org.apache.qpid.server.security.auth.manager

Class PrincipalDatabaseAuthenticationManager<T extends PrincipalDatabaseAuthenticationManager<T>>

java.lang.Object

org.apache.qpid.server.model.AbstractConfiguredObject<T>

org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager<T>

org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager<T>

All Implemented Interfaces:

AuthenticationProvider<T>, ConfiguredObject<T>, ExternalFileBasedAuthenticationManager<T>, ManagedInterface, PasswordCredentialManagingAuthenticationProvider<T>, PreferencesSupportingAuthenticationProvider, UsernamePasswordAuthenticationProvider<T>

Direct Known Subclasses:

Base64MD5PasswordDatabaseAuthenticationManager, PlainPasswordDatabaseAuthenticationManager

public abstract class PrincipalDatabaseAuthenticationManager<T extends PrincipalDatabaseAuthenticationManager<T>>
extends AbstractAuthenticationManager<T>
implements ExternalFileBasedAuthenticationManager<T>, PreferencesSupportingAuthenticationProvider

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.qpid.server.model.AbstractConfiguredObject

AbstractConfiguredObject.CallableWithArgument<V,A>, AbstractConfiguredObject.ChainedListenableFuture<V>, AbstractConfiguredObject.ChainedSettableFuture<V>, AbstractConfiguredObject.DuplicateIdException, AbstractConfiguredObject.DuplicateNameException

Field Summary

Fields inherited from class org.apache.qpid.server.model.AbstractConfiguredObject

SECURED_STRING_VALUE

Fields inherited from interface org.apache.qpid.server.model.ExternalFileBasedAuthenticationManager

PATH

Fields inherited from interface org.apache.qpid.server.model.ConfiguredObject

CONTEXT, CREATED_BY, CREATED_TIME, DESCRIPTION, DESIRED_STATE, DURABLE, ID, LAST_UPDATED_BY, LAST_UPDATED_TIME, LIFETIME_POLICY, NAME, OVER_SIZED_ATTRIBUTE_ALTERNATIVE_TEXT, STATE, TYPE

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	PrincipalDatabaseAuthenticationManager(Map<String,Object> attributes, Broker broker)

Method Summary

Modifier and Type	Method and Description
com.google.common.util.concurrent.ListenableFuture<Void>	activate()
<C extends ConfiguredObject> com.google.common.util.concurrent.ListenableFuture<C>	addChildAsync(Class<C> childClass, Map<String,Object> attributes, ConfiguredObject... otherParents)
AuthenticationResult	authenticate(SaslServer server, byte[] response) Authenticates a user using SASL negotiation.
AuthenticationResult	authenticate(String username, String password) Authenticates a user using their username and password.
protected void	changeAttributes(Map<String,Object> attributes)
protected abstract PrincipalDatabase	createDatabase()
SaslServer	createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) Creates a SASL server for the specified mechanism name for the given fully qualified domain name.
boolean	createUser(String username, String password, Map<String,String> attributes)
void	deleteUser(String username)
com.google.common.util.concurrent.ListenableFuture<Void>	doDelete()
List<String>	getMechanisms() Gets the SASL mechanisms known to this manager.
String	getPath()
PrincipalDatabase	getPrincipalDatabase()
protected SecurityManager	getSecurityManager()
Map<String,Map<String,String>>	getUsers()
void	initialise()
protected void	onCreate()
protected void	onOpen()
protected void	postResolve()
void	reload() Refreshes the cache of user and password data from the underlying storage.
void	setPassword(String username, String password)
protected void	validateChange(ConfiguredObject<?> updatedObject, Set<String> changedAttributes)
protected void	validateOnCreate()

Methods inherited from class org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager

getBroker, getDisabledMechanisms, getPreferencesProvider, getSecureOnlyMechanisms, getSubjectCreator, getVirtualHostPortBindings, onValidate, recoverUser, setPreferencesProvider, startQuiesced

Methods inherited from class org.apache.qpid.server.model.AbstractConfiguredObject

addChangeListener, applyToChildren, asObjectRecord, attainState, attributeSet, authoriseCreate, authoriseCreateChild, authoriseDelete, authoriseSetAttributes, beforeClose, changeAttribute, childAdded, childRemoved, close, closeAsync, closeChildren, create, createAsync, createChild, createChildAsync, decryptSecrets, delete, deleteAsync, deleted, doAfter, doAfter, doAfter, doAfter, doAfter, doAfter, doAfterAlways, doAfterAlways, doCreation, doOnConfigThread, doOpening, doResolution, doSync, doSync, doValidation, findConfiguredObject, forceUpdateAllSecureAttributes, getActualAttributes, getAttainedChildById, getAttainedChildByName, getAttribute, getAttributeNames, getCategoryClass, getChildById, getChildByName, getChildExecutor, getChildren, getContext, getContextKeys, getContextValue, getContextValue, getCreatedBy, getCreatedTime, getDescription, getDesiredState, getId, getLastOpenedTime, getLastUpdatedBy, getLastUpdatedTime, getLifetimePolicy, getModel, getName, getObjectFactory, getParent, getState, getStatistics, getTaskExecutor, getType, getTypeClass, handleExceptionOnOpen, isDurable, managesChildStorage, notifyStateChanged, onClose, onExceptionInOpen, onResolve, open, openAsync, parentsMap, postResolveChildren, registerWithParents, removeChangeListener, rethrowRuntimeExceptionsOnOpen, runTask, setAttribute, setAttributes, setAttributesAsync, setEncrypter, setState, start, startAsync, stop, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.qpid.server.model.AuthenticationProvider

getDisabledMechanisms, getPreferencesProvider, getSecureOnlyMechanisms, getSubjectCreator, getVirtualHostPortBindings, recoverUser, setPreferencesProvider

Methods inherited from interface org.apache.qpid.server.model.ConfiguredObject

addChangeListener, asObjectRecord, close, closeAsync, createChild, createChildAsync, decryptSecrets, delete, deleteAsync, findConfiguredObject, getActualAttributes, getAttainedChildById, getAttainedChildByName, getAttribute, getAttributeNames, getCategoryClass, getChildById, getChildByName, getChildExecutor, getChildren, getContext, getContextKeys, getContextValue, getContextValue, getCreatedBy, getCreatedTime, getDescription, getDesiredState, getId, getLastOpenedTime, getLastUpdatedBy, getLastUpdatedTime, getLifetimePolicy, getModel, getName, getObjectFactory, getParent, getState, getStatistics, getTaskExecutor, getType, getTypeClass, isDurable, managesChildStorage, open, openAsync, removeChangeListener, setAttribute, setAttributes, setAttributesAsync

Methods inherited from interface org.apache.qpid.server.model.PreferencesSupportingAuthenticationProvider

getPreferencesProvider, setPreferencesProvider

Constructor Detail

PrincipalDatabaseAuthenticationManager

protected PrincipalDatabaseAuthenticationManager(Map<String,Object> attributes,
                                                 Broker broker)

Method Detail

validateOnCreate

protected void validateOnCreate()

Overrides:

validateOnCreate in class AbstractConfiguredObject<T extends PrincipalDatabaseAuthenticationManager<T>>

onCreate

protected void onCreate()

Overrides:

onCreate in class AbstractConfiguredObject<T extends PrincipalDatabaseAuthenticationManager<T>>

onOpen

protected void onOpen()

Overrides:

onOpen in class AbstractAuthenticationManager<T extends PrincipalDatabaseAuthenticationManager<T>>

postResolve

protected void postResolve()

Overrides:

postResolve in class AbstractConfiguredObject<T extends PrincipalDatabaseAuthenticationManager<T>>

createDatabase

protected abstract PrincipalDatabase createDatabase()

getPath

public String getPath()

Specified by:

getPath in interface ExternalFileBasedAuthenticationManager<T extends PrincipalDatabaseAuthenticationManager<T>>

initialise

public void initialise()

getMechanisms

public List<String> getMechanisms()

Description copied from interface: AuthenticationProvider

Gets the SASL mechanisms known to this manager.

Specified by:

getMechanisms in interface AuthenticationProvider<T extends PrincipalDatabaseAuthenticationManager<T>>

Returns:

SASL mechanism names, space separated.

createSaslServer

public SaslServer createSaslServer(String mechanism,
                                   String localFQDN,
                                   Principal externalPrincipal)
                            throws SaslException

Description copied from interface: AuthenticationProvider

Creates a SASL server for the specified mechanism name for the given fully qualified domain name.

Specified by:

createSaslServer in interface AuthenticationProvider<T extends PrincipalDatabaseAuthenticationManager<T>>

Parameters:

mechanism - mechanism name

localFQDN - domain name

externalPrincipal - externally authenticated Principal

Returns:

SASL server

Throws:

SaslException

authenticate

public AuthenticationResult authenticate(SaslServer server,
                                         byte[] response)

Description copied from interface: AuthenticationProvider

Authenticates a user using SASL negotiation.

Specified by:

authenticate in interface AuthenticationProvider<T extends PrincipalDatabaseAuthenticationManager<T>>

Parameters:

server - SASL server

response - SASL response to process

Returns:

authentication result

See Also:

AuthenticationProvider.authenticate(SaslServer, byte[])

authenticate

public AuthenticationResult authenticate(String username,
                                         String password)

Description copied from interface: UsernamePasswordAuthenticationProvider

Authenticates a user using their username and password.

Specified by:

authenticate in interface UsernamePasswordAuthenticationProvider<T extends PrincipalDatabaseAuthenticationManager<T>>

Parameters:

username - username

password - password

Returns:

authentication result

See Also:

UsernamePasswordAuthenticationProvider.authenticate(String, String)

getPrincipalDatabase

public PrincipalDatabase getPrincipalDatabase()

activate

public com.google.common.util.concurrent.ListenableFuture<Void> activate()

Overrides:

activate in class AbstractAuthenticationManager<T extends PrincipalDatabaseAuthenticationManager<T>>

doDelete

public com.google.common.util.concurrent.ListenableFuture<Void> doDelete()

Overrides:

doDelete in class AbstractAuthenticationManager<T extends PrincipalDatabaseAuthenticationManager<T>>

createUser

public boolean createUser(String username,
                          String password,
                          Map<String,String> attributes)

Specified by:

createUser in interface PasswordCredentialManagingAuthenticationProvider<T extends PrincipalDatabaseAuthenticationManager<T>>

deleteUser

public void deleteUser(String username)
                throws AccountNotFoundException

Specified by:

deleteUser in interface PasswordCredentialManagingAuthenticationProvider<T extends PrincipalDatabaseAuthenticationManager<T>>

Throws:

AccountNotFoundException

getSecurityManager

protected SecurityManager getSecurityManager()

Overrides:

getSecurityManager in class AbstractConfiguredObject<T extends PrincipalDatabaseAuthenticationManager<T>>

setPassword

public void setPassword(String username,
                        String password)
                 throws AccountNotFoundException

Specified by:

setPassword in interface PasswordCredentialManagingAuthenticationProvider<T extends PrincipalDatabaseAuthenticationManager<T>>

Throws:

AccountNotFoundException

getUsers

public Map<String,Map<String,String>> getUsers()

Specified by:

getUsers in interface PasswordCredentialManagingAuthenticationProvider<T extends PrincipalDatabaseAuthenticationManager<T>>

reload

public void reload()
            throws IOException

Description copied from interface: PasswordCredentialManagingAuthenticationProvider

Refreshes the cache of user and password data from the underlying storage. If there is a failure whilst reloading the data, the implementation must throw an IOException and revert to using the previous cached username and password data. In this way, the broker will remain usable.

Specified by:

reload in interface PasswordCredentialManagingAuthenticationProvider<T extends PrincipalDatabaseAuthenticationManager<T>>

Throws:

IOException

addChildAsync

public <C extends ConfiguredObject> com.google.common.util.concurrent.ListenableFuture<C> addChildAsync(Class<C> childClass,
                                                                                                        Map<String,Object> attributes,
                                                                                                        ConfiguredObject... otherParents)

Overrides:

addChildAsync in class AbstractAuthenticationManager<T extends PrincipalDatabaseAuthenticationManager<T>>

validateChange

protected void validateChange(ConfiguredObject<?> updatedObject,
                              Set<String> changedAttributes)

Overrides:

validateChange in class AbstractConfiguredObject<T extends PrincipalDatabaseAuthenticationManager<T>>

changeAttributes

protected void changeAttributes(Map<String,Object> attributes)

Overrides:

changeAttributes in class AbstractConfiguredObject<T extends PrincipalDatabaseAuthenticationManager<T>>