qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rob...@apache.org
Subject svn commit: r1147036 - in /qpid/trunk/qpid/java: broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/ broker/etc/ broker/src/main/java/org/apache/qpid/server/configuration/ broker/src/main/java/org/apache/qpid/server/plugins/ b...
Date Fri, 15 Jul 2011 08:56:00 GMT
Author: robbie
Date: Fri Jul 15 08:55:58 2011
New Revision: 1147036

URL: http://svn.apache.org/viewvc?rev=1147036&view=rev
Log:
QPID-3283: make Authentication Manager pluggable.

Refactors AuthenticationManager and collaborators to allow of AuthenticationManager to be plugged in from the configuration XML. Change PrincipalDatabaseAuthenticationManager to become a pluggable implementation.  This change removes support for the <principal-databases> element within the config.xml.   Existing use-cases are supported by the new element <pd-auth-manager/> which enables use of the PDAM implementation. Also resolves QPID-1347.

Applied patch by Keith Wall <keith.wall@gmail.com>

Added:
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerPluginFactory.java
      - copied, changed from r1146679, qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java
Removed:
    qpid/trunk/qpid/java/broker/etc/access
    qpid/trunk/qpid/java/broker/etc/passwdVhost
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/ConfigurationFilePrincipalDatabaseManager.java
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabaseManager.java
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PropertiesPrincipalDatabaseManager.java
    qpid/trunk/qpid/java/systests/etc/config-systests-ServerConfigurationTest-New.xml
    qpid/trunk/qpid/java/systests/etc/config-systests-ServerConfigurationTest-Old.xml
    qpid/trunk/qpid/java/systests/etc/virtualhosts-ServerConfigurationTest-New.xml
Modified:
    qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java
    qpid/trunk/qpid/java/broker/etc/config.xml
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java
    qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
    qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java
    qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java
    qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java
    qpid/trunk/qpid/java/systests/etc/config-systests-firewall-2.xml
    qpid/trunk/qpid/java/systests/etc/config-systests-firewall-3.xml

Modified: qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java Fri Jul 15 08:55:58 2011
@@ -80,9 +80,8 @@ public class FirewallConfigurationTest e
         out.write("\t<cache-directory>${QPID_WORK}/cache</cache-directory>\n");
         out.write("\t<management><enabled>false</enabled></management>\n");
         out.write("\t<security>\n");
-        out.write("\t\t<principal-databases>\n");
+        out.write("\t\t<pd-auth-manager>\n");
         out.write("\t\t\t<principal-database>\n");
-        out.write("\t\t\t\t<name>passwordfile</name>\n");
         out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n");
         out.write("\t\t\t\t<attributes>\n");
         out.write("\t\t\t\t\t<attribute>\n");
@@ -91,7 +90,7 @@ public class FirewallConfigurationTest e
         out.write("\t\t\t\t\t</attribute>\n");
         out.write("\t\t\t\t</attributes>\n");
         out.write("\t\t\t</principal-database>\n");
-        out.write("\t\t</principal-databases>\n");
+        out.write("\t\t</pd-auth-manager>\n");
         out.write("\t\t<firewall>\n");
         out.write("\t\t\t<xml fileName=\"" + fileB.getAbsolutePath() + "\"/>");
         out.write("\t\t</firewall>\n");
@@ -163,9 +162,8 @@ public class FirewallConfigurationTest e
         out.write("\t<plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory>\n");
         out.write("\t<management><enabled>false</enabled></management>\n");
         out.write("\t<security>\n");
-        out.write("\t\t<principal-databases>\n");
+        out.write("\t\t<pd-auth-manager>\n");
         out.write("\t\t\t<principal-database>\n");
-        out.write("\t\t\t\t<name>passwordfile</name>\n");
         out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n");
         out.write("\t\t\t\t<attributes>\n");
         out.write("\t\t\t\t\t<attribute>\n");
@@ -174,7 +172,7 @@ public class FirewallConfigurationTest e
         out.write("\t\t\t\t\t</attribute>\n");
         out.write("\t\t\t\t</attributes>\n");
         out.write("\t\t\t</principal-database>\n");
-        out.write("\t\t</principal-databases>\n");
+        out.write("\t\t</pd-auth-manager>\n");
         out.write("\t\t<firewall>\n");
         out.write("\t\t\t<xml fileName=\"" + fileB.getAbsolutePath() + "\"/>");
         out.write("\t\t</firewall>\n");
@@ -262,9 +260,8 @@ public class FirewallConfigurationTest e
         out.write("\t<plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory>\n");
         out.write("\t<management><enabled>false</enabled></management>\n");
         out.write("\t<security>\n");
-        out.write("\t\t<principal-databases>\n");
+        out.write("\t\t<pd-auth-manager>\n");
         out.write("\t\t\t<principal-database>\n");
-        out.write("\t\t\t\t<name>passwordfile</name>\n");
         out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n");
         out.write("\t\t\t\t<attributes>\n");
         out.write("\t\t\t\t\t<attribute>\n");
@@ -273,7 +270,7 @@ public class FirewallConfigurationTest e
         out.write("\t\t\t\t\t</attribute>\n");
         out.write("\t\t\t\t</attributes>\n");
         out.write("\t\t\t</principal-database>\n");
-        out.write("\t\t</principal-databases>\n");
+        out.write("\t\t</pd-auth-manager>\n");
         out.write("\t\t<firewall>\n");
         out.write("\t\t\t<rule access=\""+ ((allow) ? "allow" : "deny") +"\" network=\"127.0.0.1\"/>");
         out.write("\t\t</firewall>\n");

Modified: qpid/trunk/qpid/java/broker/etc/config.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/etc/config.xml?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/etc/config.xml (original)
+++ qpid/trunk/qpid/java/broker/etc/config.xml Fri Jul 15 08:55:58 2011
@@ -62,10 +62,8 @@
     </advanced>
 
     <security>
-        <principal-databases>
-            <!-- Example use of Base64 encoded MD5 hashes for authentication via CRAM-MD5-Hashed -->
+        <pd-auth-manager>
             <principal-database>
-                <name>passwordfile</name>
                 <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
                 <attributes>
                     <attribute>
@@ -74,7 +72,7 @@
                     </attribute>
                 </attributes>
             </principal-database>
-        </principal-databases>
+        </pd-auth-manager>
 
         <allow-all />
         

Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java Fri Jul 15 08:55:58 2011
@@ -217,6 +217,13 @@ public class ServerConfiguration extends
                     + (_configFile == null ? "" : " Configuration file : " + _configFile);
             throw new ConfigurationException(message);
         }
+
+        if (getListValue("security.principal-databases.principal-database(0).class").size() > 0)
+        {
+            String message = "Validation error : security/principal-databases is no longer supported within the configuration xml." 
+                    + (_configFile == null ? "" : " Configuration file : " + _configFile);
+            throw new ConfigurationException(message);
+        }
     }
 
     /*
@@ -514,28 +521,6 @@ public class ServerConfiguration extends
         _virtualHosts.put(config.getName(), config);
     }
 
-    public List<String> getPrincipalDatabaseNames()
-    {
-        return getListValue("security.principal-databases.principal-database.name");
-    }
-
-    public List<String> getPrincipalDatabaseClass()
-    {
-        return getListValue("security.principal-databases.principal-database.class");
-    }
-
-    public List<String> getPrincipalDatabaseAttributeNames(int index)
-    {
-        String name = "security.principal-databases.principal-database(" + index + ")." + "attributes.attribute.name";
-        return getListValue(name);
-    }
-
-    public List<String> getPrincipalDatabaseAttributeValues(int index)
-    {
-        String name = "security.principal-databases.principal-database(" + index + ")." + "attributes.attribute.value";
-        return getListValue(name);
-    }
-
     public int getFrameSize()
     {
         return getIntValue("advanced.framesize", DEFAULT_FRAME_SIZE);

Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java Fri Jul 15 08:55:58 2011
@@ -27,5 +27,5 @@ public interface Plugin
     /**
      * Provide Configuration to this plugin
      */
-    public void configure(ConfigurationPlugin config);
+    public void configure(ConfigurationPlugin config) throws ConfigurationException;
 }

Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java Fri Jul 15 08:55:58 2011
@@ -18,8 +18,16 @@
  */
 package org.apache.qpid.server.plugins;
 
-import static org.apache.felix.framework.util.FelixConstants.*;
-import static org.apache.felix.main.AutoProcessor.*;
+import static org.apache.felix.framework.util.FelixConstants.SYSTEMBUNDLE_ACTIVATORS_PROP;
+import static org.apache.felix.main.AutoProcessor.AUTO_DEPLOY_ACTION_PROPERY;
+import static org.apache.felix.main.AutoProcessor.AUTO_DEPLOY_DIR_PROPERY;
+import static org.apache.felix.main.AutoProcessor.AUTO_DEPLOY_INSTALL_VALUE;
+import static org.apache.felix.main.AutoProcessor.AUTO_DEPLOY_START_VALUE;
+import static org.apache.felix.main.AutoProcessor.process;
+import static org.osgi.framework.Constants.FRAMEWORK_STORAGE;
+import static org.osgi.framework.Constants.FRAMEWORK_STORAGE_CLEAN;
+import static org.osgi.framework.Constants.FRAMEWORK_STORAGE_CLEAN_ONFIRSTINIT;
+import static org.osgi.framework.Constants.FRAMEWORK_SYSTEMPACKAGES;
 
 import java.io.File;
 import java.util.ArrayList;
@@ -35,18 +43,20 @@ import org.apache.felix.framework.util.S
 import org.apache.log4j.Logger;
 import org.apache.qpid.common.Closeable;
 import org.apache.qpid.server.configuration.TopicConfiguration;
+import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
 import org.apache.qpid.server.configuration.plugins.SlowConsumerDetectionConfiguration.SlowConsumerDetectionConfigurationFactory;
 import org.apache.qpid.server.configuration.plugins.SlowConsumerDetectionPolicyConfiguration.SlowConsumerDetectionPolicyConfigurationFactory;
 import org.apache.qpid.server.configuration.plugins.SlowConsumerDetectionQueueConfiguration.SlowConsumerDetectionQueueConfigurationFactory;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
 import org.apache.qpid.server.exchange.ExchangeType;
 import org.apache.qpid.server.security.SecurityManager;
 import org.apache.qpid.server.security.SecurityPluginFactory;
 import org.apache.qpid.server.security.access.plugins.AllowAll;
 import org.apache.qpid.server.security.access.plugins.DenyAll;
 import org.apache.qpid.server.security.access.plugins.LegacyAccess;
-import org.apache.qpid.server.virtualhost.plugins.VirtualHostPluginFactory;
+import org.apache.qpid.server.security.auth.manager.AuthenticationManagerPluginFactory;
+import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager;
 import org.apache.qpid.server.virtualhost.plugins.SlowConsumerDetection;
+import org.apache.qpid.server.virtualhost.plugins.VirtualHostPluginFactory;
 import org.apache.qpid.server.virtualhost.plugins.policies.TopicDeletePolicy;
 import org.apache.qpid.slowconsumerdetection.policies.SlowConsumerPolicyPluginFactory;
 import org.osgi.framework.BundleActivator;
@@ -72,6 +82,7 @@ public class PluginManager implements Cl
     private ServiceTracker _configTracker = null;
     private ServiceTracker _virtualHostTracker = null;
     private ServiceTracker _policyTracker = null;
+    private ServiceTracker _authenticationManagerTracker = null;
 
     private Activator _activator;
 
@@ -79,6 +90,7 @@ public class PluginManager implements Cl
     private Map<List<String>, ConfigurationPluginFactory> _configPlugins = new IdentityHashMap<List<String>, ConfigurationPluginFactory>();
     private Map<String, VirtualHostPluginFactory> _vhostPlugins = new HashMap<String, VirtualHostPluginFactory>();
     private Map<String, SlowConsumerPolicyPluginFactory> _policyPlugins = new HashMap<String, SlowConsumerPolicyPluginFactory>();
+    private Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> _authenticationManagerPlugins = new HashMap<String, AuthenticationManagerPluginFactory<? extends Plugin>>();
 
     public PluginManager(String pluginPath, String cachePath) throws Exception
     {
@@ -97,7 +109,8 @@ public class PluginManager implements Cl
                 LegacyAccess.LegacyAccessConfiguration.FACTORY,
                 new SlowConsumerDetectionConfigurationFactory(),
                 new SlowConsumerDetectionPolicyConfigurationFactory(),
-                new SlowConsumerDetectionQueueConfigurationFactory()))
+                new SlowConsumerDetectionQueueConfigurationFactory(),
+                PrincipalDatabaseAuthenticationManager.PrincipalDatabaseAuthenticationManagerConfiguration.FACTORY))
         {
             _configPlugins.put(configFactory.getParentPaths(), configFactory);
         }
@@ -112,6 +125,12 @@ public class PluginManager implements Cl
             _vhostPlugins.put(pluginFactory.getClass().getName(), pluginFactory);
         }
 
+        for (AuthenticationManagerPluginFactory<? extends Plugin> pluginFactory : Arrays.asList(
+                PrincipalDatabaseAuthenticationManager.FACTORY))
+        {
+            _authenticationManagerPlugins.put(pluginFactory.getPluginName(), pluginFactory);
+        }
+
         // Check the plugin directory path is set and exist
         if (pluginPath == null)
         {
@@ -232,6 +251,9 @@ public class PluginManager implements Cl
         _policyTracker = new ServiceTracker(_activator.getContext(), SlowConsumerPolicyPluginFactory.class.getName(), null);
         _policyTracker.open();
         
+        _authenticationManagerTracker = new ServiceTracker(_activator.getContext(), AuthenticationManagerPluginFactory.class.getName(), null);
+        _authenticationManagerTracker.open();
+
         _logger.info("Opened service trackers");
     }
 
@@ -302,6 +324,11 @@ public class PluginManager implements Cl
         return getServices(_securityTracker, _securityPlugins);
     }
 
+    public Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> getAuthenticationManagerPlugins()
+    {
+        return getServices(_authenticationManagerTracker, _authenticationManagerPlugins);
+    }
+
     public void close()
     {
         if (_felix != null)
@@ -314,6 +341,7 @@ public class PluginManager implements Cl
                 _configTracker.close();
                 _virtualHostTracker.close();
                 _policyTracker.close();
+                _authenticationManagerTracker.close();
             }
             finally
             {

Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java Fri Jul 15 08:55:58 2011
@@ -21,7 +21,9 @@
 package org.apache.qpid.server.registry;
 
 import java.net.InetSocketAddress;
+import java.util.Collection;
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.Map;
 import java.util.Timer;
 import java.util.TimerTask;
@@ -52,12 +54,12 @@ import org.apache.qpid.server.logging.me
 import org.apache.qpid.server.logging.messages.VirtualHostMessages;
 import org.apache.qpid.server.management.ManagedObjectRegistry;
 import org.apache.qpid.server.management.NoopManagedObjectRegistry;
+import org.apache.qpid.server.plugins.Plugin;
 import org.apache.qpid.server.plugins.PluginManager;
 import org.apache.qpid.server.security.SecurityManager;
-import org.apache.qpid.server.security.auth.database.ConfigurationFilePrincipalDatabaseManager;
-import org.apache.qpid.server.security.auth.database.PrincipalDatabaseManager;
+import org.apache.qpid.server.security.SecurityManager.SecurityConfiguration;
 import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
-import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager;
+import org.apache.qpid.server.security.auth.manager.AuthenticationManagerPluginFactory;
 import org.apache.qpid.server.stats.StatisticsCounter;
 import org.apache.qpid.server.transport.QpidAcceptor;
 import org.apache.qpid.server.virtualhost.VirtualHost;
@@ -89,8 +91,6 @@ public abstract class ApplicationRegistr
 
     protected SecurityManager _securityManager;
 
-    protected PrincipalDatabaseManager _databaseManager;
-
     protected PluginManager _pluginManager;
 
     protected ConfigurationManager _configurationManager;
@@ -253,11 +253,7 @@ public abstract class ApplicationRegistr
 
             _securityManager = new SecurityManager(_configuration, _pluginManager);
 
-            createDatabaseManager(_configuration);
-
-            _authenticationManager = new PrincipalDatabaseAuthenticationManager();
-
-            _databaseManager.initialiseManagement(_configuration);
+            _authenticationManager = createAuthenticationManager();
 
             _managedObjectRegistry.start();
         }
@@ -280,9 +276,51 @@ public abstract class ApplicationRegistr
         }
     }
 
-    protected void createDatabaseManager(ServerConfiguration configuration) throws Exception
+    /**
+     * Iterates across all discovered authentication manager factories, offering the security configuration to each.
+     * Expects <b>exactly</b> one authentication manager to configure and initialise itself.
+     * 
+     * It is an error to configure more than one authentication manager, or to configure none.
+     *
+     * @return authentication manager
+     * @throws ConfigurationException
+     */
+    protected AuthenticationManager createAuthenticationManager() throws ConfigurationException
     {
-        _databaseManager = new ConfigurationFilePrincipalDatabaseManager(_configuration);
+        final SecurityConfiguration securityConfiguration = _configuration.getConfiguration(SecurityConfiguration.class.getName());
+        final Collection<AuthenticationManagerPluginFactory<? extends Plugin>> factories = _pluginManager.getAuthenticationManagerPlugins().values();
+        
+        if (factories.size() == 0)
+        {
+            throw new ConfigurationException("No authentication manager factory plugins found.  Check the desired authentication" +
+                    "manager plugin has been placed in the plugins directory.");
+        }
+        
+        AuthenticationManager authMgr = null;
+        
+        for (final Iterator<AuthenticationManagerPluginFactory<? extends Plugin>> iterator = factories.iterator(); iterator.hasNext();)
+        {
+            final AuthenticationManagerPluginFactory<? extends Plugin> factory = (AuthenticationManagerPluginFactory<? extends Plugin>) iterator.next();
+            final AuthenticationManager tmp = factory.newInstance(securityConfiguration);
+            if (tmp != null)
+            {
+                if (authMgr != null)
+                {
+                    throw new ConfigurationException("Cannot configure more than one authentication manager."
+                            + " Both " + tmp.getClass() + " and " + authMgr.getClass() + " are configured."
+                            + " Remove configuration for one of the authentication manager, or remove the plugin JAR"
+                            + " from the classpath.");
+                }
+                authMgr = tmp;
+            }
+        }
+
+        if (authMgr == null)
+        {
+            throw new ConfigurationException("No authentication managers configured within the configure file.");
+        }
+        
+        return authMgr;
     }
 
     protected void initialiseVirtualHosts() throws Exception
@@ -422,10 +460,6 @@ public abstract class ApplicationRegistr
         //Shutdown virtualhosts
         close(_virtualHostRegistry);
 
-//      close(_accessManager);
-//
-//      close(_databaseManager);
-
         close(_authenticationManager);
 
         close(_managedObjectRegistry);
@@ -487,11 +521,6 @@ public abstract class ApplicationRegistr
         return _managedObjectRegistry;
     }
 
-    public PrincipalDatabaseManager getDatabaseManager()
-    {
-        return _databaseManager;
-    }
-
     public AuthenticationManager getAuthenticationManager()
     {
         return _authenticationManager;

Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java Fri Jul 15 08:55:58 2011
@@ -33,7 +33,6 @@ import org.apache.qpid.server.logging.Ro
 import org.apache.qpid.server.management.ManagedObjectRegistry;
 import org.apache.qpid.server.plugins.PluginManager;
 import org.apache.qpid.server.security.SecurityManager;
-import org.apache.qpid.server.security.auth.database.PrincipalDatabaseManager;
 import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
 import org.apache.qpid.server.stats.StatisticsGatherer;
 import org.apache.qpid.server.transport.QpidAcceptor;
@@ -63,8 +62,6 @@ public interface IApplicationRegistry ex
 
     ManagedObjectRegistry getManagedObjectRegistry();
 
-    PrincipalDatabaseManager getDatabaseManager();
-
     AuthenticationManager getAuthenticationManager();
 
     VirtualHostRegistry getVirtualHostRegistry();

Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java Fri Jul 15 08:55:58 2011
@@ -20,18 +20,36 @@
  */
 package org.apache.qpid.server.security.auth.manager;
 
+import javax.security.auth.Subject;
 import javax.security.sasl.SaslException;
 import javax.security.sasl.SaslServer;
 
 import org.apache.qpid.common.Closeable;
+import org.apache.qpid.server.plugins.Plugin;
 import org.apache.qpid.server.security.auth.AuthenticationResult;
 
 /**
- * The AuthenticationManager class is the entity responsible for
- * determining the authenticity of user credentials.
+ * Implementations of the AuthenticationManager are responsible for determining
+ * the authenticity of a user's credentials.
+ * 
+ * If the authentication is successful, the manager is responsible for producing a populated
+ * {@link Subject} containing the user's identity and zero or more principals representing
+ * groups to which the user belongs.
+ * <p>
+ * The {@link #initialise()} method is responsible for registering SASL mechanisms required by
+ * the manager.  The {@link #close()} method must reverse this registration.
+ * 
  */
-public interface AuthenticationManager extends Closeable
+public interface AuthenticationManager extends Closeable, Plugin
 {
+    /** The name for the required SASL Server mechanisms */
+    public static final String PROVIDER_NAME= "AMQSASLProvider-Server";
+
+    /**
+     * Initialise the authentication plugin.
+     *
+     */
+    void initialise();
 
    /**
     * Gets the SASL mechanisms known to this manager.

Copied: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerPluginFactory.java (from r1146679, qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java)
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerPluginFactory.java?p2=qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerPluginFactory.java&p1=qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java&r1=1146679&r2=1147036&rev=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerPluginFactory.java Fri Jul 15 08:55:58 2011
@@ -1,4 +1,5 @@
 /*
+ *
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
@@ -15,17 +16,17 @@
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
+ *
  */
-package org.apache.qpid.server.plugins;
+package org.apache.qpid.server.security.auth.manager;
 
-import org.apache.commons.configuration.ConfigurationException;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
+import org.apache.qpid.server.plugins.PluginFactory;
 
-public interface Plugin
+/**
+ * Factory producing authentication producing configured, initialised authentication
+ * managers.
+ */
+public interface AuthenticationManagerPluginFactory<S extends AuthenticationManager> extends PluginFactory<S>
 {
 
-    /**
-     * Provide Configuration to this plugin
-     */
-    public void configure(ConfigurationPlugin config);
 }

Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java Fri Jul 15 08:55:58 2011
@@ -20,32 +20,64 @@
  */
 package org.apache.qpid.server.security.auth.manager;
 
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.security.Security;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.TreeMap;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.AccountNotFoundException;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslException;
+import javax.security.sasl.SaslServer;
+import javax.security.sasl.SaslServerFactory;
+
+import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
 import org.apache.log4j.Logger;
-import org.apache.qpid.server.registry.ApplicationRegistry;
-import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
+import org.apache.qpid.configuration.PropertyException;
+import org.apache.qpid.configuration.PropertyUtils;
+import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
+import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
+import org.apache.qpid.server.security.auth.AuthenticationResult;
 import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
 import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
-import org.apache.qpid.server.security.auth.sasl.JCAProvider;
+import org.apache.qpid.server.security.auth.management.AMQUserManagementMBean;
 import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser;
+import org.apache.qpid.server.security.auth.sasl.JCAProvider;
 import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;
-import org.apache.qpid.server.security.auth.AuthenticationResult;
 
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.AccountNotFoundException;
-import javax.security.sasl.SaslServerFactory;
-import javax.security.sasl.SaslServer;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.Sasl;
-import java.util.Map;
-import java.util.HashMap;
-import java.util.TreeMap;
-import java.security.Security;
 
 /**
  * Concrete implementation of the AuthenticationManager that determines if supplied
- * user credentials match those appearing in a PrincipalDatabase.
+ * user credentials match those appearing in a PrincipalDatabase.   The implementation
+ * of the PrincipalDatabase is determined from the configuration.
+ * 
+ * This implementation also registers the JMX UserManagemement MBean.
+ * 
+ * This plugin expects configuration such as:
  *
+ * <pre>
+ * &lt;pd-auth-manager&gt;
+ *   &lt;principal-database&gt;
+ *      &lt;class&gt;org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase&lt;/class&gt;
+ *      &lt;attributes&gt;
+ *         &lt;attribute&gt;
+ *              &lt;name>passwordFile&lt;/name&gt;
+ *              &lt;value>${conf}/passwd&lt;/value&gt;
+ *          &lt;/attribute&gt;
+ *      &lt;/attributes&gt;
+ *   &lt;/principal-database&gt;
+ * &lt;/pd-auth-manager&gt;
+ * </pre>
  */
 public class PrincipalDatabaseAuthenticationManager implements AuthenticationManager
 {
@@ -55,58 +87,125 @@ public class PrincipalDatabaseAuthentica
     private String _mechanisms;
 
     /** Maps from the mechanism to the callback handler to use for handling those requests */
-    private Map<String, CallbackHandler> _callbackHandlerMap = new HashMap<String, CallbackHandler>();
+    private final Map<String, CallbackHandler> _callbackHandlerMap = new HashMap<String, CallbackHandler>();
 
     /**
      * Maps from the mechanism to the properties used to initialise the server. See the method Sasl.createSaslServer for
      * details of the use of these properties. This map is populated during initialisation of each provider.
      */
-    private Map<String, Map<String, ?>> _serverCreationProperties = new HashMap<String, Map<String, ?>>();
+    private final Map<String, Map<String, ?>> _serverCreationProperties = new HashMap<String, Map<String, ?>>();
+
+    protected PrincipalDatabase _principalDatabase = null;
 
-    /** The name for the required SASL Server mechanisms */
-    public static final String PROVIDER_NAME= "AMQSASLProvider-Server";
+    protected AMQUserManagementMBean _mbean = null;
 
-    public PrincipalDatabaseAuthenticationManager()  
+    public static final AuthenticationManagerPluginFactory<PrincipalDatabaseAuthenticationManager> FACTORY = new AuthenticationManagerPluginFactory<PrincipalDatabaseAuthenticationManager>()
     {
-        _logger.info("Initialising  PrincipalDatabase authentication manager.");
+        public PrincipalDatabaseAuthenticationManager newInstance(final ConfigurationPlugin config) throws ConfigurationException
+        {
+            final PrincipalDatabaseAuthenticationManagerConfiguration configuration = config.getConfiguration(PrincipalDatabaseAuthenticationManagerConfiguration.class.getName());
 
-        Map<String, Class<? extends SaslServerFactory>> providerMap = new TreeMap<String, Class<? extends SaslServerFactory>>();
+            // If there is no configuration for this plugin then don't load it.
+            if (configuration == null)
+            {
+                _logger.info("No authentication-manager configuration found for PrincipalDatabaseAuthenticationManager");
+                return null;
+            }
 
+            final PrincipalDatabaseAuthenticationManager pdam = new PrincipalDatabaseAuthenticationManager();
+            pdam.configure(configuration);
+            pdam.initialise();
+            return pdam;
+        }
 
-        initialiseAuthenticationMechanisms(providerMap, ApplicationRegistry.getInstance().getDatabaseManager().getDatabases());
+        public Class<PrincipalDatabaseAuthenticationManager> getPluginClass()
+        {
+            return PrincipalDatabaseAuthenticationManager.class;
+        }
 
-        if (providerMap.size() > 0)
+        public String getPluginName()
         {
-            // Ensure we are used before the defaults
-            if (Security.insertProviderAt(new JCAProvider(PROVIDER_NAME, providerMap), 1) == -1)
+            return PrincipalDatabaseAuthenticationManager.class.getName();
+        }
+    };
+
+    public static class PrincipalDatabaseAuthenticationManagerConfiguration extends ConfigurationPlugin {
+ 
+        public static final ConfigurationPluginFactory FACTORY = new ConfigurationPluginFactory()
+        {
+            public List<String> getParentPaths()
             {
-                _logger.error("Unable to load custom SASL providers. Qpid custom SASL authenticators unavailable.");
+                return Arrays.asList("security.pd-auth-manager");
             }
-            else
+
+            public ConfigurationPlugin newInstance(final String path, final Configuration config) throws ConfigurationException
             {
-                _logger.info("Additional SASL providers successfully registered.");
+                final ConfigurationPlugin instance = new PrincipalDatabaseAuthenticationManagerConfiguration();
+                
+                instance.setConfiguration(path, config);
+                return instance;
             }
+        };
 
+        public String[] getElementsProcessed()
+        {
+            return new String[] {"principal-database.class",
+                                 "principal-database.attributes.attribute.name",
+                                 "principal-database.attributes.attribute.value"};
         }
-        else
+
+        public void validateConfiguration() throws ConfigurationException
         {
-            _logger.warn("No additional SASL providers registered.");
+        }
+  
+        public String getPrincipalDatabaseClass()
+        {
+            return _configuration.getString("principal-database.class");
+        }
+  
+        public Map<String,String> getPdClassAttributeMap() throws ConfigurationException
+        {
+            final List<String> argumentNames = _configuration.getList("principal-database.attributes.attribute.name");
+            final List<String> argumentValues = _configuration.getList("principal-database.attributes.attribute.value");
+            final Map<String,String> attributes = new HashMap<String,String>(argumentNames.size());
+
+            for (int i = 0; i < argumentNames.size(); i++)
+            {
+                final String argName = argumentNames.get(i);
+                final String argValue = argumentValues.get(i);
+
+                attributes.put(argName, argValue);
+            }
+
+            return Collections.unmodifiableMap(attributes);
         }
     }
 
-    private void initialiseAuthenticationMechanisms(Map<String, Class<? extends SaslServerFactory>> providerMap, Map<String, PrincipalDatabase> databases) 
+    protected PrincipalDatabaseAuthenticationManager()  
     {
-        if (databases.size() > 1)
+    }
+
+    public void initialise()
+    {
+        final Map<String, Class<? extends SaslServerFactory>> providerMap = new TreeMap<String, Class<? extends SaslServerFactory>>();
+
+        initialiseAuthenticationMechanisms(providerMap, _principalDatabase);
+
+        if (providerMap.size() > 0)
         {
-            _logger.warn("More than one principle database provided currently authentication mechanism will override each other.");
+            // Ensure we are used before the defaults
+            if (Security.insertProviderAt(new JCAProvider(PROVIDER_NAME, providerMap), 1) == -1)
+            {
+                _logger.error("Unable to load custom SASL providers. Qpid custom SASL authenticators unavailable.");
+            }
+            else
+            {
+                _logger.info("Additional SASL providers successfully registered.");
+            }
         }
-
-        for (Map.Entry<String, PrincipalDatabase> entry : databases.entrySet())
+        else
         {
-            // fixme As the database now provide the mechanisms they support, they will ...
-            // overwrite each other in the map. There should only be one database per vhost.
-            // But currently we must have authentication before vhost definition.
-            initialiseAuthenticationMechanisms(providerMap, entry.getValue());
+            _logger.warn("No additional SASL providers registered.");
         }
     }
 
@@ -126,7 +225,6 @@ public class PrincipalDatabaseAuthentica
 
     private void initialiseAuthenticationMechanism(String mechanism, AuthenticationProviderInitialiser initialiser,
                                                    Map<String, Class<? extends SaslServerFactory>> providerMap)
-            
     {
         if (_mechanisms == null)
         {
@@ -147,6 +245,21 @@ public class PrincipalDatabaseAuthentica
         _logger.info("Initialised " + mechanism + " SASL provider successfully");
     }
 
+    /**
+     * @see org.apache.qpid.server.plugins.Plugin#configure(org.apache.qpid.server.configuration.plugins.ConfigurationPlugin)
+     */
+    public void configure(final ConfigurationPlugin config) throws ConfigurationException
+    {
+        final PrincipalDatabaseAuthenticationManagerConfiguration pdamConfig = (PrincipalDatabaseAuthenticationManagerConfiguration) config;
+        final String pdClazz = pdamConfig.getPrincipalDatabaseClass();
+
+        _logger.info("PrincipalDatabase concrete implementation : " + pdClazz);
+
+        _principalDatabase = createPrincipalDatabaseImpl(pdClazz);
+
+        configPrincipalDatabase(_principalDatabase, pdamConfig);        
+    }
+
     public String getMechanisms()
     {
         return _mechanisms;
@@ -158,6 +271,9 @@ public class PrincipalDatabaseAuthentica
                                      _callbackHandlerMap.get(mechanism));
     }
 
+    /**
+     * @see org.apache.qpid.server.security.auth.manager.AuthenticationManager#authenticate(SaslServer, byte[])
+     */
     public AuthenticationResult authenticate(SaslServer server, byte[] response)
     {
         try
@@ -182,23 +298,14 @@ public class PrincipalDatabaseAuthentica
         }
     }
 
-    public void close()
-    {
-        _mechanisms = null;
-        Security.removeProvider(PROVIDER_NAME);
-    }
-
     /**
      * @see org.apache.qpid.server.security.auth.manager.AuthenticationManager#authenticate(String, String)
      */
-    @Override
     public AuthenticationResult authenticate(final String username, final String password)
     {
-        final PrincipalDatabase db = ApplicationRegistry.getInstance().getDatabaseManager().getDatabases().values().iterator().next();
-
         try
         {
-            if (db.verifyPassword(username, password.toCharArray()))
+            if (_principalDatabase.verifyPassword(username, password.toCharArray()))
             {
                 final Subject subject = new Subject();
                 subject.getPrincipals().add(new UsernamePrincipal(username));
@@ -214,4 +321,139 @@ public class PrincipalDatabaseAuthentica
             return new AuthenticationResult(AuthenticationStatus.CONTINUE);
         }
     }
+
+    public void close()
+    {
+        _mechanisms = null;
+        Security.removeProvider(PROVIDER_NAME);
+    }
+
+    private PrincipalDatabase createPrincipalDatabaseImpl(final String pdClazz) throws ConfigurationException
+    {
+        try
+        {
+            return (PrincipalDatabase) Class.forName(pdClazz).newInstance();
+        }
+        catch (InstantiationException ie)
+        {
+            throw new ConfigurationException("Cannot instantiate " + pdClazz, ie);
+        }
+        catch (IllegalAccessException iae)
+        {
+            throw new ConfigurationException("Cannot access " + pdClazz, iae);
+        }
+        catch (ClassNotFoundException cnfe)
+        {
+            throw new ConfigurationException("Cannot load " + pdClazz + " implementation", cnfe);
+        }
+        catch (ClassCastException cce)
+        {
+            throw new ConfigurationException("Expecting a " + PrincipalDatabase.class + " implementation", cce);
+        }
+    }
+
+    private void configPrincipalDatabase(final PrincipalDatabase principalDatabase, final PrincipalDatabaseAuthenticationManagerConfiguration config)
+            throws ConfigurationException
+    {
+
+        final Map<String,String> attributes = config.getPdClassAttributeMap();
+
+        for (Iterator<Entry<String, String>> iterator = attributes.entrySet().iterator(); iterator.hasNext();)
+        {
+            final Entry<String, String> nameValuePair = iterator.next();
+            final String methodName = generateSetterName(nameValuePair.getKey());
+            final Method method;
+            try
+            {
+                method = principalDatabase.getClass().getMethod(methodName, String.class);
+            }
+            catch (Exception e)
+            {
+                throw new ConfigurationException("No method " + methodName + " found in class "
+                        + principalDatabase.getClass()
+                        + " hence unable to configure principal database. The method must be public and "
+                        + "have a single String argument with a void return type", e);
+            }
+            try
+            {
+                method.invoke(principalDatabase, PropertyUtils.replaceProperties(nameValuePair.getValue()));
+            }
+            catch (IllegalArgumentException e)
+            {
+                throw new ConfigurationException(e.getMessage(), e);
+            }
+            catch (PropertyException e)
+            {
+                throw new ConfigurationException(e.getMessage(), e);
+            }
+            catch (IllegalAccessException e)
+            {
+                throw new ConfigurationException(e.getMessage(), e);
+            }
+            catch (InvocationTargetException e)
+            {
+                // QPID-1347..  InvocationTargetException wraps the checked exception thrown from the reflective
+                // method call.  Pull out the underlying message and cause to make these more apparent to the user.
+                throw new ConfigurationException(e.getCause().getMessage(), e.getCause());
+            }
+        }
+    }
+
+    private String generateSetterName(String argName) throws ConfigurationException
+    {
+        if ((argName == null) || (argName.length() == 0))
+        {
+            throw new ConfigurationException("Argument names must have length >= 1 character");
+        }
+
+        if (Character.isLowerCase(argName.charAt(0)))
+        {
+            argName = Character.toUpperCase(argName.charAt(0)) + argName.substring(1);
+        }
+
+        final String methodName = "set" + argName;
+        return methodName;
+    }
+
+    protected void setPrincipalDatabase(final PrincipalDatabase principalDatabase)
+    {
+        _principalDatabase = principalDatabase;
+    }
+
+    protected void registerManagement()
+    {
+        try
+        {
+            _logger.info("Registering UserManagementMBean");
+
+            _mbean = new AMQUserManagementMBean();
+            _mbean.setPrincipalDatabase(_principalDatabase);
+            _mbean.register();
+        }
+        catch (Exception e)
+        {
+            _logger.warn("User management disabled as unable to create MBean:", e);
+            _mbean = null;
+        }
+    }
+
+    protected void unregisterManagement()
+    {
+        try
+        {
+            if (_mbean != null)
+            {
+                _logger.info("Unregistering UserManagementMBean");
+                _mbean.unregister();
+            }
+        }
+        catch (Exception e)
+        {
+            _logger.warn("Failed to unregister User management MBean:", e);
+        }
+        finally
+        {
+            _mbean = null;
+        }
+    }
 }

Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java Fri Jul 15 08:55:58 2011
@@ -25,9 +25,6 @@ import java.util.Map;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.sasl.SaslServerFactory;
 
-import org.apache.commons.configuration.Configuration;
-import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
-
 public interface AuthenticationProviderInitialiser
 {
     /**
@@ -37,24 +34,6 @@ public interface AuthenticationProviderI
     String getMechanismName();
 
     /**
-     * Initialise the authentication provider.
-     * @param baseConfigPath the path in the config file that points to any config options for this provider. Each
-     * provider can have its own set of configuration options
-     * @param configuration the Apache Commons Configuration instance used to configure this provider
-     * @param principalDatabases the set of principal databases that are available
-     * @throws Exception needs refined Exception is too broad.
-     */
-    void initialise(String baseConfigPath, Configuration configuration,
-                    Map<String, PrincipalDatabase> principalDatabases) throws Exception;
-
-    /**
-     * Initialise the authentication provider.     
-     * @param db The principal database to initialise with
-     */
-    void initialise(PrincipalDatabase db);
-
-
-    /**
      * @return the callback handler that should be used to process authentication requests for this mechanism. This will
      * be called after initialise and will be stored by the authentication manager. The callback handler <b>must</b> be
      * fully threadsafe.

Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java Fri Jul 15 08:55:58 2011
@@ -72,7 +72,6 @@ import org.apache.qpid.server.registry.A
 import org.apache.qpid.server.registry.IApplicationRegistry;
 import org.apache.qpid.server.security.SecurityManager;
 import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
-import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager;
 import org.apache.qpid.server.stats.StatisticsCounter;
 import org.apache.qpid.server.store.ConfigurationRecoveryHandler;
 import org.apache.qpid.server.store.DurableConfigurationStore;

Modified: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java (original)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java Fri Jul 15 08:55:58 2011
@@ -25,7 +25,6 @@ import static org.apache.qpid.transport.
 import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
-import java.util.List;
 import java.util.Locale;
 
 import org.apache.commons.configuration.ConfigurationException;
@@ -111,76 +110,6 @@ public class ServerConfigurationTest ext
         assertEquals("/path/to/cache", _serverConfig.getCacheDirectory());
     }
 
-    public void testGetPrincipalDatabaseNames() throws ConfigurationException
-    {
-        // Check default
-        _serverConfig.initialise();
-        assertEquals(0, _serverConfig.getPrincipalDatabaseNames().size());
-
-        // Check value we set
-        _config.setProperty("security.principal-databases.principal-database(0).name", "a");
-        _config.setProperty("security.principal-databases.principal-database(1).name", "b");
-        _serverConfig = new ServerConfiguration(_config);
-        _serverConfig.initialise();
-        List<String> dbs = _serverConfig.getPrincipalDatabaseNames();
-        assertEquals(2, dbs.size());
-        assertEquals("a", dbs.get(0));
-        assertEquals("b", dbs.get(1));
-    }
-
-    public void testGetPrincipalDatabaseClass() throws ConfigurationException
-    {
-        // Check default
-        _serverConfig.initialise();
-        assertEquals(0, _serverConfig.getPrincipalDatabaseClass().size());
-
-        // Check value we set
-        _config.setProperty("security.principal-databases.principal-database(0).class", "a");
-        _config.setProperty("security.principal-databases.principal-database(1).class", "b");
-        _serverConfig = new ServerConfiguration(_config);
-        _serverConfig.initialise();
-        List<String> dbs = _serverConfig.getPrincipalDatabaseClass();
-        assertEquals(2, dbs.size());
-        assertEquals("a", dbs.get(0));
-        assertEquals("b", dbs.get(1));
-    }
-
-    public void testGetPrincipalDatabaseAttributeNames() throws ConfigurationException
-    {
-        // Check default
-        _serverConfig.initialise();
-        assertEquals(0, _serverConfig.getPrincipalDatabaseAttributeNames(1).size());
-
-        // Check value we set
-        _config.setProperty("security.principal-databases.principal-database(0).attributes(0).attribute.name", "a");
-        _config.setProperty("security.principal-databases.principal-database(0).attributes(1).attribute.name", "b");
-        _serverConfig = new ServerConfiguration(_config);
-        _serverConfig.initialise();
-        List<String> dbs = _serverConfig.getPrincipalDatabaseAttributeNames(0);
-        assertEquals(2, dbs.size());
-        assertEquals("a", dbs.get(0));
-        assertEquals("b", dbs.get(1));
-    }
-
-    public void testGetPrincipalDatabaseAttributeValues() throws ConfigurationException
-    {
-        // Check default
-        _serverConfig.initialise();
-        assertEquals(0, _serverConfig.getPrincipalDatabaseAttributeValues(1).size());
-
-        // Check value we set
-        _config.setProperty("security.principal-databases.principal-database(0).attributes(0).attribute.value", "a");
-        _config.setProperty("security.principal-databases.principal-database(0).attributes(1).attribute.value", "b");
-        _serverConfig = new ServerConfiguration(_config);
-        _serverConfig.initialise();
-        List<String> dbs = _serverConfig.getPrincipalDatabaseAttributeValues(0);
-        assertEquals(2, dbs.size());
-        assertEquals("a", dbs.get(0));
-        assertEquals("b", dbs.get(1));
-    }
-
-
-
     public void testGetFrameSize() throws ConfigurationException
     {
         // Check default
@@ -720,9 +649,8 @@ public class ServerConfigurationTest ext
         out.write("<broker>\n");
         out.write("\t<management><enabled>false</enabled></management>\n");
         out.write("\t<security>\n");
-        out.write("\t\t<principal-databases>\n");
+        out.write("\t\t<pd-auth-manager>\n");
         out.write("\t\t\t<principal-database>\n");
-        out.write("\t\t\t\t<name>passwordfile</name>\n");
         out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n");
         out.write("\t\t\t\t<attributes>\n");
         out.write("\t\t\t\t\t<attribute>\n");
@@ -731,7 +659,7 @@ public class ServerConfigurationTest ext
         out.write("\t\t\t\t\t</attribute>\n");
         out.write("\t\t\t\t</attributes>\n");
         out.write("\t\t\t</principal-database>\n");
-        out.write("\t\t</principal-databases>\n");
+        out.write("\t\t</pd-auth-manager>\n");
         out.write("\t\t<firewall>\n");
         out.write("\t\t\t<rule access=\""+ ((allow) ? "allow" : "deny") +"\" network=\"127.0.0.1\"/>");
         out.write("\t\t</firewall>\n");
@@ -767,9 +695,8 @@ public class ServerConfigurationTest ext
         out.write("<broker>\n");
         out.write("\t<management><enabled>false</enabled></management>\n");
         out.write("\t<security>\n");
-        out.write("\t\t<principal-databases>\n");
+        out.write("\t\t<pd-auth-manager>\n");
         out.write("\t\t\t<principal-database>\n");
-        out.write("\t\t\t\t<name>passwordfile</name>\n");
         out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n");
         out.write("\t\t\t\t<attributes>\n");
         out.write("\t\t\t\t\t<attribute>\n");
@@ -778,7 +705,7 @@ public class ServerConfigurationTest ext
         out.write("\t\t\t\t\t</attribute>\n");
         out.write("\t\t\t\t</attributes>\n");
         out.write("\t\t\t</principal-database>\n");
-        out.write("\t\t</principal-databases>\n");
+        out.write("\t\t</pd-auth-manager>\n");
         out.write("\t\t<firewall>\n");
         out.write("\t\t\t<rule access=\"allow\" network=\"127.0.0.1\"/>");
         out.write("\t\t</firewall>\n");
@@ -869,9 +796,8 @@ public class ServerConfigurationTest ext
         out.write("<broker>\n");
         out.write("\t<management><enabled>false</enabled></management>\n");
         out.write("\t<security>\n");
-        out.write("\t\t<principal-databases>\n");
+        out.write("\t\t<pd-auth-manager>\n");
         out.write("\t\t\t<principal-database>\n");
-        out.write("\t\t\t\t<name>passwordfile</name>\n");
         out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n");
         out.write("\t\t\t\t<attributes>\n");
         out.write("\t\t\t\t\t<attribute>\n");
@@ -880,7 +806,7 @@ public class ServerConfigurationTest ext
         out.write("\t\t\t\t\t</attribute>\n");
         out.write("\t\t\t\t</attributes>\n");
         out.write("\t\t\t</principal-database>\n");
-        out.write("\t\t</principal-databases>\n");
+        out.write("\t\t</pd-auth-manager>\n");
         out.write("\t\t<firewall>\n");
         out.write("\t\t\t<rule access=\"allow\" network=\"127.0.0.1\"/>");
         out.write("\t\t</firewall>\n");
@@ -1387,7 +1313,7 @@ public class ServerConfigurationTest ext
     }
 
     /*
-     * Tests that the old element security.jmx.principal-databases (that used to define the
+     * Tests that the old element security.jmx.principal-database (that used to define the
      * principal database used for JMX authentication) is rejected.
      */
     public void testManagementPrincipalDatabaseRejected() throws ConfigurationException
@@ -1411,4 +1337,29 @@ public class ServerConfigurationTest ext
                     ce.getMessage());
         }
     }
+
+    /*
+     * Tests that the old element security.principal-databases. ... (that used to define 
+     * principal databases) is rejected.
+     */
+    public void testPrincipalDatabasesRejected() throws ConfigurationException
+    {
+        _serverConfig.initialise();
+
+        // Check value we set
+        _config.setProperty("security.principal-databases.principal-database.class", "myclass");
+        _serverConfig = new ServerConfiguration(_config);
+
+        try
+        {
+            _serverConfig.initialise();
+            fail("Exception not thrown");
+        }
+        catch (ConfigurationException ce)
+        {
+            assertEquals("Incorrect error message",
+                    "Validation error : security/principal-databases is no longer supported within the configuration xml.",
+                    ce.getMessage());
+        }
+    }
 }

Modified: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java (original)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java Fri Jul 15 08:55:58 2011
@@ -20,6 +20,10 @@
  */
 package org.apache.qpid.server.security.auth.manager;
 
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileWriter;
 import java.security.Provider;
 import java.security.Security;
 
@@ -27,8 +31,13 @@ import javax.security.auth.Subject;
 import javax.security.sasl.SaslException;
 import javax.security.sasl.SaslServer;
 
+import org.apache.commons.configuration.CompositeConfiguration;
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.XMLConfiguration;
+import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
 import org.apache.qpid.server.security.auth.AuthenticationResult;
 import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
+import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase;
 import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;
 import org.apache.qpid.server.util.InternalBrokerBaseCase;
 
@@ -39,8 +48,10 @@ import org.apache.qpid.server.util.Inter
  */
 public class PrincipalDatabaseAuthenticationManagerTest extends InternalBrokerBaseCase
 {
-    private PrincipalDatabaseAuthenticationManager _manager = null;
-    
+    private AuthenticationManager _manager = null; // Class under test
+    private String TEST_USERNAME = "guest";
+    private String TEST_PASSWORD = "guest";
+
     /**
      * @see org.apache.qpid.server.util.InternalBrokerBaseCase#tearDown()
      */
@@ -62,7 +73,79 @@ public class PrincipalDatabaseAuthentica
     {
         super.setUp();
         
-        _manager = new PrincipalDatabaseAuthenticationManager();
+        final String passwdFilename = createPasswordFile().getCanonicalPath();
+        final ConfigurationPlugin config = getConfig(PlainPasswordFilePrincipalDatabase.class.getName(),
+                "passwordFile", passwdFilename);
+
+        _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(config);
+    }
+
+    /**
+     * Tests where the case where the config specifies a PD implementation
+     * that is not found.
+     */
+    public void testPrincipalDatabaseImplementationNotFound() throws Exception
+    {
+        try
+        {
+            _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig("not.Found", null, null));
+            fail("Exception not thrown");
+        }
+        catch (ConfigurationException ce)
+        {
+            // PASS
+        }
+    }
+
+    /**
+     * Tests where the case where the config specifies a PD implementation
+     * of the wrong type.
+     */
+    public void testPrincipalDatabaseImplementationWrongType() throws Exception
+    {
+        try
+        {
+            _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig(String.class.getName(), null, null)); // Not a PrincipalDatabase implementation
+            fail("Exception not thrown");
+        }
+        catch (ConfigurationException ce)
+        {
+            // PASS
+        }
+    }
+
+    /**
+     * Tests the case where a setter with the desired name cannot be found.
+     */
+    public void testPrincipalDatabaseSetterNotFound() throws Exception
+    {
+        try
+        {
+            _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig(PlainPasswordFilePrincipalDatabase.class.getName(), "noMethod", "test")); 
+            fail("Exception not thrown");
+        }
+        catch (ConfigurationException ce)
+        {
+            // PASS
+        }
+    }
+
+    /**
+     * QPID-1347. Make sure the exception message and stack trace is reasonable for an absent password file.
+     */
+    public void testPrincipalDatabaseThrowsSetterFileNotFound() throws Exception
+    {
+        try
+        {
+            _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig(PlainPasswordFilePrincipalDatabase.class.getName(), "passwordFile", "/not/found")); 
+            fail("Exception not thrown");
+        }
+        catch (ConfigurationException ce)
+        {
+            // PASS
+            assertNotNull("Expected an underlying cause", ce.getCause());
+            assertEquals(FileNotFoundException.class, ce.getCause().getClass());
+        }
     }
 
     /**
@@ -72,8 +155,8 @@ public class PrincipalDatabaseAuthentica
     {
         assertNotNull(_manager.getMechanisms());
         // relies on those mechanisms attached to PropertiesPrincipalDatabaseManager
-        assertEquals("PLAIN CRAM-MD5", _manager.getMechanisms());
-    
+        assertEquals("AMQPLAIN PLAIN CRAM-MD5", _manager.getMechanisms());
+
         Provider qpidProvider = Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME);
         assertNotNull(qpidProvider);
     }
@@ -166,11 +249,11 @@ public class PrincipalDatabaseAuthentica
      */
     public void testClose() throws Exception
     {
-        assertEquals("PLAIN CRAM-MD5", _manager.getMechanisms());
+        assertEquals("AMQPLAIN PLAIN CRAM-MD5", _manager.getMechanisms());
         assertNotNull(Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME));
-        
+
         _manager.close();
-        
+
         // Check provider has been removed.
         assertNull(_manager.getMechanisms());
         assertNull(Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME));
@@ -228,4 +311,48 @@ public class PrincipalDatabaseAuthentica
             }
         };
     }
+
+    private ConfigurationPlugin getConfig(final String clazz, final String argName, final String argValue) throws Exception
+    {
+        final ConfigurationPlugin config = new PrincipalDatabaseAuthenticationManager.PrincipalDatabaseAuthenticationManagerConfiguration();
+
+        XMLConfiguration xmlconfig = new XMLConfiguration();
+        xmlconfig.addProperty("pd-auth-manager.principal-database.class", clazz);
+
+        if (argName != null)
+        {
+            xmlconfig.addProperty("pd-auth-manager.principal-database.attributes.attribute.name", argName);
+            xmlconfig.addProperty("pd-auth-manager.principal-database.attributes.attribute.value", argValue);
+        }
+
+        // Create a CompositeConfiguration as this is what the broker uses
+        CompositeConfiguration composite = new CompositeConfiguration();
+        composite.addConfiguration(xmlconfig);
+        config.setConfiguration("security", xmlconfig);
+        return config;
+    }
+
+    private File createPasswordFile() throws Exception
+    {
+        BufferedWriter writer = null;
+        try
+        {
+            File testFile = File.createTempFile(this.getClass().getName(),"tmp");
+            testFile.deleteOnExit();
+
+            writer = new BufferedWriter(new FileWriter(testFile));
+            writer.write(TEST_USERNAME + ":" + TEST_PASSWORD);
+            writer.newLine();
+ 
+            return testFile;
+
+        }
+        finally
+        {
+            if (writer != null)
+            {
+                writer.close();
+            }
+        }
+    }
 }

Modified: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java (original)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java Fri Jul 15 08:55:58 2011
@@ -29,6 +29,7 @@ import javax.security.sasl.SaslServer;
 
 import junit.framework.TestCase;
 
+import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
 import org.apache.qpid.server.security.auth.AuthenticationResult;
 import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
 import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
@@ -210,6 +211,16 @@ public class RMIPasswordAuthenticatorTes
     {
         return new AuthenticationManager()
         {
+            public void configure(ConfigurationPlugin config)
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public void initialise()
+            {
+                throw new UnsupportedOperationException();
+            }
+
             public void close()
             {
                 throw new UnsupportedOperationException();
@@ -246,5 +257,4 @@ public class RMIPasswordAuthenticatorTes
             }
         };
     }
-
 }

Modified: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java (original)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java Fri Jul 15 08:55:58 2011
@@ -20,15 +20,18 @@
  */
 package org.apache.qpid.server.util;
 
+import java.util.Properties;
+
 import org.apache.commons.configuration.ConfigurationException;
 import org.apache.qpid.server.configuration.ServerConfiguration;
 import org.apache.qpid.server.logging.NullRootMessageLogger;
 import org.apache.qpid.server.logging.actors.BrokerActor;
 import org.apache.qpid.server.logging.actors.CurrentActor;
+import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
 import org.apache.qpid.server.registry.ApplicationRegistry;
-import org.apache.qpid.server.security.auth.database.PropertiesPrincipalDatabaseManager;
-
-import java.util.Properties;
+import org.apache.qpid.server.security.auth.database.PropertiesPrincipalDatabase;
+import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
+import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager;
 
 public class TestApplicationRegistry extends ApplicationRegistry
 {
@@ -45,12 +48,42 @@ public class TestApplicationRegistry ext
         super.initialise();
     }
 
-    protected void createDatabaseManager(ServerConfiguration configuration) throws Exception
+    /**
+     * @see org.apache.qpid.server.registry.ApplicationRegistry#createAuthenticationManager()
+     */
+    @Override
+    protected AuthenticationManager createAuthenticationManager() throws ConfigurationException
     {
-        Properties users = new Properties();
+        final Properties users = new Properties();
         users.put("guest","guest");
         users.put("admin","admin");
-        _databaseManager = new PropertiesPrincipalDatabaseManager("testPasswordFile", users);
+
+        final PropertiesPrincipalDatabase ppd = new PropertiesPrincipalDatabase(users);
+
+        AuthenticationManager pdam =  new PrincipalDatabaseAuthenticationManager()
+        {
+
+            /**
+             * @see org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager#configure(org.apache.qpid.server.configuration.plugins.ConfigurationPlugin)
+             */
+            @Override
+            public void configure(ConfigurationPlugin config) throws ConfigurationException
+            {
+                // We don't pass configuration to this test instance.
+            }
+
+            @Override
+            public void initialise()
+            {
+                setPrincipalDatabase(ppd);
+
+                super.initialise();
+            }
+        };
+
+        pdam.initialise();
+
+        return pdam;
     }
 
 }

Modified: qpid/trunk/qpid/java/systests/etc/config-systests-firewall-2.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/config-systests-firewall-2.xml?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/etc/config-systests-firewall-2.xml (original)
+++ qpid/trunk/qpid/java/systests/etc/config-systests-firewall-2.xml Fri Jul 15 08:55:58 2011
@@ -61,10 +61,8 @@
     </advanced>
 
     <security>
-        <principal-databases>
-            <!-- Example use of Base64 encoded MD5 hashes for authentication via CRAM-MD5-Hashed -->
+        <pd-auth-manager>
             <principal-database>
-                <name>passwordfile</name>
                 <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
                 <attributes>
                     <attribute>
@@ -73,7 +71,7 @@
                     </attribute>
                 </attributes>
             </principal-database>
-        </principal-databases>
+        </pd-auth-manager>
 
         <msg-auth>false</msg-auth>
         

Modified: qpid/trunk/qpid/java/systests/etc/config-systests-firewall-3.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/config-systests-firewall-3.xml?rev=1147036&r1=1147035&r2=1147036&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/etc/config-systests-firewall-3.xml (original)
+++ qpid/trunk/qpid/java/systests/etc/config-systests-firewall-3.xml Fri Jul 15 08:55:58 2011
@@ -61,10 +61,8 @@
     </advanced>
 
     <security>
-        <principal-databases>
-            <!-- Example use of Base64 encoded MD5 hashes for authentication via CRAM-MD5-Hashed -->
+        <pd-auth-manager>
             <principal-database>
-                <name>passwordfile</name>
                 <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
                 <attributes>
                     <attribute>
@@ -73,7 +71,7 @@
                     </attribute>
                 </attributes>
             </principal-database>
-        </principal-databases>
+        </pd-auth-manager>
 
         <msg-auth>false</msg-auth>
         



---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org


Mime
View raw message