activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chir...@apache.org
Subject svn commit: r1502827 - in /activemq/activemq-apollo/trunk: apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/ apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/ apollo-broker/src/test/scala/ apollo-dto/src/main/java/o...
Date Sat, 13 Jul 2013 16:51:53 GMT
Author: chirino
Date: Sat Jul 13 16:51:53 2013
New Revision: 1502827

URL: http://svn.apache.org/r1502827
Log:
Fixes APLO-330 : Support using a different Authorizer Authenticator implementations.

Added:
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/SecurityFactory.scala
    activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SecurityDTO.java
    activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/apollo-stomp-custom-security.xml
    activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/test/StompCustomSecurityTest.scala
    activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/test/UserOwnershipSecurityFactory.scala
Modified:
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Broker.scala
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/VirtualHost.scala
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authorizer.scala
    activemq/activemq-apollo/trunk/apollo-broker/src/test/scala/BrokerFunSuiteSupport.scala
    activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/BrokerDTO.java
    activemq/activemq-apollo/trunk/apollo-util/src/main/scala/org/apache/activemq/apollo/util/ClassFinder.scala

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Broker.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Broker.scala?rev=1502827&r1=1502826&r2=1502827&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Broker.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Broker.scala
Sat Jul 13 16:51:53 2013
@@ -503,13 +503,7 @@ class Broker() extends BaseService with 
       null
     }
 
-    if (config.authentication != null && config.authentication.enabled.getOrElse(true))
{
-      authenticator = new JaasAuthenticator(config.authentication, security_log)
-      authorizer=Authorizer(this)
-    } else {
-      authenticator = null
-      authorizer=Authorizer()
-    }
+    SecurityFactory.install(this)
 
     val host_config_by_id = HashMap[AsciiBuffer, VirtualHostDTO]()
     config.virtual_hosts.foreach{ value =>

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/VirtualHost.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/VirtualHost.scala?rev=1502827&r1=1502826&r2=1502827&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/VirtualHost.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/VirtualHost.scala
Sat Jul 13 16:51:53 2013
@@ -148,25 +148,7 @@ class VirtualHost(val broker: Broker, va
     audit_log = Option(log_category.audit).map(Log(_)).getOrElse(broker.audit_log)
     connection_log = Option(log_category.connection).map(Log(_)).getOrElse(broker.connection_log)
     console_log = Option(log_category.console).map(Log(_)).getOrElse(broker.console_log)
-
-    if (config.authentication != null) {
-      if (config.authentication.enabled.getOrElse(true)) {
-        // Virtual host has it's own settings.
-        authenticator = new JaasAuthenticator(config.authentication, security_log)
-      } else {
-        // Don't use security on this host.
-        authenticator = null
-      }
-    } else {
-      // use the broker's settings..
-      authenticator = broker.authenticator
-    }
-    if( authenticator!=null ) {
-      val rules = config.access_rules.toList ::: broker.config.access_rules.toList
-      authorizer = Authorizer(broker, this)
-    } else {
-      authorizer = Authorizer()
-    }
+    SecurityFactory.install(this)
   }
 
   override protected def _start(on_completed:Task):Unit = {

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authorizer.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authorizer.scala?rev=1502827&r1=1502826&r2=1502827&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authorizer.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authorizer.scala
Sat Jul 13 16:51:53 2013
@@ -102,17 +102,18 @@ object Authorizer {
     def can(ctx: SecurityContext, action: String, resource: SecuredResource) = true
   }
 
-  def apply(broker:Broker, host:VirtualHost=null):Authorizer = {
+  def apply(broker:Broker):Authorizer = {
     import collection.JavaConversions._
+    val pk = broker.authenticator.acl_principal_kinds
+    val rules = broker.config.access_rules.toList.flatMap(parse(broker.console_log, _,pk))
+    new RulesAuthorizer(version_counter.incrementAndGet(), rules.toArray )
+  }
 
-    val rules = if( host==null ) {
-      val pk = broker.authenticator.acl_principal_kinds
-      broker.config.access_rules.toList.flatMap(parse(broker.console_log, _,pk))
-    } else {
-      val pk = host.authenticator.acl_principal_kinds
-      host.config.access_rules.toList.flatMap(parse(host.console_log, _,pk, host)) :::
-      broker.config.access_rules.toList.flatMap(parse(broker.console_log, _,pk))
-    }
+  def apply(host:VirtualHost=null):Authorizer = {
+    import collection.JavaConversions._
+    val pk = host.authenticator.acl_principal_kinds
+    val rules =  host.config.access_rules.toList.flatMap(parse(host.console_log, _,pk, host))
:::
+        host.broker.config.access_rules.toList.flatMap(parse(host.broker.console_log, _,pk))
     new RulesAuthorizer(version_counter.incrementAndGet(), rules.toArray )
   }
 

Added: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/SecurityFactory.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/SecurityFactory.scala?rev=1502827&view=auto
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/SecurityFactory.scala
(added)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/SecurityFactory.scala
Sat Jul 13 16:51:53 2013
@@ -0,0 +1,94 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.apollo.broker.security
+
+import org.apache.activemq.apollo.util._
+import org.apache.activemq.apollo.broker.{VirtualHost, Broker}
+
+trait SecurityFactory {
+  def install(broker:Broker):Unit
+  def install(virtual_host:VirtualHost):Unit
+}
+
+object DefaultSecurityFactory extends SecurityFactory {
+
+  def install(broker:Broker) = {
+    import OptionSupport._
+    val config = broker.config
+    if (config.authentication != null && config.authentication.enabled.getOrElse(true))
{
+      broker.authenticator = new JaasAuthenticator(config.authentication, broker.security_log)
+      broker.authorizer = Authorizer(broker)
+    } else {
+      broker.authenticator = null
+      broker.authorizer = Authorizer()
+    }
+  }
+
+  def install(host:VirtualHost) = {
+    import OptionSupport._
+    val config = host.config
+    val broker = host.broker
+
+    if (config.authentication != null) {
+      if (config.authentication.enabled.getOrElse(true)) {
+        // Virtual host has it's own settings.
+        host.authenticator = new JaasAuthenticator(config.authentication, host.security_log)
+      } else {
+        // Don't use security on this host.
+        host.authenticator = null
+      }
+    } else {
+      // use the broker's settings..
+      host.authenticator = broker.authenticator
+    }
+    if( broker.authenticator !=null ) {
+      host.authorizer = Authorizer(host)
+    } else {
+      host.authorizer = Authorizer()
+    }
+  }
+}
+
+/**
+ * <p>
+ * </p>
+ *
+ * @author <a href="http://hiramchirino.com">Hiram Chirino</a>
+ */
+object SecurityFactory extends SecurityFactory {
+
+  def install(broker: Broker) = {
+    var factory_name = broker.config.security_factory
+    if( factory_name == null ) {
+      DefaultSecurityFactory.install(broker)
+    } else {
+      val sf = ClassFinder.default_loader.load(factory_name, classOf[SecurityFactory])
+      sf.install(broker)
+    }
+  }
+
+  def install(virtual_host: VirtualHost) = {
+    var factory_name = virtual_host.broker.config.security_factory
+    if( factory_name == null ) {
+      DefaultSecurityFactory.install(virtual_host)
+    } else {
+      val sf = ClassFinder.default_loader.load(factory_name, classOf[SecurityFactory])
+      sf.install(virtual_host)
+    }
+  }
+
+}

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/test/scala/BrokerFunSuiteSupport.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/test/scala/BrokerFunSuiteSupport.scala?rev=1502827&r1=1502826&r2=1502827&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/test/scala/BrokerFunSuiteSupport.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/test/scala/BrokerFunSuiteSupport.scala
Sat Jul 13 16:51:53 2013
@@ -213,7 +213,7 @@ class BrokerFunSuiteSupport extends FunS
     super.afterAll()
   }
 
-  override def onTestFailure(e:Throwable) = {
+  override def onTestFailure(e:Throwable) = try {
     info("====== broker state dump start ======")
     val c = new CountDownLatch(1)
     broker.dispatch_queue {
@@ -256,6 +256,8 @@ class BrokerFunSuiteSupport extends FunS
     }
     c.await()
     info("====== broker state dump emd ======")
+  } catch {
+    case x:Throwable =>
   }
 
   def connector_port(connector: String) = BrokerTestSupport.connector_port(broker, connector)

Modified: activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/BrokerDTO.java
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/BrokerDTO.java?rev=1502827&r1=1502826&r2=1502827&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/BrokerDTO.java
(original)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/BrokerDTO.java
Sat Jul 13 16:51:53 2013
@@ -114,6 +114,14 @@ public class BrokerDTO {
     @XmlAnyElement(lax=true)
     public List<Object> other = new ArrayList<Object>();
 
+    /**
+     * If you want use a custom authorization and authentication scheme,
+     * then set this to the name of a class that implements the
+     * SecurityFactory interface.
+     */
+    @XmlAttribute(name = "security_factory")
+    public String security_factory;
+
 
     @Override
     public boolean equals(Object o) {
@@ -128,25 +136,36 @@ public class BrokerDTO {
             return false;
         if (client_address != null ? !client_address.equals(brokerDTO.client_address) : brokerDTO.client_address
!= null)
             return false;
-        if (connectors != null ? !connectors.equals(brokerDTO.connectors) : brokerDTO.connectors
!= null) return false;
+        if (connectors != null ? !connectors.equals(brokerDTO.connectors) : brokerDTO.connectors
!= null)
+            return false;
+        if (id != null ? !id.equals(brokerDTO.id) : brokerDTO.id != null)
+            return false;
         if (key_storage != null ? !key_storage.equals(brokerDTO.key_storage) : brokerDTO.key_storage
!= null)
             return false;
         if (log_category != null ? !log_category.equals(brokerDTO.log_category) : brokerDTO.log_category
!= null)
             return false;
-        if (notes != null ? !notes.equals(brokerDTO.notes) : brokerDTO.notes != null) return
false;
-        if (other != null ? !other.equals(brokerDTO.other) : brokerDTO.other != null) return
false;
-        if (services != null ? !services.equals(brokerDTO.services) : brokerDTO.services
!= null) return false;
-        if (validation != null ? !validation.equals(brokerDTO.validation) : brokerDTO.validation
!= null) return false;
+        if (notes != null ? !notes.equals(brokerDTO.notes) : brokerDTO.notes != null)
+            return false;
+        if (other != null ? !other.equals(brokerDTO.other) : brokerDTO.other != null)
+            return false;
+        if (security_factory != null ? !security_factory.equals(brokerDTO.security_factory)
: brokerDTO.security_factory != null)
+            return false;
+        if (services != null ? !services.equals(brokerDTO.services) : brokerDTO.services
!= null)
+            return false;
+        if (validation != null ? !validation.equals(brokerDTO.validation) : brokerDTO.validation
!= null)
+            return false;
         if (virtual_hosts != null ? !virtual_hosts.equals(brokerDTO.virtual_hosts) : brokerDTO.virtual_hosts
!= null)
             return false;
-        if (web_admins != null ? !web_admins.equals(brokerDTO.web_admins) : brokerDTO.web_admins
!= null) return false;
+        if (web_admins != null ? !web_admins.equals(brokerDTO.web_admins) : brokerDTO.web_admins
!= null)
+            return false;
 
         return true;
     }
 
     @Override
     public int hashCode() {
-        int result = notes != null ? notes.hashCode() : 0;
+        int result = id != null ? id.hashCode() : 0;
+        result = 31 * result + (notes != null ? notes.hashCode() : 0);
         result = 31 * result + (virtual_hosts != null ? virtual_hosts.hashCode() : 0);
         result = 31 * result + (connectors != null ? connectors.hashCode() : 0);
         result = 31 * result + (client_address != null ? client_address.hashCode() : 0);
@@ -158,7 +177,7 @@ public class BrokerDTO {
         result = 31 * result + (services != null ? services.hashCode() : 0);
         result = 31 * result + (validation != null ? validation.hashCode() : 0);
         result = 31 * result + (other != null ? other.hashCode() : 0);
+        result = 31 * result + (security_factory != null ? security_factory.hashCode() :
0);
         return result;
     }
-
 }
\ No newline at end of file

Added: activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SecurityDTO.java
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SecurityDTO.java?rev=1502827&view=auto
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SecurityDTO.java
(added)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SecurityDTO.java
Sat Jul 13 16:51:53 2013
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.apollo.dto;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import com.fasterxml.jackson.databind.annotation.JsonTypeIdResolver;
+
+import javax.xml.bind.annotation.XmlType;
+
+/**
+ * @author <a href="http://hiramchirino.com">Hiram Chirino</a>
+ */
+@XmlType (name = "security_type")
+@JsonTypeInfo(use=JsonTypeInfo.Id.CUSTOM, include=JsonTypeInfo.As.PROPERTY, property="@class")
+@JsonTypeIdResolver(ApolloTypeIdResolver.class)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract public class SecurityDTO {
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (!(o instanceof SecurityDTO)) return false;
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        return 0;
+    }
+}
\ No newline at end of file

Added: activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/apollo-stomp-custom-security.xml
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/apollo-stomp-custom-security.xml?rev=1502827&view=auto
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/apollo-stomp-custom-security.xml
(added)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/apollo-stomp-custom-security.xml
Sat Jul 13 16:51:53 2013
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<broker xmlns="http://activemq.apache.org/schema/activemq/apollo" security_factory="org.apache.activemq.apollo.stomp.test.UserOwnershipSecurityFactory">
+
+  <authentication domain="StompSecurityTest"/>
+  <access_rule allow="connect_group" action="connect"/>
+  <access_rule allow="can_send_create_consume_queue" kind="queue" action="send create
consume"/>
+  <access_rule allow="can_send_create_queue" kind="queue" action="send create"/>
+  <access_rule allow="can_send_queue"        kind="queue" action="send"/>
+  <access_rule allow="can_receive_queue"     kind="queue" action="receive"/>
+  <access_rule allow="can_consume_queue"     kind="queue" action="consume"/>
+  <access_rule allow="can_send_create_topic" kind="topic" action="send create"/>
+  <access_rule allow="can_send_topic"        kind="topic" action="send"/>
+  <access_rule allow="can_recieve_topic"     kind="topic" action="receive create"/>
+  <access_rule allow="can_consume_create_ds" kind="dsub"  action="consume create"/>
+  <access_rule allow="can_consume_ds"        kind="dsub"  action="consume"/>
+  <access_rule allow="can_recieve_topic"     kind="dsub"  action="receive create"/>
+
+  <access_rule allow="guest" action="connect"/>
+  <access_rule allow="guest" action="create destroy send receive consume" kind="topic
queue dsub" id_regex="test.*"/>
+
+  <!-- only allow connects over the tcp2 connector -->
+  <access_rule allow="connector_restricted" action="connect" connector="tcp2"/>
+
+
+  <virtual_host id="default">
+    <host_name>localhost</host_name>
+  </virtual_host>
+
+  <connector id="tcp" bind="tcp://0.0.0.0:0">
+    <stomp>
+      <add_user_header kind="org.apache.activemq.jaas.UserPrincipal">JMSXUserID</add_user_header>
+      <add_user_header kind="org.apache.activemq.apollo.broker.security.SourceAddressPrincipal">sender-ip</add_user_header>
+    </stomp>
+  </connector>
+  <connector id="tcp2" bind="tcp://0.0.0.0:0">
+  </connector>
+  <connector id="stomp-udp" bind="udp://0.0.0.0:0" protocol="stomp-udp">
+    <stomp>
+      <add_user_header kind="org.apache.activemq.apollo.broker.security.SourceAddressPrincipal">sender-ip</add_user_header>
+    </stomp>
+  </connector>
+
+</broker>
\ No newline at end of file

Added: activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/test/StompCustomSecurityTest.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/test/StompCustomSecurityTest.scala?rev=1502827&view=auto
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/test/StompCustomSecurityTest.scala
(added)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/test/StompCustomSecurityTest.scala
Sat Jul 13 16:51:53 2013
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.apollo.stomp.test
+
+import java.lang.String
+import java.nio.channels.DatagramChannel
+import java.net.InetSocketAddress
+import org.fusesource.hawtbuf.AsciiBuffer
+
+class StompCustomSecurityTest extends StompTestSupport {
+
+  override def broker_config_uri: String = "xml:classpath:apollo-stomp-custom-security.xml"
+
+  override def is_parallel_test_class: Boolean = false
+
+  override def beforeAll = {
+    try {
+      val login_file = new java.io.File(getClass.getClassLoader.getResource("login.config").getFile())
+      System.setProperty("java.security.auth.login.config", login_file.getCanonicalPath)
+    } catch {
+      case x: Throwable => x.printStackTrace
+    }
+    super.beforeAll
+  }
+
+  test("User authorized to use own queues") {
+    connect("1.1", client,
+      "login:guest\n" +
+      "passcode:guest\n")
+
+    client.write(
+      "SEND\n" +
+       "destination:/queue/user.guest\n" +
+       "receipt:0\n" +
+       "\n" +
+       "Hello World\n")
+
+    wait_for_receipt("0")
+
+  }
+
+
+  test("User not authorized to use other queues") {
+    connect("1.1", client,
+      "login:guest\n" +
+      "passcode:guest\n")
+
+    client.write(
+      "SEND\n" +
+      "destination:/queue/user.hiram\n" +
+      "receipt:0\n" +
+      "\n" +
+      "Hello World\n")
+
+    val frame = client.receive()
+    frame should startWith("ERROR\n")
+    frame should include("message:Not authorized to create the queue")
+
+  }
+
+}

Added: activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/test/UserOwnershipSecurityFactory.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/test/UserOwnershipSecurityFactory.scala?rev=1502827&view=auto
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/test/UserOwnershipSecurityFactory.scala
(added)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/test/UserOwnershipSecurityFactory.scala
Sat Jul 13 16:51:53 2013
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.apollo.stomp.test
+
+import org.apache.activemq.apollo.broker.security._
+import org.apache.activemq.apollo.broker.{Queue, Broker, VirtualHost}
+import java.lang.Boolean
+
+/**
+ * This is an example implementation of a SecurityFactory which
+ * provides the default authentication and authorization behaviours,
+ * except that it applies a dynamic authorization scheme so that users
+ * are only allowed to use queues named "user.${user}.**"
+ */
+class UserOwnershipSecurityFactory extends SecurityFactory {
+
+  def install(broker: Broker) {
+    DefaultSecurityFactory.install(broker)
+  }
+
+  def install(virtual_host: VirtualHost) {
+    DefaultSecurityFactory.install(virtual_host)
+    val default_authorizer = virtual_host.authorizer
+    virtual_host.authorizer = new Authorizer() {
+      def can(ctx: SecurityContext, action: String, resource: SecuredResource): Boolean =
{
+        resource.resource_kind match {
+          case SecuredResource.QueueKind =>
+            val id = resource.id
+            return id.startsWith("user."+ctx.user) || id.startsWith("user."+ctx.user+".")
+          case _ =>
+            return default_authorizer.can(ctx, action, resource)
+        }
+      }
+    }
+  }
+}

Modified: activemq/activemq-apollo/trunk/apollo-util/src/main/scala/org/apache/activemq/apollo/util/ClassFinder.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-util/src/main/scala/org/apache/activemq/apollo/util/ClassFinder.scala?rev=1502827&r1=1502826&r2=1502827&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-util/src/main/scala/org/apache/activemq/apollo/util/ClassFinder.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-util/src/main/scala/org/apache/activemq/apollo/util/ClassFinder.scala
Sat Jul 13 16:51:53 2013
@@ -28,6 +28,7 @@ object ClassFinder extends Log {
 
   trait Loader {
     def discover[T](path:String, clazz: Class[T])( callback: List[T]=>Unit )
+    def load[T](name: String, clazz: Class[T]): T
   }
 
   case class ClassLoaderLoader(loaders: Seq[ClassLoader]) extends Loader {
@@ -54,6 +55,16 @@ object ClassFinder extends Log {
       val singltons = classes.flatMap(x=> instantiate(clazz, x) ).distinct
       callback( singltons.toList )
     }
+
+    def load[T](name: String, clazz: Class[T]): T = {
+      loaders.foreach { loader=>
+        instantiate(clazz, loader.loadClass(name)) match {
+          case Some(rc)=> return rc
+          case None =>
+        }
+      }
+      throw new ClassNotFoundException(name)
+    }
   }
 
   def instantiate[T](target:Class[T], clazz:Class[_]) = {



Mime
View raw message