Example 6 with ConnectionPrincipal
use of org.apache.qpid.server.connection.ConnectionPrincipal in project qpid-broker-j by apache.
the class AbstractMessageLogger method getActor.
protected String getActor() {
Subject subject = Subject.getSubject(AccessController.getContext());
SessionPrincipal sessionPrincipal = getPrincipal(subject, SessionPrincipal.class);
String message;
if (sessionPrincipal != null) {
message = generateSessionMessage(sessionPrincipal.getSession());
} else {
ConnectionPrincipal connPrincipal = getPrincipal(subject, ConnectionPrincipal.class);
if (connPrincipal != null) {
message = generateConnectionMessage(connPrincipal.getConnection());
} else {
TaskPrincipal taskPrincipal = getPrincipal(subject, TaskPrincipal.class);
if (taskPrincipal != null) {
message = generateTaskMessage(taskPrincipal);
} else {
ManagementConnectionPrincipal managementConnection = getPrincipal(subject, ManagementConnectionPrincipal.class);
if (managementConnection != null) {
message = generateManagementConnectionMessage(managementConnection, getPrincipal(subject, AuthenticatedPrincipal.class));
} else {
message = "<<UNKNOWN>> ";
}
}
}
}
return message;
}
Also used :
TaskPrincipal(org.apache.qpid.server.security.auth.TaskPrincipal)
SessionPrincipal(org.apache.qpid.server.connection.SessionPrincipal)
ConnectionPrincipal(org.apache.qpid.server.connection.ConnectionPrincipal)
ManagementConnectionPrincipal(org.apache.qpid.server.security.auth.ManagementConnectionPrincipal)
Subject(javax.security.auth.Subject)
ManagementConnectionPrincipal(org.apache.qpid.server.security.auth.ManagementConnectionPrincipal)
Example 7 with ConnectionPrincipal
use of org.apache.qpid.server.connection.ConnectionPrincipal in project qpid-broker-j by apache.
the class AMQPConnectionActorTest method sendLogMessage.
private String sendLogMessage() {
final String message = "test logging";
Subject subject = new Subject(false, Collections.singleton(new ConnectionPrincipal(getConnection())), Collections.emptySet(), Collections.emptySet());
Subject.doAs(subject, new PrivilegedAction<Object>() {
@Override
public Object run() {
getEventLogger().message(new LogSubject() {
@Override
public String toLogString() {
return "[AMQPActorTest]";
}
}, new LogMessage() {
@Override
public String toString() {
return message;
}
@Override
public String getLogHierarchy() {
return "test.hierarchy";
}
});
return null;
}
});
return message;
}
Also used :
LogMessage(org.apache.qpid.server.logging.LogMessage)
ConnectionPrincipal(org.apache.qpid.server.connection.ConnectionPrincipal)
LogSubject(org.apache.qpid.server.logging.LogSubject)
LogSubject(org.apache.qpid.server.logging.LogSubject)
Subject(javax.security.auth.Subject)
Example 8 with ConnectionPrincipal
use of org.apache.qpid.server.connection.ConnectionPrincipal in project qpid-broker-j by apache.
the class RuleBasedAccessControl method authorise.
/**
* Check if an operation is authorised by asking the configuration object about the access
* control rules granted to the current thread's {@link Subject}. If there is no current
* user the plugin will abstain.
*/
@Override
public Result authorise(LegacyOperation operation, ObjectType objectType, ObjectProperties properties) {
InetAddress addressOfClient = null;
final Subject subject = Subject.getSubject(AccessController.getContext());
// Abstain if there is no subject/principal associated with this thread
if (subject == null || subject.getPrincipals().size() == 0) {
return Result.DEFER;
}
Set<ConnectionPrincipal> principals = subject.getPrincipals(ConnectionPrincipal.class);
if (!principals.isEmpty()) {
SocketAddress address = principals.iterator().next().getConnection().getRemoteSocketAddress();
if (address instanceof InetSocketAddress) {
addressOfClient = ((InetSocketAddress) address).getAddress();
}
}
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Checking " + operation + " " + objectType + " " + (addressOfClient == null ? "" : addressOfClient));
}
try {
return _ruleSet.check(subject, operation, objectType, properties, addressOfClient);
} catch (Exception e) {
LOGGER.error("Unable to check " + operation + " " + objectType + " " + (addressOfClient == null ? "" : addressOfClient), e);
return Result.DENIED;
}
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
SocketAddress(java.net.SocketAddress)
InetSocketAddress(java.net.InetSocketAddress)
InetAddress(java.net.InetAddress)
ConnectionPrincipal(org.apache.qpid.server.connection.ConnectionPrincipal)
Subject(javax.security.auth.Subject)
Example 9 with ConnectionPrincipal
use of org.apache.qpid.server.connection.ConnectionPrincipal in project qpid-broker-j by apache.
the class RuleBasedAccessControlTest method testAccess.
public void testAccess() throws Exception {
final Subject subject = TestPrincipalUtils.createTestSubject("user1");
final String testVirtualHost = getName();
final InetAddress inetAddress = InetAddress.getLocalHost();
final InetSocketAddress inetSocketAddress = new InetSocketAddress(inetAddress, 1);
AMQPConnection connectionModel = mock(AMQPConnection.class);
when(connectionModel.getRemoteSocketAddress()).thenReturn(inetSocketAddress);
subject.getPrincipals().add(new ConnectionPrincipal(connectionModel));
Subject.doAs(subject, new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
RuleSet mockRuleSet = mock(RuleSet.class);
RuleBasedAccessControl accessControl = new RuleBasedAccessControl(mockRuleSet, BrokerModel.getInstance());
ObjectProperties properties = new ObjectProperties(testVirtualHost);
accessControl.authorise(LegacyOperation.ACCESS, ObjectType.VIRTUALHOST, properties);
verify(mockRuleSet).check(subject, LegacyOperation.ACCESS, ObjectType.VIRTUALHOST, properties, inetAddress);
return null;
}
});
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
ConnectionPrincipal(org.apache.qpid.server.connection.ConnectionPrincipal)
Subject(javax.security.auth.Subject)
AMQPConnection(org.apache.qpid.server.transport.AMQPConnection)
InetAddress(java.net.InetAddress)
Example 10 with ConnectionPrincipal
use of org.apache.qpid.server.connection.ConnectionPrincipal in project qpid-broker-j by apache.
the class RuleBasedAccessControlTest method testAccessIsDeniedIfRuleThrowsException.
public void testAccessIsDeniedIfRuleThrowsException() throws Exception {
final Subject subject = TestPrincipalUtils.createTestSubject("user1");
final InetAddress inetAddress = InetAddress.getLocalHost();
final InetSocketAddress inetSocketAddress = new InetSocketAddress(inetAddress, 1);
AMQPConnection connectionModel = mock(AMQPConnection.class);
when(connectionModel.getRemoteSocketAddress()).thenReturn(inetSocketAddress);
subject.getPrincipals().add(new ConnectionPrincipal(connectionModel));
Subject.doAs(subject, new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
RuleSet mockRuleSet = mock(RuleSet.class);
when(mockRuleSet.check(subject, LegacyOperation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY, inetAddress)).thenThrow(new RuntimeException());
RuleBasedAccessControl accessControl = new RuleBasedAccessControl(mockRuleSet, BrokerModel.getInstance());
Result result = accessControl.authorise(LegacyOperation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
assertEquals(Result.DENIED, result);
return null;
}
});
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
ConnectionPrincipal(org.apache.qpid.server.connection.ConnectionPrincipal)
Subject(javax.security.auth.Subject)
Result(org.apache.qpid.server.security.Result)
AMQPConnection(org.apache.qpid.server.transport.AMQPConnection)
InetAddress(java.net.InetAddress)
Aggregations
ConnectionPrincipal (org.apache.qpid.server.connection.ConnectionPrincipal)10
Subject (javax.security.auth.Subject)8
AMQPConnection (org.apache.qpid.server.transport.AMQPConnection)5
InetSocketAddress (java.net.InetSocketAddress)4
InetAddress (java.net.InetAddress)3
ManagementConnectionPrincipal (org.apache.qpid.server.security.auth.ManagementConnectionPrincipal)3
ILoggingEvent (ch.qos.logback.classic.spi.ILoggingEvent)2
SocketAddress (java.net.SocketAddress)1
SessionPrincipal (org.apache.qpid.server.connection.SessionPrincipal)1
LogMessage (org.apache.qpid.server.logging.LogMessage)1
LogSubject (org.apache.qpid.server.logging.LogSubject)1
GenericPrincipal (org.apache.qpid.server.model.preferences.GenericPrincipal)1
Result (org.apache.qpid.server.security.Result)1
AuthenticatedPrincipal (org.apache.qpid.server.security.auth.AuthenticatedPrincipal)1
AuthenticationResult (org.apache.qpid.server.security.auth.AuthenticationResult)1
SocketConnectionPrincipal (org.apache.qpid.server.security.auth.SocketConnectionPrincipal)1
TaskPrincipal (org.apache.qpid.server.security.auth.TaskPrincipal)1
