[jboss-cvs] JBoss Messaging SVN: r7321 - in trunk/src/main/org/jboss/messaging/core: security/impl and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Jun 12 12:53:59 EDT 2009
Author: jmesnil
Date: 2009-06-12 12:53:59 -0400 (Fri, 12 Jun 2009)
New Revision: 7321
Modified:
trunk/src/main/org/jboss/messaging/core/management/impl/ManagementServiceImpl.java
trunk/src/main/org/jboss/messaging/core/security/impl/SecurityStoreImpl.java
trunk/src/main/org/jboss/messaging/core/server/impl/MessagingServerImpl.java
Log:
JBMESSAGING-1653: do not hard-code management cluster admin user
* reverted the need to specify the cluster.management role for every clustered addresses.
* the securitystore will now bypasses permission checking for the management cluster credentials
Modified: trunk/src/main/org/jboss/messaging/core/management/impl/ManagementServiceImpl.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/management/impl/ManagementServiceImpl.java 2009-06-12 14:29:35 UTC (rev 7320)
+++ trunk/src/main/org/jboss/messaging/core/management/impl/ManagementServiceImpl.java 2009-06-12 16:53:59 UTC (rev 7321)
@@ -97,8 +97,6 @@
{
// Constants -----------------------------------------------------
- public static final String CLUSTER_MANAGEMENT_ROLE = "cluster.management";
-
private static final Logger log = Logger.getLogger(ManagementServiceImpl.class);
private final MBeanServer mbeanServer;
@@ -213,13 +211,6 @@
if (sm != null)
{
sm.addUser(managementClusterUser, managementClusterPassword);
- sm.addRole(managementClusterUser, CLUSTER_MANAGEMENT_ROLE);
- Set<Role> roles = new HashSet<Role>();
- roles.add(new Role(CLUSTER_MANAGEMENT_ROLE, true, true, true, true, true, true, true));
- messagingServer.getSecurityRepository().addMatch(configuration.getManagementAddress().toString(), roles);
- messagingServer.getSecurityRepository().addMatch(configuration.getManagementAddress() + ".*", roles);
- messagingServer.getSecurityRepository().addMatch(configuration.getManagementNotificationAddress().toString(), roles);
- messagingServer.getSecurityRepository().addMatch(configuration.getManagementNotificationAddress() + ".*", roles);
}
messagingServerControl = new MessagingServerControlImpl(postOffice,
Modified: trunk/src/main/org/jboss/messaging/core/security/impl/SecurityStoreImpl.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/security/impl/SecurityStoreImpl.java 2009-06-12 14:29:35 UTC (rev 7320)
+++ trunk/src/main/org/jboss/messaging/core/security/impl/SecurityStoreImpl.java 2009-06-12 16:53:59 UTC (rev 7321)
@@ -84,7 +84,11 @@
private volatile long lastCheck;
private final boolean securityEnabled;
+
+ private final String managementClusterUser;
+ private final String managementClusterPassword;
+
private final NotificationService notificationService;
// Constructors --------------------------------------------------
@@ -96,12 +100,16 @@
final JBMSecurityManager securityManager,
final long invalidationInterval,
final boolean securityEnabled,
+ final String managementClusterUser,
+ final String managementClusterPassword,
final NotificationService notificationService)
{
this.securityRepository = securityRepository;
this.securityManager = securityManager;
this.invalidationInterval = invalidationInterval;
this.securityEnabled = securityEnabled;
+ this.managementClusterUser = managementClusterUser;
+ this.managementClusterPassword = managementClusterPassword;
this.notificationService = notificationService;
}
@@ -146,6 +154,12 @@
Set<Role> roles = securityRepository.getMatch(saddress);
+ // bypass permission checks for management cluster user
+ if (managementClusterUser.equals(user) && session.getPassword().equals(managementClusterPassword))
+ {
+ return;
+ }
+
if (!securityManager.validateUserAndRole(user, session.getPassword(), roles, checkType))
{
if (notificationService != null)
Modified: trunk/src/main/org/jboss/messaging/core/server/impl/MessagingServerImpl.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/server/impl/MessagingServerImpl.java 2009-06-12 14:29:35 UTC (rev 7320)
+++ trunk/src/main/org/jboss/messaging/core/server/impl/MessagingServerImpl.java 2009-06-12 16:53:59 UTC (rev 7321)
@@ -901,6 +901,8 @@
securityManager,
configuration.getSecurityInvalidationInterval(),
configuration.isSecurityEnabled(),
+ configuration.getManagementClusterUser(),
+ configuration.getManagementClusterPassword(),
managementService);
queueFactory = new QueueFactoryImpl(scheduledPool, addressSettingsRepository, storageManager);
More information about the jboss-cvs-commits
mailing list