[jboss-cvs] JBoss Messaging SVN: r7321 - in trunk/src/main/org/jboss/messaging/core: security/impl and 1 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Fri Jun 12 12:53:59 EDT 2009 

Author: jmesnil
Date: 2009-06-12 12:53:59 -0400 (Fri, 12 Jun 2009)
New Revision: 7321

Modified:
   trunk/src/main/org/jboss/messaging/core/management/impl/ManagementServiceImpl.java
   trunk/src/main/org/jboss/messaging/core/security/impl/SecurityStoreImpl.java
   trunk/src/main/org/jboss/messaging/core/server/impl/MessagingServerImpl.java
Log:
JBMESSAGING-1653: do not hard-code management cluster admin user 

* reverted the need to specify the cluster.management role for every clustered addresses.
* the securitystore will now bypasses permission checking for the management cluster credentials

Modified: trunk/src/main/org/jboss/messaging/core/management/impl/ManagementServiceImpl.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/management/impl/ManagementServiceImpl.java	2009-06-12 14:29:35 UTC (rev 7320)
+++ trunk/src/main/org/jboss/messaging/core/management/impl/ManagementServiceImpl.java	2009-06-12 16:53:59 UTC (rev 7321)
@@ -97,8 +97,6 @@
 {
    // Constants -----------------------------------------------------
 
-   public static final String CLUSTER_MANAGEMENT_ROLE = "cluster.management";
-
    private static final Logger log = Logger.getLogger(ManagementServiceImpl.class);
 
    private final MBeanServer mbeanServer;
@@ -213,13 +211,6 @@
       if (sm != null)
       {
          sm.addUser(managementClusterUser, managementClusterPassword);
-         sm.addRole(managementClusterUser, CLUSTER_MANAGEMENT_ROLE);
-         Set<Role> roles = new HashSet<Role>();
-         roles.add(new Role(CLUSTER_MANAGEMENT_ROLE, true, true, true, true, true, true, true));
-         messagingServer.getSecurityRepository().addMatch(configuration.getManagementAddress().toString(), roles);
-         messagingServer.getSecurityRepository().addMatch(configuration.getManagementAddress() + ".*", roles);
-         messagingServer.getSecurityRepository().addMatch(configuration.getManagementNotificationAddress().toString(), roles);
-         messagingServer.getSecurityRepository().addMatch(configuration.getManagementNotificationAddress() + ".*", roles);
       }
 
       messagingServerControl = new MessagingServerControlImpl(postOffice,

Modified: trunk/src/main/org/jboss/messaging/core/security/impl/SecurityStoreImpl.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/security/impl/SecurityStoreImpl.java	2009-06-12 14:29:35 UTC (rev 7320)
+++ trunk/src/main/org/jboss/messaging/core/security/impl/SecurityStoreImpl.java	2009-06-12 16:53:59 UTC (rev 7321)
@@ -84,7 +84,11 @@
    private volatile long lastCheck;
    
    private final boolean securityEnabled;
+
+   private final String managementClusterUser;
    
+   private final String managementClusterPassword;
+
    private final NotificationService notificationService;
    
    // Constructors --------------------------------------------------
@@ -96,12 +100,16 @@
                             final JBMSecurityManager securityManager,
                             final long invalidationInterval,
                             final boolean securityEnabled,
+                            final String managementClusterUser,
+                            final String managementClusterPassword,
                             final NotificationService notificationService)
    {
       this.securityRepository = securityRepository;
       this.securityManager = securityManager;
    	this.invalidationInterval = invalidationInterval;   	
    	this.securityEnabled = securityEnabled;
+   	this.managementClusterUser = managementClusterUser;
+   	this.managementClusterPassword = managementClusterPassword;
    	this.notificationService = notificationService;
    }
 
@@ -146,6 +154,12 @@
          
          Set<Role> roles = securityRepository.getMatch(saddress);
          
+         // bypass permission checks for management cluster user
+         if (managementClusterUser.equals(user) && session.getPassword().equals(managementClusterPassword))
+         {
+            return;
+         }
+         
          if (!securityManager.validateUserAndRole(user, session.getPassword(), roles, checkType))
          {
             if (notificationService != null)

Modified: trunk/src/main/org/jboss/messaging/core/server/impl/MessagingServerImpl.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/server/impl/MessagingServerImpl.java	2009-06-12 14:29:35 UTC (rev 7320)
+++ trunk/src/main/org/jboss/messaging/core/server/impl/MessagingServerImpl.java	2009-06-12 16:53:59 UTC (rev 7321)
@@ -901,6 +901,8 @@
                                             securityManager,
                                             configuration.getSecurityInvalidationInterval(),
                                             configuration.isSecurityEnabled(),
+                                            configuration.getManagementClusterUser(),
+                                            configuration.getManagementClusterPassword(),
                                             managementService);
 
       queueFactory = new QueueFactoryImpl(scheduledPool, addressSettingsRepository, storageManager);

More information about the jboss-cvs-commits mailing list