[jboss-cvs] JBoss Messaging SVN: r3549 - in branches/Branch_Stable/src/main/org/jboss/jms/server: security and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Jan 9 01:47:54 EST 2008
Author: scott.stark at jboss.org
Date: 2008-01-09 01:47:54 -0500 (Wed, 09 Jan 2008)
New Revision: 3549
Added:
branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStoreMBean.java
Modified:
branches/Branch_Stable/src/main/org/jboss/jms/server/ServerPeer.java
branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java
Log:
JBMESSAGING-1189, externalize the aop config name ans security config.
Modified: branches/Branch_Stable/src/main/org/jboss/jms/server/ServerPeer.java
===================================================================
--- branches/Branch_Stable/src/main/org/jboss/jms/server/ServerPeer.java 2008-01-08 17:28:11 UTC (rev 3548)
+++ branches/Branch_Stable/src/main/org/jboss/jms/server/ServerPeer.java 2008-01-09 06:47:54 UTC (rev 3549)
@@ -150,7 +150,12 @@
private long recoverDeliveriesTimeout = 5 * 60 * 1000;
private String suckerPassword;
-
+
+ /** The server aop xml configuration */
+ private String serverAopConfig = "aop-messaging-server.xml";
+ /** The client aop xml configuration */
+ private String clientAopConfig = "aop-messaging-client.xml";
+
//Global override for strict behaviour
private boolean strictTck;
@@ -160,7 +165,7 @@
// wired components
private DestinationJNDIMapper destinationJNDIMapper;
- private SecurityMetadataStore securityStore;
+ private SecurityStore securityStore;
private ConnectionFactoryJNDIMapper connFactoryJNDIMapper;
private TransactionRepository txRepository;
private SimpleConnectionManager connectionManager;
@@ -196,8 +201,6 @@
public ServerPeer() throws Exception
{
// Some wired components need to be started here
- securityStore = new SecurityMetadataStore();
-
version = Version.instance();
sessions = new ConcurrentReaderHashMap();
@@ -287,9 +290,7 @@
connectionManager.start();
connectorManager.start();
memoryManager.start();
- messageStore.start();
- securityStore.setSuckerPassword(suckerPassword);
- securityStore.start();
+ messageStore.start();
txRepository.start();
if (clusterConnectionManager != null)
{
@@ -359,8 +360,6 @@
memoryManager = null;
messageStore.stop();
messageStore = null;
- securityStore.stop();
- //securityStore = null; - if securitySTore is set to null, The ServerPeer won't survive a restart of the service (stop/start)
txRepository.stop();
txRepository = null;
messageCounterManager.stop();
@@ -501,33 +500,15 @@
//Read - write attributes
- public synchronized void setSecurityDomain(String securityDomain) throws Exception
+ public SecurityStore getSecurityStore()
{
- try
- {
- securityStore.setSecurityDomain(securityDomain);
- }
- catch (Throwable t)
- {
- throw ExceptionUtil.handleJMXInvocation(t, this + " setSecurityDomain");
- }
+ return securityStore;
}
-
- public synchronized String getSecurityDomain()
+ public void setSecurityStore(SecurityStore securityStore)
{
- return securityStore.getSecurityDomain();
+ this.securityStore = securityStore;
}
- public synchronized void setDefaultSecurityConfig(Element conf) throws Exception
- {
- securityStore.setDefaultSecurityConfig(conf);
- }
-
- public synchronized Element getDefaultSecurityConfig()
- {
- return securityStore.getDefaultSecurityConfig();
- }
-
public synchronized long getFailoverStartTimeout()
{
return this.failoverStartTimeout;
@@ -1362,13 +1343,13 @@
private void loadServerAOPConfig() throws Exception
{
- URL url = this.getClass().getClassLoader().getResource("aop-messaging-server.xml");
+ URL url = this.getClass().getClassLoader().getResource(serverAopConfig);
AspectXmlLoader.deployXML(url, this.getClass().getClassLoader());
}
private void unloadServerAOPConfig() throws Exception
{
- URL url = this.getClass().getClassLoader().getResource("aop-messaging-server.xml");
+ URL url = this.getClass().getClassLoader().getResource(serverAopConfig);
AspectXmlLoader.undeployXML(url);
}
@@ -1378,7 +1359,7 @@
// because the JBoss will automatically deploy any files ending with aop.xml; we do not want
// this to happen for the client config
- URL url = this.getClass().getClassLoader().getResource("aop-messaging-client.xml");
+ URL url = this.getClass().getClassLoader().getResource(clientAopConfig);
InputStream is = null;
ByteArrayOutputStream os = new ByteArrayOutputStream();
try
Modified: branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java
===================================================================
--- branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java 2008-01-08 17:28:11 UTC (rev 3548)
+++ branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java 2008-01-09 06:47:54 UTC (rev 3549)
@@ -51,7 +51,7 @@
*
* $Id$
*/
-public class SecurityMetadataStore implements SecurityStore
+public class SecurityMetadataStore implements SecurityStore, SecurityMetadataStoreMBean
{
// Constants -----------------------------------------------------
Added: branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStoreMBean.java
===================================================================
--- branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStoreMBean.java (rev 0)
+++ branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStoreMBean.java 2008-01-09 06:47:54 UTC (rev 3549)
@@ -0,0 +1,77 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.jms.server.security;
+
+import java.util.Set;
+
+import javax.jms.JMSSecurityException;
+import javax.security.auth.Subject;
+
+import org.w3c.dom.Element;
+
+/**
+ * The SecurityMetadataStore mbean interface
+ *
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ */
+public interface SecurityMetadataStoreMBean
+{
+ public String getSecurityDomain();
+ public void setSecurityDomain(String securityDomain);
+ public void setDefaultSecurityConfig(Element conf) throws Exception;
+ public Element getDefaultSecurityConfig();
+
+ public void setSuckerPassword(String password);
+ public void start() throws Exception;
+ public void stop() throws Exception;
+ /**
+ * @return the security meta-data for the given destination.
+ */
+ SecurityMetadata getSecurityMetadata(boolean isQueue, String destName);
+
+ void setSecurityConfig(boolean isQueue, String destName, Element conf) throws Exception;
+
+ void clearSecurityConfig(boolean isQueue, String name) throws Exception;
+
+ /**
+ * Authenticate the specified user with the given password. Implementations are most likely to
+ * delegates to a JBoss AuthenticationManager.
+ *
+ * Successful authentication will place a new SubjectContext on thread local, which will be used
+ * in the authorization process. However, we need to make sure we clean up thread local
+ * immediately after we used the information, otherwise some other people security my be screwed
+ * up, on account of thread local security stack being corrupted.
+ *
+ * @throws JMSSecurityException if the user is not authenticated
+ */
+ Subject authenticate(String user, String password) throws JMSSecurityException;
+
+ /**
+ * Authorize that the subject has at least one of the specified roles. Implementations are most
+ * likely to delegates to a JBoss AuthenticationManager.
+ *
+ * @param rolePrincipals - The set of roles allowed to read/write/create the destination.
+ * @return true if the subject is authorized, or false if not.
+ */
+ boolean authorize(String user, Set rolePrincipals, CheckType checkType);
+}
Property changes on: branches/Branch_Stable/src/main/org/jboss/jms/server/security/SecurityMetadataStoreMBean.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ native
More information about the jboss-cvs-commits
mailing list