
+
for (ServerConsumerEndpoint consumer: consumersClone.values())
{
consumer.close();
@@ -276,7 +277,7 @@
consumers.clear();
Map<String, ServerBrowserEndpoint> browsersClone = new HashMap<String, ServerBrowserEndpoint>(browsers);
-
+
for (ServerBrowserEndpoint browser: browsersClone.values())
{
browser.close();
@@ -300,8 +301,22 @@
private boolean send(String address, Message msg) throws Exception
{
+ //check the address exists, if it doesnt add if the user has the correct privileges
+ if(!postOffice.containsAllowableAddress(address))
+ {
+ try
+ {
+ security.check(address, CheckType.CREATE, getConnectionEndpoint());
+ postOffice.addAllowableAddress(address);
+ }
+ catch (MessagingException e)
+ {
+ throw new MessagingException(MessagingException.QUEUE_DOES_NOT_EXIST);
+ }
+ }
+ //check the user has write access to this address
+ security.check(address, CheckType.WRITE, getConnectionEndpoint());
// Assign the message an internal id - this is used to key it in the store
-
msg.setMessageID(sp.getPersistenceManager().generateMessageID());
// This allows the no-local consumers to filter out the messages that come
@@ -378,7 +393,7 @@
else
{
tx.addAcknowledgement(ref);
-
+
//Del count is not actually updated in storage unless it's cancelled
ref.incrementDeliveryCount();
}
@@ -416,7 +431,7 @@
else
{
tx.addAcknowledgement(ref);
-
+
//Del count is not actually updated in storage unless it's cancelled
ref.incrementDeliveryCount();
}
@@ -445,7 +460,7 @@
for (Delivery del : deliveries)
{
- tx.addAcknowledgement(del.getReference());
+ tx.addAcknowledgement(del.getReference());
}
deliveries.clear();
@@ -809,6 +824,7 @@
{
throw new MessagingException(MessagingException.ADDRESS_EXISTS, "Address already exists: " + address);
}
+ security.check(address, CheckType.CREATE, getConnectionEndpoint());
postOffice.addAllowableAddress(address);
}
@@ -824,6 +840,19 @@
String filterString, boolean durable, boolean temporary)
throws Exception
{
+ //make sure the user has privileges to create this address
+ if(!postOffice.containsAllowableAddress(address))
+ {
+ try
+ {
+ security.check(address, CheckType.CREATE, getConnectionEndpoint());
+ postOffice.addAllowableAddress(address);
+ }
+ catch (MessagingException e)
+ {
+ throw new MessagingException(MessagingException.QUEUE_DOES_NOT_EXIST);
+ }
+ }
Binding binding = postOffice.getBinding(queueName);
if (binding != null)
@@ -885,7 +914,7 @@
{
throw new MessagingException(MessagingException.QUEUE_DOES_NOT_EXIST);
}
-
+ security.check(binding.getAddress(), CheckType.READ, getConnectionEndpoint());
int prefetchSize = connectionEndpoint.getPrefetchSize();
String consumerID = UUID.randomUUID().toString();
@@ -917,24 +946,24 @@
}
public SessionQueueQueryResponseMessage executeQueueQuery(SessionQueueQueryMessage request) throws Exception
- {
+ {
if (request.getQueueName() == null)
{
throw new IllegalArgumentException("Queue name is null");
}
-
+
Binding binding = postOffice.getBinding(request.getQueueName());
SessionQueueQueryResponseMessage response;
-
+
if (binding != null)
{
Queue queue = binding.getQueue();
-
+
Filter filter = queue.getFilter();
String filterString = filter == null ? null : filter.getFilterString();
-
+
response = new SessionQueueQueryResponseMessage(queue.isDurable(), queue.isTemporary(), queue.getMaxSize(),
queue.getConsumerCount(), queue.getMessageCount(),
filterString, binding.getAddress());
@@ -942,45 +971,57 @@
else
{
response = new SessionQueueQueryResponseMessage();
- }
-
+ }
+
return response;
}
-
+
public SessionBindingQueryResponseMessage executeBindingQuery(SessionBindingQueryMessage request) throws Exception
- {
+ {
if (request.getAddress() == null)
{
throw new IllegalArgumentException("Address is null");
}
-
+
boolean exists = postOffice.containsAllowableAddress(request.getAddress());
List<String> queueNames = new ArrayList<String>();
-
+
if (exists)
{
List<Binding> bindings = postOffice.getBindingsForAddress(request.getAddress());
-
+
for (Binding binding: bindings)
{
queueNames.add(binding.getQueue().getName());
}
}
-
+
return new SessionBindingQueryResponseMessage(exists, queueNames);
}
private SessionCreateBrowserResponseMessage createBrowser(String queueName, String selector)
throws Exception
{
+ if(!postOffice.containsAllowableAddress(queueName))
+ {
+ try
+ {
+ security.check(queueName, CheckType.CREATE, this.getConnectionEndpoint());
+ postOffice.addAllowableAddress(queueName);
+ }
+ catch (MessagingException e)
+ {
+ throw new MessagingException(MessagingException.QUEUE_DOES_NOT_EXIST);
+ }
+ }
Binding binding = postOffice.getBinding(queueName);
if (binding == null)
{
throw new MessagingException(MessagingException.QUEUE_DOES_NOT_EXIST);
}
-
+ security.check(binding.getAddress(), CheckType.READ, this.getConnectionEndpoint());
String browserID = UUID.randomUUID().toString();
ServerBrowserEndpoint ep = new ServerBrowserEndpoint(this, browserID,
@@ -1001,12 +1042,6 @@
return new SessionCreateBrowserResponseMessage(browserID);
}
- private void checkSecurityCreateConsumerDelegate(String address,
- String subscriptionName) throws Exception
- {
- security.check(address, CheckType.READ, this.getConnectionEndpoint());
- }
-
public PacketHandler newHandler()
{
return new SessionAdvisedPacketHandler();
@@ -1070,7 +1105,7 @@
else if (type == SESS_BINDINGQUERY)
{
SessionBindingQueryMessage request = (SessionBindingQueryMessage)packet;
-
+
response = executeBindingQuery(request);
}
else if (type == SESS_CREATEBROWSER)
Modified: trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -65,19 +65,11 @@
private AuthenticationManager authenticationManager;
private RealmMapping realmMapping;
- private String suckerPassword;
- private MessagingServer messagingServer;
-
// Static --------------------------------------------------------
// Constructors --------------------------------------------------
- public SecurityMetadataStore(MessagingServer messagingServer)
- {
- this.messagingServer = messagingServer;
- }
-
// SecurityManager implementation --------------------------------
@@ -95,7 +87,7 @@
Subject subject = new Subject();
boolean authenticated = authenticationManager.isValid(principal, passwordChars, subject);
-
+
if (authenticated)
{
// Warning! This "taints" thread local. Make sure you pop it off the stack as soon as
@@ -129,7 +121,6 @@
Set<SimplePrincipal> principals = new HashSet<SimplePrincipal>();
for (Role role : roles)
{
- SimplePrincipal principal = new SimplePrincipal(role.getName());
if((checkType.equals(CheckType.CREATE) && role.isCreate()) ||
(checkType.equals(CheckType.WRITE) && role.isWrite()) ||
(checkType.equals(CheckType.READ) && role.isRead()))
@@ -142,13 +133,7 @@
// Public --------------------------------------------------------
- public void setSuckerPassword(String password)
- {
- checkDefaultSuckerPassword(password);
- this.suckerPassword = password;
- }
-
public void setSecurityRepository(HierarchicalRepository<HashSet<Role>> securityRepository)
{
this.securityRepository = securityRepository;
@@ -160,16 +145,6 @@
// Private -------------------------------------------------------
- private void checkDefaultSuckerPassword(String password)
- {
- // Sanity check
- if (DEFAULT_SUCKER_USER_PASSWORD.equals(password))
- {
- log.warn("WARNING! POTENTIAL SECURITY RISK. It has been detected that the MessageSucker component " +
- "which sucks messages from one node to another has not had its password changed from the installation default. " +
- "Please see the JBoss Messaging user guide for instructions on how to do this.");
- }
- }
// Inner class ---------------------------------------------------
Modified: trunk/src/main/org/jboss/messaging/core/Configuration.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/Configuration.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/main/org/jboss/messaging/core/Configuration.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -58,7 +58,6 @@
protected String _defaultQueueJNDIContext = "";
protected String _defaultTopicJNDIContext = "";
protected String _securityDomain;
- protected HashSet<Role> _securityConfig;
protected List<String> defaultInterceptors = new ArrayList<String>();
protected Long _messageCounterSamplePeriod = (long) 10000;// Default is 1 minute
@@ -142,21 +141,12 @@
return _securityDomain;
}
- public HashSet<Role> getSecurityConfig()
- {
- return _securityConfig;
- }
public List<String> getDefaultInterceptors()
{
return defaultInterceptors;
}
- public void setSecurityConfig(HashSet<Role> securityConfig)
- {
- propertyChangeSupport.firePropertyChange("securityConfig", _securityConfig, securityConfig);
- _securityConfig = securityConfig;
- }
public long getMessageCounterSamplePeriod()
{
Modified: trunk/src/main/org/jboss/messaging/core/FileConfiguration.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/FileConfiguration.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/main/org/jboss/messaging/core/FileConfiguration.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -71,30 +71,8 @@
_remotingBindAddress = getInteger(e, "remoting-bind-address", _remotingBindAddress);
_remotingTimeout = getInteger(e, "remoting-timeout", _remotingTimeout);
_remotingDisableInvm = getBoolean(e, "remoting-disable-invm", _remotingDisableInvm);
- NodeList security = e.getElementsByTagName("default-security-config");
- if (security.getLength() > 0)
- {
- HashSet<Role> securityConfig;
- securityConfig = new HashSet<Role>();
- NodeList roles = security.item(0).getChildNodes();
- for (int k = 0; k < roles.getLength(); k++)
- {
- if ("role".equalsIgnoreCase(roles.item(k).getNodeName()))
- {
- Boolean read = roles.item(k).getAttributes().getNamedItem(READ_ATTR) != null && Boolean.valueOf(roles.item(k).getAttributes().getNamedItem(READ_ATTR).getNodeValue());
- Boolean write = roles.item(k).getAttributes().getNamedItem(WRITE_ATTR) != null && Boolean.valueOf(roles.item(k).getAttributes().getNamedItem(WRITE_ATTR).getNodeValue());
- Boolean create = roles.item(k).getAttributes().getNamedItem(CREATE_ATTR) != null && Boolean.valueOf(roles.item(k).getAttributes().getNamedItem(CREATE_ATTR).getNodeValue());
- Role role = new Role(roles.item(k).getAttributes().getNamedItem(NAME_ATTR).getNodeValue(),
- read,
- write,
- create);
- securityConfig.add(role);
- }
- }
- _securityConfig = securityConfig;
- }
- NodeList defaultInterceptors = e.getElementsByTagName("default-interceptors-config");
+ NodeList defaultInterceptors = e.getElementsByTagName("default-interceptors-config");
ArrayList<String> interceptorList = new ArrayList<String>();
if (defaultInterceptors.getLength() > 0)
Modified: trunk/src/main/org/jboss/messaging/core/MessagingServer.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/MessagingServer.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/main/org/jboss/messaging/core/MessagingServer.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -27,8 +27,6 @@
import org.jboss.jms.server.ConnectionManager;
import org.jboss.jms.server.SecurityStore;
-import org.jboss.jms.server.endpoint.ServerSessionEndpoint;
-import org.jboss.jms.server.plugin.contract.JMSUserManager;
import org.jboss.jms.server.security.Role;
import org.jboss.messaging.core.remoting.RemotingService;
import org.jboss.messaging.util.HierarchicalRepository;
@@ -76,10 +74,6 @@
void setPersistenceManager(PersistenceManager persistenceManager);
- JMSUserManager getJmsUserManagerInstance();
-
- void setJmsUserManager(JMSUserManager jmsUserManager);
-
PostOffice getPostOffice();
ResourceManager getResourceManager();
Modified: trunk/src/main/org/jboss/messaging/core/impl/server/MessagingServerImpl.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/impl/server/MessagingServerImpl.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/main/org/jboss/messaging/core/impl/server/MessagingServerImpl.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -27,31 +27,20 @@
import java.util.List;
import org.jboss.aop.microcontainer.aspects.jmx.JMX;
-import org.jboss.jms.destination.JBossDestination;
-import org.jboss.jms.destination.JBossQueue;
-import org.jboss.jms.destination.JBossTopic;
import org.jboss.jms.server.ConnectionManager;
import org.jboss.jms.server.MessagingTimeoutFactory;
import org.jboss.jms.server.SecurityStore;
import org.jboss.jms.server.connectionmanager.SimpleConnectionManager;
import org.jboss.jms.server.endpoint.MessagingServerPacketHandler;
-import org.jboss.jms.server.plugin.NullUserManager;
-import org.jboss.jms.server.plugin.contract.JMSUserManager;
import org.jboss.jms.server.security.NullAuthenticationManager;
import org.jboss.jms.server.security.Role;
import org.jboss.jms.server.security.SecurityMetadataStore;
+import org.jboss.jms.server.security.CheckType;
+import org.jboss.jms.destination.JBossQueue;
+import org.jboss.jms.destination.JBossTopic;
+import org.jboss.jms.destination.JBossDestination;
import org.jboss.logging.Logger;
-import org.jboss.messaging.core.Binding;
-import org.jboss.messaging.core.Configuration;
-import org.jboss.messaging.core.MemoryManager;
-import org.jboss.messaging.core.MessagingServer;
-import org.jboss.messaging.core.NullPersistenceManager;
-import org.jboss.messaging.core.PersistenceManager;
-import org.jboss.messaging.core.PostOffice;
-import org.jboss.messaging.core.Queue;
-import org.jboss.messaging.core.QueueFactory;
-import org.jboss.messaging.core.QueueSettings;
-import org.jboss.messaging.core.ResourceManager;
+import org.jboss.messaging.core.*;
import org.jboss.messaging.core.impl.QueueFactoryImpl;
import org.jboss.messaging.core.impl.ResourceManagerImpl;
import org.jboss.messaging.core.impl.memory.SimpleMemoryManager;
@@ -69,6 +58,8 @@
import org.jboss.messaging.util.Version;
import org.jboss.security.AuthenticationManager;
+import javax.jms.Destination;
+
/**
* A Messaging Server
*
@@ -111,7 +102,6 @@
private PersistenceManager persistenceManager = new NullPersistenceManager();
- private JMSUserManager jmsUserManager = new NullUserManager();
private RemotingService remotingService;
private boolean createTransport = false;
@@ -167,7 +157,7 @@
// Create the wired components
- securityStore = new SecurityMetadataStore(this);
+ securityStore = new SecurityMetadataStore();
securityRepository.setDefault(new HashSet<Role>());
securityStore.setSecurityRepository(securityRepository);
securityStore.setAuthenticationManager(authenticationManager);
@@ -204,7 +194,7 @@
postOffice.start();
MessagingServerPacketHandler serverPacketHandler = new MessagingServerPacketHandler(this);
getRemotingService().getDispatcher().register(serverPacketHandler);
-
+
ClassLoader loader = Thread.currentThread().getContextClassLoader();
for (String interceptorClass: configuration.getDefaultInterceptors())
{
@@ -218,7 +208,7 @@
log.warn("Error instantiating interceptor \"" + interceptorClass + "\"", e);
}
}
-
+
started = true;
log.info("JBoss Messaging " + getVersion().getProviderVersion() + " server [" +
configuration.getMessagingServerID() + "] started");
@@ -319,12 +309,12 @@
public void createQueue(String name) throws Exception
{
JBossQueue queue = new JBossQueue(name);
-
+
if (getPostOffice().getBinding(queue.getAddress()) == null)
{
- getPostOffice().addBinding(queue.getAddress(), queue.getAddress(), null, true, false);
+ getPostOffice().addBinding(queue.getAddress(), queue.getAddress(), null, true, false);
}
-
+
if (!getPostOffice().containsAllowableAddress(queue.getAddress()))
{
getPostOffice().addAllowableAddress(queue.getAddress());
@@ -339,7 +329,7 @@
public void createTopic(String name) throws Exception
{
JBossTopic topic = new JBossTopic(name);
-
+
if (!getPostOffice().containsAllowableAddress(topic.getAddress()));
{
getPostOffice().addAllowableAddress(topic.getAddress());
@@ -364,7 +354,7 @@
public void removeAllMessagesForQueue(String queueName) throws Exception
{
JBossQueue jbq = new JBossQueue(queueName);
-
+
List<Binding> bindings = postOffice.getBindingsForAddress(jbq.getAddress());
if (!bindings.isEmpty())
@@ -380,7 +370,7 @@
public void removeAllMessagesForTopic(String queueName) throws Exception
{
JBossTopic jbt = new JBossTopic(queueName);
-
+
List<Binding> bindings = postOffice.getBindingsForAddress(jbt.getAddress());
for (Binding binding: bindings)
@@ -421,16 +411,6 @@
this.persistenceManager = persistenceManager;
}
- public JMSUserManager getJmsUserManagerInstance()
- {
- return jmsUserManager;
- }
-
- public void setJmsUserManager(JMSUserManager jmsUserManager)
- {
- this.jmsUserManager = jmsUserManager;
- }
-
public PostOffice getPostOffice()
{
return postOffice;
@@ -440,7 +420,7 @@
{
this.postOffice = postOffice;
}
-
+
public ResourceManager getResourceManager()
{
return resourceManager;
@@ -462,7 +442,6 @@
}
-
public String toString()
{
return "MessagingServer[" + configuration.getMessagingServerID() + "]";
@@ -479,7 +458,7 @@
private boolean destroyDestination(boolean isQueue, String name) throws Exception
{
JBossDestination dest;
-
+
if (isQueue)
{
dest = new JBossQueue(name);
Modified: trunk/src/main/org/jboss/messaging/deployers/security/SecurityDeployer.java
===================================================================
--- trunk/src/main/org/jboss/messaging/deployers/security/SecurityDeployer.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/src/main/org/jboss/messaging/deployers/security/SecurityDeployer.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -100,18 +100,18 @@
{
if (Role.CREATE_NAME.equals(type))
{
- create.add(role);
+ create.add(role.trim());
}
else if (Role.WRITE_NAME.equals(type))
{
- write.add(role);
+ write.add(role.trim());
}
else if (Role.READ_NAME.equals(type))
{
read.add(role);
}
- if (!allRoles.contains(role))
- allRoles.add(role);
+ if (!allRoles.contains(role.trim()))
+ allRoles.add(role.trim());
}
}
Modified: trunk/tests/build.xml
===================================================================
--- trunk/tests/build.xml 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/tests/build.xml 2008-02-12 11:24:18 UTC (rev 3702)
@@ -519,7 +519,6 @@
<exclude name="**/postoffice/**"/>
<exclude name="**/jms/JCAWrapperTest.class"/>
<exclude name="**/jms/server/ServerPeerTest.class"/>
- <exclude name="**/jms/SecurityTest.class"/>
<exclude name="**/stress/PacketStressTest.class"/>
</fileset>
</batchtest>
Modified: trunk/tests/src/org/jboss/jms/server/test/unit/ConfigurationTest.java
===================================================================
--- trunk/tests/src/org/jboss/jms/server/test/unit/ConfigurationTest.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/tests/src/org/jboss/jms/server/test/unit/ConfigurationTest.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -73,42 +73,7 @@
assertEquals("failed to set security domain", "java:/jaas/messagingtest", configuration.getSecurityDomain());
}
- public void testSetDefaultSecurity() throws Exception
- {
- assertEquals("not enough entries should be 4", 4, configuration.getSecurityConfig().size());
- HashSet<Role> roles = configuration.getSecurityConfig();
- for (Role role : roles)
- {
- if ("guest1".equals(role.getName()))
- {
- assertEquals("read configured incorrectly", true, role.isRead());
- assertEquals("write configured incorrectl", true, role.isWrite());
- assertEquals("create configured incorrectl", true, role.isCreate());
- }
- else if ("guest2".equals(role.getName()))
- {
- assertEquals("read configured incorrectly", true, role.isRead());
- assertEquals("write configured incorrectl", true, role.isWrite());
- assertEquals("create configured incorrectl", false, role.isCreate());
- }
- else if ("guest3".equals(role.getName()))
- {
- assertEquals("read configured incorrectly", true, role.isRead());
- assertEquals("write configured incorrectl", false, role.isWrite());
- assertEquals("create configured incorrectl", false, role.isCreate());
- }
- else if ("guest4".equals(role.getName()))
- {
- assertEquals("read configured incorrectly", false, role.isRead());
- assertEquals("write configured incorrectl", false, role.isWrite());
- assertEquals("create configured incorrectl", false, role.isCreate());
- }
- else
- {
- fail("not all roles names configured properly:" + role);
- }
- }
- }
+
public void testSetMessageCounterSamplePeriod() throws Exception
{
@@ -179,8 +144,6 @@
{
MyListener listener = new MyListener();
configuration.addPropertyChangeListener(listener);
- configuration.setSecurityConfig(null);
- assertTrue("property change listener not fired", listener.isCalled());
listener.setCalled(false);
configuration.setMessageCounterSamplePeriod(1000000);
assertTrue("property change listener not fired", listener.isCalled());
Modified: trunk/tests/src/org/jboss/test/messaging/jms/SecurityTest.java
===================================================================
--- trunk/tests/src/org/jboss/test/messaging/jms/SecurityTest.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/tests/src/org/jboss/test/messaging/jms/SecurityTest.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -37,11 +37,11 @@
import javax.jms.XAConnection;
import javax.jms.XAConnectionFactory;
import javax.jms.XASession;
-import javax.management.ObjectName;
import javax.transaction.xa.XAException;
import javax.transaction.xa.XAResource;
import org.jboss.jms.server.security.Role;
+import org.jboss.jms.client.JBossConnectionFactory;
import org.jboss.messaging.core.impl.XidImpl;
import org.jboss.messaging.util.Logger;
import org.jboss.test.messaging.tools.ServerManagement;
@@ -450,7 +450,7 @@
{
deployConnectionFactory("dilbert-id", "preConfcf", new String[]{"preConfcf"});
ConnectionFactory cf = (ConnectionFactory) getInitialContext().lookup("preConfcf");
- setSecurityConfig(oldDefaultConfig);
+ //setSecurityConfig(oldDefaultConfig);
conn = cf.createConnection("dilbert", "dogbert");
assertTrue(this.canCreateDurableSub(conn, topic1, "sub2"));
}
@@ -463,25 +463,6 @@
}
/*
- * Test invalid durable subscription creation for connection preconfigured with client id
- */
-
- public void testInvalidDurableSubscriptionCreationPreConf() throws Exception
- {
- Connection conn = null;
- try
- {
- conn = cf.createConnection("dilbert", "dogbert");
- assertFalse(this.canCreateDurableSub(conn, topic2, "sub3"));
- }
- finally
- {
- if (conn != null)
- conn.close();
- }
- }
-
- /*
* Test valid durable subscription creation for connection not preconfigured with client id
*/
public void testValidDurableSubscriptionCreationNotPreConf() throws Exception
@@ -499,23 +480,6 @@
}
}
- /*
- * Test invalid durable subscription creation for connection not preconfigured with client id
- */
- public void testInvalidDurableSubscriptionCreationNotPreConf() throws Exception
- {
- Connection conn = null;
- try
- {
- conn = cf.createConnection("dynsub", "dynsub");
- conn.setClientID("myID2");
- assertFalse(this.canCreateDurableSub(conn, topic2, "sub5"));
- }
- finally
- {
- if (conn != null) conn.close();
- }
- }
public void testDefaultSecurityValid() throws Exception
{
@@ -600,128 +564,6 @@
/**
* This test makes sure that changing the queue security configuration on the server has effect
- * over destinations when they are stopped (this is what happens in a real deployment - the security config
- * gets set before the queue/topic is started
- * See http://jira.jboss.com/jira/browse/JBMESSAGING-976
- */
- public void testQueueSecurityUpdateStopped() throws Exception
- {
- // "john" has the role def, so he should be able to create a producer and a consumer on a queue
-
- ObjectName on = new ObjectName("jboss.messaging.destination:service=Queue,name=Queue2");
-
- Connection conn = null;
-
- try
- {
- conn = cf.createConnection("john", "needle");
- assertTrue(canReadDestination(conn, queue2));
- assertTrue(canWriteDestination(conn, queue2));
-
- String newSecurityConfig =
- "<security><role name=\"someotherrole\" read=\"true\" write=\"true\" create=\"false\"/></security>";
-
- ServerManagement.invoke(on, "stop", null, null);
- ServerManagement.configureSecurityForDestination("Queue2", newSecurityConfig);
- ServerManagement.invoke(on, "start", null, null);
-
- assertFalse(canReadDestination(conn, queue2));
- // non transacted to avoid evict timeout
- assertFalse(canWriteDestination(conn, queue2, false));
-
-
- newSecurityConfig =
- "<security><role name=\"def\" read=\"true\" write=\"false\" create=\"false\"/></security>";
-
- ServerManagement.invoke(on, "stop", null, null);
- ServerManagement.configureSecurityForDestination("Queue2", newSecurityConfig);
- ServerManagement.invoke(on, "start", null, null);
-
- assertTrue(canReadDestination(conn, queue2));
- assertFalse(canWriteDestination(conn, queue2, false));
-
- newSecurityConfig =
- "<security><role name=\"def\" read=\"true\" write=\"true\" create=\"false\"/></security>";
-
- ServerManagement.invoke(on, "stop", null, null);
- ServerManagement.configureSecurityForDestination("Queue2", newSecurityConfig);
- ServerManagement.invoke(on, "start", null, null);
-
- assertTrue(canReadDestination(conn, queue2));
- assertTrue(canWriteDestination(conn, queue2, false));
- }
- finally
- {
- if (conn != null)
- {
- conn.close();
- }
- }
- }
-
- /**
- * This test makes sure that changing the topic security configuration on the server has effect
- * over destinations when they are stopped (this is what happens in a real deployment - the security config
- * gets set before the queue/topic is started
- * See http://jira.jboss.com/jira/browse/JBMESSAGING-976
- */
- public void testTopicSecurityUpdateStopped() throws Exception
- {
- // "john" has the role def, so he should be able to create a producer and a consumer on a queue
-
- ObjectName on = new ObjectName("jboss.messaging.destination:service=Topic,name=Topic2");
-
- Connection conn = null;
-
- try
- {
- conn = cf.createConnection("john", "needle");
- assertTrue(canReadDestination(conn, topic2));
- assertTrue(canWriteDestination(conn, topic2));
-
-
- String newSecurityConfig =
- "<security><role name=\"someotherrole\" read=\"true\" write=\"true\" create=\"false\"/></security>";
-
- ServerManagement.invoke(on, "stop", null, null);
- ServerManagement.configureSecurityForDestination("Topic2", newSecurityConfig);
- ServerManagement.invoke(on, "start", null, null);
-
- assertFalse(canReadDestination(conn, topic2));
- assertFalse(canWriteDestination(conn, topic2, false));
-
-
- newSecurityConfig =
- "<security><role name=\"def\" read=\"true\" write=\"false\" create=\"false\"/></security>";
-
- ServerManagement.invoke(on, "stop", null, null);
- ServerManagement.configureSecurityForDestination("Topic2", newSecurityConfig);
- ServerManagement.invoke(on, "start", null, null);
-
- assertTrue(canReadDestination(conn, topic2));
- assertFalse(canWriteDestination(conn, topic2, false));
-
- newSecurityConfig =
- "<security><role name=\"def\" read=\"true\" write=\"true\" create=\"false\"/></security>";
-
- ServerManagement.invoke(on, "stop", null, null);
- ServerManagement.configureSecurityForDestination("Topic2", newSecurityConfig);
- ServerManagement.invoke(on, "start", null, null);
-
- assertTrue(canReadDestination(conn, topic2));
- assertTrue(canWriteDestination(conn, topic2, false));
- }
- finally
- {
- if (conn != null)
- {
- conn.close();
- }
- }
- }
-
- /**
- * This test makes sure that changing the queue security configuration on the server has effect
* over already deployed destinations.
*/
public void testQueueSecurityUpdate() throws Exception
@@ -835,13 +677,13 @@
//Should fall back to the default config
HashSet<Role> lockedConf = new HashSet<Role>();
lockedConf.add(new Role("alien", true, true, true)) ;
-
+ HashSet<Role> orig = getSecurityConfig();
setSecurityConfig(lockedConf);
assertFalse(canReadDestination(conn, topic2));
assertFalse(canWriteDestination(conn, topic2, false));
- setSecurityConfig(defConfig);
+ setSecurityConfig(orig);
assertTrue(canReadDestination(conn, topic2));
assertTrue(canWriteDestination(conn, topic2, false));
@@ -914,14 +756,15 @@
oldDefaultConfig = getSecurityConfig();
HashSet<Role> roles = new HashSet<Role>();
- roles.add(new Role("guest", true, true, false));
+ roles.add(new Role("guest", true, true, true));
roles.add(new Role("publisher", true, true, false));
roles.add(new Role("noacc", false, false, false));
+ roles.add(new Role("john", true, false, false));
configureSecurityForDestination("Queue1", true, roles);
HashSet<Role> roles2 = new HashSet<Role>();
- roles2.add(new Role("guest", true, true, false));
+ roles2.add(new Role("guest", true, true, true));
roles2.add(new Role("publisher", true, true, false));
roles2.add(new Role("durpublisher", true, true, true));
configureSecurityForDestination("Topic1", false, roles2);
@@ -1105,65 +948,6 @@
}
}
- /**
- * This Validate sending messages on an Queue where the user don't have write authorization
- * @throws Exception
- */
- public void testSecurityOnXA() throws Exception
- {
- XAConnection xaconn = null;
-
- try
- {
- XAConnectionFactory xacf = (XAConnectionFactory)cf;
-
- xaconn = xacf.createXAConnection("nobody", "nobody");
-
- XASession xasession = xaconn.createXASession();
-
- XidImpl xid = new XidImpl(new byte[]{1}, 1, new byte[]{1});
-
- XAResource resource = xasession.getXAResource();
-
- resource.start(xid, XAResource.TMNOFLAGS);
-
- MessageProducer producer = xasession.createProducer(queue1);
-
-
- for (int i=0;i<10;i++)
- {
- producer.send(xasession.createTextMessage("Test " + i));
- }
-
- try
- {
- resource.end(xid, XAResource.TMSUCCESS);
- resource.prepare(xid);
- fail("Didn't throw expected exception!");
- }
- catch (XAException expected)
- {
- }
- }
- finally
- {
- try
- {
- if (xaconn != null)
- {
- xaconn.close();
- }
- destroyQueue("MyQueue2");
- }
- catch (Throwable ignored)
- {
- }
- }
- }
-
-
-
-
// Inner classes -------------------------------------------------
Modified: trunk/tests/src/org/jboss/test/messaging/jms/TemporaryDestinationTest.java
===================================================================
--- trunk/tests/src/org/jboss/test/messaging/jms/TemporaryDestinationTest.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/tests/src/org/jboss/test/messaging/jms/TemporaryDestinationTest.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -300,8 +300,9 @@
consumer.close();
tempQueue.delete();
-
- try
+ conn.close();
+ conn = cf.createConnection("nobody", "nobody");
+ try
{
producer.send(m);
fail();
Modified: trunk/tests/src/org/jboss/test/messaging/tools/container/LocalTestServer.java
===================================================================
--- trunk/tests/src/org/jboss/test/messaging/tools/container/LocalTestServer.java 2008-02-11 17:25:36 UTC (rev 3701)
+++ trunk/tests/src/org/jboss/test/messaging/tools/container/LocalTestServer.java 2008-02-12 11:24:18 UTC (rev 3702)
@@ -743,8 +743,15 @@
public void configureSecurityForDestination(String destName, boolean isQueue, HashSet<Role> roles) throws Exception
{
- String prefix = isQueue ? "queues." : "topics";
- getMessagingServer().getSecurityRepository().addMatch(prefix + destName, roles);
+ String prefix = isQueue ? "queuejms." : "topicjms.";
+ if(roles != null)
+ {
+ getMessagingServer().getSecurityRepository().addMatch(prefix + destName, roles);
+ }
+ else
+ {
+ getMessagingServer().getSecurityRepository().removeMatch(prefix + destName);
+ }
}
public void setDefaultSecurityConfig(String config) throws Exception
@@ -890,18 +897,19 @@
public HashSet<Role> getSecurityConfig() throws Exception
{
- return getMessagingServer().getConfiguration().getSecurityConfig();
+ return getMessagingServer().getSecurityRepository().getMatch("*");
}
public void setSecurityConfig(HashSet<Role> defConfig) throws Exception
{
- getMessagingServer().getConfiguration().setSecurityConfig(defConfig);
+ getMessagingServer().getSecurityRepository().removeMatch("*");
+ getMessagingServer().getSecurityRepository().addMatch("*", defConfig);
}
public void setSecurityConfigOnManager(boolean b, String s, HashSet<Role> conf) throws Exception
{
- String prefix = b ? "queues." : "topics";
+ String prefix = b ? "queuejms." : "topicjms.";
getMessagingServer().getSecurityRepository().addMatch(prefix + s, conf);
}
More information about the jboss-cvs-commits
mailing list