activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chir...@apache.org
Subject svn commit: r1162343 [2/2] - in /activemq/activemq-apollo/trunk: apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/ apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/ apollo-dto/ apollo-dto/src/main/java/org/apache/ac...
Date Sat, 27 Aug 2011 13:13:57 GMT
Modified: activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/BrokerResource.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/BrokerResource.scala?rev=1162343&r1=1162342&r2=1162343&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/BrokerResource.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/BrokerResource.scala
Sat Aug 27 13:13:56 2011
@@ -16,7 +16,6 @@
  */
 package org.apache.activemq.apollo.web.resources;
 
-import org.apache.activemq.apollo.dto._
 import java.{lang => jl}
 import org.fusesource.hawtdispatch._
 import scala.collection.Iterable
@@ -33,6 +32,8 @@ import java.util.regex.Pattern
 import javax.servlet.http.HttpServletResponse
 import java.util.{Collections, ArrayList}
 import org.apache.activemq.apollo.broker._
+import java.security.Principal
+import org.apache.activemq.apollo.dto._
 
 /**
  * <p>
@@ -48,22 +49,23 @@ case class BrokerResource() extends Reso
   @GET
   @Path("whoami")
   def whoami():java.util.List[PrincipalDTO] = {
-    val rc: Set[PrincipalDTO] = with_broker { broker =>
-      val rc = FutureResult[Set[PrincipalDTO]]()
+    val rc: Set[Principal] = with_broker { broker =>
+      val rc = FutureResult[Set[Principal]]()
       if(broker.authenticator!=null) {
         authenticate(broker.authenticator) { security_context =>
           if(security_context!=null) {
             rc.set(Success(security_context.principles))
           } else {
-            rc.set(Success(Set[PrincipalDTO]()))
+            rc.set(Success(Set[Principal]()))
           }
         }
       } else {
-        rc.set(Success(Set[PrincipalDTO]()))
+        rc.set(Success(Set[Principal]()))
       }
       rc
     }
-    new ArrayList[PrincipalDTO](collection.JavaConversions.asJavaCollection(rc))
+    import collection.JavaConversions._
+    new ArrayList[PrincipalDTO](rc.map(x=>new PrincipalDTO(x.getClass.getName, x.getName)))
   }
 
   @GET

Modified: activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/Support.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/Support.scala?rev=1162343&r1=1162342&r2=1162343&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/Support.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/Support.scala
Sat Aug 27 13:13:56 2011
@@ -28,8 +28,8 @@ import org.fusesource.scalate.{NoValueSe
 import com.sun.jersey.core.util.Base64
 import javax.servlet.http.{HttpServletResponse, HttpServletRequest}
 import java.io.UnsupportedEncodingException
-import org.apache.activemq.apollo.broker.security.{Authorizer, SecurityContext, Authenticator}
 import org.apache.activemq.apollo.broker._
+import security.{SecuredResource, Authorizer, SecurityContext, Authenticator}
 import util.continuations._
 import org.apache.activemq.apollo.util._
 import java.net.{InetSocketAddress, URI}
@@ -96,20 +96,16 @@ abstract class Resource(parent:Resource=
   }
 
 
-  def authorize[T](authenticator:Authenticator, authorizer:Authorizer, block: =>FutureResult[T])(func:
(Authorizer, SecurityContext)=>Boolean):FutureResult[T] = {
+  def authorize[T](authenticator:Authenticator, authorizer:Authorizer, action:String, resource:SecuredResource,
block: =>FutureResult[T]):FutureResult[T] = {
     if ( authenticator != null ) {
       val rc = FutureResult[T]()
       authenticate(authenticator) { security_context =>
         try {
           if (security_context != null) {
-            if (authorizer == null) {
+            if (authorizer.can(security_context, action, resource)) {
               block.onComplete(rc)
             } else {
-              if (func(authorizer, security_context)) {
-                block.onComplete(rc)
-              } else {
-                unauthroized
-              }
+              unauthroized
             }
           } else {
             unauthroized
@@ -126,36 +122,36 @@ abstract class Resource(parent:Resource=
   }
 
   protected def monitoring[T](broker:Broker)(func: =>FutureResult[T]):FutureResult[T]
= {
-    authorize(broker.authenticator, broker.authorizer, func) {  _.can_monitor(_, broker)
}
+    authorize(broker.authenticator, broker.authorizer, "monitor", broker, func)
   }
 
   protected def admining[T](broker:Broker)(func: =>FutureResult[T]):FutureResult[T] =
{
-    authorize(broker.authenticator, broker.authorizer, func) {  _.can_admin(_, broker) }
+    authorize(broker.authenticator, broker.authorizer, "admin", broker, func)
   }
 
   protected def configing[T](broker:Broker)(func: =>FutureResult[T]):FutureResult[T] =
{
-    authorize(broker.authenticator, broker.authorizer, func) {  _.can_config(_, broker) }
+    authorize(broker.authenticator, broker.authorizer, "config", broker, func)
   }
 
   protected def admining[T](host:VirtualHost)(func: =>FutureResult[T]):FutureResult[T]
= {
-    authorize(host.authenticator, host.authorizer, func) {  _.can_admin(_, host) }
+    authorize(host.authenticator, host.authorizer, "admin", host, func)
   }
   protected def monitoring[T](host:VirtualHost)(func: =>FutureResult[T]):FutureResult[T]
= {
-    authorize(host.authenticator, host.authorizer, func) {  _.can_monitor(_, host) }
+    authorize(host.authenticator, host.authorizer, "monitor", host, func)
   }
 
   protected def admining[T](dest:Queue)(func: =>FutureResult[T]):FutureResult[T] = {
-    authorize(dest.virtual_host.authenticator, dest.virtual_host.authorizer, func) {  _.can_admin(_,
dest.virtual_host, dest.config) }
+    authorize(dest.virtual_host.authenticator, dest.virtual_host.authorizer, "admin", dest,
func)
   }
   protected def monitoring[T](dest:Queue)(func: =>FutureResult[T]):FutureResult[T] = {
-    authorize(dest.virtual_host.authenticator, dest.virtual_host.authorizer, func) {  _.can_monitor(_,
dest.virtual_host, dest.config) }
+    authorize(dest.virtual_host.authenticator, dest.virtual_host.authorizer, "monitor", dest,
func)
   }
 
   protected def admining[T](dest:Topic)(func: =>FutureResult[T]):FutureResult[T] = {
-    authorize(dest.virtual_host.authenticator, dest.virtual_host.authorizer, func) {  _.can_admin(_,
dest.virtual_host, dest.config) }
+    authorize(dest.virtual_host.authenticator, dest.virtual_host.authorizer,"admin", dest,
func)
   }
   protected def monitoring[T](dest:Topic)(func: =>FutureResult[T]):FutureResult[T] = {
-    authorize(dest.virtual_host.authenticator, dest.virtual_host.authorizer, func) {  _.can_monitor(_,
dest.virtual_host, dest.config) }
+    authorize(dest.virtual_host.authenticator, dest.virtual_host.authorizer, "monitor", dest,
func)
   }
 
   protected def authenticate[T](authenticator:Authenticator)(func: (SecurityContext)=>Unit):
Unit = {



Mime
View raw message