[jboss-cvs] JBoss Messaging SVN: r3549 - in branches/Branch_Stable/src/main/org/jboss/jms/server: security and 1 other directory.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Wed Jan 9 01:47:54 EST 2008 

Author: scott.stark at jboss.org
Date: 2008-01-09 01:47:54 -0500 (Wed, 09 Jan 2008)
New Revision: 3549

Added:
   branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStoreMBean.java
Modified:
   branches/Branch_Stable/src/main/org/jboss/jms/server/ServerPeer.java
   branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java
Log:
JBMESSAGING-1189, externalize the aop config name ans security config.

Modified: branches/Branch_Stable/src/main/org/jboss/jms/server/ServerPeer.java
===================================================================
--- branches/Branch_Stable/src/main/org/jboss/jms/server/ServerPeer.java	2008-01-08 17:28:11 UTC (rev 3548)
+++ branches/Branch_Stable/src/main/org/jboss/jms/server/ServerPeer.java	2008-01-09 06:47:54 UTC (rev 3549)
@@ -150,7 +150,12 @@
    private long recoverDeliveriesTimeout = 5 * 60 * 1000;
    
    private String suckerPassword;
-   
+
+   /** The server aop xml configuration */
+   private String serverAopConfig = "aop-messaging-server.xml";
+   /** The client aop xml configuration */
+   private String clientAopConfig = "aop-messaging-client.xml";
+
    //Global override for strict behaviour
    private boolean strictTck;
    
@@ -160,7 +165,7 @@
    // wired components
 
    private DestinationJNDIMapper destinationJNDIMapper;
-   private SecurityMetadataStore securityStore;
+   private SecurityStore securityStore;
    private ConnectionFactoryJNDIMapper connFactoryJNDIMapper;
    private TransactionRepository txRepository;
    private SimpleConnectionManager connectionManager;
@@ -196,8 +201,6 @@
    public ServerPeer() throws Exception
    {
       // Some wired components need to be started here
-      securityStore = new SecurityMetadataStore();
-
       version = Version.instance();
       
       sessions = new ConcurrentReaderHashMap();
@@ -287,9 +290,7 @@
          connectionManager.start();
          connectorManager.start();
          memoryManager.start();
-         messageStore.start();               
-         securityStore.setSuckerPassword(suckerPassword);
-         securityStore.start();
+         messageStore.start();
          txRepository.start();
          if (clusterConnectionManager != null)
          {
@@ -359,8 +360,6 @@
          memoryManager = null;
          messageStore.stop();
          messageStore = null;
-         securityStore.stop();
-         //securityStore = null; - if securitySTore is set to null, The ServerPeer won't survive a restart of the service (stop/start)
          txRepository.stop();
          txRepository = null;
          messageCounterManager.stop();
@@ -501,33 +500,15 @@
    
    //Read - write attributes
 
-   public synchronized void setSecurityDomain(String securityDomain) throws Exception
+   public SecurityStore getSecurityStore()
    {
-      try
-      {
-         securityStore.setSecurityDomain(securityDomain);
-      }
-      catch (Throwable t)
-      {
-         throw ExceptionUtil.handleJMXInvocation(t, this + " setSecurityDomain");
-      }
+      return securityStore;
    }
-
-   public synchronized String getSecurityDomain()
+   public void setSecurityStore(SecurityStore securityStore)
    {
-      return securityStore.getSecurityDomain();
+      this.securityStore = securityStore;
    }
 
-   public synchronized void setDefaultSecurityConfig(Element conf) throws Exception
-   {
-      securityStore.setDefaultSecurityConfig(conf);
-   }
-
-   public synchronized Element getDefaultSecurityConfig()
-   {
-      return securityStore.getDefaultSecurityConfig();
-   }
-        
    public synchronized long getFailoverStartTimeout()
    {
       return this.failoverStartTimeout;
@@ -1362,13 +1343,13 @@
      
    private void loadServerAOPConfig() throws Exception
    {
-      URL url = this.getClass().getClassLoader().getResource("aop-messaging-server.xml");
+      URL url = this.getClass().getClassLoader().getResource(serverAopConfig);
       AspectXmlLoader.deployXML(url, this.getClass().getClassLoader());
    }
 
    private void unloadServerAOPConfig() throws Exception
    {
-      URL url = this.getClass().getClassLoader().getResource("aop-messaging-server.xml");
+      URL url = this.getClass().getClassLoader().getResource(serverAopConfig);
       AspectXmlLoader.undeployXML(url);
    }
 
@@ -1378,7 +1359,7 @@
       // because the JBoss will automatically deploy any files ending with aop.xml; we do not want
       // this to happen for the client config
 
-      URL url = this.getClass().getClassLoader().getResource("aop-messaging-client.xml");
+      URL url = this.getClass().getClassLoader().getResource(clientAopConfig);
       InputStream is = null;
       ByteArrayOutputStream os = new ByteArrayOutputStream();
       try

Modified: branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java
===================================================================
--- branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java	2008-01-08 17:28:11 UTC (rev 3548)
+++ branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java	2008-01-09 06:47:54 UTC (rev 3549)
@@ -51,7 +51,7 @@
  *
  * $Id$
  */
-public class SecurityMetadataStore implements SecurityStore
+public class SecurityMetadataStore implements SecurityStore, SecurityMetadataStoreMBean
 {
    // Constants -----------------------------------------------------
    

Added: branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStoreMBean.java
===================================================================
--- branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStoreMBean.java	                        (rev 0)
+++ branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStoreMBean.java	2008-01-09 06:47:54 UTC (rev 3549)
@@ -0,0 +1,77 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.jms.server.security;
+
+import java.util.Set;
+
+import javax.jms.JMSSecurityException;
+import javax.security.auth.Subject;
+
+import org.w3c.dom.Element;
+
+/**
+ * The SecurityMetadataStore mbean interface
+ * 
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ */
+public interface SecurityMetadataStoreMBean
+{
+   public String getSecurityDomain();
+   public void setSecurityDomain(String securityDomain);
+   public void setDefaultSecurityConfig(Element conf) throws Exception;
+   public Element getDefaultSecurityConfig();
+
+   public void setSuckerPassword(String password);
+   public void start() throws Exception;
+   public void stop() throws Exception;
+   /**
+    * @return the security meta-data for the given destination.
+    */
+   SecurityMetadata getSecurityMetadata(boolean isQueue, String destName);
+
+   void setSecurityConfig(boolean isQueue, String destName, Element conf) throws Exception;
+   
+   void clearSecurityConfig(boolean isQueue, String name) throws Exception;
+
+   /**
+    * Authenticate the specified user with the given password. Implementations are most likely to
+    * delegates to a JBoss AuthenticationManager.
+    *
+    * Successful authentication will place a new SubjectContext on thread local, which will be used
+    * in the authorization process. However, we need to make sure we clean up thread local
+    * immediately after we used the information, otherwise some other people security my be screwed
+    * up, on account of thread local security stack being corrupted.
+    *
+    * @throws JMSSecurityException if the user is not authenticated
+    */
+   Subject authenticate(String user, String password) throws JMSSecurityException;
+
+   /**
+    * Authorize that the subject has at least one of the specified roles. Implementations are most
+    * likely to delegates to a JBoss AuthenticationManager.
+    *
+    * @param rolePrincipals - The set of roles allowed to read/write/create the destination.
+    * @return true if the subject is authorized, or false if not.
+    */
+   boolean authorize(String user, Set rolePrincipals, CheckType checkType);
+}


Property changes on: branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStoreMBean.java
___________________________________________________________________
Name: svn:keywords
   + Id Revision
Name: svn:eol-style
   + native

More information about the jboss-cvs-commits mailing list