Search in sources :

Example 1 with GenericPrincipal

use of org.apache.qpid.server.model.preferences.GenericPrincipal in project qpid-broker-j by apache.

the class ConnectionAndUserPredicate method evaluate.

@Override
public boolean evaluate(final ILoggingEvent event) {
    String userPrincipalString = "";
    String connectionString = "";
    String remoteContainerName = "";
    Subject subject = Subject.getSubject(AccessController.getContext());
    Set<SocketConnectionPrincipal> connectionPrincipals = subject.getPrincipals(SocketConnectionPrincipal.class);
    Set<AuthenticatedPrincipal> userPrincipals = subject.getPrincipals(AuthenticatedPrincipal.class);
    if (!connectionPrincipals.isEmpty()) {
        SocketConnectionPrincipal socketConnectionPrincipal = connectionPrincipals.iterator().next();
        connectionString = socketConnectionPrincipal.getName();
        if (socketConnectionPrincipal instanceof ConnectionPrincipal) {
            remoteContainerName = ((ConnectionPrincipal) socketConnectionPrincipal).getConnection().getRemoteContainerName();
            if (remoteContainerName == null) {
                remoteContainerName = "";
            }
        }
    }
    if (!userPrincipals.isEmpty()) {
        userPrincipalString = new GenericPrincipal(userPrincipals.iterator().next()).toExternalForm();
    }
    return _usernamePattern.matcher(userPrincipalString).matches() && _connectionNamePattern.matcher(connectionString).matches() && _remoteContainerIdPattern.matcher(remoteContainerName).matches();
}
Also used : GenericPrincipal(org.apache.qpid.server.model.preferences.GenericPrincipal) SocketConnectionPrincipal(org.apache.qpid.server.security.auth.SocketConnectionPrincipal) SocketConnectionPrincipal(org.apache.qpid.server.security.auth.SocketConnectionPrincipal) ConnectionPrincipal(org.apache.qpid.server.connection.ConnectionPrincipal) Subject(javax.security.auth.Subject) AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal)

Example 2 with GenericPrincipal

use of org.apache.qpid.server.model.preferences.GenericPrincipal in project qpid-broker-j by apache.

the class AbstractQueue method onOpen.

@Override
protected void onOpen() {
    super.onOpen();
    Map<String, Object> attributes = getActualAttributes();
    final LinkedHashMap<String, Object> arguments = new LinkedHashMap<>(attributes);
    arguments.put(Queue.EXCLUSIVE, _exclusive);
    arguments.put(Queue.LIFETIME_POLICY, getLifetimePolicy());
    _arguments = Collections.synchronizedMap(arguments);
    _logSubject = new QueueLogSubject(this);
    _queueHouseKeepingTask = new AdvanceConsumersTask();
    Subject activeSubject = Subject.getSubject(AccessController.getContext());
    Set<SessionPrincipal> sessionPrincipals = activeSubject == null ? Collections.<SessionPrincipal>emptySet() : activeSubject.getPrincipals(SessionPrincipal.class);
    AMQPSession<?, ?> session;
    if (sessionPrincipals.isEmpty()) {
        session = null;
    } else {
        final SessionPrincipal sessionPrincipal = sessionPrincipals.iterator().next();
        session = sessionPrincipal.getSession();
    }
    if (session != null) {
        switch(_exclusive) {
            case PRINCIPAL:
                _exclusiveOwner = session.getAMQPConnection().getAuthorizedPrincipal();
                break;
            case CONTAINER:
                _exclusiveOwner = session.getAMQPConnection().getRemoteContainerName();
                break;
            case CONNECTION:
                _exclusiveOwner = session.getAMQPConnection();
                addExclusivityConstraint(session.getAMQPConnection());
                break;
            case SESSION:
                _exclusiveOwner = session;
                addExclusivityConstraint(session);
                break;
            case NONE:
            case LINK:
            case SHARED_SUBSCRIPTION:
                break;
            default:
                throw new ServerScopedRuntimeException("Unknown exclusivity policy: " + _exclusive + " this is a coding error inside Qpid");
        }
    } else if (_exclusive == ExclusivityPolicy.PRINCIPAL) {
        if (attributes.get(Queue.OWNER) != null) {
            String owner = String.valueOf(attributes.get(Queue.OWNER));
            Principal ownerPrincipal;
            try {
                ownerPrincipal = new GenericPrincipal(owner);
            } catch (IllegalArgumentException e) {
                ownerPrincipal = new GenericPrincipal(owner + "@('')");
            }
            _exclusiveOwner = new AuthenticatedPrincipal(ownerPrincipal);
        }
    } else if (_exclusive == ExclusivityPolicy.CONTAINER) {
        if (attributes.get(Queue.OWNER) != null) {
            _exclusiveOwner = String.valueOf(attributes.get(Queue.OWNER));
        }
    }
    if (getLifetimePolicy() == LifetimePolicy.DELETE_ON_CONNECTION_CLOSE) {
        if (session != null) {
            addLifetimeConstraint(session.getAMQPConnection());
        } else {
            throw new IllegalArgumentException("Queues created with a lifetime policy of " + getLifetimePolicy() + " must be created from a connection.");
        }
    } else if (getLifetimePolicy() == LifetimePolicy.DELETE_ON_SESSION_END) {
        if (session != null) {
            addLifetimeConstraint(session);
        } else {
            throw new IllegalArgumentException("Queues created with a lifetime policy of " + getLifetimePolicy() + " must be created from a connection.");
        }
    } else if (getLifetimePolicy() == LifetimePolicy.DELETE_ON_CREATING_LINK_CLOSE) {
        if (_creatingLinkInfo != null) {
            final LinkModel link;
            if (_creatingLinkInfo.isSendingLink()) {
                link = _virtualHost.getSendingLink(_creatingLinkInfo.getRemoteContainerId(), _creatingLinkInfo.getLinkName());
            } else {
                link = _virtualHost.getReceivingLink(_creatingLinkInfo.getRemoteContainerId(), _creatingLinkInfo.getLinkName());
            }
            addLifetimeConstraint(link);
        } else {
            throw new IllegalArgumentException("Queues created with a lifetime policy of " + getLifetimePolicy() + " must be created from a AMQP 1.0 link.");
        }
    }
    // Log the creation of this Queue.
    // The priorities display is toggled on if we set priorities > 0
    getEventLogger().message(_logSubject, getCreatedLogMessage());
    switch(getMessageGroupType()) {
        case NONE:
            _messageGroupManager = null;
            break;
        case STANDARD:
            _messageGroupManager = new AssignedConsumerMessageGroupManager(getMessageGroupKeyOverride(), getMaximumDistinctGroups());
            break;
        case SHARED_GROUPS:
            _messageGroupManager = new DefinedGroupMessageGroupManager(getMessageGroupKeyOverride(), getMessageGroupDefaultGroup(), this);
            break;
        default:
            throw new IllegalArgumentException("Unknown messageGroupType type " + _messageGroupType);
    }
    _mimeTypeToFileExtension = getContextValue(Map.class, MAP_OF_STRING_STRING, MIME_TYPE_TO_FILE_EXTENSION);
    _messageConversionExceptionHandlingPolicy = getContextValue(MessageConversionExceptionHandlingPolicy.class, MESSAGE_CONVERSION_EXCEPTION_HANDLING_POLICY);
    _flowToDiskThreshold = getAncestor(Broker.class).getFlowToDiskThreshold();
    if (_defaultFilters != null) {
        QpidServiceLoader qpidServiceLoader = new QpidServiceLoader();
        final Map<String, MessageFilterFactory> messageFilterFactories = qpidServiceLoader.getInstancesByType(MessageFilterFactory.class);
        for (Map.Entry<String, Map<String, List<String>>> entry : _defaultFilters.entrySet()) {
            String name = String.valueOf(entry.getKey());
            Map<String, List<String>> filterValue = entry.getValue();
            if (filterValue.size() == 1) {
                String filterTypeName = String.valueOf(filterValue.keySet().iterator().next());
                final MessageFilterFactory filterFactory = messageFilterFactories.get(filterTypeName);
                if (filterFactory != null) {
                    final List<String> filterArguments = filterValue.values().iterator().next();
                    // check the arguments are valid
                    filterFactory.newInstance(filterArguments);
                    _defaultFiltersMap.put(name, new Callable<MessageFilter>() {

                        @Override
                        public MessageFilter call() {
                            return filterFactory.newInstance(filterArguments);
                        }
                    });
                } else {
                    throw new IllegalArgumentException("Unknown filter type " + filterTypeName + ", known types are: " + messageFilterFactories.keySet());
                }
            } else {
                throw new IllegalArgumentException("Filter value should be a map with one entry, having the type as key and the value being the filter arguments, not " + filterValue);
            }
        }
    }
    if (isHoldOnPublishEnabled()) {
        _holdMethods.add(new HoldMethod() {

            @Override
            public boolean isHeld(final MessageReference<?> messageReference, final long evaluationTime) {
                return messageReference.getMessage().getMessageHeader().getNotValidBefore() >= evaluationTime;
            }
        });
    }
    if (getAlternateBinding() != null) {
        String alternateDestination = getAlternateBinding().getDestination();
        _alternateBindingDestination = getOpenedMessageDestination(alternateDestination);
        if (_alternateBindingDestination != null) {
            _alternateBindingDestination.addReference(this);
        } else {
            LOGGER.warn("Cannot find alternate binding destination '{}' for queue '{}'", alternateDestination, toString());
        }
    }
    createOverflowPolicyHandlers(_overflowPolicy);
    updateAlertChecks();
}
Also used : QpidServiceLoader(org.apache.qpid.server.plugin.QpidServiceLoader) QueueLogSubject(org.apache.qpid.server.logging.subjects.QueueLogSubject) SessionPrincipal(org.apache.qpid.server.connection.SessionPrincipal) LinkModel(org.apache.qpid.server.protocol.LinkModel) LinkedHashMap(java.util.LinkedHashMap) ServerScopedRuntimeException(org.apache.qpid.server.util.ServerScopedRuntimeException) AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal) CopyOnWriteArrayList(java.util.concurrent.CopyOnWriteArrayList) ArrayList(java.util.ArrayList) List(java.util.List) MessageFilterFactory(org.apache.qpid.server.plugin.MessageFilterFactory) LogSubject(org.apache.qpid.server.logging.LogSubject) QueueLogSubject(org.apache.qpid.server.logging.subjects.QueueLogSubject) Subject(javax.security.auth.Subject) GenericPrincipal(org.apache.qpid.server.model.preferences.GenericPrincipal) MessageFilter(org.apache.qpid.server.filter.MessageFilter) Map(java.util.Map) LinkedHashMap(java.util.LinkedHashMap) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) ConcurrentMap(java.util.concurrent.ConcurrentMap) GenericPrincipal(org.apache.qpid.server.model.preferences.GenericPrincipal) SessionPrincipal(org.apache.qpid.server.connection.SessionPrincipal) Principal(java.security.Principal) AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal)

Example 3 with GenericPrincipal

use of org.apache.qpid.server.model.preferences.GenericPrincipal in project qpid-broker-j by apache.

the class ConnectionAndUserPredicateTest method setUp.

@Override
public void setUp() throws Exception {
    super.setUp();
    _predicate = new ConnectionAndUserPredicate();
    _subject = new Subject(false, new HashSet<>(Collections.singleton(new AuthenticatedPrincipal(new GenericPrincipal(TEST_USER)))), Collections.emptySet(), Collections.emptySet());
}
Also used : GenericPrincipal(org.apache.qpid.server.model.preferences.GenericPrincipal) Subject(javax.security.auth.Subject) HashSet(java.util.HashSet) AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal)

Example 4 with GenericPrincipal

use of org.apache.qpid.server.model.preferences.GenericPrincipal in project qpid-broker-j by apache.

the class AuthIdentityConnectionPropertyEnricher method addConnectionProperties.

@Override
public Map<String, Object> addConnectionProperties(final AMQPConnection<?> connection, final Map<String, Object> existingProperties) {
    Map<String, Object> modifiedProperties = new LinkedHashMap<>(existingProperties);
    final Principal principal = connection.getAuthorizedPrincipal();
    if (principal != null) {
        GenericPrincipal genericPrincipal = new GenericPrincipal((QpidPrincipal) principal);
        Map<String, String> claims = new LinkedHashMap<>();
        claims.put("sub", genericPrincipal.toExternalForm());
        claims.put("preferred_username", genericPrincipal.getName());
        modifiedProperties.put("authenticated-identity", claims);
    }
    Set<GroupPrincipal> groups = connection.getSubject().getPrincipals(GroupPrincipal.class);
    List<String> groupNames = groups.stream().map(GroupPrincipal::getName).collect(Collectors.toList());
    modifiedProperties.put("groups", groupNames);
    return Collections.unmodifiableMap(modifiedProperties);
}
Also used : GenericPrincipal(org.apache.qpid.server.model.preferences.GenericPrincipal) GroupPrincipal(org.apache.qpid.server.security.group.GroupPrincipal) GroupPrincipal(org.apache.qpid.server.security.group.GroupPrincipal) GenericPrincipal(org.apache.qpid.server.model.preferences.GenericPrincipal) QpidPrincipal(org.apache.qpid.server.security.QpidPrincipal) Principal(java.security.Principal) LinkedHashMap(java.util.LinkedHashMap)

Aggregations

GenericPrincipal (org.apache.qpid.server.model.preferences.GenericPrincipal)4 Subject (javax.security.auth.Subject)3 AuthenticatedPrincipal (org.apache.qpid.server.security.auth.AuthenticatedPrincipal)3 Principal (java.security.Principal)2 LinkedHashMap (java.util.LinkedHashMap)2 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Map (java.util.Map)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1 ConcurrentMap (java.util.concurrent.ConcurrentMap)1 CopyOnWriteArrayList (java.util.concurrent.CopyOnWriteArrayList)1 ConnectionPrincipal (org.apache.qpid.server.connection.ConnectionPrincipal)1 SessionPrincipal (org.apache.qpid.server.connection.SessionPrincipal)1 MessageFilter (org.apache.qpid.server.filter.MessageFilter)1 LogSubject (org.apache.qpid.server.logging.LogSubject)1 QueueLogSubject (org.apache.qpid.server.logging.subjects.QueueLogSubject)1 MessageFilterFactory (org.apache.qpid.server.plugin.MessageFilterFactory)1 QpidServiceLoader (org.apache.qpid.server.plugin.QpidServiceLoader)1 LinkModel (org.apache.qpid.server.protocol.LinkModel)1