You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by gt...@apache.org on 2015/08/25 13:07:29 UTC
activemq git commit: https://issues.apache.org/jira/browse/AMQ-5943 -
patch, with test, applied with thanks to Torsten Mielke
Repository: activemq
Updated Branches:
refs/heads/master d983d525c -> 10a74ce73
https://issues.apache.org/jira/browse/AMQ-5943 - patch, with test, applied with thanks to Torsten Mielke
Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/10a74ce7
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/10a74ce7
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/10a74ce7
Branch: refs/heads/master
Commit: 10a74ce7374d717defca0905f62e2181a93c6b20
Parents: d983d52
Author: gtully <ga...@gmail.com>
Authored: Tue Aug 25 12:07:02 2015 +0100
Committer: gtully <ga...@gmail.com>
Committed: Tue Aug 25 12:07:02 2015 +0100
----------------------------------------------------------------------
.../security/JaasDualAuthenticationBroker.java | 34 ++--
...JaasDualAuthenticationNetworkBridgeTest.java | 135 ++++++++++++++
...alAuthenticationNetworkBridgeTest.properties | 28 +++
...asDualAuthenticationNetworkBridgeTest.config | 32 ++++
.../JaasDualAuthenticationNetworkBridgeTest.xml | 178 +++++++++++++++++++
...alAuthenticationNetworkBridgeTest.properties | 31 ++++
...alAuthenticationNetworkBridgeTest.properties | 21 +++
7 files changed, 441 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq/blob/10a74ce7/activemq-broker/src/main/java/org/apache/activemq/security/JaasDualAuthenticationBroker.java
----------------------------------------------------------------------
diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/JaasDualAuthenticationBroker.java b/activemq-broker/src/main/java/org/apache/activemq/security/JaasDualAuthenticationBroker.java
index 28d8fef..c2aacde 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/security/JaasDualAuthenticationBroker.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/security/JaasDualAuthenticationBroker.java
@@ -27,7 +27,6 @@ import org.apache.activemq.broker.EmptyBroker;
import org.apache.activemq.broker.TransportConnector;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.command.ConnectionInfo;
-import org.apache.activemq.transport.tcp.SslTransportServer;
/**
* A JAAS Authentication Broker that uses different JAAS domain configurations
@@ -89,14 +88,7 @@ public class JaasDualAuthenticationBroker extends BrokerFilter implements Authen
@Override
public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception {
if (context.getSecurityContext() == null) {
- boolean isSSL = false;
- Connector connector = context.getConnector();
- if (connector instanceof TransportConnector) {
- TransportConnector transportConnector = (TransportConnector) connector;
- isSSL = transportConnector.getServer().isSslServer();
- }
-
- if (isSSL) {
+ if (isSSL(context, info)) {
this.sslBroker.addConnection(context, info);
} else {
this.nonSslBroker.addConnection(context, info);
@@ -110,22 +102,28 @@ public class JaasDualAuthenticationBroker extends BrokerFilter implements Authen
*/
@Override
public void removeConnection(ConnectionContext context, ConnectionInfo info, Throwable error) throws Exception {
- boolean isSSL;
- Connector connector = context.getConnector();
- if (connector instanceof TransportConnector) {
- TransportConnector transportConnector = (TransportConnector) connector;
- isSSL = (transportConnector.getServer() instanceof SslTransportServer);
- } else {
- isSSL = false;
- }
super.removeConnection(context, info, error);
- if (isSSL) {
+ if (isSSL(context, info)) {
this.sslBroker.removeConnection(context, info, error);
} else {
this.nonSslBroker.removeConnection(context, info, error);
}
}
+ private boolean isSSL(ConnectionContext context, ConnectionInfo info) throws Exception {
+ boolean sslCapable = false;
+ Connector connector = context.getConnector();
+ if (connector instanceof TransportConnector) {
+ TransportConnector transportConnector = (TransportConnector) connector;
+ sslCapable = transportConnector.getServer().isSslServer();
+ }
+ // AMQ-5943, also check if transport context carries X509 cert
+ if (!sslCapable && info.getTransportContext() instanceof X509Certificate[]) {
+ sslCapable = true;
+ }
+ return sslCapable;
+ }
+
@Override
public void removeDestination(ConnectionContext context, ActiveMQDestination destination, long timeout) throws Exception {
// Give both a chance to clear out their contexts
http://git-wip-us.apache.org/repos/asf/activemq/blob/10a74ce7/activemq-unit-tests/src/test/java/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.java
new file mode 100644
index 0000000..30b260f
--- /dev/null
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.java
@@ -0,0 +1,135 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.security;
+
+import java.net.URL;
+import java.util.Collection;
+import java.util.List;
+
+import org.apache.activemq.broker.BrokerService;
+import org.apache.activemq.network.NetworkBridge;
+import org.apache.activemq.network.NetworkConnector;
+import org.apache.xbean.spring.context.ClassPathXmlApplicationContext;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.Assert;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * Unit test for https://issues.apache.org/jira/browse/AMQ-5943.
+ * Creates a network bridge to a broker that is configured for
+ * JaasDualAuthenticationPlugin.
+ * The broker that creates the network bridge does not set a
+ * username/password on the nc configuration but expects to be
+ * authenticated via its SSL certificate.
+ * This test uses these external configuration files from
+ * src/test/resources/
+ * - org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.xml
+ * - login-JaasDualAuthenticationNetworkBridgeTest.config
+ * - users-JaasDualAuthenticationNetworkBridgeTest.properties
+ * - groups-JaasDualAuthenticationNetworkBridgeTest.properties
+ * - ssl-domain-JaasDualAuthenticationNetworkBridgeTest.properties
+ */
+public class JaasDualAuthenticationNetworkBridgeTest {
+ protected final static String CONFIG_FILE="org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.xml";
+ protected static Logger LOG = LoggerFactory.getLogger(JaasDualAuthenticationNetworkBridgeTest.class);
+ private BrokerService broker1 = null;
+ private BrokerService broker2 = null;
+
+ /**
+ * @throws java.lang.Exception
+ */
+ @Before
+ public void setUp() throws Exception {
+ LOG.info("Starting up");
+ String path = null;
+ URL resource = JaasDualAuthenticationNetworkBridgeTest.class.getClassLoader().getResource("login-JaasDualAuthenticationNetworkBridgeTest.config");
+ if (resource != null) {
+ path = resource.getFile();
+ System.setProperty("java.security.auth.login.config", path);
+ }
+ LOG.info("Path to login config: " + path);
+
+ try {
+ ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(CONFIG_FILE);
+ broker1 = (BrokerService)context.getBean("broker1");
+ broker2 = (BrokerService)context.getBean("broker2");
+ }
+ catch(Exception e) {
+ LOG.error("Error: " + e.getMessage());
+ throw e;
+ }
+ }
+
+ /**
+ * @throws java.lang.Exception
+ */
+ @After
+ public void tearDown() throws Exception {
+ LOG.info("Shutting down");
+ if (broker1 != null && broker1.isStarted()) {
+ LOG.info("Broker still running, stopping it now.");
+ broker1.stop();
+ }
+ else {
+ LOG.info("Broker1 not running, nothing to shutdown.");
+ }
+ if (broker2 != null && broker2.isStarted()) {
+ LOG.info("Broker still running, stopping it now.");
+ broker2.stop();
+ }
+ else {
+ LOG.info("Broker2 not running, nothing to shutdown.");
+ }
+ }
+
+
+ /**
+ * Waits 5 seconds for the network bridge between broker 1 and 2 to be
+ * established, then checks if the bridge exists, by querying broker1.
+ *
+ * @throws Exception is network bridge does not exist between both
+ * broker instances.
+ */
+ @Test
+ public void testNetworkBridgeUsingJaasDualAuthenticationPlugin() throws Exception {
+ LOG.info("testNetworkBridgeUsingJaasDualAuthenticationPlugin() called.");
+ try {
+ // give 5 seconds for broker instances to establish network bridge
+ Thread.sleep(5000);
+
+ // verify that network bridge is established
+ Assert.assertNotNull(broker1);
+ List<NetworkConnector> ncs = broker1.getNetworkConnectors();
+ Assert.assertNotNull("Network Connector not found.", ncs);
+ Assert.assertFalse("Network Connector not found.", ncs.isEmpty());
+ NetworkConnector nc =(NetworkConnector)ncs.get(0);
+ Collection<NetworkBridge> bridges = nc.activeBridges();
+ Assert.assertFalse("Network bridge not established to broker 2", bridges.isEmpty());
+ Assert.assertTrue("Network bridge not established to broker 2", bridges.size() == 1);
+ LOG.info("Network bridge is correctly established.");
+ } catch (java.lang.InterruptedException ex) {
+ LOG.warn(ex.getMessage());
+ }
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/activemq/blob/10a74ce7/activemq-unit-tests/src/test/resources/groups-JaasDualAuthenticationNetworkBridgeTest.properties
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/resources/groups-JaasDualAuthenticationNetworkBridgeTest.properties b/activemq-unit-tests/src/test/resources/groups-JaasDualAuthenticationNetworkBridgeTest.properties
new file mode 100644
index 0000000..327d09a
--- /dev/null
+++ b/activemq-unit-tests/src/test/resources/groups-JaasDualAuthenticationNetworkBridgeTest.properties
@@ -0,0 +1,28 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+
+#
+# This file contains the roles for users who can log into JBoss A-MQ.
+# Each line has to be of the format:
+#
+# GROUP=USER1,USER2,....
+#
+
+# Used by test org.apache.activemq.security.JaasDualAuthenticationNetworkBridgeTest
+
+admins=admin,adminSSL
+administrators=admin,adminSSL
http://git-wip-us.apache.org/repos/asf/activemq/blob/10a74ce7/activemq-unit-tests/src/test/resources/login-JaasDualAuthenticationNetworkBridgeTest.config
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/resources/login-JaasDualAuthenticationNetworkBridgeTest.config b/activemq-unit-tests/src/test/resources/login-JaasDualAuthenticationNetworkBridgeTest.config
new file mode 100644
index 0000000..e45af41
--- /dev/null
+++ b/activemq-unit-tests/src/test/resources/login-JaasDualAuthenticationNetworkBridgeTest.config
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Used by test org.apache.activemq.security.JaasDualAuthenticationNetworkBridgeTest
+ */
+activemq-domain {
+
+ org.apache.activemq.jaas.PropertiesLoginModule requisite
+ debug=true
+ org.apache.activemq.jaas.properties.user="users-JaasDualAuthenticationNetworkBridgeTest.properties"
+ org.apache.activemq.jaas.properties.group="groups-JaasDualAuthenticationNetworkBridgeTest.properties";
+};
+
+activemq-ssl-domain {
+ org.apache.activemq.jaas.TextFileCertificateLoginModule required
+ debug=true
+ org.apache.activemq.jaas.textfiledn.user="ssl-domain-JaasDualAuthenticationNetworkBridgeTest.properties"
+ org.apache.activemq.jaas.textfiledn.group="groups-JaasDualAuthenticationNetworkBridgeTest.properties";
+};
http://git-wip-us.apache.org/repos/asf/activemq/blob/10a74ce7/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.xml
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.xml
new file mode 100644
index 0000000..7b81018
--- /dev/null
+++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.xml
@@ -0,0 +1,178 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<beans
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:amq="http://activemq.apache.org/schema/core"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://activemq.apache.org/schema/core
+ http://activemq.apache.org/schema/core/activemq-core-5.4.2.xsd">
+
+ <!-- first broker instance -->
+ <broker xmlns="http://activemq.apache.org/schema/core" brokerName="broker1" id="broker1"
+ dataDirectory="./target/activemq-data-broker1" persistent="false">
+
+ <destinationPolicy>
+ <policyMap>
+ <policyEntries>
+ <policyEntry queue=">" memoryLimit="20mb">
+ <deadLetterStrategy>
+ <sharedDeadLetterStrategy processExpired="false" processNonPersistent="false"/>
+ </deadLetterStrategy>
+ </policyEntry>
+
+ <policyEntry topic=">" producerFlowControl="true" >
+ </policyEntry>
+ </policyEntries>
+ </policyMap>
+ </destinationPolicy>
+
+ <managementContext>
+ <managementContext createConnector="false" />
+ </managementContext>
+
+ <!-- network of brokers configuration -->
+ <networkConnectors>
+ <networkConnector decreaseNetworkConsumerPriority="true" duplex="true" dynamicOnly="true" name="to-A" networkTTL="2" uri="static://(ssl://localhost:61626)" >
+ <!-- userName="admin" password="admin" -->
+ <excludedDestinations>
+ <queue physicalName="MyQueue"/>
+ </excludedDestinations>
+ </networkConnector>
+ </networkConnectors>
+
+
+ <plugins>
+ <!--jaasAuthenticationPlugin configuration="activemq" /-->
+ <jaasDualAuthenticationPlugin configuration="activemq-domain" sslConfiguration="activemq-ssl-domain"/>
+ <authorizationPlugin>
+ <map>
+ <authorizationMap>
+ <authorizationEntries>
+ <authorizationEntry queue=">" admin="administrators" read="administrators" write="administrators"/>
+ <authorizationEntry topic=">" admin="administrators" read="administrators" write="administrators"/>
+ <authorizationEntry topic="ActiveMQ.Advisory.>" admin="*" read="*" write="*"/>
+ <authorizationEntry queue="ActiveMQ.DLQ" admin="administrators" read="*" write="*"/>
+ </authorizationEntries>
+ </authorizationMap>
+ </map>
+ </authorizationPlugin>
+ </plugins>
+
+
+ <sslContext>
+ <sslContext
+ keyStore="server.keystore"
+ keyStorePassword="password"
+ trustStore="server.keystore"
+ trustStorePassword="password"
+ />
+ </sslContext>
+
+ <systemUsage>
+ <systemUsage>
+ <memoryUsage>
+ <memoryUsage limit="60 mb" />
+ </memoryUsage>
+ <storeUsage>
+ <storeUsage limit="1 mb" />
+ </storeUsage>
+ <tempUsage>
+ <tempUsage limit="50 mb" />
+ </tempUsage>
+ </systemUsage>
+ </systemUsage>
+
+ <transportConnectors>
+ <transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:62626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/>
+ </transportConnectors>
+ </broker>
+
+ <!-- second broker instance -->
+ <broker xmlns="http://activemq.apache.org/schema/core" brokerName="broker2" id="broker2"
+ dataDirectory="./target/activemq-data-broker2" persistent="false">
+
+ <destinationPolicy>
+ <policyMap>
+ <policyEntries>
+ <policyEntry queue=">" memoryLimit="20mb">
+ <deadLetterStrategy>
+ <sharedDeadLetterStrategy processExpired="false" processNonPersistent="false"/>
+ </deadLetterStrategy>
+ </policyEntry>
+
+ <policyEntry topic=">" producerFlowControl="true" >
+ <deadLetterStrategy>
+ <sharedDeadLetterStrategy processExpired="false" processNonPersistent="false"/>
+ </deadLetterStrategy>
+ </policyEntry>
+ </policyEntries>
+ </policyMap>
+ </destinationPolicy>
+
+ <managementContext>
+ <managementContext createConnector="false" />
+ </managementContext>
+
+ <plugins>
+ <!--jaasAuthenticationPlugin configuration="activemq" /-->
+ <!--jaasCertificateAuthenticationPlugin configuration="activemq-ssl-domain" /-->
+ <jaasDualAuthenticationPlugin configuration="activemq-domain" sslConfiguration="activemq-ssl-domain"/>
+ <authorizationPlugin>
+ <map>
+ <authorizationMap>
+ <authorizationEntries>
+ <authorizationEntry queue=">" admin="administrators" read="administrators" write="administrators"/>
+ <authorizationEntry topic=">" admin="administrators" read="administrators" write="administrators"/>
+ <authorizationEntry topic="ActiveMQ.Advisory.>" admin="*" read="*" write="*"/>
+ <authorizationEntry queue="ActiveMQ.DLQ" admin="administrators" read="*" write="*"/>
+ </authorizationEntries>
+ </authorizationMap>
+ </map>
+ </authorizationPlugin>
+ </plugins>
+
+ <sslContext>
+ <sslContext
+ keyStore="server.keystore"
+ keyStorePassword="password"
+ trustStore="server.keystore"
+ trustStorePassword="password"
+ />
+ </sslContext>
+
+ <systemUsage>
+ <systemUsage>
+ <memoryUsage>
+ <memoryUsage limit="60 mb" />
+ </memoryUsage>
+ <storeUsage>
+ <storeUsage limit="1 mb" />
+ </storeUsage>
+ <tempUsage>
+ <tempUsage limit="50 mb" />
+ </tempUsage>
+ </systemUsage>
+ </systemUsage>
+
+ <transportConnectors>
+ <transportConnector name="openwire+ssl-2" uri="ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/>
+ </transportConnectors>
+ </broker>
+</beans>
+
http://git-wip-us.apache.org/repos/asf/activemq/blob/10a74ce7/activemq-unit-tests/src/test/resources/ssl-domain-JaasDualAuthenticationNetworkBridgeTest.properties
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/resources/ssl-domain-JaasDualAuthenticationNetworkBridgeTest.properties b/activemq-unit-tests/src/test/resources/ssl-domain-JaasDualAuthenticationNetworkBridgeTest.properties
new file mode 100644
index 0000000..931e673
--- /dev/null
+++ b/activemq-unit-tests/src/test/resources/ssl-domain-JaasDualAuthenticationNetworkBridgeTest.properties
@@ -0,0 +1,31 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+
+################################################################################
+#
+# This file contains the valid users who can access this A-MQ using valid SSL certificates.
+# Each line has to be of the format:
+#
+# USER=Sringfied SubjectDN
+#
+#
+# You must have at least one users to be able to access JBoss A-MQ resources
+
+
+# Used by test org.apache.activemq.security.JaasDualAuthenticationNetworkBridgeTest
+
+adminSSL=CN=localhost, OU=activemq.org, O=activemq.org, L=LA, ST=CA, C=US
http://git-wip-us.apache.org/repos/asf/activemq/blob/10a74ce7/activemq-unit-tests/src/test/resources/users-JaasDualAuthenticationNetworkBridgeTest.properties
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/resources/users-JaasDualAuthenticationNetworkBridgeTest.properties b/activemq-unit-tests/src/test/resources/users-JaasDualAuthenticationNetworkBridgeTest.properties
new file mode 100644
index 0000000..a48ce7d
--- /dev/null
+++ b/activemq-unit-tests/src/test/resources/users-JaasDualAuthenticationNetworkBridgeTest.properties
@@ -0,0 +1,21 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+
+#
+# Used by test org.apache.activemq.security.JaasDualAuthenticationNetworkBridgeTest
+
+admin=admin