Author: kwall Date: Mon Oct 6 14:02:23 2014 New Revision: 1629664 URL: http://svn.apache.org/r1629664 Log: QPID-6132: [Java Broker] Mark SimpleLDAP attributes providerUrl, searchFilter, searchContext as mandatory.
Also: * 'ping' the Directory on object creation/change (rationale: discover config errors early, rather than awaiting the first auth) * Reinstate the LDAP context factory class default. Added: qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/TestLdapDirectoryContext.java Modified: qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerFactoryTest.java Modified: qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java?rev=1629664&r1=1629663&r2=1629664&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java (original) +++ qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java Mon Oct 6 14:02:23 2014 @@ -22,6 +22,7 @@ package org.apache.qpid.server.security. import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.ManagedAttribute; +import org.apache.qpid.server.model.ManagedContextDefault; import org.apache.qpid.server.model.ManagedObject; import org.apache.qpid.server.model.TrustStore; @@ -30,23 +31,33 @@ public interface SimpleLDAPAuthenticatio { String PROVIDER_TYPE = "SimpleLDAP"; String TRUST_STORE = "trustStore"; + String PROVIDER_URL = "providerUrl"; + String PROVIDER_AUTH_URL = "providerAuthUrl"; + String SEARCH_CONTEXT = "searchContext"; + String LDAP_CONTEXT_FACTORY = "ldapContextFactory"; + String SEARCH_USERNAME = "getSearchUsername"; + String SEARCH_PASSWORD = "getSearchPassword"; - @ManagedAttribute( description = "LDAP server URL" ) + + @ManagedAttribute( description = "LDAP server URL", mandatory = true) String getProviderUrl(); @ManagedAttribute( description = "LDAP authentication URL") String getProviderAuthUrl(); - @ManagedAttribute( description = "Search context") + @ManagedAttribute( description = "Search context", mandatory = true) String getSearchContext(); - @ManagedAttribute( description = "Search filter") + @ManagedAttribute( description = "Search filter", mandatory = true) String getSearchFilter(); @ManagedAttribute( description = "Bind without search") boolean isBindWithoutSearch(); - @ManagedAttribute( description = "LDAP context factory") + @ManagedContextDefault( name = "ldap.context.factory") + String DEFAULT_LDAP_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory"; + + @ManagedAttribute( description = "LDAP context factory", defaultValue = "${ldap.context.factory}") String getLdapContextFactory(); @ManagedAttribute( description = "Trust store name") Modified: qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java?rev=1629664&r1=1629663&r2=1629664&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java (original) +++ qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java Mon Oct 6 14:02:23 2014 @@ -19,15 +19,20 @@ package org.apache.qpid.server.security.auth.manager; +import static java.util.Collections.disjoint; +import static java.util.Collections.unmodifiableList; +import static java.util.Collections.singletonList; + import java.io.IOException; import java.security.GeneralSecurityException; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.Principal; -import java.util.Collections; +import java.util.Arrays; import java.util.Hashtable; import java.util.List; import java.util.Map; +import java.util.Set; import javax.naming.AuthenticationException; import javax.naming.Context; @@ -48,7 +53,9 @@ import javax.security.sasl.SaslServer; import org.apache.log4j.Logger; +import org.apache.qpid.server.configuration.IllegalConfigurationException; import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.model.ConfiguredObject; import org.apache.qpid.server.model.ManagedAttributeField; import org.apache.qpid.server.model.ManagedObjectFactoryConstructor; import org.apache.qpid.server.model.TrustStore; @@ -68,6 +75,13 @@ public class SimpleLDAPAuthenticationMan { private static final Logger _logger = Logger.getLogger(SimpleLDAPAuthenticationManagerImpl.class); + private static final List<String> CONNECTIVITY_ATTRS = unmodifiableList(Arrays.asList(PROVIDER_URL, + PROVIDER_AUTH_URL, + SEARCH_CONTEXT, + LDAP_CONTEXT_FACTORY, + SEARCH_USERNAME, + SEARCH_PASSWORD)); + /** * Environment key to instruct {@link InitialDirContext} to override the socket factory. */ @@ -111,6 +125,23 @@ public class SimpleLDAPAuthenticationMan super(attributes, broker); } + @Override + protected void validateOnCreate() + { + super.validateOnCreate(); + validateInitialDirContext(); + } + + @Override + protected void validateChange(ConfiguredObject<?> proxyForValidation, Set<String> changedAttributes) + { + super.validateChange(proxyForValidation, changedAttributes); + + if (!disjoint(changedAttributes, CONNECTIVITY_ATTRS)) + { + validateInitialDirContext(); + } + } @Override protected void onOpen() @@ -118,8 +149,6 @@ public class SimpleLDAPAuthenticationMan super.onOpen(); _sslSocketFactoryOverrideClass = createSslSocketFactoryOverrideClass(); - - // validateInitialDirContext(); } @Override @@ -174,7 +203,7 @@ public class SimpleLDAPAuthenticationMan @Override public List<String> getMechanisms() { - return Collections.singletonList(PlainSaslServer.MECHANISM); + return singletonList(PlainSaslServer.MECHANISM); } @Override @@ -362,6 +391,17 @@ public class SimpleLDAPAuthenticationMan return null; } + @Override + public String toString() + { + return "SimpleLDAPAuthenticationManagerImpl [id=" + getId() + ", name=" + getName() + + ", providerUrl=" + _providerUrl + ", providerAuthUrl=" + _providerAuthUrl + + ", searchContext=" + _searchContext + ", state=" + getState() + + ", searchFilter=" + _searchFilter + ", ldapContextFactory=" + _ldapContextFactory + + ", bindWithoutSearch=" + _bindWithoutSearch + ", trustStore=" + _trustStore + + ", searchUsername=" + _searchUsername + "]"; + } + private void validateInitialDirContext() { Hashtable<String,Object> env = createInitialDirContextEnvironment(_providerUrl); @@ -375,7 +415,8 @@ public class SimpleLDAPAuthenticationMan } catch (NamingException e) { - throw new ServerScopedRuntimeException("Unable to establish connection to the ldap server at " + _providerUrl, e); + _logger.error("Failed to establish connectivity to the ldap server for " + this, e); + throw new IllegalConfigurationException("Failed to establish connectivity to the ldap server." , e); } finally { Modified: qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerFactoryTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerFactoryTest.java?rev=1629664&r1=1629663&r2=1629664&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerFactoryTest.java (original) +++ qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerFactoryTest.java Mon Oct 6 14:02:23 2014 @@ -57,40 +57,15 @@ public class SimpleLDAPAuthenticationMan _configuration.put(AuthenticationProvider.NAME, getName()); } - public void testLdapInstanceCreated() throws Exception + public void testLdapCreated() throws Exception { _configuration.put(AuthenticationProvider.TYPE, SimpleLDAPAuthenticationManager.PROVIDER_TYPE); - _configuration.put("providerUrl", "ldap://example.com:389/"); - _configuration.put("searchContext", "dc=example"); - - AuthenticationProvider manager = _factory.create(AuthenticationProvider.class, _configuration, _broker); - assertNotNull(manager); - - } - - public void testLdapsInstanceCreated() throws Exception - { - _configuration.put(AuthenticationProvider.TYPE, SimpleLDAPAuthenticationManager.PROVIDER_TYPE); - _configuration.put("providerUrl", "ldaps://example.com:636/"); - _configuration.put("searchContext", "dc=example"); - - AuthenticationProvider manager = _factory.create(AuthenticationProvider.class, _configuration, _broker); - assertNotNull(manager); - - } - - public void testLdapsWithTrustStoreInstanceCreated() throws Exception - { - when(_broker.getChildren(eq(TrustStore.class))).thenReturn(Collections.singletonList(_trustStore)); - - - _configuration.put(AuthenticationProvider.TYPE, SimpleLDAPAuthenticationManager.PROVIDER_TYPE); _configuration.put("providerUrl", "ldaps://example.com:636/"); _configuration.put("searchContext", "dc=example"); - _configuration.put("trustStore", "mytruststore"); + _configuration.put("searchFilter", "(uid={0})"); + _configuration.put("ldapContextFactory", TestLdapDirectoryContext.class.getName()); - AuthenticationProvider manager = _factory.create(AuthenticationProvider.class, _configuration, _broker); - assertNotNull(manager); + _factory.create(AuthenticationProvider.class, _configuration, _broker); } public void testLdapsWhenTrustStoreNotFound() throws Exception @@ -100,6 +75,7 @@ public class SimpleLDAPAuthenticationMan _configuration.put(AuthenticationProvider.TYPE, SimpleLDAPAuthenticationManager.PROVIDER_TYPE); _configuration.put("providerUrl", "ldaps://example.com:636/"); _configuration.put("searchContext", "dc=example"); + _configuration.put("searchFilter", "(uid={0})"); _configuration.put("trustStore", "notfound"); try @@ -110,7 +86,7 @@ public class SimpleLDAPAuthenticationMan catch(IllegalArgumentException e) { // PASS - assertTrue("Message does not include underlying issue", e.getMessage().contains("name 'notfound'")); + assertTrue("Message does not include underlying issue ", e.getMessage().contains("name 'notfound'")); assertTrue("Message does not include the attribute name", e.getMessage().contains("trustStore")); assertTrue("Message does not include the expected type", e.getMessage().contains("TrustStore")); } Added: qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/TestLdapDirectoryContext.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/TestLdapDirectoryContext.java?rev=1629664&view=auto ============================================================================== --- qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/TestLdapDirectoryContext.java (added) +++ qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/TestLdapDirectoryContext.java Mon Oct 6 14:02:23 2014 @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.qpid.server.security.auth.manager; + +import static org.mockito.Mockito.mock; + +import java.util.Hashtable; + +import javax.naming.Context; +import javax.naming.NamingException; +import javax.naming.directory.DirContext; + +public class TestLdapDirectoryContext implements javax.naming.spi.InitialContextFactory +{ + @Override + public Context getInitialContext(final Hashtable<?, ?> environment) throws NamingException + { + return (DirContext)mock(DirContext.class); + } + +} --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org