You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cl...@apache.org on 2022/07/28 17:39:06 UTC
[activemq-artemis] branch main updated: ARTEMIS-3900 Support management allowlist entries with wildcard domain
This is an automated email from the ASF dual-hosted git repository.
clebertsuconic pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new d250801fcf ARTEMIS-3900 Support management allowlist entries with wildcard domain
d250801fcf is described below
commit d250801fcf27ff08e9ac6ad51b081d7be8f894cf
Author: Domenico Francesco Bruscino <br...@apache.org>
AuthorDate: Thu Jul 21 11:51:04 2022 +0200
ARTEMIS-3900 Support management allowlist entries with wildcard domain
---
.../server/management/JMXAccessControlList.java | 5 +++++
.../management/JMXAccessControlListTest.java | 24 ++++++++++++++++++++++
2 files changed, 29 insertions(+)
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
index 6b8ae9417a..979d2a2abb 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
@@ -83,6 +83,11 @@ public class JMXAccessControlList {
public boolean isInAllowList(ObjectName objectName) {
TreeMap<String, Access> domainMap = allowList.get(objectName.getDomain());
+
+ if (domainMap == null) {
+ domainMap = allowList.get(WILDCARD);
+ }
+
if (domainMap != null) {
if (domainMap.containsKey("")) {
return true;
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java
index 4849bfb481..f1e4ea9431 100644
--- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java
@@ -60,6 +60,30 @@ public class JMXAccessControlListTest {
Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain:type=foo")));
}
+ @Test
+ public void testWildcardDomain() throws MalformedObjectNameException {
+ JMXAccessControlList controlList = new JMXAccessControlList();
+ controlList.addToAllowList("*", null);
+ Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain:*")));
+ Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain.foo:*")));
+ }
+
+ @Test
+ public void testWildcardDomainWithProperty() throws MalformedObjectNameException {
+ JMXAccessControlList controlList = new JMXAccessControlList();
+ controlList.addToAllowList("*", "type=foo");
+ controlList.addToAllowList("org.myDomain.foo", "type=bar");
+ Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain:*")));
+ Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain.foo:*")));
+ Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain.foo:type=bar")));
+ Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain.foo:type=foo")));
+ Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain.bar:*")));
+ Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain:subType=foo")));
+
+ Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain:type=foo")));
+ Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain:subType=bar,type=foo")));
+ }
+
@Test
public void testBasicRole() throws MalformedObjectNameException {
JMXAccessControlList controlList = new JMXAccessControlList();