Examples with AccessControl org.apache.qpid.server.security.AccessControl used on opensource projects

Search in sources :

Example 1 with AccessControl

use of org.apache.qpid.server.security.AccessControl in project qpid-broker-j by apache.

the class AbstractConfiguredObject method authorise.

private void authorise(final ConfiguredObject<?> configuredObject, SecurityToken token, final Operation operation, Map<String, Object> arguments) {
    AccessControl accessControl = getAccessControl();
    if (accessControl != null) {
        Result result = accessControl.authorise(token, operation, configuredObject, arguments);
        LOGGER.debug("authorise returned {}", result);
        if (result == Result.DEFER) {
            result = accessControl.getDefault();
            LOGGER.debug("authorise returned DEFER, returing default: {}", result);
        }
        if (result == Result.DENIED) {
            Class<? extends ConfiguredObject> categoryClass = configuredObject.getCategoryClass();
            String objectName = (String) configuredObject.getAttribute(ConfiguredObject.NAME);
            String operationName = operation.getName().equals(operation.getType().name()) ? operation.getName() : (operation.getType().name() + "(" + operation.getName() + ")");
            StringBuilder exceptionMessage = new StringBuilder(String.format("Permission %s is denied for : %s '%s'", operationName, categoryClass.getSimpleName(), objectName));
            Model model = configuredObject.getModel();
            Class<? extends ConfiguredObject> parentClass = model.getParentType(categoryClass);
            if (parentClass != null) {
                exceptionMessage.append(" on");
                String objectCategory = parentClass.getSimpleName();
                ConfiguredObject<?> parent = configuredObject.getParent();
                exceptionMessage.append(" ").append(objectCategory);
                if (parent != null) {
                    exceptionMessage.append(" '").append(parent.getAttribute(ConfiguredObject.NAME)).append("'");
                }
            }
            throw new AccessControlException(exceptionMessage.toString());
        }
    }
}
Also used : AccessControlException(java.security.AccessControlException) AccessControl(org.apache.qpid.server.security.AccessControl) Result(org.apache.qpid.server.security.Result)

Example 2 with AccessControl

use of org.apache.qpid.server.security.AccessControl in project qpid-broker-j by apache.

the class AbstractVirtualHostTest method setUp.

@Override
public void setUp() throws Exception {
    super.setUp();
    SystemConfig systemConfig = mock(SystemConfig.class);
    when(systemConfig.getEventLogger()).thenReturn(mock(EventLogger.class));
    when(systemConfig.createPreferenceStore()).thenReturn(mock(PreferenceStore.class));
    AccessControl accessControlMock = BrokerTestHelper.createAccessControlMock();
    Principal systemPrincipal = mock(Principal.class);
    Broker<?> broker = BrokerTestHelper.mockWithSystemPrincipalAndAccessControl(Broker.class, systemPrincipal, accessControlMock);
    when(broker.getParent()).thenReturn(systemConfig);
    when(broker.getModel()).thenReturn(BrokerModel.getInstance());
    _taskExecutor = new TaskExecutorImpl();
    _taskExecutor.start();
    when(broker.getTaskExecutor()).thenReturn(_taskExecutor);
    when(broker.getChildExecutor()).thenReturn(_taskExecutor);
    _node = BrokerTestHelper.mockWithSystemPrincipalAndAccessControl(VirtualHostNode.class, systemPrincipal, accessControlMock);
    when(_node.getParent()).thenReturn(broker);
    when(_node.getModel()).thenReturn(BrokerModel.getInstance());
    when(_node.getTaskExecutor()).thenReturn(_taskExecutor);
    when(_node.getChildExecutor()).thenReturn(_taskExecutor);
    when(_node.getConfigurationStore()).thenReturn(mock(DurableConfigurationStore.class));
    when(_node.getCategoryClass()).thenReturn(VirtualHostNode.class);
    when(_node.createPreferenceStore()).thenReturn(mock(PreferenceStore.class));
    _failingStore = mock(MessageStore.class);
    doThrow(new RuntimeException("Cannot open store")).when(_failingStore).openMessageStore(any(ConfiguredObject.class));
}
Also used : MessageStore(org.apache.qpid.server.store.MessageStore) SystemConfig(org.apache.qpid.server.model.SystemConfig) TaskExecutorImpl(org.apache.qpid.server.configuration.updater.TaskExecutorImpl) DurableConfigurationStore(org.apache.qpid.server.store.DurableConfigurationStore) EventLogger(org.apache.qpid.server.logging.EventLogger) ConfiguredObject(org.apache.qpid.server.model.ConfiguredObject) PreferenceStore(org.apache.qpid.server.store.preferences.PreferenceStore) AccessControl(org.apache.qpid.server.security.AccessControl) Principal(java.security.Principal) VirtualHostNode(org.apache.qpid.server.model.VirtualHostNode)

Example 3 with AccessControl

use of org.apache.qpid.server.security.AccessControl in project qpid-broker-j by apache.

the class VirtualHostQueueCreationTest method setUp.

@SuppressWarnings({ "rawtypes", "unchecked" })
@Override
public void setUp() throws Exception {
    super.setUp();
    EventLogger eventLogger = mock(EventLogger.class);
    ConfiguredObjectFactory objectFactory = new ConfiguredObjectFactoryImpl(BrokerModel.getInstance());
    _taskExecutor = new CurrentThreadTaskExecutor();
    _taskExecutor.start();
    SystemConfig<?> context = mock(SystemConfig.class);
    when(context.getEventLogger()).thenReturn(eventLogger);
    when(context.createPreferenceStore()).thenReturn(mock(PreferenceStore.class));
    Principal systemPrincipal = mock(Principal.class);
    AccessControl accessControl = BrokerTestHelper.createAccessControlMock();
    Broker broker = BrokerTestHelper.mockWithSystemPrincipalAndAccessControl(Broker.class, systemPrincipal, accessControl);
    when(broker.getObjectFactory()).thenReturn(objectFactory);
    when(broker.getCategoryClass()).thenReturn(Broker.class);
    when(broker.getParent()).thenReturn(context);
    when(broker.getModel()).thenReturn(objectFactory.getModel());
    when(broker.getTaskExecutor()).thenReturn(_taskExecutor);
    when(broker.getChildExecutor()).thenReturn(_taskExecutor);
    _virtualHostNode = BrokerTestHelper.mockWithSystemPrincipalAndAccessControl(VirtualHostNode.class, systemPrincipal, accessControl);
    when(_virtualHostNode.getParent()).thenReturn(broker);
    when(_virtualHostNode.getConfigurationStore()).thenReturn(mock(DurableConfigurationStore.class));
    when(_virtualHostNode.getObjectFactory()).thenReturn(objectFactory);
    when(_virtualHostNode.getModel()).thenReturn(objectFactory.getModel());
    when(_virtualHostNode.getTaskExecutor()).thenReturn(_taskExecutor);
    when(_virtualHostNode.getChildExecutor()).thenReturn(_taskExecutor);
    when(_virtualHostNode.getCategoryClass()).thenReturn(VirtualHostNode.class);
    when(_virtualHostNode.createPreferenceStore()).thenReturn(mock(PreferenceStore.class));
    _virtualHost = createHost();
}
Also used : Broker(org.apache.qpid.server.model.Broker) ConfiguredObjectFactory(org.apache.qpid.server.model.ConfiguredObjectFactory) DurableConfigurationStore(org.apache.qpid.server.store.DurableConfigurationStore) EventLogger(org.apache.qpid.server.logging.EventLogger) CurrentThreadTaskExecutor(org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor) PreferenceStore(org.apache.qpid.server.store.preferences.PreferenceStore) Principal(java.security.Principal) AccessControl(org.apache.qpid.server.security.AccessControl) VirtualHostNode(org.apache.qpid.server.model.VirtualHostNode) ConfiguredObjectFactoryImpl(org.apache.qpid.server.model.ConfiguredObjectFactoryImpl)

Example 4 with AccessControl

use of org.apache.qpid.server.security.AccessControl in project qpid-broker-j by apache.

the class AbstractStandardVirtualHostNodeTest method testDeleteVHNDeniedByACL.

public void testDeleteVHNDeniedByACL() throws Exception {
    AccessControl mockAccessControl = mock(AccessControl.class);
    DurableConfigurationStore configStore = configStoreThatProducesNoRecords();
    Map<String, Object> nodeAttributes = new HashMap<>();
    nodeAttributes.put(VirtualHostNode.NAME, TEST_VIRTUAL_HOST_NODE_NAME);
    nodeAttributes.put(VirtualHostNode.ID, _nodeId);
    TestVirtualHostNode node = new TestVirtualHostNode(_broker, nodeAttributes, configStore);
    node.setAccessControl(mockAccessControl);
    node.open();
    node.start();
    when(mockAccessControl.authorise(null, Operation.DELETE, node, Collections.<String, Object>emptyMap())).thenReturn(Result.DENIED);
    try {
        node.delete();
        fail("Exception not throws");
    } catch (AccessControlException ace) {
    // PASS
    }
    assertEquals("Virtual host node state changed unexpectedly", State.ACTIVE, node.getState());
    node.close();
}
Also used : DurableConfigurationStore(org.apache.qpid.server.store.DurableConfigurationStore) HashMap(java.util.HashMap) AccessControlException(java.security.AccessControlException) ConfiguredObject(org.apache.qpid.server.model.ConfiguredObject) AccessControl(org.apache.qpid.server.security.AccessControl)

Example 5 with AccessControl

use of org.apache.qpid.server.security.AccessControl in project qpid-broker-j by apache.

the class VirtualHostLoggerTest method setUp.

@Override
public void setUp() throws Exception {
    super.setUp();
    _taskExecutor = new TaskExecutorImpl();
    _taskExecutor.start();
    Model model = BrokerModel.getInstance();
    EventLogger eventLogger = mock(EventLogger.class);
    SystemConfig<?> systemConfig = mock(SystemConfig.class);
    when(systemConfig.getModel()).thenReturn(model);
    when(systemConfig.getChildExecutor()).thenReturn(_taskExecutor);
    when(systemConfig.getEventLogger()).thenReturn(eventLogger);
    when(systemConfig.createPreferenceStore()).thenReturn(mock(PreferenceStore.class));
    doReturn(SystemConfig.class).when(systemConfig).getCategoryClass();
    Principal systemPrincipal = mock(Principal.class);
    AccessControl accessControlMock = BrokerTestHelper.createAccessControlMock();
    Broker broker = BrokerTestHelper.mockWithSystemPrincipalAndAccessControl(Broker.class, systemPrincipal, accessControlMock);
    when(broker.getModel()).thenReturn(model);
    when(broker.getChildExecutor()).thenReturn(_taskExecutor);
    when(broker.getParent()).thenReturn(systemConfig);
    doReturn(Broker.class).when(broker).getCategoryClass();
    VirtualHostNode node = BrokerTestHelper.mockWithSystemPrincipalAndAccessControl(VirtualHostNode.class, systemPrincipal, accessControlMock);
    when(node.getModel()).thenReturn(model);
    when(node.getChildExecutor()).thenReturn(_taskExecutor);
    when(node.getParent()).thenReturn(broker);
    when(node.getConfigurationStore()).thenReturn(mock(DurableConfigurationStore.class));
    doReturn(VirtualHostNode.class).when(node).getCategoryClass();
    when(node.createPreferenceStore()).thenReturn(mock(PreferenceStore.class));
    // use real VH object rather then mock in order to test create/start/stop functionality
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(VirtualHost.NAME, getName());
    attributes.put(VirtualHost.TYPE, TestMemoryVirtualHost.VIRTUAL_HOST_TYPE);
    _virtualHost = new TestMemoryVirtualHost(attributes, node);
    _virtualHost.open();
    _baseFolder = new File(TMP_FOLDER, "test-sub-folder");
    _logFile = new File(_baseFolder, "tmp-virtual-host.log." + System.currentTimeMillis());
    if (_baseFolder.exists()) {
        FileUtils.delete(_baseFolder, true);
    }
}
Also used : TaskExecutorImpl(org.apache.qpid.server.configuration.updater.TaskExecutorImpl) TestMemoryVirtualHost(org.apache.qpid.server.virtualhost.TestMemoryVirtualHost) Broker(org.apache.qpid.server.model.Broker) DurableConfigurationStore(org.apache.qpid.server.store.DurableConfigurationStore) EventLogger(org.apache.qpid.server.logging.EventLogger) HashMap(java.util.HashMap) PreferenceStore(org.apache.qpid.server.store.preferences.PreferenceStore) AccessControl(org.apache.qpid.server.security.AccessControl) BrokerModel(org.apache.qpid.server.model.BrokerModel) Model(org.apache.qpid.server.model.Model) ConfiguredObject(org.apache.qpid.server.model.ConfiguredObject) AbstractConfiguredObject(org.apache.qpid.server.model.AbstractConfiguredObject) File(java.io.File) Principal(java.security.Principal) VirtualHostNode(org.apache.qpid.server.model.VirtualHostNode)

Aggregations

AccessControl (org.apache.qpid.server.security.AccessControl)8 DurableConfigurationStore (org.apache.qpid.server.store.DurableConfigurationStore)6 HashMap (java.util.HashMap)5 ConfiguredObject (org.apache.qpid.server.model.ConfiguredObject)5 AccessControlException (java.security.AccessControlException)4 Principal (java.security.Principal)3 EventLogger (org.apache.qpid.server.logging.EventLogger)3 VirtualHostNode (org.apache.qpid.server.model.VirtualHostNode)3 PreferenceStore (org.apache.qpid.server.store.preferences.PreferenceStore)3 TaskExecutorImpl (org.apache.qpid.server.configuration.updater.TaskExecutorImpl)2 Broker (org.apache.qpid.server.model.Broker)2 File (java.io.File)1 Map (java.util.Map)1 CurrentThreadTaskExecutor (org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor)1 AbstractConfiguredObject (org.apache.qpid.server.model.AbstractConfiguredObject)1 BrokerModel (org.apache.qpid.server.model.BrokerModel)1 ConfiguredObjectFactory (org.apache.qpid.server.model.ConfiguredObjectFactory)1 ConfiguredObjectFactoryImpl (org.apache.qpid.server.model.ConfiguredObjectFactoryImpl)1 Model (org.apache.qpid.server.model.Model)1 SystemConfig (org.apache.qpid.server.model.SystemConfig)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial