HPCC-15001 SecManager restructure to support per-binding secmanager plugins

Refactor dynamic load of security manager plugins to support new and improved
esp.xml configuration that can vary by service binding.

Signed-off-by: Russ Whitehead <william.whitehead@lexisnexis.com>

esp/bindings/http/platform/httpbinding.cpp

@@ -177,41 +177,24 @@ EspHttpBinding::EspHttpBinding(IPropertyTree* tree, const char *bindname, const
         Owned<IPropertyTree> authcfg = bnd_cfg->getPropTree("Authenticate");
         if(authcfg != NULL)
         {
-#ifdef _DEBUG
-            StringBuffer authXml;
-            toXML(authcfg, authXml);
-            PROGLOG("\nAUTHENTICATE(%s) PROPS\n%s\n", bindname, authXml.str());
-#endif
             //Instantiate a Security Manager
             m_authtype.set(authcfg->queryProp("@type"));
             m_authmethod.set(authcfg->queryProp("@method"));
             if (!m_authmethod.isEmpty())
             {
-                PROGLOG("Configuring Authenticate method=%s", m_authmethod.str());
-                Owned<IPropertyTree> process_config = getProcessConfig(tree, procname);
-
                 Owned<IPropertyTree> secMgrCfg;
-                if(process_config.get() != NULL)
-                    secMgrCfg.setown(process_config->getPropTree("SecurityManager"));//Is this a Pluggable Security Manager
+                if(proc_cfg.get() != NULL)
+                {
+                    Owned<IPropertyTree> secMgrs;
+                    VStringBuffer sm("SecurityManagers/SecurityManager[@name='%s']", m_authmethod.str());
+                    secMgrCfg.setown(proc_cfg->getPropTree(sm.str()));
+                }
+
                 if (secMgrCfg)
                 {
-#ifdef _DEBUG
-                    StringBuffer secMgrXml;
-                    toXML(secMgrCfg, secMgrXml);
-                    PROGLOG("\nSECURITY MANAGER(%s) PROPS\n%s\n", bindname, secMgrXml.str());
-#endif
                     //This is a Pluggable Security Manager
-                    StringBuffer secMgrType;
-                    secMgrCfg->getProp("@type", secMgrType);
-                    if (!secMgrType.isEmpty() && 0==strcmp(secMgrType.str(), m_authmethod.str()))
-                    {
-                        m_secmgr.setown(SecLoader::loadPluggableSecManager(bindname, authcfg, secMgrCfg));
-                        m_authmap.setown(m_secmgr->createAuthMap(authcfg));
-                    }
-                    else
-                    {
-                        throw MakeStringException(-1, "Authorization type %s not found in SecurityManager configuration for %s", m_authmethod.str(), bindname);
-                    }
+                    m_secmgr.setown(SecLoader::loadPluggableSecManager(bindname, authcfg, secMgrCfg));
+                    m_authmap.setown(m_secmgr->createAuthMap(authcfg));
                 }
                 else
                 {
@@ -223,8 +206,8 @@ EspHttpBinding::EspHttpBinding(IPropertyTree* tree, const char *bindname, const
                         Owned<IPropertyTree> lscfg = bnd_cfg->getPropTree(StringBuffer(".//ldapSecurity[@name=").appendf("\"%s\"]", lsname.str()).str());
                         if(lscfg == NULL)
                         {
-                            if(process_config.get() != NULL)
-                                lscfg.setown(process_config->getPropTree(StringBuffer("ldapSecurity[@name=").appendf("\"%s\"]", lsname.str()).str()));
+                            if(proc_cfg.get() != NULL)
+                                lscfg.setown(proc_cfg->getPropTree(StringBuffer("ldapSecurity[@name=").appendf("\"%s\"]", lsname.str()).str()));
                             if(lscfg == NULL)
                             {
                                 ERRLOG("can't find bnd_cfg for LdapSecurity %s", lsname.str());
@@ -256,8 +239,8 @@ EspHttpBinding::EspHttpBinding(IPropertyTree* tree, const char *bindname, const
                     else if(stricmp(m_authmethod.str(), "htpasswd") == 0)
                     {
                         Owned<IPropertyTree> cfg;
-                        if(process_config.get() != NULL)
-                            cfg.setown(process_config->getPropTree("htpasswdSecurity"));
+                        if(proc_cfg.get() != NULL)
+                            cfg.setown(proc_cfg->getPropTree("htpasswdSecurity"));
                         if(cfg == NULL)
                         {
                             ERRLOG("can't find htpasswdSecurity in configuration");

system/security/shared/secloader.hpp

@@ -35,8 +35,8 @@ public:
     /// for the given ESP service
     ///
     /// @param  bindingName     Binding name ie 'WsTopology_smc_myesp'
-    /// @param  secMgrCfg       'SecurityManager' IPropertyTree from component config file
     /// @param  authCfg         'Authenticate' IPropertyTree from EspService component binding
+    /// @param  secMgrCfg       'SecurityManager' IPropertyTree from component config file
     ///
     /// @return an ISecManager Security Manager instance
     ///
@@ -66,6 +66,7 @@ public:
             throw MakeStringException(-1, "%s cannot locate procedure %s of '%s'", lsm, instFactory.str(), libName.str());
 
         //Call ISecManager instance factory and return the new instance
+        DBGLOG("Calling '%s' in pluggable security manager '%s'", instFactory.str(), libName.str());
         return xproc(bindingName, *secMgrCfg, *authCfg);
     }