You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by an...@apache.org on 2016/07/13 09:01:00 UTC
[1/3] activemq-artemis git commit: ARTEMIS-628 add BROWSE role
Repository: activemq-artemis
Updated Branches:
refs/heads/master 08ab1f708 -> 1893d773a
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
index fd61c00..17b1126 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
@@ -229,7 +229,7 @@ public class SecurityTest extends ActiveMQTestBase {
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
Set<Role> roles = new HashSet<>();
- roles.add(new Role("programmers", false, false, false, false, false, false, false));
+ roles.add(new Role("programmers", false, false, false, false, false, false, false, false));
server.getConfiguration().putSecurityRoles("#", roles);
server.start();
server.createQueue(ADDRESS, DURABLE_QUEUE, null, true, false);
@@ -302,6 +302,15 @@ public class SecurityTest extends ActiveMQTestBase {
catch (ActiveMQException e) {
// ignore
}
+
+ // BROWSE
+ try {
+ ClientConsumer browser = session.createConsumer(DURABLE_QUEUE, true);
+ Assert.fail("should throw exception here");
+ }
+ catch (ActiveMQException e) {
+ // ignore
+ }
}
@Test
@@ -324,7 +333,7 @@ public class SecurityTest extends ActiveMQTestBase {
server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
Set<Role> roles = new HashSet<>();
- roles.add(new Role("programmers", false, false, false, false, false, false, false));
+ roles.add(new Role("programmers", false, false, false, false, false, false, false, false));
server.getConfiguration().putSecurityRoles("#", roles);
server.start();
@@ -407,6 +416,15 @@ public class SecurityTest extends ActiveMQTestBase {
catch (ActiveMQException e) {
// ignore
}
+
+ // BROWSE
+ try {
+ ClientConsumer browser = session.createConsumer(DURABLE_QUEUE, true);
+ Assert.fail("should throw exception here");
+ }
+ catch (ActiveMQException e) {
+ // ignore
+ }
}
@Test
@@ -418,7 +436,7 @@ public class SecurityTest extends ActiveMQTestBase {
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
Set<Role> roles = new HashSet<>();
- roles.add(new Role("programmers", true, true, true, true, true, true, true));
+ roles.add(new Role("programmers", true, true, true, true, true, true, true, true));
server.getConfiguration().putSecurityRoles("#", roles);
server.start();
@@ -484,6 +502,14 @@ public class SecurityTest extends ActiveMQTestBase {
catch (ActiveMQException e) {
Assert.fail("should not throw exception here");
}
+
+ // BROWSE
+ try {
+ session.createConsumer(DURABLE_QUEUE, true);
+ }
+ catch (ActiveMQException e) {
+ Assert.fail("should not throw exception here");
+ }
}
@Test
@@ -506,7 +532,7 @@ public class SecurityTest extends ActiveMQTestBase {
server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
Set<Role> roles = new HashSet<>();
- roles.add(new Role("programmers", true, true, true, true, true, true, true));
+ roles.add(new Role("programmers", true, true, true, true, true, true, true, true));
server.getConfiguration().putSecurityRoles("#", roles);
server.start();
@@ -579,6 +605,14 @@ public class SecurityTest extends ActiveMQTestBase {
catch (ActiveMQException e) {
Assert.fail("should not throw exception here");
}
+
+ // BROWSE
+ try {
+ session.createConsumer(DURABLE_QUEUE, true);
+ }
+ catch (ActiveMQException e) {
+ Assert.fail("should not throw exception here");
+ }
}
@Test
@@ -590,7 +624,7 @@ public class SecurityTest extends ActiveMQTestBase {
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("GuestLogin");
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
Set<Role> roles = new HashSet<>();
- roles.add(new Role("bar", true, true, true, true, true, true, true));
+ roles.add(new Role("bar", true, true, true, true, true, true, true, false));
server.getConfiguration().putSecurityRoles("#", roles);
server.start();
@@ -750,7 +784,7 @@ public class SecurityTest extends ActiveMQTestBase {
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
- Role role = new Role("arole", false, false, true, false, false, false, false);
+ Role role = new Role("arole", false, false, true, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(SecurityTest.addressA, roles);
@@ -769,7 +803,7 @@ public class SecurityTest extends ActiveMQTestBase {
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
- Role role = new Role("arole", false, false, false, false, false, false, false);
+ Role role = new Role("arole", false, false, false, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(SecurityTest.addressA, roles);
@@ -796,7 +830,7 @@ public class SecurityTest extends ActiveMQTestBase {
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
- Role role = new Role("arole", false, false, true, true, false, false, false);
+ Role role = new Role("arole", false, false, true, true, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(SecurityTest.addressA, roles);
@@ -815,7 +849,7 @@ public class SecurityTest extends ActiveMQTestBase {
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
- Role role = new Role("arole", false, false, true, false, false, false, false);
+ Role role = new Role("arole", false, false, true, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(SecurityTest.addressA, roles);
@@ -844,7 +878,7 @@ public class SecurityTest extends ActiveMQTestBase {
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
- Role role = new Role("arole", false, false, false, false, true, false, false);
+ Role role = new Role("arole", false, false, false, false, true, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(SecurityTest.addressA, roles);
@@ -863,7 +897,7 @@ public class SecurityTest extends ActiveMQTestBase {
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
- Role role = new Role("arole", false, false, false, false, false, false, false);
+ Role role = new Role("arole", false, false, false, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(SecurityTest.addressA, roles);
@@ -890,7 +924,7 @@ public class SecurityTest extends ActiveMQTestBase {
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
- Role role = new Role("arole", false, false, false, false, true, true, false);
+ Role role = new Role("arole", false, false, false, false, true, true, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(SecurityTest.addressA, roles);
@@ -909,7 +943,7 @@ public class SecurityTest extends ActiveMQTestBase {
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
- Role role = new Role("arole", false, false, false, false, true, false, false);
+ Role role = new Role("arole", false, false, false, false, true, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(SecurityTest.addressA, roles);
@@ -942,7 +976,7 @@ public class SecurityTest extends ActiveMQTestBase {
securityManager.getConfiguration().addUser("auser", "pass");
- Role role = new Role("arole", true, true, true, false, false, false, false);
+ Role role = new Role("arole", true, true, true, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
@@ -974,7 +1008,7 @@ public class SecurityTest extends ActiveMQTestBase {
receivedMessage.acknowledge();
- role = new Role("arole", false, false, true, false, false, false, false);
+ role = new Role("arole", false, false, true, false, false, false, false, false);
roles = new HashSet<>();
@@ -1002,7 +1036,7 @@ public class SecurityTest extends ActiveMQTestBase {
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
- Role role = new Role("arole", false, false, true, false, false, false, false);
+ Role role = new Role("arole", false, false, true, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(SecurityTest.addressA, roles);
@@ -1032,7 +1066,7 @@ public class SecurityTest extends ActiveMQTestBase {
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
- Role role = new Role("arole", false, false, true, false, false, false, false);
+ Role role = new Role("arole", false, false, true, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(SecurityTest.addressA, roles);
@@ -1058,8 +1092,8 @@ public class SecurityTest extends ActiveMQTestBase {
securityManager.getConfiguration().addUser("guest", "guest");
securityManager.getConfiguration().addRole("guest", "guest");
securityManager.getConfiguration().setDefaultUser("guest");
- Role role = new Role("arole", false, true, false, false, false, false, false);
- Role sendRole = new Role("guest", true, false, true, false, false, false, false);
+ Role role = new Role("arole", false, true, false, false, false, false, false, false);
+ Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(sendRole);
roles.add(role);
@@ -1086,8 +1120,8 @@ public class SecurityTest extends ActiveMQTestBase {
securityManager.getConfiguration().addUser("guest", "guest");
securityManager.getConfiguration().addRole("guest", "guest");
securityManager.getConfiguration().setDefaultUser("guest");
- Role role = new Role("arole", false, false, false, false, false, false, false);
- Role sendRole = new Role("guest", true, false, true, false, false, false, false);
+ Role role = new Role("arole", false, false, false, false, false, false, false, false);
+ Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(sendRole);
roles.add(role);
@@ -1123,9 +1157,9 @@ public class SecurityTest extends ActiveMQTestBase {
securityManager.getConfiguration().addUser("guest", "guest");
securityManager.getConfiguration().addRole("guest", "guest");
securityManager.getConfiguration().setDefaultUser("guest");
- Role role = new Role("arole", false, false, false, false, false, false, false);
- Role sendRole = new Role("guest", true, false, true, false, false, false, false);
- Role receiveRole = new Role("receiver", false, true, false, false, false, false, false);
+ Role role = new Role("arole", false, false, false, false, false, false, false, false);
+ Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
+ Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(sendRole);
roles.add(role);
@@ -1174,9 +1208,9 @@ public class SecurityTest extends ActiveMQTestBase {
securityManager.getConfiguration().addUser("guest", "guest");
securityManager.getConfiguration().addRole("guest", "guest");
securityManager.getConfiguration().setDefaultUser("guest");
- Role role = new Role("arole", false, false, false, false, false, false, false);
- Role sendRole = new Role("guest", true, false, true, false, false, false, false);
- Role receiveRole = new Role("receiver", false, true, false, false, false, false, false);
+ Role role = new Role("arole", false, false, false, false, false, false, false, false);
+ Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
+ Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(sendRole);
roles.add(role);
@@ -1234,11 +1268,11 @@ public class SecurityTest extends ActiveMQTestBase {
securityManager.getConfiguration().addUser("guest", "guest");
securityManager.getConfiguration().addRole("guest", "guest");
securityManager.getConfiguration().setDefaultUser("guest");
- Role role = new Role("arole", false, false, false, false, false, false, false);
+ Role role = new Role("arole", false, false, false, false, false, false, false, false);
System.out.println("guest:" + role);
- Role sendRole = new Role("guest", true, false, true, false, false, false, false);
+ Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
System.out.println("guest:" + sendRole);
- Role receiveRole = new Role("receiver", false, true, false, false, false, false, false);
+ Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false);
System.out.println("guest:" + receiveRole);
Set<Role> roles = new HashSet<>();
roles.add(sendRole);
@@ -1323,7 +1357,7 @@ public class SecurityTest extends ActiveMQTestBase {
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
- Role role = new Role("arole", false, false, false, false, false, false, true);
+ Role role = new Role("arole", false, false, false, false, false, false, true, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(configuration.getManagementAddress().toString(), roles);
@@ -1344,7 +1378,7 @@ public class SecurityTest extends ActiveMQTestBase {
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
- Role role = new Role("arole", false, false, true, false, false, false, false);
+ Role role = new Role("arole", false, false, true, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(configuration.getManagementAddress().toString(), roles);
@@ -1375,7 +1409,7 @@ public class SecurityTest extends ActiveMQTestBase {
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
- Role role = new Role("arole", false, false, true, false, false, false, false);
+ Role role = new Role("arole", false, false, true, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(configuration.getManagementAddress().toString(), roles);
@@ -1411,23 +1445,23 @@ public class SecurityTest extends ActiveMQTestBase {
securityManager.getConfiguration().addRole("frank", "user");
securityManager.getConfiguration().addRole("sam", "news-user");
securityManager.getConfiguration().addRole("sam", "user");
- Role all = new Role("all", true, true, true, true, true, true, true);
+ Role all = new Role("all", true, true, true, true, true, true, true, true);
HierarchicalRepository<Set<Role>> repository = server.getSecurityRepository();
Set<Role> add = new HashSet<>();
- add.add(new Role("user", true, true, true, true, true, true, false));
+ add.add(new Role("user", true, true, true, true, true, true, false, true));
add.add(all);
repository.addMatch("#", add);
Set<Role> add1 = new HashSet<>();
add1.add(all);
- add1.add(new Role("user", false, false, true, true, true, true, false));
- add1.add(new Role("europe-user", true, false, false, false, false, false, false));
- add1.add(new Role("news-user", false, true, false, false, false, false, false));
+ add1.add(new Role("user", false, false, true, true, true, true, false, true));
+ add1.add(new Role("europe-user", true, false, false, false, false, false, false, true));
+ add1.add(new Role("news-user", false, true, false, false, false, false, false, true));
repository.addMatch("news.europe.#", add1);
Set<Role> add2 = new HashSet<>();
add2.add(all);
- add2.add(new Role("user", false, false, true, true, true, true, false));
- add2.add(new Role("us-user", true, false, false, false, false, false, false));
- add2.add(new Role("news-user", false, true, false, false, false, false, false));
+ add2.add(new Role("user", false, false, true, true, true, true, false, true));
+ add2.add(new Role("us-user", true, false, false, false, false, false, false, true));
+ add2.add(new Role("news-user", false, true, false, false, false, false, false, true));
repository.addMatch("news.us.#", add2);
ClientSession billConnection = null;
ClientSession andrewConnection = null;
@@ -1542,23 +1576,23 @@ public class SecurityTest extends ActiveMQTestBase {
securityManager.getConfiguration().addRole("frank", "user");
securityManager.getConfiguration().addRole("sam", "news-user");
securityManager.getConfiguration().addRole("sam", "user");
- Role all = new Role("all", true, true, true, true, true, true, true);
+ Role all = new Role("all", true, true, true, true, true, true, true, true);
HierarchicalRepository<Set<Role>> repository = server.getSecurityRepository();
Set<Role> add = new HashSet<>();
- add.add(new Role("user", true, true, true, true, true, true, false));
+ add.add(new Role("user", true, true, true, true, true, true, false, true));
add.add(all);
repository.addMatch("#", add);
Set<Role> add1 = new HashSet<>();
add1.add(all);
- add1.add(new Role("user", false, false, true, true, true, true, false));
- add1.add(new Role("europe-user", true, false, false, false, false, false, false));
- add1.add(new Role("news-user", false, true, false, false, false, false, false));
+ add1.add(new Role("user", false, false, true, true, true, true, false, true));
+ add1.add(new Role("europe-user", true, false, false, false, false, false, false, true));
+ add1.add(new Role("news-user", false, true, false, false, false, false, false, true));
repository.addMatch("news.europe.#", add1);
Set<Role> add2 = new HashSet<>();
add2.add(all);
- add2.add(new Role("user", false, false, true, true, true, true, false));
- add2.add(new Role("us-user", true, false, false, false, false, false, false));
- add2.add(new Role("news-user", false, true, false, false, false, false, false));
+ add2.add(new Role("user", false, false, true, true, true, true, false, true));
+ add2.add(new Role("us-user", true, false, false, false, false, false, false, true));
+ add2.add(new Role("news-user", false, true, false, false, false, false, false, true));
repository.addMatch("news.us.#", add2);
ClientSession billConnection = null;
ClientSession andrewConnection = null;
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/ResourceLimitTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/ResourceLimitTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/ResourceLimitTest.java
index 2a40821..52524c5 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/ResourceLimitTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/ResourceLimitTest.java
@@ -62,7 +62,7 @@ public class ResourceLimitTest extends ActiveMQTestBase {
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("myUser", "password");
securityManager.getConfiguration().addRole("myUser", "arole");
- Role role = new Role("arole", false, false, false, false, true, true, false);
+ Role role = new Role("arole", false, false, false, false, true, true, false, true);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getSecurityRepository().addMatch("#", roles);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/DualAuthenticationTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/DualAuthenticationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/DualAuthenticationTest.java
index d3c6767..3540615 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/DualAuthenticationTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/DualAuthenticationTest.java
@@ -128,8 +128,8 @@ public class DualAuthenticationTest extends ActiveMQTestBase {
server = addServer(ActiveMQServers.newActiveMQServer(config, ManagementFactory.getPlatformMBeanServer(), securityManager, false));
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
- Role sendRole = new Role("producers", true, false, true, false, true, false, false);
- Role receiveRole = new Role("consumers", false, true, false, false, false, false, false);
+ Role sendRole = new Role("producers", true, false, true, false, true, false, false, false);
+ Role receiveRole = new Role("consumers", false, true, false, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(sendRole);
roles.add(receiveRole);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/stomp/StompTestBase.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/stomp/StompTestBase.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/stomp/StompTestBase.java
index f2def06..9baf123 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/stomp/StompTestBase.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/stomp/StompTestBase.java
@@ -205,7 +205,7 @@ public abstract class StompTestBase extends ActiveMQTestBase {
securityManager.getConfiguration().addRole(defUser, role);
config.getSecurityRoles().put("#", new HashSet<Role>() {
{
- add(new Role(role, true, true, true, true, true, true, true));
+ add(new Role(role, true, true, true, true, true, true, true, true));
}
});
}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/jms-tests/src/test/resources/broker.xml
----------------------------------------------------------------------
diff --git a/tests/jms-tests/src/test/resources/broker.xml b/tests/jms-tests/src/test/resources/broker.xml
index 4a06012..28550ae 100644
--- a/tests/jms-tests/src/test/resources/broker.xml
+++ b/tests/jms-tests/src/test/resources/broker.xml
@@ -49,6 +49,7 @@
<permission type="createNonDurableQueue" roles="guest,def"/>
<permission type="deleteNonDurableQueue" roles="guest,def"/>
<permission type="consume" roles="guest,def"/>
+ <permission type="browse" roles="guest,def"/>
<permission type="send" roles="guest,def"/>
</security-setting>
</security-settings>
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java
----------------------------------------------------------------------
diff --git a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java
index fdd32c0..bf1b2b6 100644
--- a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java
+++ b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java
@@ -62,22 +62,22 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase {
Assert.assertTrue(securityManager.validateUser("guest", "password"));
Assert.assertFalse(securityManager.validateUser(null, "wrongpass"));
HashSet<Role> roles = new HashSet<>();
- roles.add(new Role("guest", true, true, true, true, true, true, true));
+ roles.add(new Role("guest", true, true, true, true, true, true, true, true));
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
roles = new HashSet<>();
- roles.add(new Role("guest", true, true, false, true, true, true, true));
+ roles.add(new Role("guest", true, true, false, true, true, true, true, true));
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
roles = new HashSet<>();
- roles.add(new Role("guest", true, false, false, true, true, true, true));
+ roles.add(new Role("guest", true, false, false, true, true, true, true, true));
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
roles = new HashSet<>();
- roles.add(new Role("guest", false, false, false, true, true, true, true));
+ roles.add(new Role("guest", false, false, false, true, true, true, true, true));
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
@@ -129,19 +129,19 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase {
securityManager.getConfiguration().addRole("newuser1", "role3");
securityManager.getConfiguration().addRole("newuser1", "role4");
HashSet<Role> roles = new HashSet<>();
- roles.add(new Role("role1", true, true, true, true, true, true, true));
+ roles.add(new Role("role1", true, true, true, true, true, true, true, true));
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
roles = new HashSet<>();
- roles.add(new Role("role2", true, true, true, true, true, true, true));
+ roles.add(new Role("role2", true, true, true, true, true, true, true, true));
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
roles = new HashSet<>();
- roles.add(new Role("role3", true, true, true, true, true, true, true));
+ roles.add(new Role("role3", true, true, true, true, true, true, true, true));
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
roles = new HashSet<>();
- roles.add(new Role("role4", true, true, true, true, true, true, true));
+ roles.add(new Role("role4", true, true, true, true, true, true, true, true));
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
roles = new HashSet<>();
- roles.add(new Role("role5", true, true, true, true, true, true, true));
+ roles.add(new Role("role5", true, true, true, true, true, true, true, true));
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
}
@@ -155,19 +155,19 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase {
securityManager.getConfiguration().removeRole("newuser1", "role2");
securityManager.getConfiguration().removeRole("newuser1", "role4");
HashSet<Role> roles = new HashSet<>();
- roles.add(new Role("role1", true, true, true, true, true, true, true));
+ roles.add(new Role("role1", true, true, true, true, true, true, true, true));
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
roles = new HashSet<>();
- roles.add(new Role("role2", true, true, true, true, true, true, true));
+ roles.add(new Role("role2", true, true, true, true, true, true, true, true));
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
roles = new HashSet<>();
- roles.add(new Role("role3", true, true, true, true, true, true, true));
+ roles.add(new Role("role3", true, true, true, true, true, true, true, true));
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
roles = new HashSet<>();
- roles.add(new Role("role4", true, true, true, true, true, true, true));
+ roles.add(new Role("role4", true, true, true, true, true, true, true, true));
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
roles = new HashSet<>();
- roles.add(new Role("role5", true, true, true, true, true, true, true));
+ roles.add(new Role("role5", true, true, true, true, true, true, true, true));
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
}
}
[2/3] activemq-artemis git commit: ARTEMIS-628 add BROWSE role
Posted by an...@apache.org.
ARTEMIS-628 add BROWSE role
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/e9db9c28
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/e9db9c28
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/e9db9c28
Branch: refs/heads/master
Commit: e9db9c286d88efa0da14527cb0ca1bdb6a6ac885
Parents: 08ab1f7
Author: jbertram <jb...@apache.org>
Authored: Tue Jul 12 14:13:32 2016 -0500
Committer: jbertram <jb...@apache.org>
Committed: Tue Jul 12 16:21:57 2016 -0500
----------------------------------------------------------------------
.../artemis/cli/commands/etc/broker.xml | 1 +
.../core/management/ActiveMQServerControl.java | 11 ++
.../artemis/api/core/management/RoleInfo.java | 15 ++-
.../activemq/artemis/core/security/Role.java | 24 +++-
.../artemis/utils/SecurityFormatter.java | 7 +-
.../deployers/impl/FileConfigurationParser.java | 8 +-
.../impl/ActiveMQServerControlImpl.java | 17 ++-
.../core/persistence/config/PersistedRoles.java | 28 +++-
.../artemis/core/security/CheckType.java | 6 +
.../core/server/impl/ActiveMQServerImpl.java | 2 +-
.../impl/LegacyLDAPSecuritySettingPlugin.java | 3 +-
.../core/server/impl/ServerSessionImpl.java | 7 +-
.../artemis/core/security/RoleTest.java | 43 ++++--
.../artemis/core/settings/RepositoryTest.java | 14 +-
docs/user-manual/en/security.md | 9 +-
.../client/AutoCreateJmsDestinationTest.java | 4 +-
.../cluster/failover/SecurityFailoverTest.java | 2 +-
.../management/ActiveMQServerControlTest.java | 4 +-
.../ActiveMQServerControlUsingCoreTest.java | 13 ++
.../management/AddressControlTest.java | 4 +-
.../management/AddressControlUsingCoreTest.java | 2 +-
...tyManagementWithConfiguredAdminUserTest.java | 4 +-
.../management/SecurityNotificationTest.java | 4 +-
.../integration/openwire/OpenWireTestBase.java | 9 +-
.../RolesConfigurationStorageTest.java | 8 +-
.../ra/ActiveMQMessageHandlerSecurityTest.java | 2 +-
.../tests/integration/ra/JMSContextTest.java | 2 +-
.../integration/ra/OutgoingConnectionTest.java | 2 +-
.../ra/OutgoingConnectionTestJTA.java | 2 +-
.../integration/security/LDAPSecurityTest.java | 21 ++-
.../integration/security/SecurityTest.java | 132 ++++++++++++-------
.../integration/server/ResourceLimitTest.java | 2 +-
.../integration/ssl/DualAuthenticationTest.java | 4 +-
.../tests/integration/stomp/StompTestBase.java | 2 +-
tests/jms-tests/src/test/resources/broker.xml | 1 +
.../impl/ActiveMQSecurityManagerImplTest.java | 28 ++--
36 files changed, 320 insertions(+), 127 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml
index a298221..520a231 100644
--- a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml
+++ b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml
@@ -65,6 +65,7 @@ ${cluster-security.settings}${cluster.settings}${replicated.settings}${shared-st
<permission type="createDurableQueue" roles="${role}"/>
<permission type="deleteDurableQueue" roles="${role}"/>
<permission type="consume" roles="${role}"/>
+ <permission type="browse" roles="${role}"/>
<permission type="send" roles="${role}"/>
<!-- we need this otherwise ./artemis data imp wouldn't work -->
<permission type="manage" roles="${role}"/>
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java
----------------------------------------------------------------------
diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java
index 8ec70e4..b2318ff 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java
@@ -624,6 +624,17 @@ public interface ActiveMQServerControl {
@Parameter(desc = "a comma-separated list of roles allowed to delete non durable queues", name = "deleteNonDurableQueueRoles") String deleteNonDurableQueueRoles,
@Parameter(desc = "a comma-separated list of roles allowed to send management messages messages", name = "manage") String manageRoles) throws Exception;
+ @Operation(desc = "Add security settings for addresses matching the addressMatch", impact = MBeanOperationInfo.ACTION)
+ void addSecuritySettings(@Parameter(desc = "an address match", name = "addressMatch") String addressMatch,
+ @Parameter(desc = "a comma-separated list of roles allowed to send messages", name = "send") String sendRoles,
+ @Parameter(desc = "a comma-separated list of roles allowed to consume messages", name = "consume") String consumeRoles,
+ @Parameter(desc = "a comma-separated list of roles allowed to create durable queues", name = "createDurableQueueRoles") String createDurableQueueRoles,
+ @Parameter(desc = "a comma-separated list of roles allowed to delete durable queues", name = "deleteDurableQueueRoles") String deleteDurableQueueRoles,
+ @Parameter(desc = "a comma-separated list of roles allowed to create non durable queues", name = "createNonDurableQueueRoles") String createNonDurableQueueRoles,
+ @Parameter(desc = "a comma-separated list of roles allowed to delete non durable queues", name = "deleteNonDurableQueueRoles") String deleteNonDurableQueueRoles,
+ @Parameter(desc = "a comma-separated list of roles allowed to send management messages messages", name = "manage") String manageRoles,
+ @Parameter(desc = "a comma-separated list of roles allowed to browse queues", name = "browse") String browseRoles) throws Exception;
+
@Operation(desc = "Remove security settings for an address", impact = MBeanOperationInfo.ACTION)
void removeSecuritySettings(@Parameter(desc = "an address match", name = "addressMatch") String addressMatch) throws Exception;
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/RoleInfo.java
----------------------------------------------------------------------
diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/RoleInfo.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/RoleInfo.java
index a1e82a4..d8c78ea 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/RoleInfo.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/RoleInfo.java
@@ -41,6 +41,8 @@ public final class RoleInfo {
private final boolean manage;
+ private final boolean browse;
+
/**
* Returns an array of RoleInfo corresponding to the JSON serialization returned
* by {@link AddressControl#getRolesAsJSON()}.
@@ -50,7 +52,7 @@ public final class RoleInfo {
RoleInfo[] roles = new RoleInfo[array.length()];
for (int i = 0; i < array.length(); i++) {
JSONObject r = array.getJSONObject(i);
- RoleInfo role = new RoleInfo(r.getString("name"), r.getBoolean("send"), r.getBoolean("consume"), r.getBoolean("createDurableQueue"), r.getBoolean("deleteDurableQueue"), r.getBoolean("createNonDurableQueue"), r.getBoolean("deleteNonDurableQueue"), r.getBoolean("manage"));
+ RoleInfo role = new RoleInfo(r.getString("name"), r.getBoolean("send"), r.getBoolean("consume"), r.getBoolean("createDurableQueue"), r.getBoolean("deleteDurableQueue"), r.getBoolean("createNonDurableQueue"), r.getBoolean("deleteNonDurableQueue"), r.getBoolean("manage"), r.getBoolean("browse"));
roles[i] = role;
}
return roles;
@@ -63,7 +65,8 @@ public final class RoleInfo {
final boolean deleteDurableQueue,
final boolean createNonDurableQueue,
final boolean deleteNonDurableQueue,
- final boolean manage) {
+ final boolean manage,
+ final boolean browse) {
this.name = name;
this.send = send;
this.consume = consume;
@@ -72,6 +75,7 @@ public final class RoleInfo {
this.createNonDurableQueue = createNonDurableQueue;
this.deleteNonDurableQueue = deleteNonDurableQueue;
this.manage = manage;
+ this.browse = browse;
}
/**
@@ -129,4 +133,11 @@ public final class RoleInfo {
public boolean isManage() {
return manage;
}
+
+ /**
+ * Returns whether this role can browse queues bound to the address.
+ */
+ public boolean isBrowse() {
+ return browse;
+ }
}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java
----------------------------------------------------------------------
diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java
index 9f98472..983b392 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java
@@ -41,6 +41,8 @@ public class Role implements Serializable {
private final boolean manage;
+ private final boolean browse;
+
public Role(final String name,
final boolean send,
final boolean consume,
@@ -48,7 +50,8 @@ public class Role implements Serializable {
final boolean deleteDurableQueue,
final boolean createNonDurableQueue,
final boolean deleteNonDurableQueue,
- final boolean manage) {
+ final boolean manage,
+ final boolean browse) {
if (name == null) {
throw new NullPointerException("name is null");
}
@@ -60,6 +63,7 @@ public class Role implements Serializable {
this.createNonDurableQueue = createNonDurableQueue;
this.deleteNonDurableQueue = deleteNonDurableQueue;
this.manage = manage;
+ this.browse = browse;
}
public String getName() {
@@ -112,6 +116,12 @@ public class Role implements Serializable {
if (deleteNonDurableQueue) {
stringReturn.append(" deleteNonDurableQueue ");
}
+ if (manage) {
+ stringReturn.append(" manage ");
+ }
+ if (browse) {
+ stringReturn.append(" browse ");
+ }
stringReturn.append("]}");
@@ -147,6 +157,12 @@ public class Role implements Serializable {
if (send != role.send) {
return false;
}
+ if (manage != role.manage) {
+ return false;
+ }
+ if (browse != role.browse) {
+ return false;
+ }
if (!name.equals(role.name)) {
return false;
}
@@ -164,10 +180,16 @@ public class Role implements Serializable {
result = 31 * result + (deleteDurableQueue ? 1 : 0);
result = 31 * result + (createNonDurableQueue ? 1 : 0);
result = 31 * result + (deleteNonDurableQueue ? 1 : 0);
+ result = 31 * result + (manage ? 1 : 0);
+ result = 31 * result + (browse ? 1 : 0);
return result;
}
public boolean isManage() {
return manage;
}
+
+ public boolean isBrowse() {
+ return browse;
+ }
}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/SecurityFormatter.java
----------------------------------------------------------------------
diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/SecurityFormatter.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/SecurityFormatter.java
index 1df12b1..b64cc77 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/SecurityFormatter.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/SecurityFormatter.java
@@ -31,7 +31,8 @@ public class SecurityFormatter {
String deleteDurableQueueRoles,
String createNonDurableQueueRoles,
String deleteNonDurableQueueRoles,
- String manageRoles) {
+ String manageRoles,
+ String browseRoles) {
List<String> createDurableQueue = toList(createDurableQueueRoles);
List<String> deleteDurableQueue = toList(deleteDurableQueueRoles);
List<String> createNonDurableQueue = toList(createNonDurableQueueRoles);
@@ -39,6 +40,7 @@ public class SecurityFormatter {
List<String> send = toList(sendRoles);
List<String> consume = toList(consumeRoles);
List<String> manage = toList(manageRoles);
+ List<String> browse = toList(browseRoles);
Set<String> allRoles = new HashSet<>();
allRoles.addAll(createDurableQueue);
@@ -48,10 +50,11 @@ public class SecurityFormatter {
allRoles.addAll(send);
allRoles.addAll(consume);
allRoles.addAll(manage);
+ allRoles.addAll(browse);
Set<Role> roles = new HashSet<>(allRoles.size());
for (String role : allRoles) {
- roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role)));
+ roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browse.contains(role)));
}
return roles;
}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
index 0a47f9f..deda1ad 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
@@ -121,6 +121,8 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
private static final String MANAGE_NAME = "manage";
+ private static final String BROWSE_NAME = "browse";
+
// Address parsing
private static final String DEAD_LETTER_ADDRESS_NODE_NAME = "dead-letter-address";
@@ -633,6 +635,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
ArrayList<String> createNonDurableQueue = new ArrayList<>();
ArrayList<String> deleteNonDurableQueue = new ArrayList<>();
ArrayList<String> manageRoles = new ArrayList<>();
+ ArrayList<String> browseRoles = new ArrayList<>();
ArrayList<String> allRoles = new ArrayList<>();
NodeList children = node.getChildNodes();
for (int i = 0; i < children.getLength(); i++) {
@@ -670,6 +673,9 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
else if (MANAGE_NAME.equals(type)) {
manageRoles.add(role.trim());
}
+ else if (BROWSE_NAME.equals(type)) {
+ browseRoles.add(role.trim());
+ }
else {
ActiveMQServerLogger.LOGGER.rolePermissionConfigurationError(type);
}
@@ -682,7 +688,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
}
for (String role : allRoles) {
- securityRoles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role)));
+ securityRoles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browseRoles.contains(role)));
}
return securityMatch;
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java
index 710bb0e..9b5ec20 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java
@@ -1415,15 +1415,28 @@ public class ActiveMQServerControlImpl extends AbstractControl implements Active
final String createNonDurableQueueRoles,
final String deleteNonDurableQueueRoles,
final String manageRoles) throws Exception {
+ addSecuritySettings(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, "");
+ }
+
+ @Override
+ public void addSecuritySettings(final String addressMatch,
+ final String sendRoles,
+ final String consumeRoles,
+ final String createDurableQueueRoles,
+ final String deleteDurableQueueRoles,
+ final String createNonDurableQueueRoles,
+ final String deleteNonDurableQueueRoles,
+ final String manageRoles,
+ final String browseRoles) throws Exception {
checkStarted();
clearIO();
try {
- Set<Role> roles = SecurityFormatter.createSecurity(sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles);
+ Set<Role> roles = SecurityFormatter.createSecurity(sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles);
server.getSecurityRepository().addMatch(addressMatch, roles);
- PersistedRoles persistedRoles = new PersistedRoles(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles);
+ PersistedRoles persistedRoles = new PersistedRoles(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles);
storageManager.storeSecurityRoles(persistedRoles);
}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/main/java/org/apache/activemq/artemis/core/persistence/config/PersistedRoles.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/persistence/config/PersistedRoles.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/persistence/config/PersistedRoles.java
index 5b3c422..256a0a6 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/persistence/config/PersistedRoles.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/persistence/config/PersistedRoles.java
@@ -44,6 +44,8 @@ public class PersistedRoles implements EncodingSupport {
private SimpleString manageRoles;
+ private SimpleString browseRoles;
+
// Static --------------------------------------------------------
// Constructors --------------------------------------------------
@@ -60,6 +62,7 @@ public class PersistedRoles implements EncodingSupport {
* @param createNonDurableQueueRoles
* @param deleteNonDurableQueueRoles
* @param manageRoles
+ * @param browseRoles
*/
public PersistedRoles(final String addressMatch,
final String sendRoles,
@@ -68,7 +71,8 @@ public class PersistedRoles implements EncodingSupport {
final String deleteDurableQueueRoles,
final String createNonDurableQueueRoles,
final String deleteNonDurableQueueRoles,
- final String manageRoles) {
+ final String manageRoles,
+ final String browseRoles) {
super();
this.addressMatch = SimpleString.toSimpleString(addressMatch);
this.sendRoles = SimpleString.toSimpleString(sendRoles);
@@ -78,6 +82,7 @@ public class PersistedRoles implements EncodingSupport {
this.createNonDurableQueueRoles = SimpleString.toSimpleString(createNonDurableQueueRoles);
this.deleteNonDurableQueueRoles = SimpleString.toSimpleString(deleteNonDurableQueueRoles);
this.manageRoles = SimpleString.toSimpleString(manageRoles);
+ this.browseRoles = SimpleString.toSimpleString(browseRoles);
}
// Public --------------------------------------------------------
@@ -146,6 +151,13 @@ public class PersistedRoles implements EncodingSupport {
return manageRoles.toString();
}
+ /**
+ * @return the browseRoles
+ */
+ public String getBrowseRoles() {
+ return browseRoles.toString();
+ }
+
@Override
public void encode(final ActiveMQBuffer buffer) {
buffer.writeSimpleString(addressMatch);
@@ -156,6 +168,7 @@ public class PersistedRoles implements EncodingSupport {
buffer.writeNullableSimpleString(createNonDurableQueueRoles);
buffer.writeNullableSimpleString(deleteNonDurableQueueRoles);
buffer.writeNullableSimpleString(manageRoles);
+ buffer.writeNullableSimpleString(browseRoles);
}
@Override
@@ -166,7 +179,8 @@ public class PersistedRoles implements EncodingSupport {
SimpleString.sizeofNullableString(deleteDurableQueueRoles) +
SimpleString.sizeofNullableString(createNonDurableQueueRoles) +
SimpleString.sizeofNullableString(deleteNonDurableQueueRoles) +
- SimpleString.sizeofNullableString(manageRoles);
+ SimpleString.sizeofNullableString(manageRoles) +
+ SimpleString.sizeofNullableString(browseRoles);
}
@@ -180,6 +194,7 @@ public class PersistedRoles implements EncodingSupport {
createNonDurableQueueRoles = buffer.readNullableSimpleString();
deleteNonDurableQueueRoles = buffer.readNullableSimpleString();
manageRoles = buffer.readNullableSimpleString();
+ browseRoles = buffer.readNullableSimpleString();
}
/* (non-Javadoc)
@@ -196,6 +211,7 @@ public class PersistedRoles implements EncodingSupport {
result = prime * result + ((deleteDurableQueueRoles == null) ? 0 : deleteDurableQueueRoles.hashCode());
result = prime * result + ((deleteNonDurableQueueRoles == null) ? 0 : deleteNonDurableQueueRoles.hashCode());
result = prime * result + ((manageRoles == null) ? 0 : manageRoles.hashCode());
+ result = prime * result + ((browseRoles == null) ? 0 : browseRoles.hashCode());
result = prime * result + ((sendRoles == null) ? 0 : sendRoles.hashCode());
result = prime * result + (int) (storeId ^ (storeId >>> 32));
return result;
@@ -255,6 +271,12 @@ public class PersistedRoles implements EncodingSupport {
}
else if (!manageRoles.equals(other.manageRoles))
return false;
+ if (browseRoles == null) {
+ if (other.browseRoles != null)
+ return false;
+ }
+ else if (!browseRoles.equals(other.browseRoles))
+ return false;
if (sendRoles == null) {
if (other.sendRoles != null)
return false;
@@ -288,6 +310,8 @@ public class PersistedRoles implements EncodingSupport {
deleteNonDurableQueueRoles +
", manageRoles=" +
manageRoles +
+ ", browseRoles=" +
+ browseRoles +
"]";
}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/CheckType.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/CheckType.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/CheckType.java
index 6a8f01c..7d4cc00 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/CheckType.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/CheckType.java
@@ -58,6 +58,12 @@ public enum CheckType {
public boolean hasRole(final Role role) {
return role.isManage();
}
+ },
+ BROWSE {
+ @Override
+ public boolean hasRole(final Role role) {
+ return role.isBrowse();
+ }
};
public abstract boolean hasRole(final Role role);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java
index fa9983f..3fa336a 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java
@@ -2116,7 +2116,7 @@ public class ActiveMQServerImpl implements ActiveMQServer {
List<PersistedRoles> roles = storageManager.recoverPersistedRoles();
for (PersistedRoles roleItem : roles) {
- Set<Role> setRoles = SecurityFormatter.createSecurity(roleItem.getSendRoles(), roleItem.getConsumeRoles(), roleItem.getCreateDurableQueueRoles(), roleItem.getDeleteDurableQueueRoles(), roleItem.getCreateNonDurableQueueRoles(), roleItem.getDeleteNonDurableQueueRoles(), roleItem.getManageRoles());
+ Set<Role> setRoles = SecurityFormatter.createSecurity(roleItem.getSendRoles(), roleItem.getConsumeRoles(), roleItem.getCreateDurableQueueRoles(), roleItem.getDeleteDurableQueueRoles(), roleItem.getCreateNonDurableQueueRoles(), roleItem.getDeleteNonDurableQueueRoles(), roleItem.getManageRoles(), roleItem.getBrowseRoles());
securityRepository.addMatch(roleItem.getAddressMatch().toString(), setRoles);
}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java
index 6a0710a..4397eb4 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java
@@ -379,7 +379,8 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
permissionType.equalsIgnoreCase(adminPermissionValue),
permissionType.equalsIgnoreCase(adminPermissionValue),
permissionType.equalsIgnoreCase(adminPermissionValue),
- false); // there is no permission from ActiveMQ 5.x that corresponds to the "manage" permission in ActiveMQ Artemis
+ false, // there is no permission from ActiveMQ 5.x that corresponds to the "manage" permission in ActiveMQ Artemis
+ permissionType.equalsIgnoreCase(readPermissionValue)); // the "browse" permission matches "read" from ActiveMQ 5.x
roles.add(role);
}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
index 883f499..e4ad9b4 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
@@ -416,7 +416,12 @@ public class ServerSessionImpl implements ServerSession, FailureListener {
throw ActiveMQMessageBundle.BUNDLE.noSuchQueue(queueName);
}
- securityCheck(binding.getAddress(), CheckType.CONSUME, this);
+ if (browseOnly) {
+ securityCheck(binding.getAddress(), CheckType.BROWSE, this);
+ }
+ else {
+ securityCheck(binding.getAddress(), CheckType.CONSUME, this);
+ }
Filter filter = FilterImpl.createFilter(filterString);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/RoleTest.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/RoleTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/RoleTest.java
index f069e68..3a1729a 100644
--- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/RoleTest.java
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/RoleTest.java
@@ -19,11 +19,13 @@ package org.apache.activemq.artemis.core.security;
import org.junit.Assert;
import org.junit.Test;
+import static org.apache.activemq.artemis.core.security.CheckType.BROWSE;
import static org.apache.activemq.artemis.core.security.CheckType.CONSUME;
import static org.apache.activemq.artemis.core.security.CheckType.CREATE_DURABLE_QUEUE;
import static org.apache.activemq.artemis.core.security.CheckType.CREATE_NON_DURABLE_QUEUE;
import static org.apache.activemq.artemis.core.security.CheckType.DELETE_DURABLE_QUEUE;
import static org.apache.activemq.artemis.core.security.CheckType.DELETE_NON_DURABLE_QUEUE;
+import static org.apache.activemq.artemis.core.security.CheckType.MANAGE;
import static org.apache.activemq.artemis.core.security.CheckType.SEND;
public class RoleTest extends Assert {
@@ -38,46 +40,65 @@ public class RoleTest extends Assert {
// Public --------------------------------------------------------
@Test
- public void testReadRole() throws Exception {
- Role role = new Role("testReadRole", true, false, false, false, false, false, false);
+ public void testWriteRole() throws Exception {
+ Role role = new Role("testWriteRole", true, false, false, false, false, false, false, false);
Assert.assertTrue(SEND.hasRole(role));
Assert.assertFalse(CONSUME.hasRole(role));
Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role));
Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
+ Assert.assertFalse(MANAGE.hasRole(role));
+ Assert.assertFalse(BROWSE.hasRole(role));
}
@Test
- public void testWriteRole() throws Exception {
- Role role = new Role("testWriteRole", false, true, false, false, false, false, false);
+ public void testReadRole() throws Exception {
+ Role role = new Role("testReadRole", false, true, false, false, false, false, false, true);
Assert.assertFalse(SEND.hasRole(role));
Assert.assertTrue(CONSUME.hasRole(role));
Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role));
Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
+ Assert.assertFalse(MANAGE.hasRole(role));
+ Assert.assertTrue(BROWSE.hasRole(role));
}
@Test
public void testCreateRole() throws Exception {
- Role role = new Role("testWriteRole", false, false, true, false, false, false, false);
+ Role role = new Role("testCreateRole", false, false, true, false, false, false, false, false);
Assert.assertFalse(SEND.hasRole(role));
Assert.assertFalse(CONSUME.hasRole(role));
Assert.assertTrue(CREATE_DURABLE_QUEUE.hasRole(role));
Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
+ Assert.assertFalse(MANAGE.hasRole(role));
+ Assert.assertFalse(BROWSE.hasRole(role));
+ }
+
+ @Test
+ public void testManageRole() throws Exception {
+ Role role = new Role("testManageRole", false, false, false, false, false, false, true, false);
+ Assert.assertFalse(SEND.hasRole(role));
+ Assert.assertFalse(CONSUME.hasRole(role));
+ Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role));
+ Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
+ Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
+ Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
+ Assert.assertTrue(MANAGE.hasRole(role));
+ Assert.assertFalse(BROWSE.hasRole(role));
}
@Test
public void testEqualsAndHashcode() throws Exception {
- Role role = new Role("testEquals", true, true, true, false, false, false, false);
- Role sameRole = new Role("testEquals", true, true, true, false, false, false, false);
- Role roleWithDifferentName = new Role("notEquals", true, true, true, false, false, false, false);
- Role roleWithDifferentRead = new Role("testEquals", false, true, true, false, false, false, false);
- Role roleWithDifferentWrite = new Role("testEquals", true, false, true, false, false, false, false);
- Role roleWithDifferentCreate = new Role("testEquals", true, true, false, false, false, false, false);
+ Role role = new Role("testEquals", true, true, true, false, false, false, false, false);
+ Role sameRole = new Role("testEquals", true, true, true, false, false, false, false, false);
+ Role roleWithDifferentName = new Role("notEquals", true, true, true, false, false, false, false, false);
+ Role roleWithDifferentRead = new Role("testEquals", false, true, true, false, false, false, false, false);
+ Role roleWithDifferentWrite = new Role("testEquals", true, false, true, false, false, false, false, false);
+ Role roleWithDifferentCreate = new Role("testEquals", true, true, false, false, false, false, false, false);
Assert.assertTrue(role.equals(role));
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/test/java/org/apache/activemq/artemis/core/settings/RepositoryTest.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/settings/RepositoryTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/settings/RepositoryTest.java
index b7563e1..ca01857 100644
--- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/settings/RepositoryTest.java
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/settings/RepositoryTest.java
@@ -72,13 +72,13 @@ public class RepositoryTest extends ActiveMQTestBase {
public void testSingletwo() {
securityRepository.addMatch("queues.another.aq.*", new HashSet<Role>());
HashSet<Role> roles = new HashSet<>(2);
- roles.add(new Role("test1", true, true, true, true, true, true, true));
- roles.add(new Role("test2", true, true, true, true, true, true, true));
+ roles.add(new Role("test1", true, true, true, true, true, true, true, true));
+ roles.add(new Role("test2", true, true, true, true, true, true, true, true));
securityRepository.addMatch("queues.aq", roles);
HashSet<Role> roles2 = new HashSet<>(2);
- roles2.add(new Role("test1", true, true, true, true, true, true, true));
- roles2.add(new Role("test2", true, true, true, true, true, true, true));
- roles2.add(new Role("test3", true, true, true, true, true, true, true));
+ roles2.add(new Role("test1", true, true, true, true, true, true, true, true));
+ roles2.add(new Role("test2", true, true, true, true, true, true, true, true));
+ roles2.add(new Role("test3", true, true, true, true, true, true, true, true));
securityRepository.addMatch("queues.another.andanother", roles2);
HashSet<Role> hashSet = securityRepository.getMatch("queues.another.andanother");
@@ -89,8 +89,8 @@ public class RepositoryTest extends ActiveMQTestBase {
public void testWithoutWildcard() {
securityRepository.addMatch("queues.1.*", new HashSet<Role>());
HashSet<Role> roles = new HashSet<>(2);
- roles.add(new Role("test1", true, true, true, true, true, true, true));
- roles.add(new Role("test2", true, true, true, true, true, true, true));
+ roles.add(new Role("test1", true, true, true, true, true, true, true, true));
+ roles.add(new Role("test2", true, true, true, true, true, true, true, true));
securityRepository.addMatch("queues.2.aq", roles);
HashSet<Role> hashSet = securityRepository.getMatch("queues.2.aq");
Assert.assertEquals(hashSet.size(), 2);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/docs/user-manual/en/security.md
----------------------------------------------------------------------
diff --git a/docs/user-manual/en/security.md b/docs/user-manual/en/security.md
index 32c9a35..0f6517a 100644
--- a/docs/user-manual/en/security.md
+++ b/docs/user-manual/en/security.md
@@ -53,6 +53,9 @@ match the address. Those permissions are:
- `consume`. This permission allows the user to consume a message from
a queue bound to matching addresses.
+- `browse`. This permission allows the user to browse a queue bound to
+ the matching address.
+
- `manage`. This permission allows the user to invoke management
operations by sending management messages to the management address.
@@ -225,11 +228,11 @@ may not be applied as expected to JMS destinations since Artemis always prefixes
"jms.topic." as necessary.
ActiveMQ 5.x only has 3 permission types - `read`, `write`, and `admin`. These permission types are described on their
-[website](http://activemq.apache.org/security.html). However, as described previously, ActiveMQ Artemis has 6 permission
+[website](http://activemq.apache.org/security.html). However, as described previously, ActiveMQ Artemis has 7 permission
types - `createDurableQueue`, `deleteDurableQueue`, `createNonDurableQueue`, `deleteNonDurableQueue`, `send`, `consume`,
-and `manage`. Here's how the old types are mapped to the new types:
+`browse`, and `manage`. Here's how the old types are mapped to the new types:
-- `read` - `consume`
+- `read` - `consume`, `browse`
- `write` - `send`
- `admin` - `createDurableQueue`, `deleteDurableQueue`, `createNonDurableQueue`, `deleteNonDurableQueue`
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/AutoCreateJmsDestinationTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/AutoCreateJmsDestinationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/AutoCreateJmsDestinationTest.java
index fcc05a3..dcae248 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/AutoCreateJmsDestinationTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/AutoCreateJmsDestinationTest.java
@@ -107,7 +107,7 @@ public class AutoCreateJmsDestinationTest extends JMSTestBase {
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest");
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "rejectAll");
- Role role = new Role("rejectAll", false, false, false, false, false, false, false);
+ Role role = new Role("rejectAll", false, false, false, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getSecurityRepository().addMatch("#", roles);
@@ -245,7 +245,7 @@ public class AutoCreateJmsDestinationTest extends JMSTestBase {
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest");
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "allowAll");
- Role role = new Role("allowAll", true, true, true, true, true, true, true);
+ Role role = new Role("allowAll", true, true, true, true, true, true, true, true);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getSecurityRepository().addMatch("#", roles);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/cluster/failover/SecurityFailoverTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/cluster/failover/SecurityFailoverTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/cluster/failover/SecurityFailoverTest.java
index 121a650..f6a8e5b 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/cluster/failover/SecurityFailoverTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/cluster/failover/SecurityFailoverTest.java
@@ -103,7 +103,7 @@ public class SecurityFailoverTest extends FailoverTest {
protected ActiveMQJAASSecurityManager installSecurity(TestableServer server) {
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getServer().getSecurityManager();
securityManager.getConfiguration().addUser("a", "b");
- Role role = new Role("arole", true, true, true, true, true, true, true);
+ Role role = new Role("arole", true, true, true, true, true, true, true, true);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getServer().getSecurityRepository().addMatch("#", roles);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java
index 0e44bae..2d4d983 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java
@@ -402,7 +402,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase {
String exactAddress = "test.whatever";
assertEquals(0, serverControl.getRoles(addressMatch).length);
- serverControl.addSecuritySettings(addressMatch, "foo", "foo, bar", "foo", "bar", "foo, bar", "", "");
+ serverControl.addSecuritySettings(addressMatch, "foo", "foo, bar", "foo", "bar", "foo, bar", "", "", "bar");
// Restart the server. Those settings should be persisted
@@ -430,6 +430,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase {
assertTrue(fooRole.isCreateNonDurableQueue());
assertFalse(fooRole.isDeleteNonDurableQueue());
assertFalse(fooRole.isManage());
+ assertFalse(fooRole.isBrowse());
assertFalse(barRole.isSend());
assertTrue(barRole.isConsume());
@@ -438,6 +439,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase {
assertTrue(barRole.isCreateNonDurableQueue());
assertFalse(barRole.isDeleteNonDurableQueue());
assertFalse(barRole.isManage());
+ assertTrue(barRole.isBrowse());
serverControl.removeSecuritySettings(addressMatch);
assertEquals(0, serverControl.getRoles(exactAddress).length);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java
index 2f979cc..05ad2bd 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java
@@ -553,6 +553,19 @@ public class ActiveMQServerControlUsingCoreTest extends ActiveMQServerControlTes
}
@Override
+ public void addSecuritySettings(String addressMatch,
+ String sendRoles,
+ String consumeRoles,
+ String createDurableQueueRoles,
+ String deleteDurableQueueRoles,
+ String createNonDurableQueueRoles,
+ String deleteNonDurableQueueRoles,
+ String manageRoles,
+ String browseRoles) throws Exception {
+ proxy.invokeOperation("addSecuritySettings", addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles);
+ }
+
+ @Override
public void removeSecuritySettings(String addressMatch) throws Exception {
proxy.invokeOperation("removeSecuritySettings", addressMatch);
}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlTest.java
index 88264f3..d34468b 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlTest.java
@@ -117,7 +117,7 @@ public class AddressControlTest extends ManagementTestBase {
public void testGetRoles() throws Exception {
SimpleString address = RandomUtil.randomSimpleString();
SimpleString queue = RandomUtil.randomSimpleString();
- Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
+ Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
session.createQueue(address, queue, true);
@@ -148,7 +148,7 @@ public class AddressControlTest extends ManagementTestBase {
public void testGetRolesAsJSON() throws Exception {
SimpleString address = RandomUtil.randomSimpleString();
SimpleString queue = RandomUtil.randomSimpleString();
- Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
+ Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
session.createQueue(address, queue, true);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlUsingCoreTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlUsingCoreTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlUsingCoreTest.java
index 53ee96a..83aeb1c 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlUsingCoreTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlUsingCoreTest.java
@@ -121,7 +121,7 @@ public class AddressControlUsingCoreTest extends ManagementTestBase {
public void testGetRoles() throws Exception {
SimpleString address = RandomUtil.randomSimpleString();
SimpleString queue = RandomUtil.randomSimpleString();
- Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
+ Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
session.createQueue(address, queue, true);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityManagementWithConfiguredAdminUserTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityManagementWithConfiguredAdminUserTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityManagementWithConfiguredAdminUserTest.java
index 10cc376..7f3ec69 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityManagementWithConfiguredAdminUserTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityManagementWithConfiguredAdminUserTest.java
@@ -90,10 +90,10 @@ public class SecurityManagementWithConfiguredAdminUserTest extends SecurityManag
securityManager.getConfiguration().addRole(invalidAdminUser, "guest");
Set<Role> adminRole = securityRepository.getMatch(ActiveMQDefaultConfiguration.getDefaultManagementAddress().toString());
- adminRole.add(new Role("admin", true, true, true, true, true, true, true));
+ adminRole.add(new Role("admin", true, true, true, true, true, true, true, true));
securityRepository.addMatch(ActiveMQDefaultConfiguration.getDefaultManagementAddress().toString(), adminRole);
Set<Role> guestRole = securityRepository.getMatch("*");
- guestRole.add(new Role("guest", true, true, true, true, true, true, false));
+ guestRole.add(new Role("guest", true, true, true, true, true, true, false, true));
securityRepository.addMatch("*", guestRole);
return server;
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java
index 8cf33f8..3e8dca4 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java
@@ -89,7 +89,7 @@ public class SecurityNotificationTest extends ActiveMQTestBase {
SimpleString address = RandomUtil.randomSimpleString();
// guest can not create queue
- Role role = new Role("roleCanNotCreateQueue", true, true, false, true, false, true, true);
+ Role role = new Role("roleCanNotCreateQueue", true, true, false, true, false, true, true, true);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getSecurityRepository().addMatch(address.toString(), roles);
@@ -138,7 +138,7 @@ public class SecurityNotificationTest extends ActiveMQTestBase {
securityManager.getConfiguration().addUser("guest", "guest");
securityManager.getConfiguration().setDefaultUser("guest");
- Role role = new Role("notif", true, true, true, true, true, true, true);
+ Role role = new Role("notif", true, true, true, true, true, true, true, true);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getSecurityRepository().addMatch(ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress().toString(), roles);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/openwire/OpenWireTestBase.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/openwire/OpenWireTestBase.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/openwire/OpenWireTestBase.java
index 6a95bfc..73c8695 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/openwire/OpenWireTestBase.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/openwire/OpenWireTestBase.java
@@ -77,24 +77,23 @@ public class OpenWireTestBase extends ActiveMQTestBase {
securityManager.getConfiguration().addRole("openwireSender", "sender");
securityManager.getConfiguration().addUser("openwireSender", "SeNdEr");
//sender cannot receive
- Role senderRole = new Role("sender", true, false, false, false, true, true, false);
+ Role senderRole = new Role("sender", true, false, false, false, true, true, false, false);
securityManager.getConfiguration().addRole("openwireReceiver", "receiver");
securityManager.getConfiguration().addUser("openwireReceiver", "ReCeIvEr");
//receiver cannot send
- Role receiverRole = new Role("receiver", false, true, false, false, true, true, false);
+ Role receiverRole = new Role("receiver", false, true, false, false, true, true, false, true);
securityManager.getConfiguration().addRole("openwireGuest", "guest");
securityManager.getConfiguration().addUser("openwireGuest", "GuEsT");
//guest cannot do anything
- Role guestRole = new Role("guest", false, false, false, false, false, false, false);
+ Role guestRole = new Role("guest", false, false, false, false, false, false, false, false);
securityManager.getConfiguration().addRole("openwireDestinationManager", "manager");
securityManager.getConfiguration().addUser("openwireDestinationManager", "DeStInAtIoN");
- //guest cannot do anything
- Role destRole = new Role("manager", false, false, false, false, true, true, false);
+ Role destRole = new Role("manager", false, false, false, false, true, true, false, false);
Set<Role> roles = new HashSet<>();
roles.add(senderRole);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/persistence/RolesConfigurationStorageTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/persistence/RolesConfigurationStorageTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/persistence/RolesConfigurationStorageTest.java
index 4f4c5de..7499109 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/persistence/RolesConfigurationStorageTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/persistence/RolesConfigurationStorageTest.java
@@ -52,9 +52,9 @@ public class RolesConfigurationStorageTest extends StorageManagerTestBase {
public void testStoreSecuritySettings() throws Exception {
createStorage();
- addSetting(new PersistedRoles("a#", "a1", "a1", "a1", "a1", "a1", "a1", "a1"));
+ addSetting(new PersistedRoles("a#", "a1", "a1", "a1", "a1", "a1", "a1", "a1", "a1"));
- addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1"));
+ addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1"));
journal.stop();
@@ -64,9 +64,9 @@ public class RolesConfigurationStorageTest extends StorageManagerTestBase {
checkSettings();
- addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1"));
+ addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1"));
- addSetting(new PersistedRoles("a3", "a1", null, "a1", "a1", "a1", "a1", "a1"));
+ addSetting(new PersistedRoles("a3", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1"));
checkSettings();
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/ActiveMQMessageHandlerSecurityTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/ActiveMQMessageHandlerSecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/ActiveMQMessageHandlerSecurityTest.java
index 544ebea..b0669f1 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/ActiveMQMessageHandlerSecurityTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/ActiveMQMessageHandlerSecurityTest.java
@@ -67,7 +67,7 @@ public class ActiveMQMessageHandlerSecurityTest extends ActiveMQRATestBase {
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("testuser", "testpassword");
securityManager.getConfiguration().addRole("testuser", "arole");
- Role role = new Role("arole", false, true, false, false, false, false, false);
+ Role role = new Role("arole", false, true, false, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/JMSContextTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/JMSContextTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/JMSContextTest.java
index 756127f..6ee6045 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/JMSContextTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/JMSContextTest.java
@@ -57,7 +57,7 @@ public class JMSContextTest extends ActiveMQRATestBase {
securityManager.getConfiguration().setDefaultUser("guest");
securityManager.getConfiguration().addRole("testuser", "arole");
securityManager.getConfiguration().addRole("guest", "arole");
- Role role = new Role("arole", true, true, true, true, true, true, true);
+ Role role = new Role("arole", true, true, true, true, true, true, true, true);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTest.java
index e9fbff3..190240c 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTest.java
@@ -82,7 +82,7 @@ public class OutgoingConnectionTest extends ActiveMQRATestBase {
securityManager.getConfiguration().setDefaultUser("guest");
securityManager.getConfiguration().addRole("testuser", "arole");
securityManager.getConfiguration().addRole("guest", "arole");
- Role role = new Role("arole", true, true, true, true, true, true, true);
+ Role role = new Role("arole", true, true, true, true, true, true, true, true);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTestJTA.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTestJTA.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTestJTA.java
index 1b32d2c..d51e0da 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTestJTA.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTestJTA.java
@@ -71,7 +71,7 @@ public class OutgoingConnectionTestJTA extends ActiveMQRATestBase {
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("testuser", "arole");
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "arole");
- Role role = new Role("arole", true, true, true, true, true, true, true);
+ Role role = new Role("arole", true, true, true, true, true, true, true, true);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LDAPSecurityTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LDAPSecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LDAPSecurityTest.java
index 90dff05..89c144e 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LDAPSecurityTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LDAPSecurityTest.java
@@ -183,7 +183,7 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
final SimpleString NON_DURABLE_QUEUE = new SimpleString("nonDurableQueue");
Set<Role> roles = new HashSet<>();
- roles.add(new Role("programmers", false, false, false, false, false, false, false));
+ roles.add(new Role("programmers", false, false, false, false, false, false, false, false));
server.getConfiguration().putSecurityRoles("#", roles);
server.start();
server.createQueue(ADDRESS, DURABLE_QUEUE, null, true, false);
@@ -257,6 +257,15 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
// ignore
}
+ // BROWSE
+ try {
+ ClientConsumer browser = session.createConsumer(DURABLE_QUEUE, true);
+ Assert.fail("should throw exception here");
+ }
+ catch (ActiveMQException e) {
+ // ignore
+ }
+
session.close();
cf.close();
}
@@ -268,7 +277,7 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
final SimpleString NON_DURABLE_QUEUE = new SimpleString("nonDurableQueue");
Set<Role> roles = new HashSet<>();
- roles.add(new Role("admins", true, true, true, true, true, true, true));
+ roles.add(new Role("admins", true, true, true, true, true, true, true, true));
server.getConfiguration().putSecurityRoles("#", roles);
server.start();
@@ -337,6 +346,14 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
Assert.fail("should not throw exception here");
}
+ // CONSUME
+ try {
+ session.createConsumer(DURABLE_QUEUE, true);
+ }
+ catch (ActiveMQException e) {
+ Assert.fail("should not throw exception here");
+ }
+
session.close();
cf.close();
}
[3/3] activemq-artemis git commit: This closes #630 ARTEMIS-628 add
BROWSE role
Posted by an...@apache.org.
This closes #630 ARTEMIS-628 add BROWSE role
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/1893d773
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/1893d773
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/1893d773
Branch: refs/heads/master
Commit: 1893d773a40e865f46c851c27b6a1ae08e3f7182
Parents: 08ab1f7 e9db9c2
Author: Andy Taylor <an...@gmail.com>
Authored: Wed Jul 13 10:00:15 2016 +0100
Committer: Andy Taylor <an...@gmail.com>
Committed: Wed Jul 13 10:00:15 2016 +0100
----------------------------------------------------------------------
.../artemis/cli/commands/etc/broker.xml | 1 +
.../core/management/ActiveMQServerControl.java | 11 ++
.../artemis/api/core/management/RoleInfo.java | 15 ++-
.../activemq/artemis/core/security/Role.java | 24 +++-
.../artemis/utils/SecurityFormatter.java | 7 +-
.../deployers/impl/FileConfigurationParser.java | 8 +-
.../impl/ActiveMQServerControlImpl.java | 17 ++-
.../core/persistence/config/PersistedRoles.java | 28 +++-
.../artemis/core/security/CheckType.java | 6 +
.../core/server/impl/ActiveMQServerImpl.java | 2 +-
.../impl/LegacyLDAPSecuritySettingPlugin.java | 3 +-
.../core/server/impl/ServerSessionImpl.java | 7 +-
.../artemis/core/security/RoleTest.java | 43 ++++--
.../artemis/core/settings/RepositoryTest.java | 14 +-
docs/user-manual/en/security.md | 9 +-
.../client/AutoCreateJmsDestinationTest.java | 4 +-
.../cluster/failover/SecurityFailoverTest.java | 2 +-
.../management/ActiveMQServerControlTest.java | 4 +-
.../ActiveMQServerControlUsingCoreTest.java | 13 ++
.../management/AddressControlTest.java | 4 +-
.../management/AddressControlUsingCoreTest.java | 2 +-
...tyManagementWithConfiguredAdminUserTest.java | 4 +-
.../management/SecurityNotificationTest.java | 4 +-
.../integration/openwire/OpenWireTestBase.java | 9 +-
.../RolesConfigurationStorageTest.java | 8 +-
.../ra/ActiveMQMessageHandlerSecurityTest.java | 2 +-
.../tests/integration/ra/JMSContextTest.java | 2 +-
.../integration/ra/OutgoingConnectionTest.java | 2 +-
.../ra/OutgoingConnectionTestJTA.java | 2 +-
.../integration/security/LDAPSecurityTest.java | 21 ++-
.../integration/security/SecurityTest.java | 132 ++++++++++++-------
.../integration/server/ResourceLimitTest.java | 2 +-
.../integration/ssl/DualAuthenticationTest.java | 4 +-
.../tests/integration/stomp/StompTestBase.java | 2 +-
tests/jms-tests/src/test/resources/broker.xml | 1 +
.../impl/ActiveMQSecurityManagerImplTest.java | 28 ++--
36 files changed, 320 insertions(+), 127 deletions(-)
----------------------------------------------------------------------