activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chir...@apache.org
Subject svn commit: r1073560 - in /activemq/activemq-apollo/trunk: apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/ apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ apollo-dto/src/test/java/org/apache/activemq/apollo/dto/ apollo...
Date Wed, 23 Feb 2011 00:33:22 GMT
Author: chirino
Date: Wed Feb 23 00:33:21 2011
New Revision: 1073560

URL: http://svn.apache.org/viewvc?rev=1073560&view=rev
Log:
Added support for configuring additional <add_user_header> configuration elements to
the stomp element to support finer grained configuration of which principals are added to
the stomp messages.

Added:
    activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/AddUserHeaderDTO.java
      - copied, changed from r1073559, activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/StompDTO.java
Modified:
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/SecurityContext.scala
    activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/StompDTO.java
    activemq/activemq-apollo/trunk/apollo-dto/src/test/java/org/apache/activemq/apollo/dto/XmlCodecTest.java
    activemq/activemq-apollo/trunk/apollo-dto/src/test/resources/org/apache/activemq/apollo/dto/XmlCodecTest.xml
    activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/SecurityContext.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/SecurityContext.scala?rev=1073560&r1=1073559&r2=1073560&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/SecurityContext.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/SecurityContext.scala
Wed Feb 23 00:33:21 2011
@@ -39,7 +39,7 @@ class SecurityContext {
 
   var login_context:LoginContext = _
 
-  private var principles = Set[PrincipalDTO]()
+  private var _principles = Set[PrincipalDTO]()
 
   private var _subject:Subject = _
 
@@ -47,27 +47,40 @@ class SecurityContext {
 
   def subject_= (value:Subject) {
     _subject = value
-    principles = Set[PrincipalDTO]()
+    _principles = Set[PrincipalDTO]()
     if( value!=null ) {
       import collection.JavaConversions._
       value.getPrincipals.foreach { x=>
-        principles += new PrincipalDTO(x.getName, x.getClass.getName)
+        _principles += new PrincipalDTO(x.getName, x.getClass.getName)
       }
     }
   }
 
+  def principles = _principles
+
+  def principles(kind:String) = {
+    kind match {
+      case "+"=>
+        _principles
+      case "*"=>
+        _principles
+      case kind=>
+        _principles.filter(_.kind == kind)
+    }
+  }
+
   def is_allowed(acl:List[PrincipalDTO], default_kinds:List[String]):Boolean = {
 
     def kind_matches(kind:String):Boolean = {
       kind match {
         case null=>
-          return !principles.map(_.kind).intersect(default_kinds.toSet).isEmpty
+          return !_principles.map(_.kind).intersect(default_kinds.toSet).isEmpty
         case "+"=>
-          return !principles.isEmpty
+          return !_principles.isEmpty
         case "*"=>
           return true;
         case kind=>
-          return principles.map(_.kind).contains(kind)
+          return _principles.map(_.kind).contains(kind)
       }
     }
 
@@ -75,17 +88,17 @@ class SecurityContext {
       p.kind match {
         case null=>
           default_kinds.foreach { kind=>
-            if( principles.contains(new PrincipalDTO(p.allow, kind)) ) {
+            if( _principles.contains(new PrincipalDTO(p.allow, kind)) ) {
               return true;
             }
           }
           return false;
         case "+"=>
-          return principles.map(_.allow).contains(p.allow)
+          return _principles.map(_.allow).contains(p.allow)
         case "*"=>
-          return principles.map(_.allow).contains(p.allow)
+          return _principles.map(_.allow).contains(p.allow)
         case kind=>
-          return principles.contains(p)
+          return _principles.contains(p)
       }
     }
 

Copied: activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/AddUserHeaderDTO.java
(from r1073559, activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/StompDTO.java)
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/AddUserHeaderDTO.java?p2=activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/AddUserHeaderDTO.java&p1=activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/StompDTO.java&r1=1073559&r2=1073560&rev=1073560&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/StompDTO.java
(original)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/AddUserHeaderDTO.java
Wed Feb 23 00:33:21 2011
@@ -19,18 +19,24 @@ package org.apache.activemq.apollo.dto;
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlValue;
 
 /**
- * Allow you to customize the stomp protocol implementation.
+ * <p>
+ * </p>
  *
  * @author <a href="http://hiramchirino.com">Hiram Chirino</a>
  */
-@XmlRootElement(name="stomp")
 @XmlAccessorType(XmlAccessType.FIELD)
-public class StompDTO extends ProtocolDTO {
+public class AddUserHeaderDTO {
 
-    @XmlAttribute(name="add_user_header")
-    public String add_user_header;
+    @XmlValue
+    public String name;
+
+    @XmlAttribute(name="pick")
+    public String pick;
+
+    @XmlAttribute(name="kind")
+    public String kind;
 
 }

Modified: activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/StompDTO.java
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/StompDTO.java?rev=1073560&r1=1073559&r2=1073560&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/StompDTO.java
(original)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/StompDTO.java
Wed Feb 23 00:33:21 2011
@@ -16,10 +16,9 @@
  */
 package org.apache.activemq.apollo.dto;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.*;
+import java.util.ArrayList;
+import java.util.List;
 
 /**
  * Allow you to customize the stomp protocol implementation.
@@ -33,4 +32,11 @@ public class StompDTO extends ProtocolDT
     @XmlAttribute(name="add_user_header")
     public String add_user_header;
 
+    /**
+     * A broker accepts connections via it's configured connectors.
+     */
+    @XmlElement(name="add_user_header")
+    public List<AddUserHeaderDTO> add_user_headers = new ArrayList<AddUserHeaderDTO>();
+
+
 }

Modified: activemq/activemq-apollo/trunk/apollo-dto/src/test/java/org/apache/activemq/apollo/dto/XmlCodecTest.java
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/test/java/org/apache/activemq/apollo/dto/XmlCodecTest.java?rev=1073560&r1=1073559&r2=1073560&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/test/java/org/apache/activemq/apollo/dto/XmlCodecTest.java
(original)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/test/java/org/apache/activemq/apollo/dto/XmlCodecTest.java
Wed Feb 23 00:33:21 2011
@@ -19,6 +19,8 @@ package org.apache.activemq.apollo.dto;
 import org.junit.Test;
 
 import java.io.InputStream;
+import java.util.List;
+
 import static junit.framework.Assert.*;
 
 
@@ -44,6 +46,11 @@ public class XmlCodecTest {
         assertTrue(stomp instanceof StompDTO);
         assertEquals("JMSXUserID", ((StompDTO) stomp).add_user_header);
 
+        List<AddUserHeaderDTO> add_user_headers = ((StompDTO) stomp).add_user_headers;
+        assertEquals(2, add_user_headers.size());
+        assertEquals("GroupId", add_user_headers.get(0).name);
+        assertEquals("UserId", add_user_headers.get(1).name);
+        assertEquals("UserPrincipal", add_user_headers.get(1).kind);
 
         VirtualHostDTO host = dto.virtual_hosts.get(0);
         assertNotNull(host.acl);

Modified: activemq/activemq-apollo/trunk/apollo-dto/src/test/resources/org/apache/activemq/apollo/dto/XmlCodecTest.xml
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/test/resources/org/apache/activemq/apollo/dto/XmlCodecTest.xml?rev=1073560&r1=1073559&r2=1073560&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/test/resources/org/apache/activemq/apollo/dto/XmlCodecTest.xml
(original)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/test/resources/org/apache/activemq/apollo/dto/XmlCodecTest.xml
Wed Feb 23 00:33:21 2011
@@ -34,6 +34,9 @@
 
   </virtual_host>
   <connector bind="tcp://0.0.0.0:61616" enabled="true" id="port-61616">
-    <stomp add_user_header="JMSXUserID"/>
+    <stomp add_user_header="JMSXUserID">
+      <add_user_header>GroupId</add_user_header>
+      <add_user_header kind="UserPrincipal">UserId</add_user_header>
+    </stomp>
   </connector>
 </broker>

Modified: activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala?rev=1073560&r1=1073559&r2=1073560&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
Wed Feb 23 00:33:21 2011
@@ -719,9 +719,24 @@ class StompProtocolHandler extends Proto
     }
 
     // Do we need to add the user id?
-    if( host.authenticator!=null && config.add_user_header!=null ) {
-      host.authenticator.user_name(security_context).foreach{ name=>
-        rc ::= (encode_header(config.add_user_header), encode_header(name))
+    if( host.authenticator!=null ) {
+      if( config.add_user_header!=null ) {
+        host.authenticator.user_name(security_context).foreach{ name=>
+          rc ::= (encode_header(config.add_user_header), encode_header(name))
+        }
+      }
+      if( !config.add_user_headers.isEmpty ){
+        import collection.JavaConversions._
+        config.add_user_headers.foreach { h =>
+          val matches = security_context.principles(h.kind)
+          if( !matches.isEmpty ) {
+            if( Option(h.pick).getOrElse("first") == "first" ) {
+              rc ::= (encode_header(h.name), encode_header(matches.head.allow))
+            } else {
+              rc ::= (encode_header(h.name), encode_header(matches.map(_.allow).mkString("|")))
+            }
+          }
+        }
       }
     }
 



Mime
View raw message