Author: aidan
Date: Mon Mar 2 14:30:25 2009
New Revision: 749315
URL: http://svn.apache.org/viewvc?rev=749315&view=rev
Log:
QPID-1583: Add test for reloading external firewall rules, fix buglets this
test exposed.
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPlugin.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPluginFactory.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallFactory.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallPlugin.java
qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/ACLManagerTest.java
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java?rev=749315&r1=749314&r2=749315&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
Mon Mar 2 14:30:25 2009
@@ -35,6 +35,7 @@
import org.apache.qpid.server.security.access.plugins.AllowAll;
import org.apache.qpid.server.security.access.plugins.DenyAll;
import org.apache.qpid.server.security.access.plugins.SimpleXML;
+import org.apache.qpid.server.security.access.plugins.network.FirewallPlugin;
import org.osgi.framework.BundleActivator;
import org.osgi.framework.BundleException;
import org.osgi.util.tracker.ServiceTracker;
@@ -165,6 +166,7 @@
_securityPlugins.put(SimpleXML.class.getName(), SimpleXML.FACTORY);
_securityPlugins.put(AllowAll.class.getName(), AllowAll.FACTORY);
_securityPlugins.put(DenyAll.class.getName(), DenyAll.FACTORY);
+ _securityPlugins.put(FirewallPlugin.class.getName(),
FirewallPlugin.FACTORY);
}
return _securityPlugins;
}
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java?rev=749315&r1=749314&r2=749315&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
Mon Mar 2 14:30:25 2009
@@ -24,6 +24,7 @@
import java.util.HashMap;
import java.util.Map;
+import org.apache.commons.configuration.ConfigurationException;
import org.apache.log4j.Logger;
import org.apache.mina.common.IoAcceptor;
import org.apache.qpid.server.configuration.ServerConfiguration;
@@ -261,7 +262,7 @@
return _virtualHostRegistry;
}
- public ACLManager getAccessManager()
+ public ACLManager getAccessManager() throws ConfigurationException
{
return new ACLManager(_configuration.getSecurityConfiguration(),
_pluginManager);
}
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java?rev=749315&r1=749314&r2=749315&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java
Mon Mar 2 14:30:25 2009
@@ -24,6 +24,7 @@
import java.net.InetSocketAddress;
import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
import org.apache.qpid.server.configuration.ServerConfiguration;
import org.apache.qpid.server.management.ManagedObjectRegistry;
import org.apache.qpid.server.plugins.PluginManager;
@@ -64,7 +65,7 @@
VirtualHostRegistry getVirtualHostRegistry();
- ACLManager getAccessManager();
+ ACLManager getAccessManager() throws ConfigurationException;
PluginManager getPluginManager();
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java?rev=749315&r1=749314&r2=749315&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java
Mon Mar 2 14:30:25 2009
@@ -28,6 +28,7 @@
import java.util.Map.Entry;
import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
import org.apache.log4j.Logger;
import org.apache.qpid.framing.AMQShortString;
import org.apache.qpid.server.configuration.SecurityConfiguration;
@@ -49,12 +50,12 @@
private Map<String, ACLPlugin> _globalPlugins = new HashMap<String,
ACLPlugin>();
private Map<String, ACLPlugin> _hostPlugins = new HashMap<String,
ACLPlugin>();
- public ACLManager(SecurityConfiguration configuration, PluginManager
manager)
+ public ACLManager(SecurityConfiguration configuration, PluginManager
manager) throws ConfigurationException
{
this(configuration, manager, null);
}
- public ACLManager(SecurityConfiguration configuration, PluginManager
manager, ACLPluginFactory securityPlugin)
+ public ACLManager(SecurityConfiguration configuration, PluginManager
manager, ACLPluginFactory securityPlugin) throws ConfigurationException
{
_pluginManager = manager;
@@ -73,12 +74,12 @@
}
- public void configureHostPlugins(SecurityConfiguration hostConfig)
+ public void configureHostPlugins(SecurityConfiguration hostConfig) throws
ConfigurationException
{
_hostPlugins = configurePlugins(hostConfig);
}
- public Map<String, ACLPlugin> configurePlugins(SecurityConfiguration
hostConfig)
+ public Map<String, ACLPlugin> configurePlugins(SecurityConfiguration
hostConfig) throws ConfigurationException
{
Configuration securityConfig = hostConfig.getConfiguration();
Map<String, ACLPlugin> plugins = new HashMap<String, ACLPlugin>();
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPlugin.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPlugin.java?rev=749315&r1=749314&r2=749315&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPlugin.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPlugin.java
Mon Mar 2 14:30:25 2009
@@ -21,6 +21,7 @@
package org.apache.qpid.server.security.access;
import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
import org.apache.qpid.framing.AMQShortString;
import org.apache.qpid.server.exchange.Exchange;
import org.apache.qpid.server.protocol.AMQProtocolSession;
@@ -36,7 +37,7 @@
ABSTAIN
}
- void setConfiguration(Configuration config);
+ void setConfiguration(Configuration config) throws ConfigurationException;
// These return true if the plugin thinks the action should be allowed,
and false if not.
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPluginFactory.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPluginFactory.java?rev=749315&r1=749314&r2=749315&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPluginFactory.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPluginFactory.java
Mon Mar 2 14:30:25 2009
@@ -21,12 +21,13 @@
package org.apache.qpid.server.security.access;
import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
public interface ACLPluginFactory
{
public boolean supportsTag(String name);
- public ACLPlugin newInstance(Configuration config);
+ public ACLPlugin newInstance(Configuration config) throws
ConfigurationException;
}
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallFactory.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallFactory.java?rev=749315&r1=749314&r2=749315&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallFactory.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallFactory.java
Mon Mar 2 14:30:25 2009
@@ -21,6 +21,7 @@
package org.apache.qpid.server.security.access.plugins.network;
import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
import org.apache.qpid.server.security.access.ACLPlugin;
import org.apache.qpid.server.security.access.ACLPluginFactory;
@@ -28,7 +29,7 @@
{
@Override
- public ACLPlugin newInstance(Configuration config)
+ public ACLPlugin newInstance(Configuration config) throws
ConfigurationException
{
FirewallPlugin plugin = new FirewallPlugin();
plugin.setConfiguration(config);
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallPlugin.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallPlugin.java?rev=749315&r1=749314&r2=749315&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallPlugin.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallPlugin.java
Mon Mar 2 14:30:25 2009
@@ -23,12 +23,18 @@
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
+import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
+import org.apache.commons.configuration.CompositeConfiguration;
import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.XMLConfiguration;
import org.apache.qpid.server.protocol.AMQMinaProtocolSession;
import org.apache.qpid.server.protocol.AMQProtocolSession;
+import org.apache.qpid.server.security.access.ACLPlugin;
+import org.apache.qpid.server.security.access.ACLPluginFactory;
import org.apache.qpid.server.security.access.plugins.AbstractACLPlugin;
import org.apache.qpid.server.virtualhost.VirtualHost;
import org.apache.qpid.util.NetMatcher;
@@ -36,6 +42,21 @@
public class FirewallPlugin extends AbstractACLPlugin
{
+ public static final ACLPluginFactory FACTORY = new ACLPluginFactory()
+ {
+ public boolean supportsTag(String name)
+ {
+ return name.startsWith("firewall");
+ }
+
+ public ACLPlugin newInstance(Configuration config) throws
ConfigurationException
+ {
+ FirewallPlugin plugin = new FirewallPlugin();
+ plugin.setConfiguration(config);
+ return plugin;
+ }
+ };
+
public class FirewallRule
{
@@ -149,7 +170,7 @@
}
@Override
- public void setConfiguration(Configuration config)
+ public void setConfiguration(Configuration config) throws
ConfigurationException
{
// Get default action
String defaultAction = config.getString("[...@default-action]");
@@ -165,15 +186,21 @@
{
_default = AuthzResult.DENIED;
}
+ CompositeConfiguration finalConfig = new
CompositeConfiguration(config);
+
+ List subFiles = config.getList("firewall.x...@filename]");
+ for (Object subFile : subFiles)
+ {
+ finalConfig.addConfiguration(new XMLConfiguration((String)
subFile));
+ }
- int numRules = config.getList("ru...@access]").size(); // all rules
must
- // have an access
- // attribute
+ // all rules must have an access attribute
+ int numRules = finalConfig.getList("ru...@access]").size();
_rules = new FirewallRule[numRules];
for (int i = 0; i < numRules; i++)
{
- FirewallRule rule = new FirewallRule(config.getString("rule(" + i
+ ")[...@access]"), config.getList("rule("
- + i + ")[...@network]"), config.getList("rule(" + i +
")[...@hostname]"));
+ FirewallRule rule = new FirewallRule(finalConfig.getString("rule("
+ i + ")[...@access]"), finalConfig.getList("rule("
+ + i + ")[...@network]"), finalConfig.getList("rule(" + i +
")[...@hostname]"));
_rules[i] = rule;
}
}
Modified:
qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java?rev=749315&r1=749314&r2=749315&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
(original)
+++
qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
Mon Mar 2 14:30:25 2009
@@ -23,12 +23,24 @@
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
+import java.io.RandomAccessFile;
import java.util.List;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration;
import org.apache.commons.configuration.SystemConfiguration;
import org.apache.commons.configuration.XMLConfiguration;
+import org.apache.qpid.AMQException;
+import org.apache.qpid.codec.AMQCodecFactory;
+import org.apache.qpid.server.protocol.AMQMinaProtocolSession;
+import org.apache.qpid.server.protocol.AMQProtocolSession;
+import org.apache.qpid.server.protocol.TestIoSession;
+import org.apache.qpid.server.queue.MockProtocolSession;
+import org.apache.qpid.server.registry.ApplicationRegistry;
+import org.apache.qpid.server.registry.ConfigurationFileApplicationRegistry;
+import org.apache.qpid.server.security.access.ACLManager;
+import org.apache.qpid.server.virtualhost.VirtualHost;
+import org.apache.qpid.server.virtualhost.VirtualHostRegistry;
import junit.framework.TestCase;
@@ -42,7 +54,7 @@
{
_config = new XMLConfiguration();
}
-
+
public void testSetJMXManagementPort() throws ConfigurationException
{
ServerConfiguration serverConfig = new ServerConfiguration(_config);
@@ -63,7 +75,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getPlatformMbeanserver());
- // Check value we set
+ // Check value we set
_config.setProperty("management.platform-mbeanserver", false);
serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getPlatformMbeanserver());
@@ -75,7 +87,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(null, serverConfig.getPluginDirectory());
- // Check value we set
+ // Check value we set
_config.setProperty("plugin-directory", "/path/to/plugins");
serverConfig = new ServerConfiguration(_config);
assertEquals("/path/to/plugins", serverConfig.getPluginDirectory());
@@ -87,7 +99,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(0, serverConfig.getPrincipalDatabaseNames().size());
- // Check value we set
+ // Check value we set
_config.setProperty("security.principal-databases.principal-database(0).name",
"a");
_config.setProperty("security.principal-databases.principal-database(1).name",
"b");
serverConfig = new ServerConfiguration(_config);
@@ -96,14 +108,14 @@
assertEquals("a", dbs.get(0));
assertEquals("b", dbs.get(1));
}
-
+
public void testGetPrincipalDatabaseClass() throws ConfigurationException
{
// Check default
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(0, serverConfig.getPrincipalDatabaseClass().size());
- // Check value we set
+ // Check value we set
_config.setProperty("security.principal-databases.principal-database(0).class",
"a");
_config.setProperty("security.principal-databases.principal-database(1).class",
"b");
serverConfig = new ServerConfiguration(_config);
@@ -119,7 +131,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(0,
serverConfig.getPrincipalDatabaseAttributeNames(1).size());
- // Check value we set
+ // Check value we set
_config.setProperty("security.principal-databases.principal-database(0).attributes(0).attribute.name",
"a");
_config.setProperty("security.principal-databases.principal-database(0).attributes(1).attribute.name",
"b");
serverConfig = new ServerConfiguration(_config);
@@ -129,14 +141,13 @@
assertEquals("b", dbs.get(1));
}
-
public void testGetPrincipalDatabaseAttributeValues() throws
ConfigurationException
{
// Check default
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(0,
serverConfig.getPrincipalDatabaseAttributeValues(1).size());
- // Check value we set
+ // Check value we set
_config.setProperty("security.principal-databases.principal-database(0).attributes(0).attribute.value",
"a");
_config.setProperty("security.principal-databases.principal-database(0).attributes(1).attribute.value",
"b");
serverConfig = new ServerConfiguration(_config);
@@ -152,7 +163,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(0, serverConfig.getManagementAccessList().size());
- // Check value we set
+ // Check value we set
_config.setProperty("security.jmx.access(0)", "a");
_config.setProperty("security.jmx.access(1)", "b");
serverConfig = new ServerConfiguration(_config);
@@ -168,7 +179,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(65536, serverConfig.getFrameSize());
- // Check value we set
+ // Check value we set
_config.setProperty("advanced.framesize", "23");
serverConfig = new ServerConfiguration(_config);
assertEquals(23, serverConfig.getFrameSize());
@@ -180,7 +191,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getProtectIOEnabled());
- // Check value we set
+ // Check value we set
_config.setProperty("broker.connector.protectio.enabled", true);
serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getProtectIOEnabled());
@@ -192,7 +203,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(262144, serverConfig.getBufferReadLimit());
- // Check value we set
+ // Check value we set
_config.setProperty("broker.connector.protectio.readBufferLimitSize",
23);
serverConfig = new ServerConfiguration(_config);
assertEquals(23, serverConfig.getBufferReadLimit());
@@ -204,7 +215,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(262144, serverConfig.getBufferWriteLimit());
- // Check value we set
+ // Check value we set
_config.setProperty("broker.connector.protectio.writeBufferLimitSize",
23);
serverConfig = new ServerConfiguration(_config);
assertEquals(23, serverConfig.getBufferWriteLimit());
@@ -216,7 +227,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getSynchedClocks());
- // Check value we set
+ // Check value we set
_config.setProperty("advanced.synced-clocks", true);
serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getSynchedClocks());
@@ -228,7 +239,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getMsgAuth());
- // Check value we set
+ // Check value we set
_config.setProperty("security.msg-auth", true);
serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getMsgAuth());
@@ -240,7 +251,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(null, serverConfig.getJMXPrincipalDatabase());
- // Check value we set
+ // Check value we set
_config.setProperty("security.jmx.principal-database", "a");
serverConfig = new ServerConfiguration(_config);
assertEquals("a", serverConfig.getJMXPrincipalDatabase());
@@ -252,7 +263,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(null, serverConfig.getManagementKeyStorePath());
- // Check value we set
+ // Check value we set
_config.setProperty("management.ssl.keyStorePath", "a");
serverConfig = new ServerConfiguration(_config);
assertEquals("a", serverConfig.getManagementKeyStorePath());
@@ -264,7 +275,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getManagementSSLEnabled());
- // Check value we set
+ // Check value we set
_config.setProperty("management.ssl.enabled", false);
serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getManagementSSLEnabled());
@@ -276,7 +287,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(null, serverConfig.getManagementKeyStorePassword());
- // Check value we set
+ // Check value we set
_config.setProperty("management.ssl.keyStorePassword", "a");
serverConfig = new ServerConfiguration(_config);
assertEquals("a", serverConfig.getManagementKeyStorePassword());
@@ -288,7 +299,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getQueueAutoRegister());
- // Check value we set
+ // Check value we set
_config.setProperty("queue.auto_register", false);
serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getQueueAutoRegister());
@@ -300,7 +311,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getManagementEnabled());
- // Check value we set
+ // Check value we set
_config.setProperty("management.enabled", false);
serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getManagementEnabled());
@@ -308,7 +319,7 @@
public void testSetManagementEnabled() throws ConfigurationException
{
- // Check value we set
+ // Check value we set
ServerConfiguration serverConfig = new ServerConfiguration(_config);
serverConfig.setManagementEnabled(false);
assertEquals(false, serverConfig.getManagementEnabled());
@@ -320,7 +331,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(5, serverConfig.getHeartBeatDelay());
- // Check value we set
+ // Check value we set
_config.setProperty("heartbeat.delay", 23);
serverConfig = new ServerConfiguration(_config);
assertEquals(23, serverConfig.getHeartBeatDelay());
@@ -332,7 +343,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(2.0, serverConfig.getHeartBeatTimeout());
- // Check value we set
+ // Check value we set
_config.setProperty("heartbeat.timeoutFactor", 2.3);
serverConfig = new ServerConfiguration(_config);
assertEquals(2.3, serverConfig.getHeartBeatTimeout());
@@ -344,7 +355,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(0, serverConfig.getMaximumMessageAge());
- // Check value we set
+ // Check value we set
_config.setProperty("maximumMessageAge", 10L);
serverConfig = new ServerConfiguration(_config);
assertEquals(10, serverConfig.getMaximumMessageAge());
@@ -356,7 +367,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(0, serverConfig.getMaximumMessageCount());
- // Check value we set
+ // Check value we set
_config.setProperty("maximumMessageCount", 10L);
serverConfig = new ServerConfiguration(_config);
assertEquals(10, serverConfig.getMaximumMessageCount());
@@ -368,7 +379,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(0, serverConfig.getMaximumQueueDepth());
- // Check value we set
+ // Check value we set
_config.setProperty("maximumQueueDepth", 10L);
serverConfig = new ServerConfiguration(_config);
assertEquals(10, serverConfig.getMaximumQueueDepth());
@@ -380,7 +391,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(0, serverConfig.getMaximumMessageSize());
- // Check value we set
+ // Check value we set
_config.setProperty("maximumMessageSize", 10L);
serverConfig = new ServerConfiguration(_config);
assertEquals(10, serverConfig.getMaximumMessageSize());
@@ -392,7 +403,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(0, serverConfig.getMinimumAlertRepeatGap());
- // Check value we set
+ // Check value we set
_config.setProperty("minimumAlertRepeatGap", 10L);
serverConfig = new ServerConfiguration(_config);
assertEquals(10, serverConfig.getMinimumAlertRepeatGap());
@@ -404,7 +415,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(4, serverConfig.getProcessors());
- // Check value we set
+ // Check value we set
_config.setProperty("connector.processors", 10);
serverConfig = new ServerConfiguration(_config);
assertEquals(10, serverConfig.getProcessors());
@@ -416,7 +427,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(5672, serverConfig.getPort());
- // Check value we set
+ // Check value we set
_config.setProperty("connector.port", 10);
serverConfig = new ServerConfiguration(_config);
assertEquals(10, serverConfig.getPort());
@@ -428,7 +439,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals("wildcard", serverConfig.getBind());
- // Check value we set
+ // Check value we set
_config.setProperty("connector.bind", "a");
serverConfig = new ServerConfiguration(_config);
assertEquals("a", serverConfig.getBind());
@@ -440,7 +451,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(32767, serverConfig.getReceiveBufferSize());
- // Check value we set
+ // Check value we set
_config.setProperty("connector.socketReceiveBuffer", "23");
serverConfig = new ServerConfiguration(_config);
assertEquals(23, serverConfig.getReceiveBufferSize());
@@ -452,7 +463,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(32767, serverConfig.getWriteBufferSize());
- // Check value we set
+ // Check value we set
_config.setProperty("connector.socketWriteBuffer", "23");
serverConfig = new ServerConfiguration(_config);
assertEquals(23, serverConfig.getWriteBufferSize());
@@ -464,7 +475,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getTcpNoDelay());
- // Check value we set
+ // Check value we set
_config.setProperty("connector.tcpNoDelay", false);
serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getTcpNoDelay());
@@ -476,7 +487,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getEnableExecutorPool());
- // Check value we set
+ // Check value we set
_config.setProperty("advanced.filtercha...@enableexecutorpool]", true);
serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getEnableExecutorPool());
@@ -488,7 +499,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getEnablePooledAllocator());
- // Check value we set
+ // Check value we set
_config.setProperty("advanced.enablePooledAllocator", true);
serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getEnablePooledAllocator());
@@ -500,7 +511,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getEnableDirectBuffers());
- // Check value we set
+ // Check value we set
_config.setProperty("advanced.enableDirectBuffers", true);
serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getEnableDirectBuffers());
@@ -512,7 +523,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getEnableSSL());
- // Check value we set
+ // Check value we set
_config.setProperty("connector.ssl.enabled", true);
serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getEnableSSL());
@@ -524,19 +535,19 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getSSLOnly());
- // Check value we set
+ // Check value we set
_config.setProperty("connector.ssl.sslOnly", false);
serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getSSLOnly());
}
-
+
public void testGetSSLPort() throws ConfigurationException
{
// Check default
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(8672, serverConfig.getSSLPort());
- // Check value we set
+ // Check value we set
_config.setProperty("connector.ssl.port", 23);
serverConfig = new ServerConfiguration(_config);
assertEquals(23, serverConfig.getSSLPort());
@@ -548,19 +559,19 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals("none", serverConfig.getKeystorePath());
- // Check value we set
+ // Check value we set
_config.setProperty("connector.ssl.keystorePath", "a");
serverConfig = new ServerConfiguration(_config);
assertEquals("a", serverConfig.getKeystorePath());
}
-
+
public void testGetKeystorePassword() throws ConfigurationException
{
// Check default
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals("none", serverConfig.getKeystorePassword());
- // Check value we set
+ // Check value we set
_config.setProperty("connector.ssl.keystorePassword", "a");
serverConfig = new ServerConfiguration(_config);
assertEquals("a", serverConfig.getKeystorePassword());
@@ -572,7 +583,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals("SunX509", serverConfig.getCertType());
- // Check value we set
+ // Check value we set
_config.setProperty("connector.ssl.certType", "a");
serverConfig = new ServerConfiguration(_config);
assertEquals("a", serverConfig.getCertType());
@@ -584,7 +595,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getQpidNIO());
- // Check value we set
+ // Check value we set
_config.setProperty("connector.qpidnio", true);
serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getQpidNIO());
@@ -596,7 +607,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(false, serverConfig.getUseBiasedWrites());
- // Check value we set
+ // Check value we set
_config.setProperty("advanced.useWriteBiasedPool", true);
serverConfig = new ServerConfiguration(_config);
assertEquals(true, serverConfig.getUseBiasedWrites());
@@ -608,7 +619,7 @@
ServerConfiguration serverConfig = new ServerConfiguration(_config);
assertEquals(30000,
serverConfig.getHousekeepingExpiredMessageCheckPeriod());
- // Check value we set
+ // Check value we set
_config.setProperty("housekeeping.expiredMessageCheckPeriod", 23L);
serverConfig = new ServerConfiguration(_config);
assertEquals(23,
serverConfig.getHousekeepingExpiredMessageCheckPeriod());
@@ -616,7 +627,7 @@
assertEquals(42,
serverConfig.getHousekeepingExpiredMessageCheckPeriod());
}
- public void testSingleConfiguration() throws IOException,
ConfigurationException
+ public void testSingleConfiguration() throws IOException,
ConfigurationException
{
File fileA = File.createTempFile(getClass().getName(), null);
fileA.deleteOnExit();
@@ -626,36 +637,208 @@
ServerConfiguration conf = new ServerConfiguration(fileA);
assertEquals(4235, conf.getSSLPort());
}
-
+
public void testCombinedConfiguration() throws IOException,
ConfigurationException
{
File mainFile = File.createTempFile(getClass().getName(), null);
File fileA = File.createTempFile(getClass().getName(), null);
File fileB = File.createTempFile(getClass().getName(), null);
-
+
mainFile.deleteOnExit();
fileA.deleteOnExit();
fileB.deleteOnExit();
-
+
FileWriter out = new FileWriter(mainFile);
out.write("<configuration><system/>");
- out.write("<xml fileName=\""+fileA.getAbsolutePath()+"\"/>");
- out.write("<xml fileName=\""+fileB.getAbsolutePath()+"\"/>");
+ out.write("<xml fileName=\"" + fileA.getAbsolutePath() + "\"/>");
+ out.write("<xml fileName=\"" + fileB.getAbsolutePath() + "\"/>");
out.write("</configuration>");
out.close();
-
+
out = new FileWriter(fileA);
out.write("<broker><connector><port>2342</port><ssl><port>4235</port></ssl></connector></broker>");
out.close();
-
+
out = new FileWriter(fileB);
out.write("<broker><connector><ssl><port>2345</port></ssl><qpidnio>true</qpidnio></connector></broker>");
out.close();
-
+
ServerConfiguration config = new
ServerConfiguration(mainFile.getAbsoluteFile());
- assertEquals(4235, config.getSSLPort()); // From first file, not
overriden by second
- assertEquals(2342, config.getPort()); // From the first file, not
present in the second
- assertEquals(true, config.getQpidNIO()); // From the second file, not
present in the first
+ assertEquals(4235, config.getSSLPort()); // From first file, not
+ // overriden by second
+ assertEquals(2342, config.getPort()); // From the first file, not
+ // present in the second
+ assertEquals(true, config.getQpidNIO()); // From the second file, not
+ // present in the first
}
-
+
+ public void testCombinedConfigurationFirewall() throws Exception
+ {
+ // Write out config
+ File mainFile = File.createTempFile(getClass().getName(), null);
+ File fileA = File.createTempFile(getClass().getName(), null);
+ File fileB = File.createTempFile(getClass().getName(), null);
+
+ mainFile.deleteOnExit();
+ fileA.deleteOnExit();
+ fileB.deleteOnExit();
+
+ FileWriter out = new FileWriter(mainFile);
+ out.write("<configuration><system/>");
+ out.write("<xml fileName=\"" + fileA.getAbsolutePath() + "\"/>");
+ out.write("</configuration>");
+ out.close();
+
+ out = new FileWriter(fileA);
+ out.write("<broker>\n");
+ out.write("\t<management><enabled>false</enabled></management>\n");
+ out.write("\t<security>\n");
+ out.write("\t\t<principal-databases>\n");
+ out.write("\t\t\t<principal-database>\n");
+ out.write("\t\t\t\t<name>passwordfile</name>\n");
+
out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n");
+ out.write("\t\t\t\t<attributes>\n");
+ out.write("\t\t\t\t\t<attribute>\n");
+ out.write("\t\t\t\t\t\t<name>passwordFile</name>\n");
+ out.write("\t\t\t\t\t\t<value>/dev/null</value>\n");
+ out.write("\t\t\t\t\t</attribute>\n");
+ out.write("\t\t\t\t</attributes>\n");
+ out.write("\t\t\t</principal-database>\n");
+ out.write("\t\t</principal-databases>\n");
+ out.write("\t\t<jmx>\n");
+ out.write("\t\t\t<access>/dev/null</access>\n");
+
out.write("\t\t\t<principal-database>passwordfile</principal-database>\n");
+ out.write("\t\t</jmx>\n");
+ out.write("\t\t<firewall>\n");
+ out.write("\t\t\t<xml fileName=\"" + fileB.getAbsolutePath() + "\"/>");
+ out.write("\t\t</firewall>\n");
+ out.write("\t</security>\n");
+ out.write("\t<virtualhosts>\n");
+ out.write("\t\t<virtualhost>\n");
+ out.write("\t\t\t<name>test</name>\n");
+ out.write("\t\t</virtualhost>\n");
+ out.write("\t</virtualhosts>\n");
+ out.write("</broker>\n");
+ out.close();
+
+ out = new FileWriter(fileB);
+ out.write("<firewall>\n");
+ out.write("\t<rule access=\"deny\" network=\"127.0.0.1\"/>");
+ out.write("</firewall>\n");
+ out.close();
+
+ // Load config
+ ApplicationRegistry reg = new
ConfigurationFileApplicationRegistry(mainFile);
+ ApplicationRegistry.initialise(reg, 1);
+
+ // Test config
+ TestIoSession iosession = new TestIoSession();
+ iosession.setAddress("127.0.0.1");
+ VirtualHostRegistry virtualHostRegistry = reg.getVirtualHostRegistry();
+ VirtualHost virtualHost = virtualHostRegistry.getVirtualHost("test");
+ AMQCodecFactory codecFactory = new AMQCodecFactory(true);
+ AMQProtocolSession session = new AMQMinaProtocolSession(iosession,
virtualHostRegistry, codecFactory);
+ assertFalse(reg.getAccessManager().authoriseConnect(session,
virtualHost));
+ }
+
+ public void testCombinedConfigurationFirewallReload() throws Exception
+ {
+ // Write out config
+ File mainFile = File.createTempFile(getClass().getName(), null);
+ File fileA = File.createTempFile(getClass().getName(), null);
+ File fileB = File.createTempFile(getClass().getName(), null);
+
+ mainFile.deleteOnExit();
+ fileA.deleteOnExit();
+ fileB.deleteOnExit();
+
+ FileWriter out = new FileWriter(mainFile);
+ out.write("<configuration><system/>");
+ out.write("<xml fileName=\"" + fileA.getAbsolutePath() + "\"/>");
+ out.write("</configuration>");
+ out.close();
+
+ out = new FileWriter(fileA);
+ out.write("<broker>\n");
+ out.write("\t<management><enabled>false</enabled></management>\n");
+ out.write("\t<security>\n");
+ out.write("\t\t<principal-databases>\n");
+ out.write("\t\t\t<principal-database>\n");
+ out.write("\t\t\t\t<name>passwordfile</name>\n");
+
out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n");
+ out.write("\t\t\t\t<attributes>\n");
+ out.write("\t\t\t\t\t<attribute>\n");
+ out.write("\t\t\t\t\t\t<name>passwordFile</name>\n");
+ out.write("\t\t\t\t\t\t<value>/dev/null</value>\n");
+ out.write("\t\t\t\t\t</attribute>\n");
+ out.write("\t\t\t\t</attributes>\n");
+ out.write("\t\t\t</principal-database>\n");
+ out.write("\t\t</principal-databases>\n");
+ out.write("\t\t<jmx>\n");
+ out.write("\t\t\t<access>/dev/null</access>\n");
+
out.write("\t\t\t<principal-database>passwordfile</principal-database>\n");
+ out.write("\t\t</jmx>\n");
+ out.write("\t\t<firewall>\n");
+ out.write("\t\t\t<xml fileName=\"" + fileB.getAbsolutePath() + "\"/>");
+ out.write("\t\t</firewall>\n");
+ out.write("\t</security>\n");
+ out.write("\t<virtualhosts>\n");
+ out.write("\t\t<virtualhost>\n");
+ out.write("\t\t\t<name>test</name>\n");
+ out.write("\t\t</virtualhost>\n");
+ out.write("\t</virtualhosts>\n");
+ out.write("</broker>\n");
+ out.close();
+
+ out = new FileWriter(fileB);
+ out.write("<firewall>\n");
+ out.write("\t<rule access=\"deny\" network=\"127.0.0.1\"/>");
+ out.write("</firewall>\n");
+ out.close();
+
+ // Load config
+ ApplicationRegistry reg = new
ConfigurationFileApplicationRegistry(mainFile);
+ ApplicationRegistry.initialise(reg, 1);
+
+ // Test config
+ TestIoSession iosession = new TestIoSession();
+ iosession.setAddress("127.0.0.1");
+ VirtualHostRegistry virtualHostRegistry = reg.getVirtualHostRegistry();
+ VirtualHost virtualHost = virtualHostRegistry.getVirtualHost("test");
+ AMQCodecFactory codecFactory = new AMQCodecFactory(true);
+ AMQProtocolSession session = new AMQMinaProtocolSession(iosession,
virtualHostRegistry, codecFactory);
+ assertFalse(reg.getAccessManager().authoriseConnect(session,
virtualHost));
+
+ RandomAccessFile fileBRandom = new RandomAccessFile(fileB, "rw");
+ fileBRandom.setLength(0);
+ fileBRandom.seek(0);
+ fileBRandom.close();
+
+ out = new FileWriter(fileB);
+ out.write("<firewall>\n");
+ out.write("\t<rule access=\"allow\" network=\"127.0.0.1\"/>");
+ out.write("</firewall>\n");
+ out.close();
+
+ reg.getConfiguration().reparseConfigFile();
+
+ assertTrue(reg.getAccessManager().authoriseConnect(session,
virtualHost));
+
+ fileBRandom = new RandomAccessFile(fileB, "rw");
+ fileBRandom.setLength(0);
+ fileBRandom.seek(0);
+ fileBRandom.close();
+
+ out = new FileWriter(fileB);
+ out.write("<firewall>\n");
+ out.write("\t<rule access=\"deny\" network=\"127.0.0.1\"/>");
+ out.write("</firewall>\n");
+ out.close();
+
+ reg.getConfiguration().reparseConfigFile();
+
+ assertFalse(reg.getAccessManager().authoriseConnect(session,
virtualHost));
+
+ }
+
}
Modified:
qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/ACLManagerTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/ACLManagerTest.java?rev=749315&r1=749314&r2=749315&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/ACLManagerTest.java
(original)
+++
qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/ACLManagerTest.java
Mon Mar 2 14:30:25 2009
@@ -27,6 +27,7 @@
import junit.framework.TestCase;
import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration;
import org.apache.commons.configuration.XMLConfiguration;
import org.apache.qpid.server.configuration.SecurityConfiguration;
@@ -79,7 +80,7 @@
assertTrue(_authzManager.authorisePurge(_session, queue));
}
- public void testACLManagerConfigurationPluginManagerACLPlugin()
+ public void testACLManagerConfigurationPluginManagerACLPlugin() throws
ConfigurationException
{
_authzManager = new ACLManager(_conf, _pluginManager,
ExchangeDenier.FACTORY);
@@ -87,7 +88,7 @@
assertFalse(_authzManager.authoriseDelete(_session, exchange));
}
- public void testConfigurePlugins()
+ public void testConfigurePlugins() throws ConfigurationException
{
Configuration hostConfig = new PropertiesConfiguration();
hostConfig.setProperty("queueDenier", "thisoneneither");
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:commits-subscr...@qpid.apache.org
