You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2019/06/11 20:33:38 UTC
[activemq-artemis] branch master updated: ARTEMIS-2377 - add
password encryption to security plugins
This is an automated email from the ASF dual-hosted git repository.
jbertram pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/master by this push:
new 959d25f ARTEMIS-2377 - add password encryption to security plugins
new 6b67e27 This closes #2699
959d25f is described below
commit 959d25f0e633530debe5a83cb1962d1b91c360ea
Author: Andy <an...@gmail.com>
AuthorDate: Tue Jun 11 19:16:33 2019 +0100
ARTEMIS-2377 - add password encryption to security plugins
https://issues.apache.org/jira/browse/ARTEMIS-2377
---
.../deployers/impl/FileConfigurationParser.java | 11 ++-
.../impl/FileConfigurationSecurityPluginTest.java | 85 ++++++++++++++++++++++
.../ConfigurationTest-security-plugin-config.xml | 34 +++++++++
3 files changed, 126 insertions(+), 4 deletions(-)
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
index e064eca..aa1effb 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
@@ -706,7 +706,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
* @param e
* @param config
*/
- private void parseSecurity(final Element e, final Configuration config) {
+ private void parseSecurity(final Element e, final Configuration config) throws Exception {
NodeList elements = e.getElementsByTagName("security-settings");
if (elements.getLength() != 0) {
Element node = (Element) elements.item(0);
@@ -724,7 +724,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
}
list = node.getElementsByTagName(SECURITY_PLUGIN_ELEMENT_NAME);
for (int i = 0; i < list.getLength(); i++) {
- Pair<SecuritySettingPlugin, Map<String, String>> securityItem = parseSecuritySettingPlugins(list.item(i));
+ Pair<SecuritySettingPlugin, Map<String, String>> securityItem = parseSecuritySettingPlugins(list.item(i), config.isMaskPassword(), config.getPasswordCodec());
config.addSecuritySettingPlugin(securityItem.getA().init(securityItem.getB()));
}
}
@@ -953,7 +953,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
return mappedRoles.toArray(new String[mappedRoles.size()]);
}
- private Pair<SecuritySettingPlugin, Map<String, String>> parseSecuritySettingPlugins(Node item) {
+ private Pair<SecuritySettingPlugin, Map<String, String>> parseSecuritySettingPlugins(Node item, Boolean maskPassword, String passwordCodec) throws Exception {
final String clazz = item.getAttributes().getNamedItem("class-name").getNodeValue();
final Map<String, String> settings = new HashMap<>();
NodeList children = item.getChildNodes();
@@ -962,7 +962,10 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
final String nodeName = child.getNodeName();
if (SETTING_ELEMENT_NAME.equalsIgnoreCase(nodeName)) {
final String settingName = getAttributeValue(child, NAME_ATTR_NAME);
- final String settingValue = getAttributeValue(child, VALUE_ATTR_NAME);
+ String settingValue = getAttributeValue(child, VALUE_ATTR_NAME);
+ if (settingValue != null && PasswordMaskingUtil.isEncMasked(settingValue)) {
+ settingValue = PasswordMaskingUtil.resolveMask(maskPassword, settingValue, passwordCodec);
+ }
settings.put(settingName, settingValue);
}
}
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationSecurityPluginTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationSecurityPluginTest.java
new file mode 100644
index 0000000..b3a8b57
--- /dev/null
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationSecurityPluginTest.java
@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.core.config.impl;
+
+
+import org.apache.activemq.artemis.core.config.Configuration;
+import org.apache.activemq.artemis.core.config.FileDeploymentManager;
+import org.apache.activemq.artemis.core.security.Role;
+import org.apache.activemq.artemis.core.server.SecuritySettingPlugin;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+public class FileConfigurationSecurityPluginTest extends ConfigurationImplTest {
+
+
+ protected String getConfigurationName() {
+ return "ConfigurationTest-security-plugin-config.xml";
+ }
+
+ @Override
+ @Test
+ public void testDefaults() {
+ List<SecuritySettingPlugin> securitySettingPlugins = conf.getSecuritySettingPlugins();
+ Assert.assertEquals(1, securitySettingPlugins.size());
+ Assert.assertEquals("secret", MyPlugin.options.get("setting1"));
+ Assert.assertEquals("hello", MyPlugin.options.get("setting2"));
+ }
+
+ @Override
+ protected Configuration createConfiguration() throws Exception {
+ FileConfiguration fc = new FileConfiguration();
+ FileDeploymentManager deploymentManager = new FileDeploymentManager(getConfigurationName());
+ deploymentManager.addDeployable(fc);
+ deploymentManager.readConfiguration();
+ return fc;
+ }
+
+ public static class MyPlugin implements SecuritySettingPlugin {
+
+ private static Map<String, String> options;
+
+ public MyPlugin() {
+ }
+
+ @Override
+ public SecuritySettingPlugin init(Map<String, String> options) {
+ MyPlugin.options = options;
+ return this;
+ }
+
+ @Override
+ public SecuritySettingPlugin stop() {
+ return null;
+ }
+
+ @Override
+ public Map<String, Set<Role>> getSecurityRoles() {
+ return null;
+ }
+
+ @Override
+ public void setSecurityRepository(HierarchicalRepository<Set<Role>> securityRepository) {
+
+ }
+ }
+}
diff --git a/artemis-server/src/test/resources/ConfigurationTest-security-plugin-config.xml b/artemis-server/src/test/resources/ConfigurationTest-security-plugin-config.xml
new file mode 100644
index 0000000..b643f8a
--- /dev/null
+++ b/artemis-server/src/test/resources/ConfigurationTest-security-plugin-config.xml
@@ -0,0 +1,34 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration
+ xmlns="urn:activemq"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:activemq ../../../../activemq-server/src/main/resources/schema/artemis-server.xsd">
+ <core xmlns="urn:activemq:core">
+
+ <!-- <mask-password>true</mask-password>
+ <password-codec>org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec</password-codec>
+-->
+ <security-settings>
+ <security-setting-plugin class-name="org.apache.activemq.artemis.core.config.impl.FileConfigurationSecurityPluginTest$MyPlugin">
+ <setting name="setting1" value="ENC(-41e444c3ed07d6dd)"/>
+ <setting name="setting2" value="hello"/>
+ </security-setting-plugin>
+ </security-settings>
+
+ </core>
+</configuration>