activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chir...@apache.org
Subject svn commit: r1129765 - in /activemq/activemq-apollo/trunk: apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/ apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/ apollo-dto/src/main/java/org/apache/activemq/...
Date Tue, 31 May 2011 15:47:59 GMT
Author: chirino
Date: Tue May 31 15:47:59 2011
New Revision: 1129765

URL: http://svn.apache.org/viewvc?rev=1129765&view=rev
Log:
Fixes: https://issues.apache.org/jira/browse/APLO-29 - Added a config acl role to the broker
object.

Modified:
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/AclAuthorizer.scala
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authorizer.scala
    activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/apollo-ssl.xml
    activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/apollo.xml
    activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/BrokerAclDTO.java
    activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/BrokerResource.scala
    activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/Support.scala
    activemq/activemq-apollo/trunk/apollo-website/src/documentation/management-api.md
    activemq/activemq-apollo/trunk/apollo-website/src/documentation/user-manual.md

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/AclAuthorizer.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/AclAuthorizer.scala?rev=1129765&r1=1129764&r2=1129765&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/AclAuthorizer.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/AclAuthorizer.scala
Tue May 31 15:47:59 2011
@@ -53,7 +53,7 @@ class AclAuthorizer(val default_kinds:Li
     can_broker(ctx, broker)(_.admins)
   }
 
-  def can_admin(ctx: SecurityContext, broker: Broker):Boolean = log_result(ctx, "administration",
"broker") {
+  def can_admin(ctx: SecurityContext, broker: Broker):Boolean = log_result(ctx, "admin",
"broker") {
     _can_admin(ctx, broker)
   }
 
@@ -65,6 +65,10 @@ class AclAuthorizer(val default_kinds:Li
     _can_monitor(ctx, broker)
   }
 
+  def can_config(ctx: SecurityContext, broker: Broker):Boolean = log_result(ctx, "config",
"broker") {
+    can_broker(ctx, broker)(_.configs)
+  }
+
   def _can_admin(ctx: SecurityContext, host: VirtualHost): Boolean = {
     val acl = host.config.acl
     if (acl != null) {
@@ -74,7 +78,7 @@ class AclAuthorizer(val default_kinds:Li
     }
   }
 
-  def can_admin(ctx: SecurityContext, host: VirtualHost):Boolean = log_result(ctx, "administration",
"virtual host "+host.id) {
+  def can_admin(ctx: SecurityContext, host: VirtualHost):Boolean = log_result(ctx, "admin",
"virtual host "+host.id) {
     _can_admin(ctx, host)
   }
 
@@ -119,7 +123,7 @@ class AclAuthorizer(val default_kinds:Li
     can_topic(ctx, topic)(_.creates)
   }
   
-  def can_admin(ctx: SecurityContext, host: VirtualHost, topic: TopicDTO) = log_result(ctx,
"administration", "topic") {
+  def can_admin(ctx: SecurityContext, host: VirtualHost, topic: TopicDTO) = log_result(ctx,
"admin", "topic") {
     val acl = topic.acl
     if (acl != null) {
       is_in(ctx, acl.admins)
@@ -163,7 +167,7 @@ class AclAuthorizer(val default_kinds:Li
     can_queue(ctx, queue)(_.consumes)
   }
 
-  def can_admin(ctx: SecurityContext, host: VirtualHost, queue: QueueDTO) = log_result(ctx,
"administration", "queue") {
+  def can_admin(ctx: SecurityContext, host: VirtualHost, queue: QueueDTO) = log_result(ctx,
"admin", "queue") {
     val acl = queue.acl
     if (acl != null) {
       is_in(ctx, acl.admins)

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authorizer.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authorizer.scala?rev=1129765&r1=1129764&r2=1129765&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authorizer.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authorizer.scala
Tue May 31 15:47:59 2011
@@ -33,6 +33,8 @@ trait Authorizer {
 
   def can_monitor(ctx:SecurityContext, broker:Broker):Boolean
 
+  def can_config(ctx:SecurityContext, broker:Broker):Boolean
+
   def can_admin(ctx:SecurityContext, host:VirtualHost):Boolean
 
   def can_monitor(ctx:SecurityContext, host:VirtualHost):Boolean

Modified: activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/apollo-ssl.xml
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/apollo-ssl.xml?rev=1129765&r1=1129764&r2=1129765&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/apollo-ssl.xml
(original)
+++ activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/apollo-ssl.xml
Tue May 31 15:47:59 2011
@@ -32,6 +32,7 @@
   <authentication domain="apollo"/>
   <acl>
     <admin allow="admins"/>
+    <config allow="admins"/>
   </acl>
 
   <virtual_host id="${host}">

Modified: activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/apollo.xml
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/apollo.xml?rev=1129765&r1=1129764&r2=1129765&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/apollo.xml
(original)
+++ activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/apollo.xml
Tue May 31 15:47:59 2011
@@ -32,6 +32,7 @@
   <authentication domain="apollo"/>
   <acl>
     <admin allow="admins"/>
+    <config allow="admins"/>
   </acl>
 
   <virtual_host id="${host}">

Modified: activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/BrokerAclDTO.java
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/BrokerAclDTO.java?rev=1129765&r1=1129764&r2=1129765&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/BrokerAclDTO.java
(original)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/BrokerAclDTO.java
Tue May 31 15:47:59 2011
@@ -36,4 +36,6 @@ public class BrokerAclDTO {
     @XmlElement(name="monitor")
     public List<PrincipalDTO> monitors = new ArrayList<PrincipalDTO>();
 
+    @XmlElement(name="config")
+    public List<PrincipalDTO> configs = new ArrayList<PrincipalDTO>();
 }

Modified: activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/BrokerResource.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/BrokerResource.scala?rev=1129765&r1=1129764&r2=1129765&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/BrokerResource.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/BrokerResource.scala
Tue May 31 15:47:59 2011
@@ -47,7 +47,7 @@ case class BrokerResource() extends Reso
   @Path("config")
   def config_resource:ConfigurationResource = {
     with_broker { broker =>
-      admining(broker) {
+      configing(broker) {
         ConfigurationResource(this, broker.config)
       }
     }

Modified: activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/Support.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/Support.scala?rev=1129765&r1=1129764&r2=1129765&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/Support.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/Support.scala
Tue May 31 15:47:59 2011
@@ -143,6 +143,10 @@ abstract class Resource(parent:Resource=
     authorize(broker.authenticator, broker.authorizer, func) {  _.can_admin(_, broker) }
   }
 
+  protected def configing[T](broker:Broker)(func: =>FutureResult[T]):FutureResult[T] =
{
+    authorize(broker.authenticator, broker.authorizer, func) {  _.can_config(_, broker) }
+  }
+
   protected def admining[T](host:VirtualHost)(func: =>FutureResult[T]):FutureResult[T]
= {
     authorize(host.authenticator, host.authorizer, func) {  _.can_admin(_, host) }
   }

Modified: activemq/activemq-apollo/trunk/apollo-website/src/documentation/management-api.md
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-website/src/documentation/management-api.md?rev=1129765&r1=1129764&r2=1129765&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-website/src/documentation/management-api.md (original)
+++ activemq/activemq-apollo/trunk/apollo-website/src/documentation/management-api.md Tue
May 31 15:47:59 2011
@@ -91,6 +91,7 @@ fields were selected. To narrow down the
 multiple `f` query parameters to pick the fields you want to retrieve.
 
 Example:
+
     $ curl -u "admin:password" \
     'http://localhost:61680/broker/connections.json?f=id&f=read_counter'
     [

Modified: activemq/activemq-apollo/trunk/apollo-website/src/documentation/user-manual.md
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-website/src/documentation/user-manual.md?rev=1129765&r1=1129764&r2=1129765&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-website/src/documentation/user-manual.md (original)
+++ activemq/activemq-apollo/trunk/apollo-website/src/documentation/user-manual.md Tue May
31 15:47:59 2011
@@ -659,6 +659,8 @@ can be secured on which resources:
 * `broker`, `virtual_host`, `topic`, `queue`, and `dsub`
   * `admin` : use of the administrative web interface
   * `monitor` : read only use of the administrative web interface
+  * `config` : use of the administrative web interface to access and change the broker
+     configuration.
 * `connector` and `virtual_host`
   * `connect` : allows connections to the connector or virtual host
 * `topic`, `queue` and `dsub`



Mime
View raw message