You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by de...@apache.org on 2009/06/02 14:48:47 UTC
svn commit: r781022 - in /activemq/trunk/activemq-core/src:
main/java/org/apache/activemq/broker/jmx/
main/java/org/apache/activemq/security/
test/java/org/apache/activemq/security/
test/resources/org/apache/activemq/security/
Author: dejanb
Date: Tue Jun 2 12:48:47 2009
New Revision: 781022
URL: http://svn.apache.org/viewvc?rev=781022&view=rev
Log:
fix for https://issues.apache.org/activemq/browse/AMQ-2232 - jmx operations on secured broker
Added:
activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/SecurityJMXTest.java
Modified:
activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/jmx/DestinationView.java
activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml
Modified: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/jmx/DestinationView.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/jmx/DestinationView.java?rev=781022&r1=781021&r2=781022&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/jmx/DestinationView.java (original)
+++ activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/jmx/DestinationView.java Tue Jun 2 12:48:47 2009
@@ -253,7 +253,7 @@
}
public String sendTextMessage(String body, String user, String password) throws Exception {
- return sendTextMessage(Collections.EMPTY_MAP,body,null,null);
+ return sendTextMessage(Collections.EMPTY_MAP,body,user,password);
}
public String sendTextMessage(Map headers, String body,String userName,String password) throws Exception {
Modified: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java?rev=781022&r1=781021&r2=781022&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java (original)
+++ activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java Tue Jun 2 12:48:47 2009
@@ -87,7 +87,7 @@
allowedACLs = authorizationMap.getTempDestinationAdminACLs();
}
- if (allowedACLs != null && !securityContext.isInOneOf(allowedACLs)) {
+ if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs)) {
throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to remove: " + destination);
}
super.removeDestination(context, destination, timeout);
@@ -106,7 +106,7 @@
allowedACLs = authorizationMap.getTempDestinationReadACLs();
}
- if (allowedACLs != null && !subject.isInOneOf(allowedACLs)) {
+ if (!subject.isBrokerContext() && allowedACLs != null && !subject.isInOneOf(allowedACLs)) {
throw new SecurityException("User " + subject.getUserName() + " is not authorized to read from: " + info.getDestination());
}
subject.getAuthorizedReadDests().put(info.getDestination(), info.getDestination());
@@ -141,7 +141,7 @@
if (subject == null) {
throw new SecurityException("User is not authenticated.");
}
- if (info.getDestination() != null) {
+ if (!subject.isBrokerContext() && info.getDestination() != null) {
Set<?> allowedACLs = null;
if (!info.getDestination().isTemporary()) {
@@ -163,7 +163,7 @@
if (subject == null) {
throw new SecurityException("User is not authenticated.");
}
- if (!subject.getAuthorizedWriteDests().contains(messageSend.getDestination())) {
+ if (!subject.isBrokerContext() && !subject.getAuthorizedWriteDests().contains(messageSend.getDestination())) {
Set<?> allowedACLs = null;
if (!messageSend.getDestination().isTemporary()) {
Added: activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/SecurityJMXTest.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/SecurityJMXTest.java?rev=781022&view=auto
==============================================================================
--- activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/SecurityJMXTest.java (added)
+++ activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/SecurityJMXTest.java Tue Jun 2 12:48:47 2009
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.security;
+
+
+import java.net.URI;
+import java.util.HashMap;
+
+import javax.management.MBeanServerConnection;
+import javax.management.MBeanServerInvocationHandler;
+import javax.management.ObjectName;
+import javax.management.remote.JMXConnector;
+import javax.management.remote.JMXConnectorFactory;
+import javax.management.remote.JMXServiceURL;
+
+import junit.framework.TestCase;
+
+import org.apache.activemq.broker.BrokerFactory;
+import org.apache.activemq.broker.BrokerService;
+import org.apache.activemq.broker.jmx.QueueViewMBean;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class SecurityJMXTest extends TestCase {
+
+ private static final Log LOG = LogFactory.getLog(SimpleAuthenticationPluginTest.class);
+ private BrokerService broker;
+
+ public void setUp() throws Exception {
+ broker = createBroker();
+ Thread.sleep(500);
+ }
+
+ public void tearDown() throws Exception {
+ }
+
+ public void testMoveMessages() throws Exception {
+ JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi");
+ JMXConnector connector = JMXConnectorFactory.connect(url, null);
+ connector.connect();
+ MBeanServerConnection connection = connector.getMBeanServerConnection();
+ ObjectName name = new ObjectName("org.apache.activemq:BrokerName=localhost,Type=Queue,Destination=TEST.Q");
+ QueueViewMBean queueMbean = (QueueViewMBean) MBeanServerInvocationHandler.newProxyInstance(connection, name, QueueViewMBean.class, true);
+ String msgId = queueMbean.sendTextMessage("test", "system", "manager");
+ queueMbean.moveMessageTo(msgId, "TEST1.Q");
+ }
+
+ protected BrokerService createBroker() throws Exception {
+ return createBroker("org/apache/activemq/security/simple-auth-broker.xml");
+ }
+
+ protected BrokerService createBroker(String uri) throws Exception {
+ LOG.info("Loading broker configuration from the classpath with URI: " + uri);
+ return BrokerFactory.createBroker(new URI("xbean:" + uri));
+ }
+
+}
Modified: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml?rev=781022&r1=781021&r2=781022&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml (original)
+++ activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml Tue Jun 2 12:48:47 2009
@@ -21,7 +21,7 @@
<beans>
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <broker useJmx="false" persistent="false" xmlns="http://activemq.apache.org/schema/core" populateJMSXUserID="true">
+ <broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core" populateJMSXUserID="true">
<destinations>
<queue physicalName="TEST.Q" />