Package org.apache.activemq.security

Class SimpleCachedLDAPAuthorizationMap

java.lang.Object
org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap
All Implemented Interfaces:
AuthorizationMap
public class SimpleCachedLDAPAuthorizationMap extends Object implements AuthorizationMap

  • Field Details

  • Constructor Details

    • SimpleCachedLDAPAuthorizationMap

      public SimpleCachedLDAPAuthorizationMap()

  • Method Details

    • createContext

      protected DirContext createContext() throws NamingException
      Throws:
      NamingException

    • isContextAlive

      protected boolean isContextAlive()

    • open

      protected DirContext open() throws NamingException
      Returns the existing open context or creates a new one and registers listeners for push notifications if such an update style is enabled. This implementation should not be invoked concurrently.
      Returns:
      the current context
      Throws:
      NamingException - if there is an error setting things up

    • query

      protected void query() throws Exception
      Queries the directory and initializes the policy based on the data in the directory. This implementation should not be invoked concurrently.
      Throws:
      Exception - if there is an unrecoverable error processing the directory contents

    • processQueryResults

      protected void processQueryResults(DefaultAuthorizationMap map, NamingEnumeration<SearchResult> results, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType) throws Exception
      Processes results from a directory query in the context of a given destination type and permission type. This implementation should not be invoked concurrently.
      Parameters:
      results - the results to process
      destinationType - the type of the destination for which the directory results apply
      permissionType - the type of the permission for which the directory results apply
      Throws:
      Exception - if there is an error processing the results

    • updated

      protected void updated()
      Marks the time at which the authorization state was last refreshed. Relevant for synchronous policy updates. This implementation should not be invoked concurrently.

    • getEntry

      protected AuthorizationEntry getEntry(DefaultAuthorizationMap map, LdapName dn, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
      Retrieves or creates the AuthorizationEntry that corresponds to the DN in dn. This implementation should not be invoked concurrently.
      Parameters:
      map - the DefaultAuthorizationMap to operate on.
      dn - the DN representing the policy entry in the directory
      destinationType - the type of the destination to get/create the entry for
      Returns:
      the corresponding authorization entry for the DN
      Throws:
      IllegalArgumentException - if destination type is not one of SimpleCachedLDAPAuthorizationMap.DestinationType.QUEUE, SimpleCachedLDAPAuthorizationMap.DestinationType.TOPIC, SimpleCachedLDAPAuthorizationMap.DestinationType.TEMP or if the policy entry DN is malformed

    • applyACL

      protected void applyACL(AuthorizationEntry entry, SearchResult result, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType) throws NamingException
      Applies the policy from the directory to the given entry within the context of the provided permission type.
      Parameters:
      entry - the policy entry to apply the policy to
      result - the results from the directory to apply to the policy entry
      permissionType - the permission type of the data in the directory
      Throws:
      NamingException - if there is an error applying the ACL

    • applyAcl

      protected void applyAcl(AuthorizationEntry entry, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType, Set<Object> acls)
      Applies policy to the entry given the actual principals that will be applied to the policy entry.
      Parameters:
      entry - the policy entry to which the policy should be applied
      permissionType - the type of the permission that the policy will be applied to
      acls - the principals that represent the actual policy

    • formatDestination

      protected org.apache.activemq.command.ActiveMQDestination formatDestination(LdapName dn, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
      Parses a DN into the equivalent ActiveMQDestination. The default implementation expects a format of cn=,ou=,.... or ou=,.... for permission and destination entries, respectively. For example cn=admin,ou=$,ou=... or ou=$,ou=....
      Parameters:
      dn - the DN to parse
      destinationType - the type of the destination that we are parsing
      Returns:
      the destination that the DN represents
      Throws:
      IllegalArgumentException - if destinationType is SimpleCachedLDAPAuthorizationMap.DestinationType.TEMP or if the format of dn is incorrect for for a topic or queue
      See Also:

    • formatDestination

      protected org.apache.activemq.command.ActiveMQDestination formatDestination(Rdn destinationName, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
      Parses RDN values representing the destination name/pattern and destination type into the equivalent ActiveMQDestination.
      Parameters:
      destinationName - the RDN representing the name or pattern for the destination
      destinationType - the type of the destination
      Returns:
      the destination that the RDN represent
      Throws:
      IllegalArgumentException - if destinationType is not one of SimpleCachedLDAPAuthorizationMap.DestinationType.TOPIC or SimpleCachedLDAPAuthorizationMap.DestinationType.QUEUE.
      See Also:

    • formatDestinationName

      protected String formatDestinationName(Rdn destinationName)
      Parses the RDN representing a destination name/pattern into the standard string representation of the name/pattern. This implementation does not care about the type of the RDN such that the RDN could be a CN or OU.
      Parameters:
      destinationName - the RDN representing the name or pattern for the destination
      See Also:
      • #formatDestination(Rdn, Rdn)

    • transcribeSet

      protected <T> Set<T> transcribeSet(Set<T> source)
      Transcribes an existing set into a new set. Used to make defensive copies for concurrent access.
      Parameters:
      source - the source set or null
      Returns:
      a new set containing the same elements as source or null if source is null

    • getFilterForPermissionType

      protected String getFilterForPermissionType(SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
      Returns the filter string for the given permission type.
      Throws:
      IllegalArgumentException - if permissionType is not supported
      See Also:

    • getPrefixLengthForDestinationType

      protected int getPrefixLengthForDestinationType(SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
      Returns the DN prefix size based on the given destination type.
      Throws:
      IllegalArgumentException - if destinationType is not supported
      See Also:

    • checkForUpdates

      protected void checkForUpdates()
      Performs a check for updates from the server in the event that synchronous updates are enabled and are the refresh interval has elapsed.

    • getTempDestinationAdminACLs

      public Set<Object> getTempDestinationAdminACLs()
      Provides synchronized and defensive access to the admin ACLs for temp destinations as the super implementation returns live copies of the ACLs and AuthorizationEntry is not setup for concurrent access.
      Specified by:
      getTempDestinationAdminACLs in interface AuthorizationMap

    • getTempDestinationReadACLs

      public Set<Object> getTempDestinationReadACLs()
      Provides synchronized and defensive access to the read ACLs for temp destinations as the super implementation returns live copies of the ACLs and AuthorizationEntry is not setup for concurrent access.
      Specified by:
      getTempDestinationReadACLs in interface AuthorizationMap

    • getTempDestinationWriteACLs

      public Set<Object> getTempDestinationWriteACLs()
      Provides synchronized and defensive access to the write ACLs for temp destinations as the super implementation returns live copies of the ACLs and AuthorizationEntry is not setup for concurrent access.
      Specified by:
      getTempDestinationWriteACLs in interface AuthorizationMap

    • getAdminACLs

      public Set<Object> getAdminACLs(org.apache.activemq.command.ActiveMQDestination destination)
      Provides synchronized access to the admin ACLs for the destinations as AuthorizationEntry is not setup for concurrent access.
      Specified by:
      getAdminACLs in interface AuthorizationMap

    • getReadACLs

      public Set<Object> getReadACLs(org.apache.activemq.command.ActiveMQDestination destination)
      Provides synchronized access to the read ACLs for the destinations as AuthorizationEntry is not setup for concurrent access.
      Specified by:
      getReadACLs in interface AuthorizationMap

    • getWriteACLs

      public Set<Object> getWriteACLs(org.apache.activemq.command.ActiveMQDestination destination)
      Provides synchronized access to the write ACLs for the destinations as AuthorizationEntry is not setup for concurrent access.
      Specified by:
      getWriteACLs in interface AuthorizationMap

    • objectAdded

      public void objectAdded(NamingEvent namingEvent, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
      Handler for new policy entries in the directory.
      Parameters:
      namingEvent - the new entry event that occurred
      destinationType - the type of the destination to which the event applies
      permissionType - the permission type to which the event applies

    • objectRemoved

      public void objectRemoved(NamingEvent namingEvent, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
      Handler for removed policy entries in the directory.
      Parameters:
      namingEvent - the removed entry event that occurred
      destinationType - the type of the destination to which the event applies
      permissionType - the permission type to which the event applies

    • objectRenamed

      public void objectRenamed(NamingEvent namingEvent, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
      Handler for renamed policy entries in the directory. This handler deals with the renaming of destination entries as well as permission entries. If the permission type is not null, it is assumed that we are dealing with the renaming of a permission entry. Otherwise, it is assumed that we are dealing with the renaming of a destination entry.
      Parameters:
      namingEvent - the renaming entry event that occurred
      destinationType - the type of the destination to which the event applies
      permissionType - the permission type to which the event applies

    • objectChanged

      public void objectChanged(NamingEvent namingEvent, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
      Handler for changed policy entries in the directory.
      Parameters:
      namingEvent - the changed entry event that occurred
      destinationType - the type of the destination to which the event applies
      permissionType - the permission type to which the event applies

    • namingExceptionThrown

      public void namingExceptionThrown(NamingExceptionEvent namingExceptionEvent)
      Handler for exception events from the registry.
      Parameters:
      namingExceptionEvent - the exception event

    • afterPropertiesSet

      public void afterPropertiesSet() throws Exception
      Throws:
      Exception

    • destroy

      public void destroy() throws Exception
      Throws:
      Exception

    • getConnectionURL

      public String getConnectionURL()

    • setConnectionURL

      public void setConnectionURL(String connectionURL)

    • getConnectionUsername

      public String getConnectionUsername()

    • setConnectionUsername

      public void setConnectionUsername(String connectionUsername)

    • getConnectionPassword

      public String getConnectionPassword()

    • setConnectionPassword

      public void setConnectionPassword(String connectionPassword)

    • getConnectionProtocol

      public String getConnectionProtocol()

    • setConnectionProtocol

      public void setConnectionProtocol(String connectionProtocol)

    • getAuthentication

      public String getAuthentication()

    • setAuthentication

      public void setAuthentication(String authentication)

    • getQueueSearchBase

      public String getQueueSearchBase()

    • setQueueSearchBase

      public void setQueueSearchBase(String queueSearchBase)

    • getTopicSearchBase

      public String getTopicSearchBase()

    • setTopicSearchBase

      public void setTopicSearchBase(String topicSearchBase)

    • getTempSearchBase

      public String getTempSearchBase()

    • setTempSearchBase

      public void setTempSearchBase(String tempSearchBase)

    • getPermissionGroupMemberAttribute

      public String getPermissionGroupMemberAttribute()

    • setPermissionGroupMemberAttribute

      public void setPermissionGroupMemberAttribute(String permissionGroupMemberAttribute)

    • getAdminPermissionGroupSearchFilter

      public String getAdminPermissionGroupSearchFilter()

    • setAdminPermissionGroupSearchFilter

      public void setAdminPermissionGroupSearchFilter(String adminPermissionGroupSearchFilter)

    • getReadPermissionGroupSearchFilter

      public String getReadPermissionGroupSearchFilter()

    • setReadPermissionGroupSearchFilter

      public void setReadPermissionGroupSearchFilter(String readPermissionGroupSearchFilter)

    • getWritePermissionGroupSearchFilter

      public String getWritePermissionGroupSearchFilter()

    • setWritePermissionGroupSearchFilter

      public void setWritePermissionGroupSearchFilter(String writePermissionGroupSearchFilter)

    • isLegacyGroupMapping

      public boolean isLegacyGroupMapping()

    • setLegacyGroupMapping

      public void setLegacyGroupMapping(boolean legacyGroupMapping)

    • getGroupObjectClass

      public String getGroupObjectClass()

    • setGroupObjectClass

      public void setGroupObjectClass(String groupObjectClass)

    • getUserObjectClass

      public String getUserObjectClass()

    • setUserObjectClass

      public void setUserObjectClass(String userObjectClass)

    • getGroupNameAttribute

      public String getGroupNameAttribute()

    • setGroupNameAttribute

      public void setGroupNameAttribute(String groupNameAttribute)

    • getUserNameAttribute

      public String getUserNameAttribute()

    • setUserNameAttribute

      public void setUserNameAttribute(String userNameAttribute)

    • isRefreshDisabled

      public boolean isRefreshDisabled()

    • setRefreshDisabled

      public void setRefreshDisabled(boolean refreshDisabled)

    • getRefreshInterval

      public int getRefreshInterval()

    • setRefreshInterval

      public void setRefreshInterval(int refreshInterval)

    • getGroupClass

      public String getGroupClass()

    • setGroupClass

      public void setGroupClass(String groupClass)