You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by gt...@apache.org on 2016/10/20 11:33:01 UTC
activemq git commit: AMQ-6471 - map groupClass attribute on mod to
authorization map. fix and test
Repository: activemq
Updated Branches:
refs/heads/master 338a74dfa -> 52ab6ba09
AMQ-6471 - map groupClass attribute on mod to authorization map. fix and test
Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/52ab6ba0
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/52ab6ba0
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/52ab6ba0
Branch: refs/heads/master
Commit: 52ab6ba09b0f58ab95ea24c501fff12488decc4e
Parents: 338a74d
Author: gtully <ga...@gmail.com>
Authored: Thu Oct 20 12:32:33 2016 +0100
Committer: gtully <ga...@gmail.com>
Committed: Thu Oct 20 12:32:33 2016 +0100
----------------------------------------------------------------------
.../plugin/AuthorizationPluginProcessor.java | 1 +
.../org/apache/activemq/AuthorizationTest.java | 15 ++++++
.../authorizationTest-users-dud-groupClass.xml | 53 ++++++++++++++++++++
3 files changed, 69 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq/blob/52ab6ba0/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/AuthorizationPluginProcessor.java
----------------------------------------------------------------------
diff --git a/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/AuthorizationPluginProcessor.java b/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/AuthorizationPluginProcessor.java
index e7f2fa0..d4b8e0b 100644
--- a/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/AuthorizationPluginProcessor.java
+++ b/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/AuthorizationPluginProcessor.java
@@ -57,6 +57,7 @@ public class AuthorizationPluginProcessor extends DefaultConfigurationProcessor
}
}
xBeanAuthorizationMap.setAuthorizationEntries(entries);
+ xBeanAuthorizationMap.setGroupClass(dtoMap.getAuthorizationMap().getGroupClass());
try {
xBeanAuthorizationMap.afterPropertiesSet();
} catch (Exception e) {
http://git-wip-us.apache.org/repos/asf/activemq/blob/52ab6ba0/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
----------------------------------------------------------------------
diff --git a/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java b/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
index 3a8b7c6..5785222 100644
--- a/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
+++ b/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
@@ -83,6 +83,21 @@ public class AuthorizationTest extends AbstractAuthorizationTest {
}
@Test
+ public void testModWithGroupClass() throws Exception {
+ final String brokerConfig = configurationSeed + "-auth-add-guest-broker";
+ applyNewConfig(brokerConfig, configurationSeed + "-users");
+ startBroker(brokerConfig);
+ assertTrue("broker alive", brokerService.isStarted());
+
+ assertAllowed("user", "USERS.A");
+ applyNewConfig(brokerConfig, configurationSeed + "-users-dud-groupClass", SLEEP);
+ assertDenied("user", "USERS.A");
+
+ applyNewConfig(brokerConfig, configurationSeed + "-users", SLEEP);
+ assertAllowed("user", "USERS.A");
+ }
+
+ @Test
public void testWildcard() throws Exception {
final String brokerConfig = configurationSeed + "-auth-broker";
applyNewConfig(brokerConfig, configurationSeed + "-wildcard-users-guests");
http://git-wip-us.apache.org/repos/asf/activemq/blob/52ab6ba0/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-dud-groupClass.xml
----------------------------------------------------------------------
diff --git a/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-dud-groupClass.xml b/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-dud-groupClass.xml
new file mode 100644
index 0000000..0189263
--- /dev/null
+++ b/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-dud-groupClass.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<beans
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+
+ <broker xmlns="http://activemq.apache.org/schema/core" start="false" persistent="false">
+ <destinations>
+ <queue physicalName="FOO.BAR" />
+ </destinations>
+ <plugins>
+ <runtimeConfigurationPlugin checkPeriod="1000"/>
+
+ <!-- use JAAS to authenticate using the login.config file on the classpath to configure JAAS -->
+ <jaasAuthenticationPlugin configuration="activemq-domain"/>
+
+ <!-- lets configure a destination based authorization mechanism -->
+ <authorizationPlugin>
+ <map>
+ <authorizationMap groupClass="org.apache.activemq.jaas.UserPrincipal">
+ <authorizationEntries>
+ <authorizationEntry queue=">" read="admins" write="admins" admin="admins"/>
+ <authorizationEntry queue="USERS.>" read="users" write="users" admin="users"/>
+
+ <authorizationEntry topic=">" read="admins" write="admins" admin="admins"/>
+ <authorizationEntry topic="USERS.>" read="users" write="users" admin="users"/>
+
+ <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users"
+ admin="guests,users"/>
+ </authorizationEntries>
+ </authorizationMap>
+ </map>
+ </authorizationPlugin>
+ </plugins>
+ </broker>
+</beans>