org.apache.activemq.security
Class SimpleCachedLDAPAuthorizationMap

java.lang.Object
  extended by org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap
All Implemented Interfaces:
AuthorizationMap
Direct Known Subclasses:
CachedLDAPAuthorizationMap

public class SimpleCachedLDAPAuthorizationMap
extends Object
implements AuthorizationMap


Nested Class Summary
protected  class SimpleCachedLDAPAuthorizationMap.CachedLDAPAuthorizationMapNamespaceChangeListener
          Listener implementation for directory changes that maps change events to destination types.
protected static class SimpleCachedLDAPAuthorizationMap.DestinationType
           
protected static class SimpleCachedLDAPAuthorizationMap.PermissionType
           
 
Field Summary
protected  DirContext context
           
protected  Map<ActiveMQDestination,AuthorizationEntry> entries
           
 
Constructor Summary
SimpleCachedLDAPAuthorizationMap()
           
 
Method Summary
 void afterPropertiesSet()
           
protected  void applyACL(AuthorizationEntry entry, SearchResult result, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
          Applies the policy from the directory to the given entry within the context of the provided permission type.
protected  void applyAcl(AuthorizationEntry entry, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType, Set<Object> acls)
          Applies policy to the entry given the actual principals that will be applied to the policy entry.
protected  void checkForUpdates()
          Performs a check for updates from the server in the event that synchronous updates are enabled and are the refresh interval has elapsed.
protected  DirContext createContext()
           
 void destroy()
           
protected  ActiveMQDestination formatDestination(LdapName dn, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
          Parses a DN into the equivalent ActiveMQDestination.
protected  ActiveMQDestination formatDestination(Rdn destinationName, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
          Parses RDN values representing the destination name/pattern and destination type into the equivalent ActiveMQDestination.
protected  String formatDestinationName(Rdn destinationName)
          Parses the RDN representing a destination name/pattern into the standard string representation of the name/pattern.
 Set<Object> getAdminACLs(ActiveMQDestination destination)
          Provides synchronized access to the admin ACLs for the destinations as AuthorizationEntry is not setup for concurrent access.
 String getAdminPermissionGroupSearchFilter()
           
 String getAuthentication()
           
 String getConnectionPassword()
           
 String getConnectionProtocol()
           
 String getConnectionURL()
           
 String getConnectionUsername()
           
protected  AuthorizationEntry getEntry(DefaultAuthorizationMap map, LdapName dn, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
          Retrieves or creates the AuthorizationEntry that corresponds to the DN in dn.
protected  String getFilterForPermissionType(SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
          Returns the filter string for the given permission type.
 String getGroupNameAttribute()
           
 String getGroupObjectClass()
           
 String getPermissionGroupMemberAttribute()
           
protected  int getPrefixLengthForDestinationType(SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
          Returns the DN prefix size based on the given destination type.
 String getQueueSearchBase()
           
 Set<Object> getReadACLs(ActiveMQDestination destination)
          Provides synchronized access to the read ACLs for the destinations as AuthorizationEntry is not setup for concurrent access.
 String getReadPermissionGroupSearchFilter()
           
 int getRefreshInterval()
           
 Set<Object> getTempDestinationAdminACLs()
          Provides synchronized and defensive access to the admin ACLs for temp destinations as the super implementation returns live copies of the ACLs and AuthorizationEntry is not setup for concurrent access.
 Set<Object> getTempDestinationReadACLs()
          Provides synchronized and defensive access to the read ACLs for temp destinations as the super implementation returns live copies of the ACLs and AuthorizationEntry is not setup for concurrent access.
 Set<Object> getTempDestinationWriteACLs()
          Provides synchronized and defensive access to the write ACLs for temp destinations as the super implementation returns live copies of the ACLs and AuthorizationEntry is not setup for concurrent access.
 String getTempSearchBase()
           
 String getTopicSearchBase()
           
 String getUserNameAttribute()
           
 String getUserObjectClass()
           
 Set<Object> getWriteACLs(ActiveMQDestination destination)
          Provides synchronized access to the write ACLs for the destinations as AuthorizationEntry is not setup for concurrent access.
 String getWritePermissionGroupSearchFilter()
           
protected  boolean isContextAlive()
           
 boolean isLegacyGroupMapping()
           
 boolean isRefreshDisabled()
           
 void namingExceptionThrown(NamingExceptionEvent namingExceptionEvent)
          Handler for exception events from the registry.
 void objectAdded(NamingEvent namingEvent, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
          Handler for new policy entries in the directory.
 void objectChanged(NamingEvent namingEvent, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
          Handler for changed policy entries in the directory.
 void objectRemoved(NamingEvent namingEvent, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
          Handler for removed policy entries in the directory.
 void objectRenamed(NamingEvent namingEvent, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
          Handler for renamed policy entries in the directory.
protected  DirContext open()
          Returns the existing open context or creates a new one and registers listeners for push notifications if such an update style is enabled.
protected  void processQueryResults(DefaultAuthorizationMap map, NamingEnumeration<SearchResult> results, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
          Processes results from a directory query in the context of a given destination type and permission type.
protected  void query()
          Queries the directory and initializes the policy based on the data in the directory.
 void setAdminPermissionGroupSearchFilter(String adminPermissionGroupSearchFilter)
           
 void setAuthentication(String authentication)
           
 void setConnectionPassword(String connectionPassword)
           
 void setConnectionProtocol(String connectionProtocol)
           
 void setConnectionURL(String connectionURL)
           
 void setConnectionUsername(String connectionUsername)
           
 void setGroupNameAttribute(String groupNameAttribute)
           
 void setGroupObjectClass(String groupObjectClass)
           
 void setLegacyGroupMapping(boolean legacyGroupMapping)
           
 void setPermissionGroupMemberAttribute(String permissionGroupMemberAttribute)
           
 void setQueueSearchBase(String queueSearchBase)
           
 void setReadPermissionGroupSearchFilter(String readPermissionGroupSearchFilter)
           
 void setRefreshDisabled(boolean refreshDisabled)
           
 void setRefreshInterval(int refreshInterval)
           
 void setTempSearchBase(String tempSearchBase)
           
 void setTopicSearchBase(String topicSearchBase)
           
 void setUserNameAttribute(String userNameAttribute)
           
 void setUserObjectClass(String userObjectClass)
           
 void setWritePermissionGroupSearchFilter(String writePermissionGroupSearchFilter)
           
protected
<T> Set<T>
transcribeSet(Set<T> source)
          Transcribes an existing set into a new set.
protected  void updated()
          Marks the time at which the authorization state was last refreshed.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

context

protected DirContext context

entries

protected Map<ActiveMQDestination,AuthorizationEntry> entries
Constructor Detail

SimpleCachedLDAPAuthorizationMap

public SimpleCachedLDAPAuthorizationMap()
Method Detail

createContext

protected DirContext createContext()
                            throws NamingException
Throws:
NamingException

isContextAlive

protected boolean isContextAlive()

open

protected DirContext open()
                   throws NamingException
Returns the existing open context or creates a new one and registers listeners for push notifications if such an update style is enabled. This implementation should not be invoked concurrently.

Returns:
the current context
Throws:
NamingException - if there is an error setting things up

query

protected void query()
              throws Exception
Queries the directory and initializes the policy based on the data in the directory. This implementation should not be invoked concurrently.

Throws:
Exception - if there is an unrecoverable error processing the directory contents

processQueryResults

protected void processQueryResults(DefaultAuthorizationMap map,
                                   NamingEnumeration<SearchResult> results,
                                   SimpleCachedLDAPAuthorizationMap.DestinationType destinationType,
                                   SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
                            throws Exception
Processes results from a directory query in the context of a given destination type and permission type. This implementation should not be invoked concurrently.

Parameters:
results - the results to process
destinationType - the type of the destination for which the directory results apply
permissionType - the type of the permission for which the directory results apply
Throws:
Exception - if there is an error processing the results

updated

protected void updated()
Marks the time at which the authorization state was last refreshed. Relevant for synchronous policy updates. This implementation should not be invoked concurrently.


getEntry

protected AuthorizationEntry getEntry(DefaultAuthorizationMap map,
                                      LdapName dn,
                                      SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
Retrieves or creates the AuthorizationEntry that corresponds to the DN in dn. This implementation should not be invoked concurrently.

Parameters:
map - the DefaultAuthorizationMap to operate on.
dn - the DN representing the policy entry in the directory
destinationType - the type of the destination to get/create the entry for
Returns:
the corresponding authorization entry for the DN
Throws:
IllegalArgumentException - if destination type is not one of SimpleCachedLDAPAuthorizationMap.DestinationType.QUEUE, SimpleCachedLDAPAuthorizationMap.DestinationType.TOPIC, SimpleCachedLDAPAuthorizationMap.DestinationType.TEMP or if the policy entry DN is malformed

applyACL

protected void applyACL(AuthorizationEntry entry,
                        SearchResult result,
                        SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
                 throws NamingException
Applies the policy from the directory to the given entry within the context of the provided permission type.

Parameters:
entry - the policy entry to apply the policy to
result - the results from the directory to apply to the policy entry
permissionType - the permission type of the data in the directory
Throws:
NamingException - if there is an error applying the ACL

applyAcl

protected void applyAcl(AuthorizationEntry entry,
                        SimpleCachedLDAPAuthorizationMap.PermissionType permissionType,
                        Set<Object> acls)
Applies policy to the entry given the actual principals that will be applied to the policy entry.

Parameters:
entry - the policy entry to which the policy should be applied
permissionType - the type of the permission that the policy will be applied to
acls - the principals that represent the actual policy

formatDestination

protected ActiveMQDestination formatDestination(LdapName dn,
                                                SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
Parses a DN into the equivalent ActiveMQDestination. The default implementation expects a format of cn=,ou=,.... or ou=,.... for permission and destination entries, respectively. For example cn=admin,ou=$,ou=... or ou=$,ou=....

Parameters:
dn - the DN to parse
destinationType - the type of the destination that we are parsing
Returns:
the destination that the DN represents
Throws:
IllegalArgumentException - if destinationType is SimpleCachedLDAPAuthorizationMap.DestinationType.TEMP or if the format of dn is incorrect for for a topic or queue
See Also:
formatDestination(Rdn, DestinationType)

formatDestination

protected ActiveMQDestination formatDestination(Rdn destinationName,
                                                SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
Parses RDN values representing the destination name/pattern and destination type into the equivalent ActiveMQDestination.

Parameters:
destinationName - the RDN representing the name or pattern for the destination
destinationType - the type of the destination
Returns:
the destination that the RDN represent
Throws:
IllegalArgumentException - if destinationType is not one of SimpleCachedLDAPAuthorizationMap.DestinationType.TOPIC or SimpleCachedLDAPAuthorizationMap.DestinationType.QUEUE.
See Also:
formatDestinationName(Rdn), formatDestination(LdapName, DestinationType)

formatDestinationName

protected String formatDestinationName(Rdn destinationName)
Parses the RDN representing a destination name/pattern into the standard string representation of the name/pattern. This implementation does not care about the type of the RDN such that the RDN could be a CN or OU.

Parameters:
destinationName - the RDN representing the name or pattern for the destination
See Also:
#formatDestination(Rdn, Rdn)

transcribeSet

protected <T> Set<T> transcribeSet(Set<T> source)
Transcribes an existing set into a new set. Used to make defensive copies for concurrent access.

Parameters:
source - the source set or null
Returns:
a new set containing the same elements as source or null if source is null

getFilterForPermissionType

protected String getFilterForPermissionType(SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
Returns the filter string for the given permission type.

Throws:
IllegalArgumentException - if permissionType is not supported
See Also:
setAdminPermissionGroupSearchFilter(String), setReadPermissionGroupSearchFilter(String), setWritePermissionGroupSearchFilter(String)

getPrefixLengthForDestinationType

protected int getPrefixLengthForDestinationType(SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
Returns the DN prefix size based on the given destination type.

Throws:
IllegalArgumentException - if destinationType is not supported
See Also:
setQueueSearchBase(String), setTopicSearchBase(String), setTempSearchBase(String)

checkForUpdates

protected void checkForUpdates()
Performs a check for updates from the server in the event that synchronous updates are enabled and are the refresh interval has elapsed.


getTempDestinationAdminACLs

public Set<Object> getTempDestinationAdminACLs()
Provides synchronized and defensive access to the admin ACLs for temp destinations as the super implementation returns live copies of the ACLs and AuthorizationEntry is not setup for concurrent access.

Specified by:
getTempDestinationAdminACLs in interface AuthorizationMap

getTempDestinationReadACLs

public Set<Object> getTempDestinationReadACLs()
Provides synchronized and defensive access to the read ACLs for temp destinations as the super implementation returns live copies of the ACLs and AuthorizationEntry is not setup for concurrent access.

Specified by:
getTempDestinationReadACLs in interface AuthorizationMap

getTempDestinationWriteACLs

public Set<Object> getTempDestinationWriteACLs()
Provides synchronized and defensive access to the write ACLs for temp destinations as the super implementation returns live copies of the ACLs and AuthorizationEntry is not setup for concurrent access.

Specified by:
getTempDestinationWriteACLs in interface AuthorizationMap

getAdminACLs

public Set<Object> getAdminACLs(ActiveMQDestination destination)
Provides synchronized access to the admin ACLs for the destinations as AuthorizationEntry is not setup for concurrent access.

Specified by:
getAdminACLs in interface AuthorizationMap

getReadACLs

public Set<Object> getReadACLs(ActiveMQDestination destination)
Provides synchronized access to the read ACLs for the destinations as AuthorizationEntry is not setup for concurrent access.

Specified by:
getReadACLs in interface AuthorizationMap

getWriteACLs

public Set<Object> getWriteACLs(ActiveMQDestination destination)
Provides synchronized access to the write ACLs for the destinations as AuthorizationEntry is not setup for concurrent access.

Specified by:
getWriteACLs in interface AuthorizationMap

objectAdded

public void objectAdded(NamingEvent namingEvent,
                        SimpleCachedLDAPAuthorizationMap.DestinationType destinationType,
                        SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
Handler for new policy entries in the directory.

Parameters:
namingEvent - the new entry event that occurred
destinationType - the type of the destination to which the event applies
permissionType - the permission type to which the event applies

objectRemoved

public void objectRemoved(NamingEvent namingEvent,
                          SimpleCachedLDAPAuthorizationMap.DestinationType destinationType,
                          SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
Handler for removed policy entries in the directory.

Parameters:
namingEvent - the removed entry event that occurred
destinationType - the type of the destination to which the event applies
permissionType - the permission type to which the event applies

objectRenamed

public void objectRenamed(NamingEvent namingEvent,
                          SimpleCachedLDAPAuthorizationMap.DestinationType destinationType,
                          SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
Handler for renamed policy entries in the directory. This handler deals with the renaming of destination entries as well as permission entries. If the permission type is not null, it is assumed that we are dealing with the renaming of a permission entry. Otherwise, it is assumed that we are dealing with the renaming of a destination entry.

Parameters:
namingEvent - the renaming entry event that occurred
destinationType - the type of the destination to which the event applies
permissionType - the permission type to which the event applies

objectChanged

public void objectChanged(NamingEvent namingEvent,
                          SimpleCachedLDAPAuthorizationMap.DestinationType destinationType,
                          SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
Handler for changed policy entries in the directory.

Parameters:
namingEvent - the changed entry event that occurred
destinationType - the type of the destination to which the event applies
permissionType - the permission type to which the event applies

namingExceptionThrown

public void namingExceptionThrown(NamingExceptionEvent namingExceptionEvent)
Handler for exception events from the registry.

Parameters:
namingExceptionEvent - the exception event

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Throws:
Exception

destroy

public void destroy()
             throws Exception
Throws:
Exception

getConnectionURL

public String getConnectionURL()

setConnectionURL

public void setConnectionURL(String connectionURL)

getConnectionUsername

public String getConnectionUsername()

setConnectionUsername

public void setConnectionUsername(String connectionUsername)

getConnectionPassword

public String getConnectionPassword()

setConnectionPassword

public void setConnectionPassword(String connectionPassword)

getConnectionProtocol

public String getConnectionProtocol()

setConnectionProtocol

public void setConnectionProtocol(String connectionProtocol)

getAuthentication

public String getAuthentication()

setAuthentication

public void setAuthentication(String authentication)

getQueueSearchBase

public String getQueueSearchBase()

setQueueSearchBase

public void setQueueSearchBase(String queueSearchBase)

getTopicSearchBase

public String getTopicSearchBase()

setTopicSearchBase

public void setTopicSearchBase(String topicSearchBase)

getTempSearchBase

public String getTempSearchBase()

setTempSearchBase

public void setTempSearchBase(String tempSearchBase)

getPermissionGroupMemberAttribute

public String getPermissionGroupMemberAttribute()

setPermissionGroupMemberAttribute

public void setPermissionGroupMemberAttribute(String permissionGroupMemberAttribute)

getAdminPermissionGroupSearchFilter

public String getAdminPermissionGroupSearchFilter()

setAdminPermissionGroupSearchFilter

public void setAdminPermissionGroupSearchFilter(String adminPermissionGroupSearchFilter)

getReadPermissionGroupSearchFilter

public String getReadPermissionGroupSearchFilter()

setReadPermissionGroupSearchFilter

public void setReadPermissionGroupSearchFilter(String readPermissionGroupSearchFilter)

getWritePermissionGroupSearchFilter

public String getWritePermissionGroupSearchFilter()

setWritePermissionGroupSearchFilter

public void setWritePermissionGroupSearchFilter(String writePermissionGroupSearchFilter)

isLegacyGroupMapping

public boolean isLegacyGroupMapping()

setLegacyGroupMapping

public void setLegacyGroupMapping(boolean legacyGroupMapping)

getGroupObjectClass

public String getGroupObjectClass()

setGroupObjectClass

public void setGroupObjectClass(String groupObjectClass)

getUserObjectClass

public String getUserObjectClass()

setUserObjectClass

public void setUserObjectClass(String userObjectClass)

getGroupNameAttribute

public String getGroupNameAttribute()

setGroupNameAttribute

public void setGroupNameAttribute(String groupNameAttribute)

getUserNameAttribute

public String getUserNameAttribute()

setUserNameAttribute

public void setUserNameAttribute(String userNameAttribute)

isRefreshDisabled

public boolean isRefreshDisabled()

setRefreshDisabled

public void setRefreshDisabled(boolean refreshDisabled)

getRefreshInterval

public int getRefreshInterval()

setRefreshInterval

public void setRefreshInterval(int refreshInterval)


Copyright © 2005–2013 The Apache Software Foundation. All rights reserved.