You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cl...@apache.org on 2016/08/11 22:33:09 UTC
[1/2] activemq-artemis git commit: ARTEMIS-592 finer-grained security
for queues
Repository: activemq-artemis
Updated Branches:
refs/heads/master 952d372ce -> 97bb55940
ARTEMIS-592 finer-grained security for queues
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/b54de460
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/b54de460
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/b54de460
Branch: refs/heads/master
Commit: b54de460c65cbb20b020ef662677a98de83c779d
Parents: 952d372
Author: jbertram <jb...@apache.org>
Authored: Fri Jul 1 21:18:06 2016 -0500
Committer: Clebert Suconic <cl...@apache.org>
Committed: Thu Aug 11 18:32:54 2016 -0400
----------------------------------------------------------------------
.../core/server/impl/ServerSessionImpl.java | 14 ++++-
.../integration/security/SecurityTest.java | 59 ++++++++++++++++++++
.../src/test/resources/roles.properties | 2 +
.../src/test/resources/users.properties | 2 +
4 files changed, 75 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/b54de460/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
index aeee1a8..c3d399a 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
@@ -420,10 +420,20 @@ public class ServerSessionImpl implements ServerSession, FailureListener {
}
if (browseOnly) {
- securityCheck(binding.getAddress(), CheckType.BROWSE, this);
+ try {
+ securityCheck(binding.getAddress(), CheckType.BROWSE, this);
+ }
+ catch (Exception e) {
+ securityCheck(binding.getAddress().concat(".").concat(queueName), CheckType.BROWSE, this);
+ }
}
else {
- securityCheck(binding.getAddress(), CheckType.CONSUME, this);
+ try {
+ securityCheck(binding.getAddress(), CheckType.CONSUME, this);
+ }
+ catch (Exception e) {
+ securityCheck(binding.getAddress().concat(".").concat(queueName), CheckType.CONSUME, this);
+ }
}
Filter filter = FilterImpl.createFilter(filterString);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/b54de460/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
index 17b1126..5059fab 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
@@ -314,6 +314,65 @@ public class SecurityTest extends ActiveMQTestBase {
}
@Test
+ public void testJAASSecurityManagerAuthorizationSameAddressDifferentQueues() throws Exception {
+ final SimpleString ADDRESS = new SimpleString("address");
+ final SimpleString QUEUE_A = new SimpleString("a");
+ final SimpleString QUEUE_B = new SimpleString("b");
+
+ ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
+ ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
+ Set<Role> aRoles = new HashSet<>();
+ aRoles.add(new Role(QUEUE_A.toString(), false, true, false, false, false, false, false, false));
+ server.getConfiguration().putSecurityRoles(ADDRESS.concat(".").concat(QUEUE_A).toString(), aRoles);
+ Set<Role> bRoles = new HashSet<>();
+ bRoles.add(new Role(QUEUE_B.toString(), false, true, false, false, false, false, false, false));
+ server.getConfiguration().putSecurityRoles(ADDRESS.concat(".").concat(QUEUE_B).toString(), bRoles);
+ server.start();
+ server.createQueue(ADDRESS, QUEUE_A, null, true, false);
+ server.createQueue(ADDRESS, QUEUE_B, null, true, false);
+
+ ClientSessionFactory cf = createSessionFactory(locator);
+ ClientSession aSession = addClientSession(cf.createSession("a", "a", false, true, true, false, 0));
+ ClientSession bSession = addClientSession(cf.createSession("b", "b", false, true, true, false, 0));
+
+ // client A CONSUME from queue A
+ try {
+ ClientConsumer consumer = aSession.createConsumer(QUEUE_A);
+ }
+ catch (ActiveMQException e) {
+ e.printStackTrace();
+ Assert.fail("should not throw exception here");
+ }
+
+ // client B CONSUME from queue A
+ try {
+ ClientConsumer consumer = bSession.createConsumer(QUEUE_A);
+ Assert.fail("should throw exception here");
+ }
+ catch (ActiveMQException e) {
+ assertTrue(e instanceof ActiveMQSecurityException);
+ }
+
+ // client B CONSUME from queue B
+ try {
+ ClientConsumer consumer = bSession.createConsumer(QUEUE_B);
+ }
+ catch (ActiveMQException e) {
+ e.printStackTrace();
+ Assert.fail("should not throw exception here");
+ }
+
+ // client A CONSUME from queue B
+ try {
+ ClientConsumer consumer = aSession.createConsumer(QUEUE_B);
+ Assert.fail("should throw exception here");
+ }
+ catch (ActiveMQException e) {
+ assertTrue(e instanceof ActiveMQSecurityException);
+ }
+ }
+
+ @Test
public void testJAASSecurityManagerAuthorizationNegativeWithCerts() throws Exception {
final SimpleString ADDRESS = new SimpleString("address");
final SimpleString DURABLE_QUEUE = new SimpleString("durableQueue");
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/b54de460/tests/integration-tests/src/test/resources/roles.properties
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/resources/roles.properties b/tests/integration-tests/src/test/resources/roles.properties
index de332d3..12649f0 100644
--- a/tests/integration-tests/src/test/resources/roles.properties
+++ b/tests/integration-tests/src/test/resources/roles.properties
@@ -18,3 +18,5 @@
programmers=first
accounting=second
employees=first,second
+a=a
+b=b
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/b54de460/tests/integration-tests/src/test/resources/users.properties
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/resources/users.properties b/tests/integration-tests/src/test/resources/users.properties
index 1087b0b..de63386 100644
--- a/tests/integration-tests/src/test/resources/users.properties
+++ b/tests/integration-tests/src/test/resources/users.properties
@@ -17,3 +17,5 @@
first=secret
second=password
+a=a
+b=b
[2/2] activemq-artemis git commit: This closes #701
Posted by cl...@apache.org.
This closes #701
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/97bb5594
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/97bb5594
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/97bb5594
Branch: refs/heads/master
Commit: 97bb55940d2fb15ec7ffd4cc6c669a24023b81e2
Parents: 952d372 b54de46
Author: Clebert Suconic <cl...@apache.org>
Authored: Thu Aug 11 18:32:55 2016 -0400
Committer: Clebert Suconic <cl...@apache.org>
Committed: Thu Aug 11 18:32:55 2016 -0400
----------------------------------------------------------------------
.../core/server/impl/ServerSessionImpl.java | 14 ++++-
.../integration/security/SecurityTest.java | 59 ++++++++++++++++++++
.../src/test/resources/roles.properties | 2 +
.../src/test/resources/users.properties | 2 +
4 files changed, 75 insertions(+), 2 deletions(-)
----------------------------------------------------------------------