activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jstrac...@apache.org
Subject svn commit: r504586 - in /activemq/trunk/activemq-core/src/main/java/org/apache/activemq: broker/BrokerService.java security/AuthorizationBroker.java security/SecurityContext.java
Date Wed, 07 Feb 2007 15:35:11 GMT
Author: jstrachan
Date: Wed Feb  7 07:35:10 2007
New Revision: 504586

URL: http://svn.apache.org/viewvc?view=rev&rev=504586
Log:
adding a patch to fix AMQ-1157 allowing a broker security context to be used to allow destinations
to be created on startup etc.

Modified:
    activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/BrokerService.java
    activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
    activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/SecurityContext.java

Modified: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/BrokerService.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/BrokerService.java?view=diff&rev=504586&r1=504585&r2=504586
==============================================================================
--- activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/BrokerService.java
(original)
+++ activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/BrokerService.java
Wed Feb  7 07:35:10 2007
@@ -69,6 +69,7 @@
 import org.apache.activemq.network.jms.JmsConnector;
 import org.apache.activemq.proxy.ProxyConnector;
 import org.apache.activemq.security.MessageAuthorizationPolicy;
+import org.apache.activemq.security.SecurityContext;
 import org.apache.activemq.store.DefaultPersistenceAdapterFactory;
 import org.apache.activemq.store.PersistenceAdapter;
 import org.apache.activemq.store.PersistenceAdapterFactory;
@@ -1454,6 +1455,7 @@
     protected ConnectionContext createAdminConnectionContext() throws Exception {
         ConnectionContext context = new ConnectionContext();
         context.setBroker(getBroker());
+        context.setSecurityContext(SecurityContext.BROKER_SECURITY_CONTEXT);
         return context;
     }
 

Modified: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java?view=diff&rev=504586&r1=504585&r2=504586
==============================================================================
--- activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
(original)
+++ activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
Wed Feb  7 07:35:10 2007
@@ -58,18 +58,20 @@
 
 
         //if(!((ActiveMQTempDestination)destination).getConnectionId().equals(context.getConnectionId().getValue())
) {
-        Set allowedACLs = null;
-        if(!destination.isTemporary()) {
-            allowedACLs = authorizationMap.getAdminACLs(destination);
-        } else {
-        	allowedACLs = authorizationMap.getTempDestinationAdminACLs();
+        if (!securityContext.isBrokerContext()) {
+            Set allowedACLs = null;
+            if(!destination.isTemporary()) {
+                allowedACLs = authorizationMap.getAdminACLs(destination);
+            } else {
+                allowedACLs = authorizationMap.getTempDestinationAdminACLs();
+            }
+         
+            if(allowedACLs!=null && !securityContext.isInOneOf(allowedACLs))
+                throw new SecurityException("User "+securityContext.getUserName()+" is not
authorized to create: "+destination);
+
         }
-     
-        if(allowedACLs!=null && !securityContext.isInOneOf(allowedACLs))
-            throw new SecurityException("User "+securityContext.getUserName()+" is not authorized
to create: "+destination);
+        // }
 
-       // }
-        
         return super.addDestination(context, destination);
     }
     

Modified: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/SecurityContext.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/SecurityContext.java?view=diff&rev=504586&r1=504585&r2=504586
==============================================================================
--- activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/SecurityContext.java
(original)
+++ activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/SecurityContext.java
Wed Feb  7 07:35:10 2007
@@ -19,7 +19,7 @@
 
 import java.util.HashSet;
 import java.util.Set;
-
+import java.util.Collections;
 import java.util.concurrent.ConcurrentHashMap;
 
 /**
@@ -29,6 +29,17 @@
  */
 abstract public class SecurityContext {
 
+    public static final SecurityContext BROKER_SECURITY_CONTEXT = new SecurityContext("ActiveMQBroker")
{
+        @Override
+        public boolean isBrokerContext() {
+            return true;
+        }
+
+        public Set getPrincipals() {
+            return Collections.EMPTY_SET;
+        }
+    };
+
     final String userName;
     
     final ConcurrentHashMap authorizedReadDests = new ConcurrentHashMap();
@@ -53,8 +64,12 @@
     public ConcurrentHashMap getAuthorizedReadDests() {
         return authorizedReadDests;
     }
+
     public ConcurrentHashMap getAuthorizedWriteDests() {
         return authorizedWriteDests;
     }
-    
+
+    public boolean isBrokerContext() {
+        return false;
+    }
 }



Mime
View raw message