qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kw...@apache.org
Subject svn commit: r1536925 - in /qpid/trunk/qpid/java: broker-core/src/main/java/org/apache/qpid/server/model/adapter/ broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ lib/poms/
Date Tue, 29 Oct 2013 22:53:59 GMT
Author: kwall
Date: Tue Oct 29 22:53:58 2013
New Revision: 1536925

URL: http://svn.apache.org/r1536925
Log:
QPID-4463: [Java Broker] SimpleLDAPAuthManager - address review comments from Robbie Gemmell

* Ensure that trust stores used by auth managers cannot be deleted.
* Stop unnecessary dependency on jakarta-regexp when built by Ant.
* Make check for ldaps:/ check trim / case insensitive

Modified:
    qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/TrustStoreAdapter.java
    qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
    qpid/trunk/qpid/java/lib/poms/bcel-5.2.xml

Modified: qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/TrustStoreAdapter.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/TrustStoreAdapter.java?rev=1536925&r1=1536924&r2=1536925&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/TrustStoreAdapter.java
(original)
+++ qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/TrustStoreAdapter.java
Tue Oct 29 22:53:58 2013
@@ -38,12 +38,15 @@ import javax.net.ssl.TrustManagerFactory
 
 import javax.net.ssl.X509TrustManager;
 import org.apache.qpid.server.configuration.IllegalConfigurationException;
+import org.apache.qpid.server.model.AuthenticationProvider;
 import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.ConfiguredObject;
 import org.apache.qpid.server.model.IntegrityViolationException;
 import org.apache.qpid.server.model.Port;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.TrustStore;
 import org.apache.qpid.server.security.access.Operation;
+import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerFactory;
 import org.apache.qpid.server.util.MapValueConverter;
 import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager;
 import org.apache.qpid.transport.network.security.ssl.QpidPeersOnlyTrustManager;
@@ -111,9 +114,20 @@ public class TrustStoreAdapter extends A
                 }
             }
 
+            Collection<AuthenticationProvider> authenticationProviders = new ArrayList<AuthenticationProvider>(_broker.getAuthenticationProviders());
+            for (AuthenticationProvider authProvider : authenticationProviders)
+            {
+                Object attributeType = authProvider.getAttribute(AuthenticationProvider.TYPE);
+                Object attributeValue = authProvider.getAttribute(SimpleLDAPAuthenticationManagerFactory.ATTRIBUTE_TRUST_STORE);
+                if (SimpleLDAPAuthenticationManagerFactory.PROVIDER_TYPE.equals(attributeType)
+                    && storeName.equals(attributeValue))
+                {
+                    throw new IntegrityViolationException("Trust store '" + storeName + "'
can't be deleted as it is in use by an authentication manager: " + authProvider.getName());
+                }
+            }
+
             return true;
         }
-
         return false;
     }
 

Modified: qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java?rev=1536925&r1=1536924&r2=1536925&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
(original)
+++ qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
Tue Oct 29 22:53:58 2013
@@ -77,7 +77,7 @@ public class SimpleLDAPAuthenticationMan
     /**
      * Dynamically created SSL Socket Factory implementation used in the case where user
has specified a trust store.
      */
-    private Class<? extends SocketFactory> _sslSocketFactoryOverride;
+    private Class<? extends SocketFactory> _sslSocketFactoryOverrideClass;
 
 
     SimpleLDAPAuthenticationManager(String authManagerName, String providerSearchUrl, String
providerAuthUrl, String searchContext, String searchFilter, String ldapContextFactory, TrustStore
trustStore)
@@ -94,7 +94,7 @@ public class SimpleLDAPAuthenticationMan
     @Override
     public void initialise()
     {
-        _sslSocketFactoryOverride = createSslSocketFactoryOverride();
+        _sslSocketFactoryOverrideClass = createSslSocketFactoryOverrideClass();
 
         validateInitialDirContext();
     }
@@ -129,7 +129,10 @@ public class SimpleLDAPAuthenticationMan
             if (server.isComplete())
             {
                 String authorizationID = server.getAuthorizationID();
-                _logger.debug("Authenticated as " + authorizationID);
+                if (_logger.isDebugEnabled())
+                {
+                    _logger.debug("Authenticated as " + authorizationID);
+                }
 
                 return new AuthenticationResult(new UsernamePrincipal(authorizationID));
             }
@@ -174,7 +177,7 @@ public class SimpleLDAPAuthenticationMan
             return new AuthenticationResult(AuthenticationStatus.CONTINUE);
         }
 
-        Hashtable<String, Object> env = createInitialDirContentEnvironment(_providerAuthURL);
+        Hashtable<String, Object> env = createInitialDirContextEnvironment(_providerAuthURL);
 
         env.put(Context.SECURITY_AUTHENTICATION, "simple");
         env.put(Context.SECURITY_PRINCIPAL, name);
@@ -212,7 +215,7 @@ public class SimpleLDAPAuthenticationMan
     {
     }
 
-    private Hashtable<String, Object> createInitialDirContentEnvironment(String providerUrl)
+    private Hashtable<String, Object> createInitialDirContextEnvironment(String providerUrl)
     {
         Hashtable<String,Object> env = new Hashtable<String,Object>();
         env.put(Context.INITIAL_CONTEXT_FACTORY, _ldapContextFactory);
@@ -224,16 +227,16 @@ public class SimpleLDAPAuthenticationMan
     {
         ClassLoader existingContextClassloader = null;
 
-        boolean isLdaps = ((String)env.get(Context.PROVIDER_URL)).startsWith("ldaps:");
+        boolean isLdaps = String.valueOf(env.get(Context.PROVIDER_URL)).trim().toLowerCase().startsWith("ldaps:");
 
         boolean revertContentClassLoader = false;
         try
         {
-            if (isLdaps && _sslSocketFactoryOverride != null)
+            if (isLdaps && _sslSocketFactoryOverrideClass != null)
             {
                 existingContextClassloader = Thread.currentThread().getContextClassLoader();
-                env.put(JAVA_NAMING_LDAP_FACTORY_SOCKET, _sslSocketFactoryOverride.getName());
-                Thread.currentThread().setContextClassLoader(_sslSocketFactoryOverride.getClassLoader());
+                env.put(JAVA_NAMING_LDAP_FACTORY_SOCKET, _sslSocketFactoryOverrideClass.getName());
+                Thread.currentThread().setContextClassLoader(_sslSocketFactoryOverrideClass.getClassLoader());
                 revertContentClassLoader = true;
             }
             return new InitialDirContext(env);
@@ -253,7 +256,7 @@ public class SimpleLDAPAuthenticationMan
      *
      * @return generated socket factory class
      */
-    private Class<? extends SocketFactory> createSslSocketFactoryOverride()
+    private Class<? extends SocketFactory> createSslSocketFactoryOverrideClass()
     {
         if (_trustStore != null)
         {
@@ -267,10 +270,13 @@ public class SimpleLDAPAuthenticationMan
             catch (Exception e)
             {
                 _logger.error("Exception creating SSLContext", e);
-                throw new RuntimeException(e);
+                throw new RuntimeException("Error creating SSLContext for trust store : "
+ _trustStore.getName() , e);
             }
             Class<? extends AbstractLDAPSSLSocketFactory> clazz = LDAPSSLSocketFactoryGenerator.createSubClass(clazzName,
sslContext.getSocketFactory());
-            _logger.debug("Connection to Directory will use custom SSL socket factory : "
+  clazz);
+            if (_logger.isDebugEnabled())
+            {
+                _logger.debug("Connection to Directory will use custom SSL socket factory
: " +  clazz);
+            }
             return clazz;
         }
 
@@ -279,7 +285,7 @@ public class SimpleLDAPAuthenticationMan
 
     private void validateInitialDirContext()
     {
-        Hashtable<String,Object> env = createInitialDirContentEnvironment(_providerSearchURL);
+        Hashtable<String,Object> env = createInitialDirContextEnvironment(_providerSearchURL);
         env.put(Context.SECURITY_AUTHENTICATION, "none");
 
         InitialDirContext ctx = null;
@@ -350,7 +356,7 @@ public class SimpleLDAPAuthenticationMan
 
     private String getNameFromId(String id) throws NamingException
     {
-        Hashtable<String,Object> env = createInitialDirContentEnvironment(_providerSearchURL);
+        Hashtable<String,Object> env = createInitialDirContextEnvironment(_providerSearchURL);
 
         env.put(Context.SECURITY_AUTHENTICATION, "none");
         InitialDirContext ctx = createInitialDirContext(env);
@@ -383,7 +389,11 @@ public class SimpleLDAPAuthenticationMan
     {
         try
         {
-            ctx.close();
+            if (ctx != null)
+            {
+                ctx.close();
+                ctx = null;
+            }
         }
         catch (Exception e)
         {

Modified: qpid/trunk/qpid/java/lib/poms/bcel-5.2.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/lib/poms/bcel-5.2.xml?rev=1536925&r1=1536924&r2=1536925&view=diff
==============================================================================
--- qpid/trunk/qpid/java/lib/poms/bcel-5.2.xml (original)
+++ qpid/trunk/qpid/java/lib/poms/bcel-5.2.xml Tue Oct 29 22:53:58 2013
@@ -19,4 +19,11 @@
   <groupId>org.apache.bcel</groupId>
   <artifactId>bcel</artifactId>
   <version>5.2</version>
+  <exclusions>
+    <exclusion>
+      <!--  Qpid doesn't require BCEL InstructionFinder, so does not need jakarta-regexp.
-->
+      <groupId>jakarta-regexp</groupId>
+      <artifactId>jakarta-regexp</artifactId>
+    </exclusion>
+  </exclusions>
 </dep>



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message