You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by gt...@apache.org on 2016/10/05 16:09:24 UTC
activemq git commit: NO-JIRA - remove info logging of config mods,
add sanity test of mod to write acl for authorization plugin
Repository: activemq
Updated Branches:
refs/heads/master a27f4f2ea -> c1e94c615
NO-JIRA - remove info logging of config mods, add sanity test of mod to write acl for authorization plugin
Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/c1e94c61
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/c1e94c61
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/c1e94c61
Branch: refs/heads/master
Commit: c1e94c615859ee9f61c3c16d00cf87369ea40317
Parents: a27f4f2
Author: gtully <ga...@gmail.com>
Authored: Wed Oct 5 17:07:20 2016 +0100
Committer: gtully <ga...@gmail.com>
Committed: Wed Oct 5 17:08:46 2016 +0100
----------------------------------------------------------------------
.../plugin/DefaultConfigurationProcessor.java | 2 +-
.../activemq/AbstractAuthorizationTest.java | 21 ++++++++
.../org/apache/activemq/AuthorizationTest.java | 17 ++++++
.../authorizationTest-users-add-write-guest.xml | 55 ++++++++++++++++++++
4 files changed, 94 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq/blob/c1e94c61/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java
----------------------------------------------------------------------
diff --git a/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java b/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java
index fddfe48..1e539ed 100644
--- a/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java
+++ b/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java
@@ -96,7 +96,7 @@ public class DefaultConfigurationProcessor implements ConfigurationProcessor {
Object existing = current.get(currentIndex);
Object candidate = modification.get(modIndex);
if (!existing.equals(candidate)) {
- plugin.info("modification to:" + existing + " , with: " + candidate);
+ plugin.debug("modification to:" + existing + " , with: " + candidate);
ConfigurationProcessor processor = findProcessor(existing);
if (processor != null) {
processor.modify(existing, candidate);
http://git-wip-us.apache.org/repos/asf/activemq/blob/c1e94c61/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java
----------------------------------------------------------------------
diff --git a/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java b/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java
index 286d7c1..a394073 100644
--- a/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java
+++ b/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java
@@ -64,4 +64,25 @@ public abstract class AbstractAuthorizationTest extends RuntimeConfigTestSupport
}
}
+ protected void assertAllowedWrite(String userPass, String dest) throws JMSException {
+ ActiveMQConnection connection = new ActiveMQConnectionFactory("vm://localhost").createActiveMQConnection(userPass, userPass);
+ connection.start();
+ try {
+ Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ session.createProducer(session.createQueue(dest)).send(session.createTextMessage());
+ } finally {
+ connection.close();
+ }
+ }
+
+ protected void assertDeniedWrite(String userPass, String destination) {
+ try {
+ assertAllowedWrite(userPass, destination);
+ fail("Expected not allowed exception");
+ } catch (JMSException expected) {
+ LOG.debug("got:" + expected, expected);
+ }
+ }
+
+
}
http://git-wip-us.apache.org/repos/asf/activemq/blob/c1e94c61/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
----------------------------------------------------------------------
diff --git a/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java b/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
index 0b933e9..3a8b7c6 100644
--- a/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
+++ b/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
@@ -34,6 +34,7 @@ public class AuthorizationTest extends AbstractAuthorizationTest {
assertAllowed("user", "USERS.A");
assertDenied("user", "GUESTS.A");
+ assertDenied("guest", "GUESTS.A");
assertDeniedTemp("guest");
@@ -66,6 +67,22 @@ public class AuthorizationTest extends AbstractAuthorizationTest {
}
@Test
+ public void testModAddWrite() throws Exception {
+ final String brokerConfig = configurationSeed + "-auth-rm-broker";
+ applyNewConfig(brokerConfig, configurationSeed + "-users");
+ startBroker(brokerConfig);
+ assertTrue("broker alive", brokerService.isStarted());
+
+ assertAllowedWrite("user", "USERS.A");
+ assertDeniedWrite("guest", "USERS.A");
+
+ applyNewConfig(brokerConfig, configurationSeed + "-users-add-write-guest", SLEEP);
+
+ assertAllowedWrite("user", "USERS.A");
+ assertAllowedWrite("guest", "USERS.A");
+ }
+
+ @Test
public void testWildcard() throws Exception {
final String brokerConfig = configurationSeed + "-auth-broker";
applyNewConfig(brokerConfig, configurationSeed + "-wildcard-users-guests");
http://git-wip-us.apache.org/repos/asf/activemq/blob/c1e94c61/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml
----------------------------------------------------------------------
diff --git a/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml b/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml
new file mode 100644
index 0000000..646f158
--- /dev/null
+++ b/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<beans
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+
+ <broker xmlns="http://activemq.apache.org/schema/core" start="false" persistent="false">
+ <plugins>
+ <runtimeConfigurationPlugin checkPeriod="1000"/>
+
+ <!-- use JAAS to authenticate using the login.config file on the classpath to configure JAAS -->
+ <jaasAuthenticationPlugin configuration="activemq-domain"/>
+
+ <!-- lets configure a destination based authorization mechanism -->
+ <authorizationPlugin>
+ <map>
+ <authorizationMap>
+ <authorizationEntries>
+ <authorizationEntry queue=">" read="admins" write="admins" admin="admins"/>
+ <authorizationEntry queue="USERS.>" read="users" write="users,guests" admin="users"/>
+
+ <authorizationEntry topic=">" read="admins" write="admins" admin="admins"/>
+ <authorizationEntry topic="USERS.>" read="users" write="users" admin="users"/>
+
+ <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users"
+ admin="guests,users"/>
+ </authorizationEntries>
+
+ <tempDestinationAuthorizationEntry>
+ <tempDestinationAuthorizationEntry read="tempDestinationAdmins" write="tempDestinationAdmins"
+ admin="tempDestinationAdmins"/>
+ </tempDestinationAuthorizationEntry>
+ </authorizationMap>
+ </map>
+ </authorizationPlugin>
+ </plugins>
+ </broker>
+</beans>