You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2010/06/17 16:37:59 UTC
svn commit: r955617 - in /qpid/trunk/qpid/java:
broker-plugins/firewall/src/main/java/org/apache/qpid/server/security/access/plugins/
broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/
broker/src/main/java/org/apache/qpid/ser...
Author: robbie
Date: Thu Jun 17 14:37:59 2010
New Revision: 955617
URL: http://svn.apache.org/viewvc?rev=955617&view=rev
Log:
QPID-2662: Use actual SocketAddress instead of the String representation
Applied patch from Andrew Kennedy <an...@gmail.com>
Modified:
qpid/trunk/qpid/java/broker-plugins/firewall/src/main/java/org/apache/qpid/server/security/access/plugins/Firewall.java
qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java
qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallPluginTest.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/handler/ConnectionOpenMethodHandler.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/transport/ServerConnectionDelegate.java
qpid/trunk/qpid/java/systests/etc/config-systests-ServerConfigurationTest-New.xml
qpid/trunk/qpid/java/systests/etc/config-systests-ServerConfigurationTest-Old.xml
qpid/trunk/qpid/java/systests/etc/config-systests-firewall-2.xml
qpid/trunk/qpid/java/systests/etc/config-systests-firewall-3.xml
qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-2.xml
qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-3.xml
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/firewall/FirewallConfigTest.java
Modified: qpid/trunk/qpid/java/broker-plugins/firewall/src/main/java/org/apache/qpid/server/security/access/plugins/Firewall.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/firewall/src/main/java/org/apache/qpid/server/security/access/plugins/Firewall.java?rev=955617&r1=955616&r2=955617&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/firewall/src/main/java/org/apache/qpid/server/security/access/plugins/Firewall.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/firewall/src/main/java/org/apache/qpid/server/security/access/plugins/Firewall.java Thu Jun 17 14:37:59 2010
@@ -21,13 +21,10 @@
package org.apache.qpid.server.security.access.plugins;
import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.util.List;
+import java.net.InetSocketAddress;
-import org.apache.commons.configuration.CompositeConfiguration;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationException;
-import org.apache.commons.configuration.XMLConfiguration;
import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
import org.apache.qpid.server.security.AbstractPlugin;
import org.apache.qpid.server.security.Result;
@@ -87,28 +84,19 @@ public class Firewall extends AbstractPl
{
return Result.ABSTAIN; // We are only interested in access to virtualhosts
}
-
- // TODO alter 0-10 code path to expose the SocketAddress object?
- String address = (String) instance;
-
- if (address == null || address.trim().length() == 0)
+
+ if (!(instance instanceof InetSocketAddress))
{
- return Result.ABSTAIN; // We need an address
+ return Result.ABSTAIN; // We need an internet address
}
+ InetAddress address = ((InetSocketAddress) instance).getAddress();
+
try
{
- int slash = address.indexOf('/');
- int colon = address.indexOf(':');
- InetAddress addr = InetAddress.getByName(address.substring(slash == -1 ? 0 : slash + 1, colon == -1 ? address.length() : colon));
- if (addr == null)
- {
- return Result.ABSTAIN; // Not a real address
- }
-
for (FirewallRule rule : _rules)
{
- boolean match = rule.match(addr);
+ boolean match = rule.match(address);
if (match)
{
return rule.getAccess();
@@ -116,11 +104,6 @@ public class Firewall extends AbstractPl
}
return getDefault();
}
- catch (UnknownHostException uhe)
- {
- _logger.error("Address format invalid: " + address, uhe);
- return Result.DENIED;
- }
catch (FirewallException fe)
{
return Result.DENIED;
Modified: qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java?rev=955617&r1=955616&r2=955617&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java Thu Jun 17 14:37:59 2010
@@ -24,33 +24,16 @@ import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.RandomAccessFile;
+import java.net.InetSocketAddress;
-import junit.framework.TestCase;
-
-import org.apache.qpid.server.protocol.AMQProtocolEngine;
-import org.apache.qpid.server.protocol.AMQProtocolSession;
import org.apache.qpid.server.registry.ApplicationRegistry;
import org.apache.qpid.server.registry.ConfigurationFileApplicationRegistry;
+import org.apache.qpid.server.util.InternalBrokerBaseCase;
import org.apache.qpid.server.virtualhost.VirtualHost;
import org.apache.qpid.server.virtualhost.VirtualHostRegistry;
-import org.apache.qpid.transport.TestNetworkDriver;
-public class FirewallConfigurationTest extends TestCase
+public class FirewallConfigurationTest extends InternalBrokerBaseCase
{
- @Override
- public void setUp()
- {
- //Highlight that this test will cause a new AR to be created
- //ApplicationRegistry.getInstance();
- }
-
- @Override
- public void tearDown() throws Exception
- {
- //Correctly Close the AR we created
- //ApplicationRegistry.remove();
- }
-
public void testFirewallConfiguration() throws Exception
{
// Write out config
@@ -65,8 +48,8 @@ public class FirewallConfigurationTest e
ApplicationRegistry.initialise(reg, 1);
// Test config
- assertFalse(reg.getSecurityManager().accessVirtualhost("test", "127.0.0.1"));
- assertTrue(reg.getSecurityManager().accessVirtualhost("test", "127.1.2.3"));
+ assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535)));
+ assertTrue(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.1.2.3", 65535)));
}
finally
{
@@ -94,6 +77,7 @@ public class FirewallConfigurationTest e
out = new FileWriter(fileA);
out.write("<broker>\n");
out.write("\t<plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory>\n");
+ out.write("\t<cache-directory>${QPID_WORK}/cache</cache-directory>\n");
out.write("\t<management><enabled>false</enabled></management>\n");
out.write("\t<security>\n");
out.write("\t\t<principal-databases>\n");
@@ -137,7 +121,7 @@ public class FirewallConfigurationTest e
ApplicationRegistry.initialise(reg, 1);
// Test config
- assertFalse(reg.getSecurityManager().accessVirtualhost("test", "127.0.0.1"));
+ assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535)));
}
finally
{
@@ -160,14 +144,14 @@ public class FirewallConfigurationTest e
ApplicationRegistry.initialise(reg, 1);
// Test config
- assertFalse(reg.getSecurityManager().accessVirtualhost("test", "127.0.0.1"));
+ assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535)));
// Switch to deny the connection
writeConfigFile(mainFile, true);
reg.getConfiguration().reparseConfigFileSecuritySections();
- assertTrue(reg.getSecurityManager().accessVirtualhost("test", "127.0.0.1"));
+ assertTrue(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535)));
}
finally
{
@@ -238,7 +222,7 @@ public class FirewallConfigurationTest e
ApplicationRegistry.initialise(reg, 1);
// Test config
- assertFalse(reg.getSecurityManager().accessVirtualhost("test", "127.0.0.1"));
+ assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535)));
RandomAccessFile fileBRandom = new RandomAccessFile(fileB, "rw");
fileBRandom.setLength(0);
@@ -253,7 +237,7 @@ public class FirewallConfigurationTest e
reg.getConfiguration().reparseConfigFileSecuritySections();
- assertTrue(reg.getSecurityManager().accessVirtualhost("test", "127.0.0.1"));
+ assertTrue(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535)));
fileBRandom = new RandomAccessFile(fileB, "rw");
fileBRandom.setLength(0);
@@ -268,7 +252,7 @@ public class FirewallConfigurationTest e
reg.getConfiguration().reparseConfigFileSecuritySections();
- assertFalse(reg.getSecurityManager().accessVirtualhost("test", "127.0.0.1"));
+ assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535)));
}
finally
{
Modified: qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallPluginTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallPluginTest.java?rev=955617&r1=955616&r2=955617&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallPluginTest.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallPluginTest.java Thu Jun 17 14:37:59 2010
@@ -23,11 +23,10 @@ import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.net.InetSocketAddress;
-
+import java.net.SocketAddress;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.XMLConfiguration;
-import org.apache.qpid.server.configuration.ServerConfiguration;
import org.apache.qpid.server.security.Result;
import org.apache.qpid.server.security.access.plugins.Firewall;
import org.apache.qpid.server.security.access.plugins.FirewallConfiguration;
@@ -73,8 +72,15 @@ public class FirewallPluginTest extends
}
// IP address
- private String _address= "127.0.0.1";
+ private SocketAddress _address;
+ @Override
+ public void setUp() throws Exception
+ {
+ super.setUp();
+
+ _address = new InetSocketAddress("127.0.0.1", 65535);
+ }
private Firewall initialisePlugin(String defaultAction, RuleInfo[] rules) throws IOException, ConfigurationException
{
@@ -139,7 +145,7 @@ public class FirewallPluginTest extends
assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
// Set IP so that we're connected from the right address
- _address = "192.168.23.23";
+ _address = new InetSocketAddress("192.168.23.23", 65535);
assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
}
@@ -154,7 +160,7 @@ public class FirewallPluginTest extends
assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
// Set IP so that we're connected from the right address
- _address = "192.168.23.23";
+ _address = new InetSocketAddress("192.168.23.23", 65535);
assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
}
@@ -167,7 +173,7 @@ public class FirewallPluginTest extends
Firewall plugin = initialisePlugin("deny", new RuleInfo[]{rule});
// Set IP so that we're connected from the right address
- _address = "127.0.0.1";
+ _address = new InetSocketAddress("127.0.0.1", 65535);
assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
}
@@ -180,7 +186,7 @@ public class FirewallPluginTest extends
Firewall plugin = initialisePlugin("deny", new RuleInfo[]{rule});
// Set IP so that we're connected from the right address
- _address = "127.0.0.1";
+ _address = new InetSocketAddress("127.0.0.1", 65535);
assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
}
@@ -203,7 +209,7 @@ public class FirewallPluginTest extends
assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
// Set IP so that we're connected from the right address
- _address = "192.168.23.23";
+ _address = new InetSocketAddress("192.168.23.23", 65535);
assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
}
@@ -226,7 +232,7 @@ public class FirewallPluginTest extends
assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
// Set IP so that we're connected from the right address
- _address = "192.168.23.23";
+ _address = new InetSocketAddress("192.168.23.23", 65535);
assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
}
@@ -240,7 +246,7 @@ public class FirewallPluginTest extends
assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
// Set IP so that we're connected from the right address
- _address = "192.168.23.23";
+ _address = new InetSocketAddress("192.168.23.23", 65535);
assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
}
@@ -254,7 +260,7 @@ public class FirewallPluginTest extends
assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
// Set IP so that we're connected from the right address
- _address = "192.168.23.23";
+ _address = new InetSocketAddress("192.168.23.23", 65535);
assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
}
@@ -266,11 +272,11 @@ public class FirewallPluginTest extends
Firewall plugin = initialisePlugin("deny", new RuleInfo[]{firstRule});
// Set IP so that we're connected from the right address
- _address = "10.0.0.1";
+ _address = new InetSocketAddress("10.0.0.1", 65535);
assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
// Set IP so that we're connected from the right address
- _address = "127.0.0.1";
+ _address = new InetSocketAddress("127.0.0.1", 65535);
assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
}
}
Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/handler/ConnectionOpenMethodHandler.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/handler/ConnectionOpenMethodHandler.java?rev=955617&r1=955616&r2=955617&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/handler/ConnectionOpenMethodHandler.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/handler/ConnectionOpenMethodHandler.java Thu Jun 17 14:37:59 2010
@@ -77,7 +77,7 @@ public class ConnectionOpenMethodHandler
else
{
// Check virtualhost access
- if (!virtualHost.getSecurityManager().accessVirtualhost(virtualHostName, session.getRemoteAddress().toString()))
+ if (!virtualHost.getSecurityManager().accessVirtualhost(virtualHostName, session.getRemoteAddress()))
{
throw body.getConnectionException(AMQConstant.ACCESS_REFUSED, "Permission denied: '" + virtualHost.getName() + "'");
}
Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java?rev=955617&r1=955616&r2=955617&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java Thu Jun 17 14:37:59 2010
@@ -21,6 +21,7 @@ package org.apache.qpid.server.security;
import static org.apache.qpid.server.security.access.ObjectType.*;
import static org.apache.qpid.server.security.access.Operation.*;
+import java.net.SocketAddress;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashMap;
@@ -312,7 +313,7 @@ public class SecurityManager
});
}
- public boolean accessVirtualhost(final String vhostname, final String remoteAddress)
+ public boolean accessVirtualhost(final String vhostname, final SocketAddress remoteAddress)
{
return checkAllPlugins(new AccessCheck()
{
Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/transport/ServerConnectionDelegate.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/transport/ServerConnectionDelegate.java?rev=955617&r1=955616&r2=955617&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/transport/ServerConnectionDelegate.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/transport/ServerConnectionDelegate.java Thu Jun 17 14:37:59 2010
@@ -22,6 +22,7 @@ package org.apache.qpid.server.transport
import org.apache.qpid.transport.*;
+import org.apache.qpid.protocol.ProtocolEngine;
import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.registry.IApplicationRegistry;
import org.apache.qpid.server.virtualhost.VirtualHost;
@@ -103,7 +104,7 @@ public class ServerConnectionDelegate ex
{
sconn.setVirtualHost(vhost);
- if (!vhost.getSecurityManager().accessVirtualhost(vhostName, sconn.getConfig().getAddress()))
+ if (!vhost.getSecurityManager().accessVirtualhost(vhostName, ((ProtocolEngine) sconn.getConfig()).getRemoteAddress()))
{
sconn.invoke(new ConnectionClose(ConnectionCloseCode.CONNECTION_FORCED, "Permission denied '"+vhostName+"'"));
sconn.setState(Connection.State.CLOSING);
Modified: qpid/trunk/qpid/java/systests/etc/config-systests-ServerConfigurationTest-New.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/config-systests-ServerConfigurationTest-New.xml?rev=955617&r1=955616&r2=955617&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/etc/config-systests-ServerConfigurationTest-New.xml (original)
+++ qpid/trunk/qpid/java/systests/etc/config-systests-ServerConfigurationTest-New.xml Thu Jun 17 14:37:59 2010
@@ -24,6 +24,8 @@
<work>${QPID_WORK}</work>
<conf>${QPID_HOME}/etc</conf>
<passwordDir>${conf}</passwordDir>
+ <plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory>
+ <cache-directory>${QPID_WORK}/cache</cache-directory>
<connector>
<transport>nio</transport>
<port>5672</port>
Modified: qpid/trunk/qpid/java/systests/etc/config-systests-ServerConfigurationTest-Old.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/config-systests-ServerConfigurationTest-Old.xml?rev=955617&r1=955616&r2=955617&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/etc/config-systests-ServerConfigurationTest-Old.xml (original)
+++ qpid/trunk/qpid/java/systests/etc/config-systests-ServerConfigurationTest-Old.xml Thu Jun 17 14:37:59 2010
@@ -24,6 +24,8 @@
<work>${QPID_WORK}</work>
<conf>${QPID_HOME}/etc</conf>
<passwordDir>${conf}</passwordDir>
+<plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory>
+<cache-directory>${QPID_WORK}/cache</cache-directory>
<connector>
<transport>nio</transport>
<port>5672</port>
Modified: qpid/trunk/qpid/java/systests/etc/config-systests-firewall-2.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/config-systests-firewall-2.xml?rev=955617&r1=955616&r2=955617&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/etc/config-systests-firewall-2.xml (original)
+++ qpid/trunk/qpid/java/systests/etc/config-systests-firewall-2.xml Thu Jun 17 14:37:59 2010
@@ -23,6 +23,8 @@
<prefix>${QPID_HOME}</prefix>
<work>${QPID_WORK}</work>
<conf>${prefix}/etc</conf>
+ <plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory>
+ <cache-directory>${QPID_WORK}/cache</cache-directory>
<connector>
<!-- To enable SSL edit the keystorePath and keystorePassword
and set enabled to true.
@@ -87,9 +89,7 @@
<principal-database>passwordfile</principal-database>
</jmx>
- <firewall default-action="allow">
- <rule access="deny" network="127.0.0.1"/>
- </firewall>
+ <firewall default-action="deny"/>
</security>
<virtualhosts>${conf}/virtualhosts-systests-firewall-2.xml</virtualhosts>
Modified: qpid/trunk/qpid/java/systests/etc/config-systests-firewall-3.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/config-systests-firewall-3.xml?rev=955617&r1=955616&r2=955617&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/etc/config-systests-firewall-3.xml (original)
+++ qpid/trunk/qpid/java/systests/etc/config-systests-firewall-3.xml Thu Jun 17 14:37:59 2010
@@ -23,6 +23,8 @@
<prefix>${QPID_HOME}</prefix>
<work>${QPID_WORK}</work>
<conf>${prefix}/etc</conf>
+ <plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory>
+ <cache-directory>${QPID_WORK}/cache</cache-directory>
<connector>
<!-- To enable SSL edit the keystorePath and keystorePassword
and set enabled to true.
Modified: qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-2.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-2.xml?rev=955617&r1=955616&r2=955617&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-2.xml (original)
+++ qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-2.xml Thu Jun 17 14:37:59 2010
@@ -28,9 +28,6 @@
<store>
<class>org.apache.qpid.server.store.MemoryMessageStore</class>
</store>
- <security>
- <firewall default-action="allow"/>
- </security>
</test>
</virtualhost>
@@ -40,6 +37,11 @@
<store>
<class>org.apache.qpid.server.store.MemoryMessageStore</class>
</store>
+ <security>
+ <firewall default-action="deny">
+ <rule access="allow" network="127.0.0.1"/>
+ </firewall>
+ </security>
</test2>
</virtualhost>
</virtualhosts>
\ No newline at end of file
Modified: qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-3.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-3.xml?rev=955617&r1=955616&r2=955617&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-3.xml (original)
+++ qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-3.xml Thu Jun 17 14:37:59 2010
@@ -38,8 +38,8 @@
<class>org.apache.qpid.server.store.MemoryMessageStore</class>
</store>
<security>
- <firewall default-action="deny"/>
- </security>
+ <firewall default-action="deny"/>
+ </security>
</test2>
</virtualhost>
</virtualhosts>
Modified: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/firewall/FirewallConfigTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/firewall/FirewallConfigTest.java?rev=955617&r1=955616&r2=955617&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/firewall/FirewallConfigTest.java (original)
+++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/firewall/FirewallConfigTest.java Thu Jun 17 14:37:59 2010
@@ -100,26 +100,26 @@ public class FirewallConfigTest extends
try
{
//Try to get a connection to the 'test2' vhost
- //This is expected to fail as it is denied at the broker level
- conn = getConnection(new AMQConnectionURL("amqp://username:password@clientid/test2?brokerlist='" + getBroker() + "'"));
- fail("We expected the connection to fail");
+ //This is expected to succeed as it is allowed at the vhost level
+ conn = getConnection(new AMQConnectionURL("amqp://guest:guest@clientid/test2?brokerlist='" + getBroker() + "'"));
}
catch (JMSException e)
{
- //ignore
+ e.getLinkedException().printStackTrace();
+ fail("The connection was expected to succeed: " + e.getMessage());
}
conn = null;
try
{
//Try to get a connection to the 'test' vhost
- //This is expected to succeed as it is allowed at the vhost level
+ //This is expected to fail as it is denied at the broker level
conn = getConnection();
+ fail("We expected the connection to fail");
}
catch (JMSException e)
{
- e.getLinkedException().printStackTrace();
- fail("The connection was expected to succeed: " + e.getMessage());
+ //ignore
}
}
@@ -141,8 +141,8 @@ public class FirewallConfigTest extends
{
//Try to get a connection to the 'test2' vhost
//This is expected to fail as it is denied at the vhost level
- conn = getConnection(new AMQConnectionURL(
- "amqp://username:password@clientid/test2?brokerlist='" + getBroker() + "'"));
+ conn = getConnection(new AMQConnectionURL("amqp://guest:guest@clientid/test2?brokerlist='" + getBroker() + "'"));
+ fail("The connection was expected to fail");
}
catch (JMSException e)
{
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org