You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cl...@apache.org on 2016/05/25 13:34:28 UTC
[2/2] activemq-artemis git commit:
https://issues.apache.org/jira/browse/ARTEMIS-537 - allow artemis to work
properly with karaf jaas implementation
https://issues.apache.org/jira/browse/ARTEMIS-537 - allow artemis to work properly with karaf jaas implementation
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/5db16375
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/5db16375
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/5db16375
Branch: refs/heads/master
Commit: 5db163753db24ad4706cf144d6af08573d088475
Parents: 4a11a63
Author: Dejan Bosanac <de...@nighttale.net>
Authored: Wed May 25 13:39:46 2016 +0200
Committer: Clebert Suconic <cl...@apache.org>
Committed: Wed May 25 09:33:56 2016 -0400
----------------------------------------------------------------------
artemis-features/src/main/resources/artemis.xml | 15 +--
.../resources/org.apache.activemq.artemis.cfg | 3 +-
.../activemq/artemis/osgi/OsgiBroker.java | 5 +
.../security/ActiveMQJAASSecurityManager.java | 96 +++++++++++++++++++-
.../integration/karaf/ArtemisFeatureTest.java | 21 +++--
5 files changed, 121 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/5db16375/artemis-features/src/main/resources/artemis.xml
----------------------------------------------------------------------
diff --git a/artemis-features/src/main/resources/artemis.xml b/artemis-features/src/main/resources/artemis.xml
index d99f43d..99c04a1 100644
--- a/artemis-features/src/main/resources/artemis.xml
+++ b/artemis-features/src/main/resources/artemis.xml
@@ -65,14 +65,14 @@ under the License.
<security-settings>
<security-setting match="#">
- <permission type="createNonDurableQueue" roles="amq"/>
- <permission type="deleteNonDurableQueue" roles="amq"/>
- <permission type="createDurableQueue" roles="amq"/>
- <permission type="deleteDurableQueue" roles="amq"/>
- <permission type="consume" roles="amq"/>
- <permission type="send" roles="amq"/>
+ <permission type="createNonDurableQueue" roles="manager"/>
+ <permission type="deleteNonDurableQueue" roles="manager"/>
+ <permission type="createDurableQueue" roles="manager"/>
+ <permission type="deleteDurableQueue" roles="manager"/>
+ <permission type="consume" roles="manager"/>
+ <permission type="send" roles="manager"/>
<!-- we need this otherwise ./artemis data imp wouldn't work -->
- <permission type="manage" roles="amq"/>
+ <permission type="manage" roles="manager"/>
</security-setting>
</security-settings>
@@ -85,6 +85,7 @@ under the License.
<max-size-bytes>10485760</max-size-bytes>
<message-counter-history-day-limit>10</message-counter-history-day-limit>
<address-full-policy>BLOCK</address-full-policy>
+ <auto-create-jms-queues>true</auto-create-jms-queues>
</address-setting>
</address-settings>
</core>
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/5db16375/artemis-features/src/main/resources/org.apache.activemq.artemis.cfg
----------------------------------------------------------------------
diff --git a/artemis-features/src/main/resources/org.apache.activemq.artemis.cfg b/artemis-features/src/main/resources/org.apache.activemq.artemis.cfg
index 7714ddf..3318d15 100644
--- a/artemis-features/src/main/resources/org.apache.activemq.artemis.cfg
+++ b/artemis-features/src/main/resources/org.apache.activemq.artemis.cfg
@@ -1,3 +1,4 @@
config=file:etc/artemis.xml
name=local
-domain=local
+domain=karaf
+rolePrincipalClass=org.apache.karaf.jaas.boot.principal.RolePrincipal
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/5db16375/artemis-server-osgi/src/main/java/org/apache/activemq/artemis/osgi/OsgiBroker.java
----------------------------------------------------------------------
diff --git a/artemis-server-osgi/src/main/java/org/apache/activemq/artemis/osgi/OsgiBroker.java b/artemis-server-osgi/src/main/java/org/apache/activemq/artemis/osgi/OsgiBroker.java
index d6bfcb8..bfdc73e 100644
--- a/artemis-server-osgi/src/main/java/org/apache/activemq/artemis/osgi/OsgiBroker.java
+++ b/artemis-server-osgi/src/main/java/org/apache/activemq/artemis/osgi/OsgiBroker.java
@@ -50,6 +50,7 @@ import org.osgi.util.tracker.ServiceTracker;
public class OsgiBroker {
private String name;
private String configurationUrl;
+ private String rolePrincipalClass;
private Map<String, ActiveMQComponent> components;
private Map<String, ServiceRegistration<?>> registrations;
private ServiceTracker tracker;
@@ -60,8 +61,12 @@ public class OsgiBroker {
final Dictionary<String, Object> properties = cctx.getProperties();
configurationUrl = getMandatory(properties, "config");
name = getMandatory(properties, "name");
+ rolePrincipalClass = (String)properties.get("rolePrincipalClass");
String domain = getMandatory(properties, "domain");
ActiveMQJAASSecurityManager security = new ActiveMQJAASSecurityManager(domain);
+ if (rolePrincipalClass != null) {
+ security.setRolePrincipalClass(rolePrincipalClass);
+ }
String brokerInstance = null;
String karafDataDir = System.getProperty("karaf.data");
if (karafDataDir != null) {
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/5db16375/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java
index d076071..ad2a995 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java
@@ -20,6 +20,8 @@ import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.cert.X509Certificate;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Method;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
@@ -45,8 +47,11 @@ public class ActiveMQJAASSecurityManager implements ActiveMQSecurityManager2 {
private static final Logger logger = Logger.getLogger(ActiveMQJAASSecurityManager.class);
+ private static final String WILDCARD = "*";
+
private String configurationName;
private SecurityConfiguration configuration;
+ private String rolePrincipalClass = "org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal";
public ActiveMQJAASSecurityManager() {
}
@@ -72,7 +77,10 @@ public class ActiveMQJAASSecurityManager implements ActiveMQSecurityManager2 {
return true;
}
catch (LoginException e) {
- logger.debug("Couldn't validate user", e);
+ logger.info("Couldn't validate user: " + e.getMessage());
+ if (logger.isDebugEnabled()) {
+ logger.debug("Couldn't validate user", e);
+ }
return false;
}
}
@@ -108,9 +116,15 @@ public class ActiveMQJAASSecurityManager implements ActiveMQSecurityManager2 {
Set<RolePrincipal> rolesWithPermission = getPrincipalsInRole(checkType, roles);
// Check the caller's roles
- Set<RolePrincipal> rolesForSubject = localSubject.getPrincipals(RolePrincipal.class);
+ Set<Principal> rolesForSubject = new HashSet<Principal>();
+ try {
+ rolesForSubject.addAll(localSubject.getPrincipals(Class.forName(rolePrincipalClass).asSubclass(Principal.class)));
+ }
+ catch (Exception e) {
+ logger.info("Can't find roles for the subject", e);
+ }
if (rolesForSubject.size() > 0 && rolesWithPermission.size() > 0) {
- Iterator<RolePrincipal> rolesForSubjectIter = rolesForSubject.iterator();
+ Iterator<Principal> rolesForSubjectIter = rolesForSubject.iterator();
while (!authorized && rolesForSubjectIter.hasNext()) {
Iterator<RolePrincipal> rolesWithPermissionIter = rolesWithPermission.iterator();
Principal subjectRole = rolesForSubjectIter.next();
@@ -136,10 +150,15 @@ public class ActiveMQJAASSecurityManager implements ActiveMQSecurityManager2 {
}
private Set<RolePrincipal> getPrincipalsInRole(final CheckType checkType, final Set<Role> roles) {
- Set<RolePrincipal> principals = new HashSet<>();
+ Set principals = new HashSet<>();
for (Role role : roles) {
if (checkType.hasRole(role)) {
- principals.add(new RolePrincipal(role.getName()));
+ try {
+ principals.add(createGroupPrincipal(role.getName(), rolePrincipalClass));
+ }
+ catch (Exception e) {
+ logger.info("Can't add role principal", e);
+ }
}
}
return principals;
@@ -160,4 +179,71 @@ public class ActiveMQJAASSecurityManager implements ActiveMQSecurityManager2 {
return configuration;
}
+
+ public String getRolePrincipalClass() {
+ return rolePrincipalClass;
+ }
+
+ public void setRolePrincipalClass(String rolePrincipalClass) {
+ this.rolePrincipalClass = rolePrincipalClass;
+ }
+
+ public static Object createGroupPrincipal(String name, String groupClass) throws Exception {
+ if (WILDCARD.equals(name)) {
+ // simple match all group principal - match any name and class
+ return new Principal() {
+ @Override
+ public String getName() {
+ return WILDCARD;
+ }
+
+ @Override
+ public boolean equals(Object other) {
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ return WILDCARD.hashCode();
+ }
+ };
+ }
+ Object[] param = new Object[]{name};
+
+ Class<?> cls = Class.forName(groupClass);
+
+ Constructor<?>[] constructors = cls.getConstructors();
+ int i;
+ Object instance;
+ for (i = 0; i < constructors.length; i++) {
+ Class<?>[] paramTypes = constructors[i].getParameterTypes();
+ if (paramTypes.length != 0 && paramTypes[0].equals(String.class)) {
+ break;
+ }
+ }
+ if (i < constructors.length) {
+ instance = constructors[i].newInstance(param);
+ }
+ else {
+ instance = cls.newInstance();
+ Method[] methods = cls.getMethods();
+ i = 0;
+ for (i = 0; i < methods.length; i++) {
+ Class<?>[] paramTypes = methods[i].getParameterTypes();
+ if (paramTypes.length != 0 && methods[i].getName().equals("setName") && paramTypes[0].equals(String.class)) {
+ break;
+ }
+ }
+
+ if (i < methods.length) {
+ methods[i].invoke(instance, param);
+ }
+ else {
+ throw new NoSuchMethodException();
+ }
+ }
+
+ return instance;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/5db16375/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/karaf/ArtemisFeatureTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/karaf/ArtemisFeatureTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/karaf/ArtemisFeatureTest.java
index e7594cc..b216110 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/karaf/ArtemisFeatureTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/karaf/ArtemisFeatureTest.java
@@ -40,6 +40,11 @@ import org.osgi.framework.InvalidSyntaxException;
import org.osgi.util.tracker.ServiceTracker;
import javax.inject.Inject;
+import javax.jms.Connection;
+import javax.jms.Message;
+import javax.jms.MessageConsumer;
+import javax.jms.MessageProducer;
+import javax.jms.Queue;
import javax.security.auth.Subject;
import java.io.ByteArrayOutputStream;
import java.io.File;
@@ -137,13 +142,17 @@ public class ArtemisFeatureTest extends Assert {
String amqpURI = "amqp://localhost:5672";
JmsConnectionFactory factory = new JmsConnectionFactory(amqpURI);
- factory.setUsername(USER);
- factory.setPassword(PASSWORD);
+ Connection connection = factory.createConnection(USER, PASSWORD);
+ connection.start();
- //TODO fix security settings and test sending/receiving messages
- /*
- Connection connection = factory.createConnection();
- connection.start();*/
+ javax.jms.Session sess = connection.createSession(false, javax.jms.Session.AUTO_ACKNOWLEDGE);
+ Queue queue = sess.createQueue("jms.queue.exampleQueue");
+ MessageProducer producer = sess.createProducer(queue);
+ producer.send(sess.createTextMessage("TEST"));
+
+ MessageConsumer consumer = sess.createConsumer(queue);
+ Message msg = consumer.receive(5000);
+ assertNotNull(msg);
}
protected String executeCommand(final String command, final Long timeout, final Boolean silent) {