You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2015/06/15 17:13:32 UTC
[1/2] qpid-jms git commit: QPIDJMS-68: add support for disabling use
of a SASL layer on connections
Repository: qpid-jms
Updated Branches:
refs/heads/master 8a6666650 -> 1f764abed
QPIDJMS-68: add support for disabling use of a SASL layer on connections
Project: http://git-wip-us.apache.org/repos/asf/qpid-jms/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-jms/commit/d5f91e8b
Tree: http://git-wip-us.apache.org/repos/asf/qpid-jms/tree/d5f91e8b
Diff: http://git-wip-us.apache.org/repos/asf/qpid-jms/diff/d5f91e8b
Branch: refs/heads/master
Commit: d5f91e8bc2e91b3a126efadc3f6fdc59d7815f84
Parents: 8a66666
Author: Robert Gemmell <ro...@apache.org>
Authored: Mon Jun 15 11:35:36 2015 +0100
Committer: Robert Gemmell <ro...@apache.org>
Committed: Mon Jun 15 11:35:36 2015 +0100
----------------------------------------------------------------------
.../qpid/jms/provider/amqp/AmqpProvider.java | 19 ++++++++++++--
.../jms/integration/SaslIntegrationTest.java | 21 +++++++++++++++
.../qpid/jms/test/testpeer/TestAmqpPeer.java | 27 +++++++++++++++-----
3 files changed, 59 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/d5f91e8b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java
index cd6fcc2..0286925 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java
@@ -107,6 +107,7 @@ public class AmqpProvider implements Provider, TransportListener {
private String vhost;
private boolean traceFrames;
private boolean traceBytes;
+ private boolean saslLayer = true;
private boolean presettleConsumers;
private boolean presettleProducers;
private long connectTimeout = JmsConnectionInfo.DEFAULT_CONNECT_TIMEOUT;
@@ -270,8 +271,9 @@ public class AmqpProvider implements Provider, TransportListener {
protonTransport.setIdleTimeout(idleTimeout);
protonTransport.bind(protonConnection);
protonConnection.collect(protonCollector);
- Sasl sasl = protonTransport.sasl();
- if (sasl != null) {
+ Sasl sasl = null;
+ if (saslLayer) {
+ sasl = protonTransport.sasl();
sasl.client();
String hostname = getVhost();
@@ -888,6 +890,19 @@ public class AmqpProvider implements Provider, TransportListener {
return this.traceBytes;
}
+ public boolean isSaslLayer() {
+ return saslLayer;
+ }
+
+ /**
+ * Sets whether a sasl layer is used for the connection or not.
+ *
+ * @param saslLayer true to enable the sasl layer, false to disable it.
+ */
+ public void setSaslLayer(boolean saslLayer) {
+ this.saslLayer = saslLayer;
+ }
+
public String getVhost() {
return vhost;
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/d5f91e8b/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SaslIntegrationTest.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SaslIntegrationTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SaslIntegrationTest.java
index e731a9c..7ac5533 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SaslIntegrationTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SaslIntegrationTest.java
@@ -224,4 +224,25 @@ public class SaslIntegrationTest extends QpidJmsTestCase {
testPeer.waitForAllHandlersToComplete(1000);
}
}
+
+ @Test(timeout = 5000)
+ public void testSaslLayerDisabledConnection() throws Exception {
+ try (TestAmqpPeer testPeer = new TestAmqpPeer();) {
+ // Expect a connection with no SASL layer.
+ testPeer.expectSaslLayerDisabledConnect();
+ // Each connection creates a session for managing temporary destinations etc
+ testPeer.expectBegin(true);
+
+ ConnectionFactory factory = new JmsConnectionFactory("amqp://localhost:" + testPeer.getServerPort() + "?amqp.saslLayer=false");
+ Connection connection = factory.createConnection();
+ // Set a clientID to provoke the actual AMQP connection process to occur.
+ connection.setClientID("clientName");
+
+ testPeer.waitForAllHandlersToComplete(1000);
+ assertNull(testPeer.getThrowable());
+
+ testPeer.expectClose();
+ connection.close();
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/d5f91e8b/qpid-jms-client/src/test/java/org/apache/qpid/jms/test/testpeer/TestAmqpPeer.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/test/testpeer/TestAmqpPeer.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/test/testpeer/TestAmqpPeer.java
index cbfe514..312c111 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/test/testpeer/TestAmqpPeer.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/test/testpeer/TestAmqpPeer.java
@@ -389,6 +389,27 @@ public class TestAmqpPeer implements AutoCloseable
addHandler(saslInitMatcher);
}
+ /**
+ * Expect a connection that does not use a SASL layer, but proceeds straight
+ * to the AMQP connection (useful to skip a stage for connections that don't
+ * require SASL, e.g. because of anonymous or client certificate authentication).
+ */
+ public void expectSaslLayerDisabledConnect()
+ {
+ addHandler(new HeaderHandlerImpl(AmqpHeader.HEADER, AmqpHeader.HEADER));
+
+ OpenFrame openFrame = createOpenFrame();
+
+ OpenMatcher openMatcher = new OpenMatcher()
+ .withContainerId(notNullValue(String.class))
+ .onSuccess(new FrameSender(
+ this, FrameType.AMQP, 0,
+ openFrame,
+ null));
+
+ addHandler(openMatcher);
+ }
+
public void expectAnonymousConnect(boolean authorize)
{
expectAnonymousConnect(authorize, null, null);
@@ -627,12 +648,6 @@ public class TestAmqpPeer implements AutoCloseable
addHandler(closeMatcher);
}
- public void expectHeaderAndOpen()
- {
- addHandler(new HeaderHandlerImpl(AmqpHeader.HEADER, AmqpHeader.HEADER));
- addHandler(new OpenMatcher());
- }
-
public void expectBegin(boolean expectSessionFlow)
{
final BeginMatcher beginMatcher = new BeginMatcher()
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[2/2] qpid-jms git commit: QPIDJMS-69: add support for configuring
the sasl mechanism(s) the client should select from (if offered by the
server)
Posted by ro...@apache.org.
QPIDJMS-69: add support for configuring the sasl mechanism(s) the client should select from (if offered by the server)
Project: http://git-wip-us.apache.org/repos/asf/qpid-jms/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-jms/commit/1f764abe
Tree: http://git-wip-us.apache.org/repos/asf/qpid-jms/tree/1f764abe
Diff: http://git-wip-us.apache.org/repos/asf/qpid-jms/diff/1f764abe
Branch: refs/heads/master
Commit: 1f764abed6abc27077cf5ea929c52ee52ccc5333
Parents: d5f91e8
Author: Robert Gemmell <ro...@apache.org>
Authored: Mon Jun 15 16:01:20 2015 +0100
Committer: Robert Gemmell <ro...@apache.org>
Committed: Mon Jun 15 16:01:20 2015 +0100
----------------------------------------------------------------------
.../org/apache/qpid/jms/provider/Provider.java | 10 ----
.../qpid/jms/provider/ProviderWrapper.java | 6 ---
.../qpid/jms/provider/amqp/AmqpConnection.java | 8 +--
.../qpid/jms/provider/amqp/AmqpProvider.java | 28 +++++++++--
.../provider/amqp/AmqpSaslAuthenticator.java | 23 ++++++++-
.../jms/provider/failover/FailoverProvider.java | 11 ----
.../qpid/jms/sasl/SaslMechanismFinder.java | 11 +++-
.../jms/integration/SaslIntegrationTest.java | 53 ++++++++++++++++++--
.../qpid/jms/provider/ProviderWrapperTest.java | 36 -------------
.../provider/failover/FailoverProviderTest.java | 28 -----------
.../qpid/jms/provider/mock/MockProvider.java | 25 ---------
.../mock/MockProviderConfiguration.java | 10 ----
12 files changed, 105 insertions(+), 144 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f764abe/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/Provider.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/Provider.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/Provider.java
index 598ed84..d56e3b1 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/Provider.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/Provider.java
@@ -18,7 +18,6 @@ package org.apache.qpid.jms.provider;
import java.io.IOException;
import java.net.URI;
-import java.security.Principal;
import javax.jms.JMSException;
@@ -29,7 +28,6 @@ import org.apache.qpid.jms.meta.JmsConsumerId;
import org.apache.qpid.jms.meta.JmsResource;
import org.apache.qpid.jms.meta.JmsSessionId;
import org.apache.qpid.jms.provider.ProviderConstants.ACK_TYPE;
-import org.apache.qpid.jms.transports.SSLTransport;
/**
* Defines the interface that an Implementation of a Specific wire level protocol
@@ -317,12 +315,4 @@ public interface Provider {
* @return the currently set ProviderListener instance.
*/
ProviderListener getProviderListener();
-
- /**
- * Get the local Principal associated with the {@link SSLTransport}
- * if the Provider is using one.
- *
- * @return the {@link Principal}, or null if there isn't one
- */
- Principal getLocalPrincipal();
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f764abe/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/ProviderWrapper.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/ProviderWrapper.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/ProviderWrapper.java
index 734a2cd..855f792 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/ProviderWrapper.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/ProviderWrapper.java
@@ -18,7 +18,6 @@ package org.apache.qpid.jms.provider;
import java.io.IOException;
import java.net.URI;
-import java.security.Principal;
import javax.jms.JMSException;
@@ -192,9 +191,4 @@ public class ProviderWrapper<E extends Provider> implements Provider, ProviderLi
public Provider getNext() {
return next;
}
-
- @Override
- public Principal getLocalPrincipal() {
- return next.getLocalPrincipal();
- }
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f764abe/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpConnection.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpConnection.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpConnection.java
index 4467aab..74683ae 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpConnection.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpConnection.java
@@ -36,7 +36,6 @@ import org.apache.qpid.jms.provider.amqp.message.AmqpJmsMessageFactory;
import org.apache.qpid.jms.util.IOExceptionSupport;
import org.apache.qpid.proton.amqp.Symbol;
import org.apache.qpid.proton.engine.Connection;
-import org.apache.qpid.proton.engine.Sasl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -58,16 +57,13 @@ public class AmqpConnection extends AmqpAbstractResource<JmsConnectionInfo, Conn
private boolean anonymousProducerCache = false;
private int anonymousProducerCacheSize = 10;
- public AmqpConnection(AmqpProvider provider, Connection protonConnection, Sasl sasl, JmsConnectionInfo info) {
+ public AmqpConnection(AmqpProvider provider, Connection protonConnection, AmqpSaslAuthenticator authenticator, JmsConnectionInfo info) {
super(info, protonConnection);
this.provider = provider;
this.remoteURI = provider.getRemoteURI();
this.amqpMessageFactory = new AmqpJmsMessageFactory(this);
-
- if (sasl != null) {
- this.authenticator = new AmqpSaslAuthenticator(sasl, info, provider.getLocalPrincipal());
- }
+ this.authenticator = authenticator;
this.resource.getConnectionId().setProviderHint(this);
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f764abe/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java
index 0286925..87b66c1 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java
@@ -108,6 +108,7 @@ public class AmqpProvider implements Provider, TransportListener {
private boolean traceFrames;
private boolean traceBytes;
private boolean saslLayer = true;
+ private String[] saslMechanisms;
private boolean presettleConsumers;
private boolean presettleProducers;
private long connectTimeout = JmsConnectionInfo.DEFAULT_CONNECT_TIMEOUT;
@@ -271,9 +272,10 @@ public class AmqpProvider implements Provider, TransportListener {
protonTransport.setIdleTimeout(idleTimeout);
protonTransport.bind(protonConnection);
protonConnection.collect(protonCollector);
- Sasl sasl = null;
+
+ AmqpSaslAuthenticator authenticator = null;
if (saslLayer) {
- sasl = protonTransport.sasl();
+ Sasl sasl = protonTransport.sasl();
sasl.client();
String hostname = getVhost();
@@ -284,8 +286,11 @@ public class AmqpProvider implements Provider, TransportListener {
}
setHostname(sasl, hostname);
+
+ authenticator = new AmqpSaslAuthenticator(sasl, connectionInfo, getLocalPrincipal(), saslMechanisms);
}
- connection = new AmqpConnection(AmqpProvider.this, protonConnection, sasl, connectionInfo);
+
+ connection = new AmqpConnection(AmqpProvider.this, protonConnection, authenticator, connectionInfo);
connection.open(new AsyncResult() {
@Override
@@ -903,6 +908,20 @@ public class AmqpProvider implements Provider, TransportListener {
this.saslLayer = saslLayer;
}
+ public String[] getSaslMechanisms() {
+ return saslMechanisms;
+ }
+
+ /**
+ * Sets a selection of mechanisms to restrict the choice to, enabling only
+ * a subset of the servers offered mechanisms to be selectable.
+ *
+ * @param saslMechanisms the mechanisms to restrict choice to, or null not to restrict.
+ */
+ public void setSaslMechanisms(String[] saslMechanisms) {
+ this.saslMechanisms = saslMechanisms;
+ }
+
public String getVhost() {
return vhost;
}
@@ -1050,8 +1069,7 @@ public class AmqpProvider implements Provider, TransportListener {
}
}
- @Override
- public Principal getLocalPrincipal() {
+ Principal getLocalPrincipal() {
if(transport instanceof SSLTransport) {
return ((SSLTransport) transport).getLocalPrincipal();
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f764abe/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticator.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticator.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticator.java
index cce8546..5c3f297 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticator.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticator.java
@@ -17,6 +17,8 @@
package org.apache.qpid.jms.provider.amqp;
import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
import javax.jms.JMSSecurityException;
import javax.security.sasl.SaslException;
@@ -35,6 +37,7 @@ public class AmqpSaslAuthenticator {
private final JmsConnectionInfo info;
private Mechanism mechanism;
private Principal localPrincipal;
+ private Set<String> mechanismsRestriction;
/**
* Create the authenticator and initialize it.
@@ -45,11 +48,27 @@ public class AmqpSaslAuthenticator {
* The Connection information used to provide credentials to the remote peer.
* @param localPrincipal
* The local Principal associated with the transport, or null if there is none.
+ * @param mechanismsRestriction
+ * The possible mechanism(s) to which the client should restrict its
+ * mechanism selection to if offered by the server
*/
- public AmqpSaslAuthenticator(Sasl sasl, JmsConnectionInfo info, Principal localPrincipal) {
+ public AmqpSaslAuthenticator(Sasl sasl, JmsConnectionInfo info, Principal localPrincipal, String[] mechanismsRestriction) {
this.sasl = sasl;
this.info = info;
this.localPrincipal = localPrincipal;
+ if(mechanismsRestriction != null) {
+ Set<String> mechs = new HashSet<String>();
+ for(int i = 0; i < mechanismsRestriction.length; i++) {
+ String mech = mechanismsRestriction[i];
+ if(!mech.trim().isEmpty()) {
+ mechs.add(mech);
+ }
+ }
+
+ if(!mechs.isEmpty()) {
+ this.mechanismsRestriction = mechs;
+ }
+ }
}
/**
@@ -83,7 +102,7 @@ public class AmqpSaslAuthenticator {
try {
String[] remoteMechanisms = sasl.getRemoteMechanisms();
if (remoteMechanisms != null && remoteMechanisms.length != 0) {
- mechanism = SaslMechanismFinder.findMatchingMechanism(info.getUsername(), info.getPassword(), localPrincipal, remoteMechanisms);
+ mechanism = SaslMechanismFinder.findMatchingMechanism(info.getUsername(), info.getPassword(), localPrincipal, mechanismsRestriction, remoteMechanisms);
if (mechanism != null) {
mechanism.setUsername(info.getUsername());
mechanism.setPassword(info.getPassword());
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f764abe/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/failover/FailoverProvider.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/failover/FailoverProvider.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/failover/FailoverProvider.java
index dbd51f7..eef6a9a 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/failover/FailoverProvider.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/failover/FailoverProvider.java
@@ -19,7 +19,6 @@ package org.apache.qpid.jms.provider.failover;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
-import java.security.Principal;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
@@ -1028,14 +1027,4 @@ public class FailoverProvider extends DefaultProviderListener implements Provide
super.onSuccess();
}
}
-
- @Override
- public Principal getLocalPrincipal() {
- Provider provider = this.provider;
- if (provider != null) {
- return provider.getLocalPrincipal();
- }
-
- return null;
- }
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f764abe/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/SaslMechanismFinder.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/SaslMechanismFinder.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/SaslMechanismFinder.java
index f3318d1..06b8373 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/SaslMechanismFinder.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/SaslMechanismFinder.java
@@ -20,6 +20,7 @@ import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+import java.util.Set;
import org.apache.qpid.jms.util.FactoryFinder;
import org.apache.qpid.jms.util.ResourceNotFoundException;
@@ -54,12 +55,16 @@ public class SaslMechanismFinder {
* the password, or null if there is none
* @param localPrincipal
* the Principal associated with the transport, or null if there is none
+ * @param mechRestrictions
+ * The possible mechanism(s) to which the client should restrict its
+ * mechanism selection to if offered by the server, or null if there
+ * is no restriction
* @param remoteMechanisms
* list of mechanism names that are supported by the remote peer.
*
* @return the best matching Mechanism for the supported remote set.
*/
- public static Mechanism findMatchingMechanism(String username, String password, Principal localPrincipal, String... remoteMechanisms) {
+ public static Mechanism findMatchingMechanism(String username, String password, Principal localPrincipal, Set<String> mechRestrictions, String... remoteMechanisms) {
Mechanism match = null;
List<Mechanism> found = new ArrayList<Mechanism>();
@@ -68,7 +73,9 @@ public class SaslMechanismFinder {
MechanismFactory factory = findMechanismFactory(remoteMechanism);
if (factory != null) {
Mechanism mech = factory.createMechanism();
- if(mech.isApplicable(username, password, localPrincipal)) {
+ if(mechRestrictions != null && !mechRestrictions.contains(remoteMechanism)) {
+ LOG.debug("Skipping {} mechanism because it is not in the configured mechanisms restriction set", remoteMechanism);
+ } else if(mech.isApplicable(username, password, localPrincipal)) {
found.add(mech);
} else {
LOG.debug("Skipping {} mechanism because the available credentials are not sufficient", mech);
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f764abe/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SaslIntegrationTest.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SaslIntegrationTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SaslIntegrationTest.java
index 7ac5533..5e5b327 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SaslIntegrationTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SaslIntegrationTest.java
@@ -23,8 +23,6 @@ package org.apache.qpid.jms.integration;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.fail;
-import java.io.IOException;
-
import javax.jms.Connection;
import javax.jms.ConnectionFactory;
import javax.jms.JMSException;
@@ -157,7 +155,7 @@ public class SaslIntegrationTest extends QpidJmsTestCase {
doMechanismSelectedTestImpl("username", "password", CRAM_MD5, new Symbol[] {CRAM_MD5, PLAIN, ANONYMOUS}, false);
}
- private void doMechanismSelectedTestImpl(String username, String password, Symbol clientSelectedMech, Symbol[] serverMechs, boolean wait) throws JMSException, InterruptedException, Exception, IOException {
+ private void doMechanismSelectedTestImpl(String username, String password, Symbol clientSelectedMech, Symbol[] serverMechs, boolean wait) throws Exception {
try (TestAmqpPeer testPeer = new TestAmqpPeer();) {
testPeer.expectFailingSaslConnect(serverMechs, clientSelectedMech);
@@ -245,4 +243,53 @@ public class SaslIntegrationTest extends QpidJmsTestCase {
connection.close();
}
}
+
+ @Test(timeout = 10000)
+ public void testRestrictSaslMechanismsWithSingleMech() throws Exception {
+ // Check PLAIN gets picked when we don't specify a restriction
+ doMechanismSelectionRestrictedTestImpl("username", "password", PLAIN, new Symbol[] { PLAIN, ANONYMOUS}, null);
+
+ // Check ANONYMOUS gets picked when we do specify a restriction
+ doMechanismSelectionRestrictedTestImpl("username", "password", ANONYMOUS, new Symbol[] { PLAIN, ANONYMOUS}, "ANONYMOUS");
+ }
+
+ @Test(timeout = 10000)
+ public void testRestrictSaslMechanismsWithMultipleMechs() throws Exception {
+ // Check CRAM-MD5 gets picked when we dont specify a restriction
+ doMechanismSelectionRestrictedTestImpl("username", "password", CRAM_MD5, new Symbol[] {CRAM_MD5, PLAIN, ANONYMOUS}, null);
+
+ // Check PLAIN gets picked when we specify a restriction with multiple mechs
+ doMechanismSelectionRestrictedTestImpl("username", "password", PLAIN, new Symbol[] { CRAM_MD5, PLAIN, ANONYMOUS}, "PLAIN,ANONYMOUS");
+ }
+
+ @Test(timeout = 5000)
+ public void testRestrictSaslMechanismsWithMultipleMechsNoPassword() throws Exception {
+ // Check ANONYMOUS gets picked when we specify a restriction with multiple mechs but don't give a password
+ doMechanismSelectionRestrictedTestImpl("username", null, ANONYMOUS, new Symbol[] { CRAM_MD5, PLAIN, ANONYMOUS}, "PLAIN,ANONYMOUS");
+ }
+
+ private void doMechanismSelectionRestrictedTestImpl(String username, String password, Symbol clientSelectedMech, Symbol[] serverMechs, String mechanismsOptionValue) throws Exception {
+ try (TestAmqpPeer testPeer = new TestAmqpPeer();) {
+
+ testPeer.expectFailingSaslConnect(serverMechs, clientSelectedMech);
+
+ String uriOptions = "?jms.clientID=myclientid";
+ if(mechanismsOptionValue != null) {
+ uriOptions += "&amqp.saslMechanisms=" + mechanismsOptionValue;
+ }
+
+ ConnectionFactory factory = new JmsConnectionFactory("amqp://localhost:" + testPeer.getServerPort() + uriOptions);
+ try {
+ factory.createConnection(username, password);
+
+ fail("Excepted exception to be thrown");
+ }catch (JMSSecurityException jmsse) {
+ // Expected, we deliberately failed the SASL process,
+ // we only wanted to verify the correct mechanism
+ // was selected, other tests verify the remainder.
+ }
+
+ testPeer.waitForAllHandlersToComplete(1000);
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f764abe/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/ProviderWrapperTest.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/ProviderWrapperTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/ProviderWrapperTest.java
index 42b64c4..602617d 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/ProviderWrapperTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/ProviderWrapperTest.java
@@ -16,17 +16,9 @@
*/
package org.apache.qpid.jms.provider;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-
-import java.net.URI;
-
import org.apache.qpid.jms.provider.mock.MockProvider;
-import org.apache.qpid.jms.provider.mock.MockProviderFactory;
import org.apache.qpid.jms.test.QpidJmsTestCase;
import org.junit.After;
-import org.junit.Test;
public class ProviderWrapperTest extends QpidJmsTestCase{
@@ -40,32 +32,4 @@ public class ProviderWrapperTest extends QpidJmsTestCase{
}
super.tearDown();
}
-
- @Test
- public void testGetLocalPrincipal() throws Exception {
- String principalName = "foo";
-
- MockProviderFactory factory = new MockProviderFactory();
- mockProvider = factory.createProvider(new URI("mock://1.2.3.4:5678?mock.localPrincipal=" + principalName));
-
- assertNotNull(mockProvider.getLocalPrincipal());
- assertEquals(principalName, mockProvider.getLocalPrincipal().getName());
-
- ProviderWrapper<MockProvider> wrapper = new ProviderWrapper<MockProvider>(mockProvider);
-
- assertNotNull(wrapper.getLocalPrincipal());
- assertEquals(principalName, wrapper.getLocalPrincipal().getName());
- }
-
- @Test
- public void testGetLocalPrincipalNull() throws Exception {
- MockProviderFactory factory = new MockProviderFactory();
- mockProvider = factory.createProvider(new URI("mock://1.2.3.4:5678"));
-
- assertNull(mockProvider.getLocalPrincipal());
-
- ProviderWrapper<MockProvider> wrapper = new ProviderWrapper<MockProvider>(mockProvider);
-
- assertNull(wrapper.getLocalPrincipal());
- }
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f764abe/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/failover/FailoverProviderTest.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/failover/FailoverProviderTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/failover/FailoverProviderTest.java
index c5f57e5..0a57f59 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/failover/FailoverProviderTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/failover/FailoverProviderTest.java
@@ -140,34 +140,6 @@ public class FailoverProviderTest extends FailoverProviderTestSupport {
}, TimeUnit.SECONDS.toMillis(20), 10));
}
- @Test(timeout = 15000)
- public void testGetLocalPrincipal() throws Exception {
- String principalName = "foo";
-
- FailoverProviderFactory factory = new FailoverProviderFactory();
- provider = (FailoverProvider) factory.createProvider(new URI("failover:(mock://192.168.2.1:5672?mock.localPrincipal=" + principalName + ")"));
- provider.setProviderListener(new DefaultProviderListener());
-
- provider.connect();
-
- ProviderFuture request = new ProviderFuture();
- provider.create(createConnectionInfo(), request);
-
- request.sync(10, TimeUnit.SECONDS);
- assertTrue(request.isComplete());
-
- assertNotNull(provider.getLocalPrincipal());
- assertEquals(principalName, provider.getLocalPrincipal().getName());
- }
-
- @Test(timeout = 15000)
- public void testGetLocalPrincipalNull() throws Exception {
- FailoverProviderFactory factory = new FailoverProviderFactory();
- provider = (FailoverProvider) factory.createProvider(new URI("failover:(mock://192.168.2.1:5672)"));
-
- assertNull(provider.getLocalPrincipal());
- }
-
@Test(timeout = 30000)
public void testToString() throws Exception {
provider = new FailoverProvider(uris, Collections.<String, String>emptyMap());
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f764abe/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/mock/MockProvider.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/mock/MockProvider.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/mock/MockProvider.java
index 6f5e279..8b65ed2 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/mock/MockProvider.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/mock/MockProvider.java
@@ -18,7 +18,6 @@ package org.apache.qpid.jms.provider.mock;
import java.io.IOException;
import java.net.URI;
-import java.security.Principal;
import java.util.UUID;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
@@ -487,17 +486,6 @@ public class MockProvider implements Provider {
this.connectTimeout = connectTimeout;
}
- @Override
- public Principal getLocalPrincipal() {
- final String localPrincipal = configuration.getLocalPrincipal();
-
- if (localPrincipal == null) {
- return null;
- } else {
- return new MockPrincipal(localPrincipal);
- }
- }
-
//----- Implementation details -------------------------------------------//
@@ -507,17 +495,4 @@ public class MockProvider implements Provider {
}
}
- private static final class MockPrincipal implements Principal {
- private final String name;
-
- private MockPrincipal(String name) {
- this.name = name;
- }
-
- @Override
- public String getName() {
- return name;
- }
- }
-
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f764abe/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/mock/MockProviderConfiguration.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/mock/MockProviderConfiguration.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/mock/MockProviderConfiguration.java
index 8af3a63..21b1e69 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/mock/MockProviderConfiguration.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/mock/MockProviderConfiguration.java
@@ -24,7 +24,6 @@ public class MockProviderConfiguration {
private boolean failOnConnect;
private boolean failOnStart;
private boolean failOnClose;
- private String localPrincipal;
public boolean isFailOnConnect() {
return failOnConnect;
@@ -49,13 +48,4 @@ public class MockProviderConfiguration {
public void setFailOnClose(boolean value) {
this.failOnClose = value;
}
-
- public String getLocalPrincipal() {
- return localPrincipal;
- }
-
- public void setLocalPrincipal(String localPrincipal) {
- this.localPrincipal = localPrincipal;
- }
-
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org