activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jstrac...@apache.org
Subject svn commit: r380684 - in /incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq: broker/ broker/region/ security/
Date Fri, 24 Feb 2006 15:09:36 GMT
Author: jstrachan
Date: Fri Feb 24 07:09:34 2006
New Revision: 380684

URL: http://svn.apache.org/viewcvs?rev=380684&view=rev
Log:
fix for AMQ-591 so that we can add a per message level authorization policy to allow content
based authorization on a per message basis

Added:
    incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/MessageAuthorizationPolicy.java
  (with props)
Modified:
    incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/AbstractConnection.java
    incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/BrokerService.java
    incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/ConnectionContext.java
    incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/TransportConnector.java
    incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/region/PrefetchSubscription.java
    incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/region/QueueSubscription.java

Modified: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/AbstractConnection.java
URL: http://svn.apache.org/viewcvs/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/AbstractConnection.java?rev=380684&r1=380683&r2=380684&view=diff
==============================================================================
--- incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/AbstractConnection.java
(original)
+++ incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/AbstractConnection.java
Fri Feb 24 07:09:34 2006
@@ -53,6 +53,7 @@
 import org.apache.activemq.command.TransactionId;
 import org.apache.activemq.command.TransactionInfo;
 import org.apache.activemq.command.WireFormatInfo;
+import org.apache.activemq.security.MessageAuthorizationPolicy;
 import org.apache.activemq.state.CommandVisitor;
 import org.apache.activemq.state.ConsumerState;
 import org.apache.activemq.state.ProducerState;
@@ -77,7 +78,7 @@
     private static final Log serviceLog = LogFactory.getLog(AbstractConnection.class.getName()
+ ".Service");
     
     protected final Broker broker;
-    
+    private MessageAuthorizationPolicy messageAuthorizationPolicy;
     protected final List dispatchQueue = Collections.synchronizedList(new LinkedList());
     protected final TaskRunner taskRunner;
     protected final TransportConnector connector;
@@ -624,4 +625,13 @@
         return statistics;
     }
 
+    public MessageAuthorizationPolicy getMessageAuthorizationPolicy() {
+        return messageAuthorizationPolicy;
+    }
+
+    public void setMessageAuthorizationPolicy(MessageAuthorizationPolicy messageAuthorizationPolicy)
{
+        this.messageAuthorizationPolicy = messageAuthorizationPolicy;
+    }
+
+    
 }

Modified: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/BrokerService.java
URL: http://svn.apache.org/viewcvs/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/BrokerService.java?rev=380684&r1=380683&r2=380684&view=diff
==============================================================================
--- incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/BrokerService.java
(original)
+++ incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/BrokerService.java
Fri Feb 24 07:09:34 2006
@@ -51,6 +51,7 @@
 import org.apache.activemq.network.NetworkConnector;
 import org.apache.activemq.network.jms.JmsConnector;
 import org.apache.activemq.proxy.ProxyConnector;
+import org.apache.activemq.security.MessageAuthorizationPolicy;
 import org.apache.activemq.store.DefaultPersistenceAdapterFactory;
 import org.apache.activemq.store.PersistenceAdapter;
 import org.apache.activemq.store.memory.MemoryPersistenceAdapter;
@@ -95,6 +96,7 @@
     private UsageManager memoryManager;
     private PersistenceAdapter persistenceAdapter;
     private DefaultPersistenceAdapterFactory persistenceFactory;
+    private MessageAuthorizationPolicy messageAuthorizationPolicy;
     private List transportConnectors = new CopyOnWriteArrayList();
     private List networkConnectors = new CopyOnWriteArrayList();
     private List proxyConnectors = new CopyOnWriteArrayList();
@@ -154,7 +156,11 @@
         connector.setBroker(getBroker());
         connector.setBrokerName(getBrokerName());
         connector.setTaskRunnerFactory(getTaskRunnerFactory());
-
+        MessageAuthorizationPolicy policy = getMessageAuthorizationPolicy();
+        if (policy != null) {
+            connector.setMessageAuthorizationPolicy(policy);
+        }
+        
         if (isUseJmx()) {
             connector = connector.asManagedConnector(getManagementContext().getMBeanServer(),
getBrokerObjectName());
             registerConnectorMBean(connector);
@@ -689,6 +695,18 @@
         this.plugins = plugins;
     }
     
+    public MessageAuthorizationPolicy getMessageAuthorizationPolicy() {
+        return messageAuthorizationPolicy;
+    }
+
+    /**
+     * Sets the policy used to decide if the current connection is authorized to consume
+     * a given message
+     */
+    public void setMessageAuthorizationPolicy(MessageAuthorizationPolicy messageAuthorizationPolicy)
{
+        this.messageAuthorizationPolicy = messageAuthorizationPolicy;
+    }
+
     /**
      * Delete all messages from the persistent store
      * @throws IOException

Modified: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/ConnectionContext.java
URL: http://svn.apache.org/viewcvs/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/ConnectionContext.java?rev=380684&r1=380683&r2=380684&view=diff
==============================================================================
--- incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/ConnectionContext.java
(original)
+++ incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/ConnectionContext.java
Fri Feb 24 07:09:34 2006
@@ -18,12 +18,16 @@
 
 import edu.emory.mathcs.backport.java.util.concurrent.ConcurrentHashMap;
 
+import org.apache.activemq.broker.region.MessageReference;
 import org.apache.activemq.command.ConnectionId;
 import org.apache.activemq.command.WireFormatInfo;
 import org.apache.activemq.filter.MessageEvaluationContext;
+import org.apache.activemq.security.MessageAuthorizationPolicy;
 import org.apache.activemq.security.SecurityContext;
 import org.apache.activemq.transaction.Transaction;
 
+import java.io.IOException;
+
 /**
  * Used to hold context information needed to process requests sent to a broker.
  * 
@@ -45,6 +49,7 @@
     private WireFormatInfo wireFormatInfo;
     private Object longTermStoreContext;
     private boolean producerFlowControl=true;
+    private MessageAuthorizationPolicy messageAuthorizationPolicy;
     
     private final MessageEvaluationContext messageEvaluationContext = new MessageEvaluationContext();
     
@@ -112,6 +117,19 @@
         this.connector = connector;
     }
 
+    
+    public MessageAuthorizationPolicy getMessageAuthorizationPolicy() {
+        return messageAuthorizationPolicy;
+    }
+
+    /**
+     * Sets the policy used to decide if the current connection is authorized to consume
+     * a given message
+     */
+    public void setMessageAuthorizationPolicy(MessageAuthorizationPolicy messageAuthorizationPolicy)
{
+        this.messageAuthorizationPolicy = messageAuthorizationPolicy;
+    }
+
     /**
      * @return
      */
@@ -193,6 +211,13 @@
 
     public void setProducerFlowControl(boolean disableProducerFlowControl) {
         this.producerFlowControl = disableProducerFlowControl;
+    }
+
+    public boolean isAllowedToConsume(MessageReference n) throws IOException {
+        if (messageAuthorizationPolicy != null) {
+            return messageAuthorizationPolicy.isAllowedToConsume(this, n.getMessage());
+        }
+        return true;
     }
 
 }

Modified: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/TransportConnector.java
URL: http://svn.apache.org/viewcvs/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/TransportConnector.java?rev=380684&r1=380683&r2=380684&view=diff
==============================================================================
--- incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/TransportConnector.java
(original)
+++ incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/TransportConnector.java
Fri Feb 24 07:09:34 2006
@@ -27,6 +27,7 @@
 import org.apache.activemq.broker.jmx.ManagedTransportConnector;
 import org.apache.activemq.broker.region.ConnectorStatistics;
 import org.apache.activemq.command.BrokerInfo;
+import org.apache.activemq.security.MessageAuthorizationPolicy;
 import org.apache.activemq.thread.TaskRunnerFactory;
 import org.apache.activemq.transport.Transport;
 import org.apache.activemq.transport.TransportAcceptListener;
@@ -55,13 +56,15 @@
     private URI uri;
     private BrokerInfo brokerInfo = new BrokerInfo();
     private TaskRunnerFactory taskRunnerFactory = null;
+    private MessageAuthorizationPolicy messageAuthorizationPolicy;
+    private DiscoveryAgent discoveryAgent;
     protected CopyOnWriteArrayList connections = new CopyOnWriteArrayList();
     protected TransportStatusDetector statusDector;
-    private DiscoveryAgent discoveryAgent;
     private ConnectorStatistics statistics = new ConnectorStatistics();
     private URI discoveryUri;
     private URI connectUri;
 
+
     /**
      * @return Returns the connections.
      */
@@ -177,6 +180,18 @@
     public ConnectorStatistics getStatistics() {
         return statistics;
     }
+    
+    public MessageAuthorizationPolicy getMessageAuthorizationPolicy() {
+        return messageAuthorizationPolicy;
+    }
+
+    /**
+     * Sets the policy used to decide if the current connection is authorized to consume
+     * a given message
+     */
+    public void setMessageAuthorizationPolicy(MessageAuthorizationPolicy messageAuthorizationPolicy)
{
+        this.messageAuthorizationPolicy = messageAuthorizationPolicy;
+    }
 
     public void start() throws Exception {
         getServer().start();
@@ -210,7 +225,9 @@
     // Implementation methods
     // -------------------------------------------------------------------------
     protected Connection createConnection(Transport transport) throws IOException {
-        return new TransportConnection(this, transport, broker, taskRunnerFactory);
+        TransportConnection answer = new TransportConnection(this, transport, broker, taskRunnerFactory);
+        answer.setMessageAuthorizationPolicy(messageAuthorizationPolicy);
+        return answer;
     }
 
     protected TransportServer createTransportServer() throws IOException, URISyntaxException
{

Modified: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/region/PrefetchSubscription.java
URL: http://svn.apache.org/viewcvs/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/region/PrefetchSubscription.java?rev=380684&r1=380683&r2=380684&view=diff
==============================================================================
--- incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/region/PrefetchSubscription.java
(original)
+++ incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/region/PrefetchSubscription.java
Fri Feb 24 07:09:34 2006
@@ -321,8 +321,9 @@
      * @param node
      * @return false if the message should not be dispatched to the client (another sub may
have already dispatched it
      *         for example).
+     * @throws IOException 
      */
-    abstract protected boolean canDispatch(MessageReference node);
+    abstract protected boolean canDispatch(MessageReference node) throws IOException;
 
     /**
      * Used during acknowledgment to remove the message.

Modified: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/region/QueueSubscription.java
URL: http://svn.apache.org/viewcvs/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/region/QueueSubscription.java?rev=380684&r1=380683&r2=380684&view=diff
==============================================================================
--- incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/region/QueueSubscription.java
(original)
+++ incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/region/QueueSubscription.java
Fri Feb 24 07:09:34 2006
@@ -67,11 +67,16 @@
         }
     }
     
-    protected boolean canDispatch(MessageReference n) {
+    protected boolean canDispatch(MessageReference n) throws IOException {
         IndirectMessageReference node = (IndirectMessageReference) n;
         if( node.isAcked() )
             return false;
         
+        // allow user-level security
+        if (!context.isAllowedToConsume(n)) {
+            return false;
+        }
+            
         // Keep message groups together.
         String groupId = node.getGroupID();
         int sequence = node.getGroupSequence();

Added: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/MessageAuthorizationPolicy.java
URL: http://svn.apache.org/viewcvs/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/MessageAuthorizationPolicy.java?rev=380684&view=auto
==============================================================================
--- incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/MessageAuthorizationPolicy.java
(added)
+++ incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/MessageAuthorizationPolicy.java
Fri Feb 24 07:09:34 2006
@@ -0,0 +1,38 @@
+/**
+ *
+ * Copyright 2005-2006 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.security;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.Message;
+
+/**
+ * A plugin to allow custom message-level security checks to be performed before
+ * a message is consumed.
+ * 
+ * @version $Revision$
+ */
+public interface MessageAuthorizationPolicy {
+
+    /**
+     * Returns true if the given message is able to be dispatched to the connection
+     * performing any user
+     * 
+     * @return true if the context is allowed to consume the message
+     */
+    boolean isAllowedToConsume(ConnectionContext context, Message message);
+
+}

Propchange: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/MessageAuthorizationPolicy.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/MessageAuthorizationPolicy.java
------------------------------------------------------------------------------
    svn:keywords = Date Author Id Revision HeadURL

Propchange: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/MessageAuthorizationPolicy.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain



Mime
View raw message