@Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { super.addConnection(context, info); ActiveMQTopic topic = AdvisorySupport.getConnectionAdvisoryTopic(); // do not distribute passwords in advisory messages. usernames okay ConnectionInfo copy = info.copy(); copy.setPassword(""); fireAdvisory(context, topic, copy); connections.put(copy.getConnectionId(), copy); }
@Override public void start() throws Exception { super.start(); LOG.info("Starting StatisticsBroker"); }
@Override public Subscription addConsumer(ConnectionContext context, ConsumerInfo info) throws Exception { // don't track selectors for advisory topics or temp destinations if (!AdvisorySupport.isAdvisoryTopic(info.getDestination()) && !info.getDestination().isTemporary()) { String destinationName = info.getDestination().getQualifiedName(); LOG.debug("Caching consumer selector [{}] on '{}'", info.getSelector(), destinationName); String selector = info.getSelector() == null ? MATCH_EVERYTHING : info.getSelector(); if (!(ignoreWildcardSelectors && hasWildcards(selector))) { Set<String> selectors = subSelectorCache.get(destinationName); if (selectors == null) { selectors = Collections.synchronizedSet(new HashSet<String>()); } else if (singleSelectorPerDestination && !MATCH_EVERYTHING.equals(selector)) { // in this case, we allow only ONE selector. But we don't count the catch-all "null/TRUE" selector // here, we always allow that one. But only one true selector. boolean containsMatchEverything = selectors.contains(MATCH_EVERYTHING); selectors.clear(); // put back the MATCH_EVERYTHING selector if (containsMatchEverything) { selectors.add(MATCH_EVERYTHING); } } LOG.debug("adding new selector: into cache " + selector); selectors.add(selector); LOG.debug("current selectors in cache: " + selectors); subSelectorCache.put(destinationName, selectors); } } return super.addConsumer(context, info); }
super.removeConsumer(context, nc); LOG.warn("Removed stale network consumer {}", nc); return super.addConsumer(context, info);
/** * Overriding removeConnection to make sure the security context is cleaned. */ @Override public void removeConnection(ConnectionContext context, ConnectionInfo info, Throwable error) throws Exception { super.removeConnection(context, info, error); context.setSecurityContext(null); }
@Override public void stop() throws Exception { super.stop(); }
@Override public void send(ProducerBrokerExchange producerExchange, final Message messageSend) throws Exception { ActiveMQDestination activeMQDestination = messageSend.getDestination(); if (!interceptorMap.isEmpty() && activeMQDestination != null) { Set<MessageInterceptor> set = interceptorMap.get(activeMQDestination); if (set != null && !set.isEmpty()) { for (MessageInterceptor mi : set) { mi.intercept(producerExchange, messageSend); } } else { super.send(producerExchange, messageSend); } } else { super.send(producerExchange, messageSend); } } }
@Override public Destination addDestination(ConnectionContext context, ActiveMQDestination destination,boolean create) throws Exception { final SecurityContext securityContext = checkSecurityContext(context); if (!checkDestinationAdmin(securityContext, destination)) { throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to create: " + destination); } return super.addDestination(context, destination,create); }
@Override public void addProducer(ConnectionContext context, ProducerInfo info) throws Exception { super.addProducer(context, info); // Don't advise advisory topics. if (info.getDestination() != null && !AdvisorySupport.isAdvisoryTopic(info.getDestination())) { ActiveMQTopic topic = AdvisorySupport.getProducerAdvisoryTopic(info.getDestination()); fireProducerAdvisory(context, info.getDestination(), topic, info); producers.put(info.getProducerId(), info); } }
@Override public void isFull(ConnectionContext context, Destination destination, Usage<?> usage) { super.isFull(context, destination, usage); if (AdvisorySupport.isAdvisoryTopic(destination.getActiveMQDestination()) == false) { try { ActiveMQTopic topic = AdvisorySupport.getFullAdvisoryTopic(destination.getActiveMQDestination()); ActiveMQMessage advisoryMessage = new ActiveMQMessage(); advisoryMessage.setStringProperty(AdvisorySupport.MSG_PROPERTY_USAGE_NAME, usage.getName()); advisoryMessage.setLongProperty(AdvisorySupport.MSG_PROPERTY_USAGE_COUNT, usage.getUsage()); fireAdvisory(context, topic, null, null, advisoryMessage); } catch (Exception e) { handleFireFailure("is full", e); } } }
@Override public void messageConsumed(ConnectionContext context, MessageReference messageReference) { super.messageConsumed(context, messageReference); try { if (!messageReference.isAdvisory()) { BaseDestination baseDestination = (BaseDestination) messageReference.getMessage().getRegionDestination(); ActiveMQTopic topic = AdvisorySupport.getMessageConsumedAdvisoryTopic(baseDestination.getActiveMQDestination()); Message payload = messageReference.getMessage().copy(); if (!baseDestination.isIncludeBodyForAdvisory()) { payload.clearBody(); } ActiveMQMessage advisoryMessage = new ActiveMQMessage(); advisoryMessage.setStringProperty(AdvisorySupport.MSG_PROPERTY_MESSAGE_ID, payload.getMessageId().toString()); advisoryMessage.setStringProperty(AdvisorySupport.MSG_PROPERTY_DESTINATION, baseDestination.getActiveMQDestination().getQualifiedName()); fireAdvisory(context, topic, payload, null, advisoryMessage); } } catch (Exception e) { handleFireFailure("consumed", e); } }
@Override public void removeConnection(ConnectionContext context, ConnectionInfo info, Throwable error) throws Exception { super.removeConnection(context, info, error); if (securityContexts.remove(context.getSecurityContext())) { context.setSecurityContext(null); } }
@Override public void stop() throws Exception { if (this.started.compareAndSet(true, false)) { if (this.store != null) { this.store.stop(); } if (this.scheduler != null) { this.scheduler.removeListener(this); this.scheduler = null; } } super.stop(); }
public void send(ProducerBrokerExchange producerExchange, Message messageSend) throws Exception { final ConnectionContext context = producerExchange.getConnectionContext(); String userID = context.getUserName(); if (isUseAuthenticatePrincipal()) { SecurityContext securityContext = context.getSecurityContext(); if (securityContext != null) { Set<?> principals = securityContext.getPrincipals(); if (principals != null) { for (Object candidate : principals) { if (candidate instanceof UserPrincipal) { userID = ((UserPrincipal)candidate).getName(); break; } } } } } messageSend.setUserID(userID); super.send(producerExchange, messageSend); }
@Override public Destination addDestination(ConnectionContext context, ActiveMQDestination destination, boolean create) throws Exception { Destination answer = super.addDestination(context, destination, create); if (!AdvisorySupport.isAdvisoryTopic(destination)) { //for queues, create demand if isUseVirtualDestSubsOnCreation is true if (getBrokerService().isUseVirtualDestSubsOnCreation() && destination.isQueue()) { //check if this new destination matches a virtual destination that exists for (VirtualDestination virtualDestination : virtualDestinations) { if (virtualDestinationMatcher.matches(virtualDestination, destination)) { fireVirtualDestinationAddAdvisory(context, null, destination, virtualDestination); } } } DestinationInfo info = new DestinationInfo(context.getConnectionId(), DestinationInfo.ADD_OPERATION_TYPE, destination); DestinationInfo previous = destinations.putIfAbsent(destination, info); if (previous == null) { ActiveMQTopic topic = AdvisorySupport.getDestinationAdvisoryTopic(destination); fireAdvisory(context, topic, info); } } return answer; }
@Override public void addProducer(ConnectionContext context, ProducerInfo info) throws Exception { final SecurityContext securityContext = checkSecurityContext(context); if (!securityContext.isBrokerContext() && info.getDestination() != null) { Set<?> allowedACLs = null; if (!info.getDestination().isTemporary()) { allowedACLs = authorizationMap.getWriteACLs(info.getDestination()); } else { allowedACLs = authorizationMap.getTempDestinationWriteACLs(); } if (allowedACLs != null && !securityContext.isInOneOf(allowedACLs)) { throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to write to: " + info.getDestination()); } securityContext.getAuthorizedWriteDests().put(info.getDestination(), info.getDestination()); } super.addProducer(context, info); }
super.removeConsumer(context, nc); LOG.warn("Removed stale network consumer {}", nc); return super.addConsumer(context, info);
@Override public void isFull(ConnectionContext context, Destination destination, Usage<?> usage) { blockWhileLoadingCamelRoutes(); super.isFull(context, destination, usage); }
@Override public void messageConsumed(ConnectionContext context, MessageReference messageReference) { blockWhileLoadingCamelRoutes(); super.messageConsumed(context, messageReference); }
/** * Overridden to allow for authentication based on client certificates. * Connections being added will be authenticated based on their certificate * chain and the JAAS module specified through the JAAS framework. NOTE: The * security context's username will be set to the first UserPrincipal * created by the login module. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ @Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { if (!(info.getTransportContext() instanceof X509Certificate[])) { throw new SecurityException("Unable to authenticate transport without SSL certificate."); } // Set the TCCL since it seems JAAS needs it to find the login // module classes. ClassLoader original = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader()); try { SecurityContext s = authenticate(info.getUserName(), info.getPassword(), (X509Certificate[]) info.getTransportContext()); context.setSecurityContext(s); } finally { Thread.currentThread().setContextClassLoader(original); } } super.addConnection(context, info); }