Examples with Result org.apache.qpid.server.security.Result used on opensource projects

Search in sources :

Example 6 with Result

use of org.apache.qpid.server.security.Result in project qpid-broker-j by apache.

the class LegacyAccessControlAdapterTest method testAuthoriseInvokeBrokerDescendantMethod.

public void testAuthoriseInvokeBrokerDescendantMethod() {
    String methodName = "getStatistics";
    VirtualHostNode<?> virtualHostNode = _virtualHostNode;
    ObjectProperties properties = new ObjectProperties();
    properties.put(ObjectProperties.Property.NAME, virtualHostNode.getName());
    properties.put(ObjectProperties.Property.METHOD_NAME, methodName);
    properties.put(ObjectProperties.Property.COMPONENT, "Broker.VirtualHostNode");
    when(_accessControl.authorise(same(LegacyOperation.INVOKE), same(ObjectType.VIRTUALHOSTNODE), any(ObjectProperties.class))).thenReturn(Result.ALLOWED);
    Result result = _adapter.authoriseMethod(virtualHostNode, methodName, Collections.emptyMap());
    assertEquals("Unexpected authorise result", Result.ALLOWED, result);
    verify(_accessControl).authorise(eq(LegacyOperation.INVOKE), eq(ObjectType.VIRTUALHOSTNODE), eq(properties));
}
Also used : Result(org.apache.qpid.server.security.Result)

Example 7 with Result

use of org.apache.qpid.server.security.Result in project qpid-broker-j by apache.

the class LegacyAccessControlAdapterTest method testAuthorisePurge.

public void testAuthorisePurge() {
    Queue queue = mock(Queue.class);
    when(queue.getParent()).thenReturn(_virtualHost);
    when(queue.getModel()).thenReturn(_model);
    when(queue.getAttribute(Queue.NAME)).thenReturn(TEST_QUEUE);
    when(queue.getCategoryClass()).thenReturn(Queue.class);
    when(queue.getAttribute(Queue.DURABLE)).thenReturn(false);
    when(queue.getAttribute(Queue.EXCLUSIVE)).thenReturn(ExclusivityPolicy.NONE);
    when(queue.getAttribute(Queue.LIFETIME_POLICY)).thenReturn(LifetimePolicy.DELETE_ON_CONNECTION_CLOSE);
    ObjectProperties properties = createExpectedQueueObjectProperties();
    when(_accessControl.authorise(same(LegacyOperation.INVOKE), any(ObjectType.class), any(ObjectProperties.class))).thenReturn(Result.DENIED);
    when(_accessControl.authorise(same(LegacyOperation.PURGE), same(ObjectType.QUEUE), any(ObjectProperties.class))).thenReturn(Result.ALLOWED);
    Result result = _adapter.authoriseMethod(queue, "clearQueue", Collections.emptyMap());
    assertEquals("Unexpected authorise result", Result.ALLOWED, result);
    verify(_accessControl).authorise(eq(LegacyOperation.PURGE), eq(ObjectType.QUEUE), eq(properties));
}
Also used : Result(org.apache.qpid.server.security.Result)

Example 8 with Result

use of org.apache.qpid.server.security.Result in project qpid-broker-j by apache.

the class AbstractVirtualHost method onRestart.

@StateTransition(currentState = { State.STOPPED }, desiredState = State.ACTIVE)
private ListenableFuture<Void> onRestart() {
    createHousekeepingExecutor();
    final VirtualHostStoreUpgraderAndRecoverer virtualHostStoreUpgraderAndRecoverer = new VirtualHostStoreUpgraderAndRecoverer((VirtualHostNode<?>) getParent());
    virtualHostStoreUpgraderAndRecoverer.reloadAndRecoverVirtualHost(getDurableConfigurationStore());
    final Collection<VirtualHostAccessControlProvider> accessControlProviders = getChildren(VirtualHostAccessControlProvider.class);
    if (!accessControlProviders.isEmpty()) {
        accessControlProviders.forEach(child -> child.addChangeListener(_accessControlProviderListener));
    }
    final List<ListenableFuture<Void>> childOpenFutures = new ArrayList<>();
    Subject.doAs(getSubjectWithAddedSystemRights(), (PrivilegedAction<Object>) () -> {
        applyToChildren(child -> {
            final ListenableFuture<Void> childOpenFuture = child.openAsync();
            childOpenFutures.add(childOpenFuture);
            addFutureCallback(childOpenFuture, new FutureCallback<Void>() {

                @Override
                public void onSuccess(final Void result) {
                }

                @Override
                public void onFailure(final Throwable t) {
                    LOGGER.error("Exception occurred while opening {} : {}", child.getClass().getSimpleName(), child.getName(), t);
                }
            }, getTaskExecutor());
        });
        return null;
    });
    ListenableFuture<List<Void>> combinedFuture = Futures.allAsList(childOpenFutures);
    return Futures.transformAsync(combinedFuture, input -> onActivate(), MoreExecutors.directExecutor());
}
Also used : AccessControlContext(java.security.AccessControlContext) Arrays(java.util.Arrays) BufferedInputStream(java.io.BufferedInputStream) MessageStoreSerializer(org.apache.qpid.server.store.serializer.MessageStoreSerializer) Future(java.util.concurrent.Future) NetworkConnectionScheduler(org.apache.qpid.server.transport.NetworkConnectionScheduler) Map(java.util.Map) QueueEntryIterator(org.apache.qpid.server.queue.QueueEntryIterator) UserPreferences(org.apache.qpid.server.model.preferences.UserPreferences) EnumSet(java.util.EnumSet) AutoCommitTransaction(org.apache.qpid.server.txn.AutoCommitTransaction) Set(java.util.Set) AMQPConnection(org.apache.qpid.server.transport.AMQPConnection) InstanceProperties(org.apache.qpid.server.message.InstanceProperties) Iterators.cycle(com.google.common.collect.Iterators.cycle) StandardCharsets(java.nio.charset.StandardCharsets) HousekeepingExecutor(org.apache.qpid.server.util.HousekeepingExecutor) Serializable(java.io.Serializable) MessageStoreMessages(org.apache.qpid.server.logging.messages.MessageStoreMessages) Operation(org.apache.qpid.server.security.access.Operation) PreferenceRecord(org.apache.qpid.server.store.preferences.PreferenceRecord) QpidServiceLoader(org.apache.qpid.server.plugin.QpidServiceLoader) CompoundAccessControl(org.apache.qpid.server.security.CompoundAccessControl) TaskExecutor(org.apache.qpid.server.configuration.updater.TaskExecutor) PreferencesRoot(org.apache.qpid.server.store.preferences.PreferencesRoot) Callable(java.util.concurrent.Callable) ServerMessage(org.apache.qpid.server.message.ServerMessage) ArrayList(java.util.ArrayList) ResultCalculator(org.apache.qpid.server.security.SubjectFixedResultAccessControl.ResultCalculator) PreferenceStoreUpdaterImpl(org.apache.qpid.server.store.preferences.PreferenceStoreUpdaterImpl) UserPreferencesImpl(org.apache.qpid.server.model.preferences.UserPreferencesImpl) QueueEntry(org.apache.qpid.server.queue.QueueEntry) MessageHandler(org.apache.qpid.server.store.handler.MessageHandler) SubjectFixedResultAccessControl(org.apache.qpid.server.security.SubjectFixedResultAccessControl) PreferenceStore(org.apache.qpid.server.store.preferences.PreferenceStore) StoredMessage(org.apache.qpid.server.store.StoredMessage) MessageDeletedException(org.apache.qpid.server.message.MessageDeletedException) DtxRegistry(org.apache.qpid.server.txn.DtxRegistry) MessageInstanceHandler(org.apache.qpid.server.store.handler.MessageInstanceHandler) IOException(java.io.IOException) PreferencesRecoverer(org.apache.qpid.server.store.preferences.PreferencesRecoverer) File(java.io.File) FutureCallback(com.google.common.util.concurrent.FutureCallback) DurableConfigurationStore(org.apache.qpid.server.store.DurableConfigurationStore) Strings(org.apache.qpid.server.util.Strings) AtomicLong(java.util.concurrent.atomic.AtomicLong) Futures(com.google.common.util.concurrent.Futures) Result(org.apache.qpid.server.security.Result) SuppressingInheritedAccessControlContextThreadFactory(org.apache.qpid.server.pool.SuppressingInheritedAccessControlContextThreadFactory) ScheduledFuture(java.util.concurrent.ScheduledFuture) MessageReference(org.apache.qpid.server.message.MessageReference) URL(java.net.URL) Date(java.util.Date) DistributedTransactionHandler(org.apache.qpid.server.store.handler.DistributedTransactionHandler) LoggerFactory(org.slf4j.LoggerFactory) DefaultDestination(org.apache.qpid.server.exchange.DefaultDestination) TaskExecutorImpl(org.apache.qpid.server.configuration.updater.TaskExecutorImpl) SettableFuture(com.google.common.util.concurrent.SettableFuture) MessageStore(org.apache.qpid.server.store.MessageStore) ExchangeDefaults(org.apache.qpid.server.exchange.ExchangeDefaults) AmqpPort(org.apache.qpid.server.model.port.AmqpPort) StoreException(org.apache.qpid.server.store.StoreException) MessageEnqueueRecord(org.apache.qpid.server.store.MessageEnqueueRecord) PatternSyntaxException(java.util.regex.PatternSyntaxException) LocalTransaction(org.apache.qpid.server.txn.LocalTransaction) Collection(java.util.Collection) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) org.apache.qpid.server.model(org.apache.qpid.server.model) LinkModel(org.apache.qpid.server.protocol.LinkModel) ScheduledThreadPoolExecutor(java.util.concurrent.ScheduledThreadPoolExecutor) UUID(java.util.UUID) PrivilegedAction(java.security.PrivilegedAction) RoutingResult(org.apache.qpid.server.message.RoutingResult) ConnectionValidator(org.apache.qpid.server.plugin.ConnectionValidator) MessageStoreLogSubject(org.apache.qpid.server.logging.subjects.MessageStoreLogSubject) List(java.util.List) Principal(java.security.Principal) AMQMessageHeader(org.apache.qpid.server.message.AMQMessageHeader) MessageDestination(org.apache.qpid.server.message.MessageDestination) MessageSource(org.apache.qpid.server.message.MessageSource) Pattern(java.util.regex.Pattern) UnsupportedEncodingException(java.io.UnsupportedEncodingException) DataInputStream(java.io.DataInputStream) MoreExecutors(com.google.common.util.concurrent.MoreExecutors) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) InternalMessage(org.apache.qpid.server.message.internal.InternalMessage) AccessControl(org.apache.qpid.server.security.AccessControl) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) HashMap(java.util.HashMap) JdkFutureAdapters(com.google.common.util.concurrent.JdkFutureAdapters) EventLogger(org.apache.qpid.server.logging.EventLogger) HashSet(java.util.HashSet) Collections.newSetFromMap(java.util.Collections.newSetFromMap) RejectedExecutionException(java.util.concurrent.RejectedExecutionException) Preference(org.apache.qpid.server.model.preferences.Preference) AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal) SystemNodeCreator(org.apache.qpid.server.plugin.SystemNodeCreator) ConfiguredObjectRecord(org.apache.qpid.server.store.ConfiguredObjectRecord) Task(org.apache.qpid.server.configuration.updater.Task) OutputStream(java.io.OutputStream) PreferenceStoreUpdater(org.apache.qpid.server.store.preferences.PreferenceStoreUpdater) ServerTransaction(org.apache.qpid.server.txn.ServerTransaction) Logger(org.slf4j.Logger) VirtualHostMessages(org.apache.qpid.server.logging.messages.VirtualHostMessages) Iterator(java.util.Iterator) IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException) SocketConnectionMetaData(org.apache.qpid.server.security.auth.SocketConnectionMetaData) MalformedURLException(java.net.MalformedURLException) Subject(javax.security.auth.Subject) TimeUnit(java.util.concurrent.TimeUnit) ConfiguredObjectRecordHandler(org.apache.qpid.server.store.handler.ConfiguredObjectRecordHandler) VirtualHostStoreUpgraderAndRecoverer(org.apache.qpid.server.store.VirtualHostStoreUpgraderAndRecoverer) URLEncoder(java.net.URLEncoder) Event(org.apache.qpid.server.store.Event) MessageStoreProvider(org.apache.qpid.server.store.MessageStoreProvider) MessageNode(org.apache.qpid.server.message.MessageNode) Collections(java.util.Collections) StatisticsReportingTask(org.apache.qpid.server.stats.StatisticsReportingTask) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) VirtualHostStoreUpgraderAndRecoverer(org.apache.qpid.server.store.VirtualHostStoreUpgraderAndRecoverer) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) ArrayList(java.util.ArrayList) List(java.util.List) FutureCallback(com.google.common.util.concurrent.FutureCallback)

Example 9 with Result

use of org.apache.qpid.server.security.Result in project qpid-broker-j by apache.

the class LegacyAccessControlAdapter method authoriseMethod.

Result authoriseMethod(final PermissionedObject configuredObject, final String methodName, final Map<String, Object> arguments) {
    Class<? extends ConfiguredObject> categoryClass = configuredObject.getCategoryClass();
    Result invokeResult = _accessControl.authorise(INVOKE, getACLObjectTypeManagingConfiguredObjectOfCategory(categoryClass), createObjectPropertiesForMethod(configuredObject, methodName));
    if (invokeResult == Result.ALLOWED) {
        return invokeResult;
    }
    // Otherwise fallback to the older rule-style
    if (categoryClass == Queue.class) {
        Queue queue = (Queue) configuredObject;
        final ObjectProperties properties = new ObjectProperties();
        if ("clearQueue".equals(methodName)) {
            setQueueProperties(queue, properties);
            return _accessControl.authorise(PURGE, QUEUE, properties);
        } else if (QUEUE_UPDATE_METHODS.contains(methodName)) {
            VirtualHost virtualHost = queue.getVirtualHost();
            final String virtualHostName = virtualHost.getName();
            properties.setName(methodName);
            properties.put(ObjectProperties.Property.COMPONENT, buildHierarchicalCategoryName(queue, virtualHost));
            properties.put(ObjectProperties.Property.VIRTUALHOST_NAME, virtualHostName);
            return _accessControl.authorise(LegacyOperation.UPDATE, METHOD, properties);
        }
    } else if ((categoryClass == BrokerLogger.class || categoryClass == VirtualHostLogger.class) && LOG_ACCESS_METHOD_NAMES.contains(methodName)) {
        ObjectProperties empty = categoryClass == BrokerLogger.class ? ObjectProperties.EMPTY : new ObjectProperties(((ConfiguredObject) configuredObject).getParent().getName());
        return _accessControl.authorise(ACCESS_LOGS, categoryClass == BrokerLogger.class ? ObjectType.BROKER : ObjectType.VIRTUALHOST, empty);
    } else if (categoryClass == Broker.class && "initiateShutdown".equals(methodName)) {
        _accessControl.authorise(LegacyOperation.SHUTDOWN, ObjectType.BROKER, ObjectProperties.EMPTY);
    } else if (categoryClass == Exchange.class) {
        if ("bind".equals(methodName)) {
            final ObjectProperties properties = createObjectPropertiesForExchangeBind(arguments, configuredObject);
            return _accessControl.authorise(BIND, EXCHANGE, properties);
        } else if ("unbind".equals(methodName)) {
            final ObjectProperties properties = createObjectPropertiesForExchangeBind(arguments, configuredObject);
            return _accessControl.authorise(UNBIND, EXCHANGE, properties);
        }
    }
    return invokeResult;
}
Also used : QueueManagingVirtualHost(org.apache.qpid.server.virtualhost.QueueManagingVirtualHost) Result(org.apache.qpid.server.security.Result)

Example 10 with Result

use of org.apache.qpid.server.security.Result in project qpid-broker-j by apache.

the class LegacyAccessControlAdapterTest method testAuthoriseLogsAccessOnBroker.

public void testAuthoriseLogsAccessOnBroker() {
    when(_accessControl.authorise(same(LegacyOperation.INVOKE), same(ObjectType.BROKER), any(ObjectProperties.class))).thenReturn(Result.DENIED);
    when(_accessControl.authorise(same(LegacyOperation.ACCESS_LOGS), same(ObjectType.BROKER), any(ObjectProperties.class))).thenReturn(Result.ALLOWED);
    ConfiguredObject logger = mock(BrokerLogger.class);
    when(logger.getCategoryClass()).thenReturn(BrokerLogger.class);
    when(logger.getModel()).thenReturn(_model);
    when(logger.getParent()).thenReturn(_broker);
    Result result = _adapter.authoriseMethod(logger, "getFile", Collections.singletonMap("fileName", "qpid.log"));
    assertEquals("Unexpected authorise result", Result.ALLOWED, result);
    verify(_accessControl).authorise(ACCESS_LOGS, BROKER, ObjectProperties.EMPTY);
}
Also used : Result(org.apache.qpid.server.security.Result)

Aggregations

Result (org.apache.qpid.server.security.Result)12 Subject (javax.security.auth.Subject)2 AMQPConnection (org.apache.qpid.server.transport.AMQPConnection)2 Iterators.cycle (com.google.common.collect.Iterators.cycle)1 FutureCallback (com.google.common.util.concurrent.FutureCallback)1 Futures (com.google.common.util.concurrent.Futures)1 JdkFutureAdapters (com.google.common.util.concurrent.JdkFutureAdapters)1 ListenableFuture (com.google.common.util.concurrent.ListenableFuture)1 MoreExecutors (com.google.common.util.concurrent.MoreExecutors)1 SettableFuture (com.google.common.util.concurrent.SettableFuture)1 BufferedInputStream (java.io.BufferedInputStream)1 DataInputStream (java.io.DataInputStream)1 File (java.io.File)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 OutputStream (java.io.OutputStream)1 Serializable (java.io.Serializable)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 InetAddress (java.net.InetAddress)1 InetSocketAddress (java.net.InetSocketAddress)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial