You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2019/06/11 20:33:38 UTC

[activemq-artemis] branch master updated: ARTEMIS-2377 - add password encryption to security plugins

This is an automated email from the ASF dual-hosted git repository.

jbertram pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git


The following commit(s) were added to refs/heads/master by this push:
     new 959d25f  ARTEMIS-2377 - add password encryption to security plugins
     new 6b67e27  This closes #2699
959d25f is described below

commit 959d25f0e633530debe5a83cb1962d1b91c360ea
Author: Andy <an...@gmail.com>
AuthorDate: Tue Jun 11 19:16:33 2019 +0100

    ARTEMIS-2377 - add password encryption to security plugins
    
    https://issues.apache.org/jira/browse/ARTEMIS-2377
---
 .../deployers/impl/FileConfigurationParser.java    | 11 ++-
 .../impl/FileConfigurationSecurityPluginTest.java  | 85 ++++++++++++++++++++++
 .../ConfigurationTest-security-plugin-config.xml   | 34 +++++++++
 3 files changed, 126 insertions(+), 4 deletions(-)

diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
index e064eca..aa1effb 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
@@ -706,7 +706,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
     * @param e
     * @param config
     */
-   private void parseSecurity(final Element e, final Configuration config) {
+   private void parseSecurity(final Element e, final Configuration config) throws Exception {
       NodeList elements = e.getElementsByTagName("security-settings");
       if (elements.getLength() != 0) {
          Element node = (Element) elements.item(0);
@@ -724,7 +724,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
          }
          list = node.getElementsByTagName(SECURITY_PLUGIN_ELEMENT_NAME);
          for (int i = 0; i < list.getLength(); i++) {
-            Pair<SecuritySettingPlugin, Map<String, String>> securityItem = parseSecuritySettingPlugins(list.item(i));
+            Pair<SecuritySettingPlugin, Map<String, String>> securityItem = parseSecuritySettingPlugins(list.item(i), config.isMaskPassword(), config.getPasswordCodec());
             config.addSecuritySettingPlugin(securityItem.getA().init(securityItem.getB()));
          }
       }
@@ -953,7 +953,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
       return mappedRoles.toArray(new String[mappedRoles.size()]);
    }
 
-   private Pair<SecuritySettingPlugin, Map<String, String>> parseSecuritySettingPlugins(Node item) {
+   private Pair<SecuritySettingPlugin, Map<String, String>> parseSecuritySettingPlugins(Node item, Boolean maskPassword, String passwordCodec) throws Exception {
       final String clazz = item.getAttributes().getNamedItem("class-name").getNodeValue();
       final Map<String, String> settings = new HashMap<>();
       NodeList children = item.getChildNodes();
@@ -962,7 +962,10 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
          final String nodeName = child.getNodeName();
          if (SETTING_ELEMENT_NAME.equalsIgnoreCase(nodeName)) {
             final String settingName = getAttributeValue(child, NAME_ATTR_NAME);
-            final String settingValue = getAttributeValue(child, VALUE_ATTR_NAME);
+            String settingValue = getAttributeValue(child, VALUE_ATTR_NAME);
+            if (settingValue != null && PasswordMaskingUtil.isEncMasked(settingValue)) {
+               settingValue = PasswordMaskingUtil.resolveMask(maskPassword, settingValue, passwordCodec);
+            }
             settings.put(settingName, settingValue);
          }
       }
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationSecurityPluginTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationSecurityPluginTest.java
new file mode 100644
index 0000000..b3a8b57
--- /dev/null
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationSecurityPluginTest.java
@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.core.config.impl;
+
+
+import org.apache.activemq.artemis.core.config.Configuration;
+import org.apache.activemq.artemis.core.config.FileDeploymentManager;
+import org.apache.activemq.artemis.core.security.Role;
+import org.apache.activemq.artemis.core.server.SecuritySettingPlugin;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+public class FileConfigurationSecurityPluginTest extends ConfigurationImplTest {
+
+
+   protected String getConfigurationName() {
+      return "ConfigurationTest-security-plugin-config.xml";
+   }
+
+   @Override
+   @Test
+   public void testDefaults() {
+      List<SecuritySettingPlugin> securitySettingPlugins = conf.getSecuritySettingPlugins();
+      Assert.assertEquals(1, securitySettingPlugins.size());
+      Assert.assertEquals("secret", MyPlugin.options.get("setting1"));
+      Assert.assertEquals("hello", MyPlugin.options.get("setting2"));
+   }
+
+   @Override
+   protected Configuration createConfiguration() throws Exception {
+      FileConfiguration fc = new FileConfiguration();
+      FileDeploymentManager deploymentManager = new FileDeploymentManager(getConfigurationName());
+      deploymentManager.addDeployable(fc);
+      deploymentManager.readConfiguration();
+      return fc;
+   }
+
+   public static class MyPlugin implements SecuritySettingPlugin {
+
+      private static Map<String, String> options;
+
+      public MyPlugin() {
+      }
+
+      @Override
+      public SecuritySettingPlugin init(Map<String, String> options) {
+         MyPlugin.options = options;
+         return this;
+      }
+
+      @Override
+      public SecuritySettingPlugin stop() {
+         return null;
+      }
+
+      @Override
+      public Map<String, Set<Role>> getSecurityRoles() {
+         return null;
+      }
+
+      @Override
+      public void setSecurityRepository(HierarchicalRepository<Set<Role>> securityRepository) {
+
+      }
+   }
+}
diff --git a/artemis-server/src/test/resources/ConfigurationTest-security-plugin-config.xml b/artemis-server/src/test/resources/ConfigurationTest-security-plugin-config.xml
new file mode 100644
index 0000000..b643f8a
--- /dev/null
+++ b/artemis-server/src/test/resources/ConfigurationTest-security-plugin-config.xml
@@ -0,0 +1,34 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<configuration
+        xmlns="urn:activemq"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="urn:activemq ../../../../activemq-server/src/main/resources/schema/artemis-server.xsd">
+   <core xmlns="urn:activemq:core">
+
+    <!--  <mask-password>true</mask-password>
+      <password-codec>org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec</password-codec>
+-->
+      <security-settings>
+         <security-setting-plugin class-name="org.apache.activemq.artemis.core.config.impl.FileConfigurationSecurityPluginTest$MyPlugin">
+            <setting name="setting1" value="ENC(-41e444c3ed07d6dd)"/>
+            <setting name="setting2" value="hello"/>
+         </security-setting-plugin>
+      </security-settings>
+
+   </core>
+</configuration>