[activemq-artemis] branch main updated: ARTEMIS-3900 Support management allowlist entries with wildcard domain

[cl...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

clebertsuconic pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git


The following commit(s) were added to refs/heads/main by this push:
     new d250801fcf ARTEMIS-3900 Support management allowlist entries with wildcard domain
d250801fcf is described below

commit d250801fcf27ff08e9ac6ad51b081d7be8f894cf
Author: Domenico Francesco Bruscino <br...@apache.org>
AuthorDate: Thu Jul 21 11:51:04 2022 +0200

    ARTEMIS-3900 Support management allowlist entries with wildcard domain
---
 .../server/management/JMXAccessControlList.java    |  5 +++++
 .../management/JMXAccessControlListTest.java       | 24 ++++++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
index 6b8ae9417a..979d2a2abb 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
@@ -83,6 +83,11 @@ public class JMXAccessControlList {
 
    public boolean isInAllowList(ObjectName objectName) {
       TreeMap<String, Access> domainMap = allowList.get(objectName.getDomain());
+
+      if (domainMap == null) {
+         domainMap = allowList.get(WILDCARD);
+      }
+
       if (domainMap != null) {
          if (domainMap.containsKey("")) {
             return true;
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java
index 4849bfb481..f1e4ea9431 100644
--- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java
@@ -60,6 +60,30 @@ public class JMXAccessControlListTest {
       Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain:type=foo")));
    }
 
+   @Test
+   public void testWildcardDomain() throws MalformedObjectNameException {
+      JMXAccessControlList controlList = new JMXAccessControlList();
+      controlList.addToAllowList("*", null);
+      Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain:*")));
+      Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain.foo:*")));
+   }
+
+   @Test
+   public void testWildcardDomainWithProperty() throws MalformedObjectNameException {
+      JMXAccessControlList controlList = new JMXAccessControlList();
+      controlList.addToAllowList("*", "type=foo");
+      controlList.addToAllowList("org.myDomain.foo", "type=bar");
+      Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain:*")));
+      Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain.foo:*")));
+      Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain.foo:type=bar")));
+      Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain.foo:type=foo")));
+      Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain.bar:*")));
+      Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain:subType=foo")));
+
+      Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain:type=foo")));
+      Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain:subType=bar,type=foo")));
+   }
+
    @Test
    public void testBasicRole() throws MalformedObjectNameException {
       JMXAccessControlList controlList = new JMXAccessControlList();