You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by gt...@apache.org on 2016/10/20 11:33:01 UTC

activemq git commit: AMQ-6471 - map groupClass attribute on mod to authorization map. fix and test

Repository: activemq
Updated Branches:
  refs/heads/master 338a74dfa -> 52ab6ba09


AMQ-6471 - map groupClass attribute on mod to authorization map. fix and test


Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/52ab6ba0
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/52ab6ba0
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/52ab6ba0

Branch: refs/heads/master
Commit: 52ab6ba09b0f58ab95ea24c501fff12488decc4e
Parents: 338a74d
Author: gtully <ga...@gmail.com>
Authored: Thu Oct 20 12:32:33 2016 +0100
Committer: gtully <ga...@gmail.com>
Committed: Thu Oct 20 12:32:33 2016 +0100

----------------------------------------------------------------------
 .../plugin/AuthorizationPluginProcessor.java    |  1 +
 .../org/apache/activemq/AuthorizationTest.java  | 15 ++++++
 .../authorizationTest-users-dud-groupClass.xml  | 53 ++++++++++++++++++++
 3 files changed, 69 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq/blob/52ab6ba0/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/AuthorizationPluginProcessor.java
----------------------------------------------------------------------
diff --git a/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/AuthorizationPluginProcessor.java b/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/AuthorizationPluginProcessor.java
index e7f2fa0..d4b8e0b 100644
--- a/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/AuthorizationPluginProcessor.java
+++ b/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/AuthorizationPluginProcessor.java
@@ -57,6 +57,7 @@ public class AuthorizationPluginProcessor extends DefaultConfigurationProcessor
                     }
                 }
                 xBeanAuthorizationMap.setAuthorizationEntries(entries);
+                xBeanAuthorizationMap.setGroupClass(dtoMap.getAuthorizationMap().getGroupClass());
                 try {
                     xBeanAuthorizationMap.afterPropertiesSet();
                 } catch (Exception e) {

http://git-wip-us.apache.org/repos/asf/activemq/blob/52ab6ba0/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
----------------------------------------------------------------------
diff --git a/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java b/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
index 3a8b7c6..5785222 100644
--- a/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
+++ b/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
@@ -83,6 +83,21 @@ public class AuthorizationTest extends AbstractAuthorizationTest {
     }
 
     @Test
+    public void testModWithGroupClass() throws Exception {
+        final String brokerConfig = configurationSeed + "-auth-add-guest-broker";
+        applyNewConfig(brokerConfig, configurationSeed + "-users");
+        startBroker(brokerConfig);
+        assertTrue("broker alive", brokerService.isStarted());
+
+        assertAllowed("user", "USERS.A");
+        applyNewConfig(brokerConfig, configurationSeed + "-users-dud-groupClass", SLEEP);
+        assertDenied("user", "USERS.A");
+
+        applyNewConfig(brokerConfig, configurationSeed + "-users", SLEEP);
+        assertAllowed("user", "USERS.A");
+    }
+
+    @Test
     public void testWildcard() throws Exception {
         final String brokerConfig = configurationSeed + "-auth-broker";
         applyNewConfig(brokerConfig, configurationSeed + "-wildcard-users-guests");

http://git-wip-us.apache.org/repos/asf/activemq/blob/52ab6ba0/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-dud-groupClass.xml
----------------------------------------------------------------------
diff --git a/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-dud-groupClass.xml b/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-dud-groupClass.xml
new file mode 100644
index 0000000..0189263
--- /dev/null
+++ b/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-dud-groupClass.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<beans
+        xmlns="http://www.springframework.org/schema/beans"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+  http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+
+  <broker xmlns="http://activemq.apache.org/schema/core" start="false" persistent="false">
+    <destinations>
+      <queue physicalName="FOO.BAR" />
+    </destinations>
+    <plugins>
+      <runtimeConfigurationPlugin checkPeriod="1000"/>
+
+      <!--  use JAAS to authenticate using the login.config file on the classpath to configure JAAS -->
+      <jaasAuthenticationPlugin configuration="activemq-domain"/>
+
+      <!--  lets configure a destination based authorization mechanism -->
+      <authorizationPlugin>
+        <map>
+          <authorizationMap groupClass="org.apache.activemq.jaas.UserPrincipal">
+            <authorizationEntries>
+              <authorizationEntry queue=">" read="admins" write="admins" admin="admins"/>
+              <authorizationEntry queue="USERS.>" read="users" write="users" admin="users"/>
+
+              <authorizationEntry topic=">" read="admins" write="admins" admin="admins"/>
+              <authorizationEntry topic="USERS.>" read="users" write="users" admin="users"/>
+
+              <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users"
+                                  admin="guests,users"/>
+            </authorizationEntries>
+          </authorizationMap>
+        </map>
+      </authorizationPlugin>
+    </plugins>
+  </broker>
+</beans>