You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2018/01/06 14:11:34 UTC
[2/2] qpid-broker-j git commit: QPID-6933: [System Tests] Refactor
messaging acl tests as JMS 1.1 system test
QPID-6933: [System Tests] Refactor messaging acl tests as JMS 1.1 system test
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/461f842a
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/461f842a
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/461f842a
Branch: refs/heads/master
Commit: 461f842a66ba6ce001fb7b4f61e545a7d8189423
Parents: b52830d
Author: Alex Rudyy <or...@apache.org>
Authored: Sat Jan 6 14:11:16 2018 +0000
Committer: Alex Rudyy <or...@apache.org>
Committed: Sat Jan 6 14:11:16 2018 +0000
----------------------------------------------------------------------
systests/qpid-systests-jms-core/pom.xml | 6 +
.../extensions/acl/MessagingACLTest.java | 892 +++++++++++++++++++
.../org/apache/qpid/test/utils/TestUtils.java | 22 +
.../logging/AccessControlLoggingTest.java | 14 +-
.../security/acl/AbstractACLTestCase.java | 169 ----
.../security/acl/Amqp0xMessagingACLTest.java | 56 --
.../server/security/acl/MessagingACLTest.java | 678 --------------
.../qpid/systest/rest/acl/BrokerACLTest.java | 4 +-
.../systest/rest/acl/ExchangeRestACLTest.java | 2 +-
.../qpid/systest/rest/acl/GroupRestACLTest.java | 10 +-
.../qpid/systest/rest/acl/QueueRestACLTest.java | 4 +-
.../qpid/systest/rest/acl/UserRestACLTest.java | 8 +-
.../systest/rest/acl/VirtualHostACLTest.java | 4 +-
.../rest/acl/VirtualHostNodeACLTest.java | 4 +-
.../utils/EmbeddedBrokerPerClassAdminImpl.java | 35 +-
test-profiles/Java10Excludes | 9 -
test-profiles/JavaPre010Excludes | 3 -
17 files changed, 971 insertions(+), 949 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/461f842a/systests/qpid-systests-jms-core/pom.xml
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-jms-core/pom.xml b/systests/qpid-systests-jms-core/pom.xml
index 40456dc..06c488a 100644
--- a/systests/qpid-systests-jms-core/pom.xml
+++ b/systests/qpid-systests-jms-core/pom.xml
@@ -105,6 +105,12 @@
<scope>runtime</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.qpid</groupId>
+ <artifactId>qpid-broker-plugins-access-control</artifactId>
+ <scope>runtime</scope>
+ </dependency>
+
</dependencies>
<build>
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/461f842a/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/acl/MessagingACLTest.java
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/acl/MessagingACLTest.java b/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/acl/MessagingACLTest.java
new file mode 100644
index 0000000..c507bd8
--- /dev/null
+++ b/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/acl/MessagingACLTest.java
@@ -0,0 +1,892 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.qpid.systests.jms_1_1.extensions.acl;
+
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.not;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.io.StringReader;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import javax.jms.Connection;
+import javax.jms.JMSException;
+import javax.jms.Message;
+import javax.jms.MessageConsumer;
+import javax.jms.MessageProducer;
+import javax.jms.Queue;
+import javax.jms.Session;
+import javax.jms.TemporaryQueue;
+import javax.jms.TemporaryTopic;
+import javax.jms.TextMessage;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.Test;
+
+import org.apache.qpid.server.logging.EventLogger;
+import org.apache.qpid.server.logging.EventLoggerProvider;
+import org.apache.qpid.server.model.Group;
+import org.apache.qpid.server.model.GroupMember;
+import org.apache.qpid.server.model.Protocol;
+import org.apache.qpid.server.security.access.config.AclFileParser;
+import org.apache.qpid.server.security.access.config.LegacyOperation;
+import org.apache.qpid.server.security.access.config.ObjectProperties;
+import org.apache.qpid.server.security.access.config.ObjectType;
+import org.apache.qpid.server.security.access.config.Rule;
+import org.apache.qpid.server.security.access.config.RuleSet;
+import org.apache.qpid.server.security.access.firewall.FirewallRule;
+import org.apache.qpid.server.security.access.firewall.HostnameFirewallRule;
+import org.apache.qpid.server.security.access.firewall.NetworkFirewallRule;
+import org.apache.qpid.server.security.access.plugins.AclRule;
+import org.apache.qpid.server.security.access.plugins.RuleBasedVirtualHostAccessControlProvider;
+import org.apache.qpid.server.security.access.plugins.RuleOutcome;
+import org.apache.qpid.server.security.group.GroupProviderImpl;
+import org.apache.qpid.systests.JmsTestBase;
+
+
+public class MessagingACLTest extends JmsTestBase
+{
+ private static final String LINE_SEPARATOR = System.getProperty("line.separator");
+ private static final String USER1 = "guest";
+ private static final String USER1_PASSWORD = "guest";
+ private static final String USER2 = "admin";
+ private static final String USER2_PASSWORD = "admin";
+ private static final String RULE_BASED_VIRTUAL_HOST_ACCESS_CONTROL_PROVIDER_TYPE =
+ "org.apache.qpid.RuleBaseVirtualHostAccessControlProvider";
+ private static final String EXCHANGE_TYPE = "org.apache.qpid.Exchange";
+
+ @Test
+ public void testAccessAuthorizedSuccess() throws Exception
+ {
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1));
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ assertConnection(connection);
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ @Test
+ public void testAccessNoRightsFailure() throws Exception
+ {
+ configureACL(String.format("ACL DENY-LOG %s ACCESS VIRTUALHOST", USER1));
+
+ try
+ {
+ getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ fail("Connection was created.");
+ }
+ catch (JMSException e)
+ {
+ assertAccessDeniedException(e);
+ }
+ }
+
+ @Test
+ public void testAccessVirtualHostWithName() throws Exception
+ {
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST name='%s'",
+ USER1,
+ getVirtualHostName()),
+ String.format("ACL DENY-LOG %s ACCESS VIRTUALHOST name='%s'", USER2, getVirtualHostName()));
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ assertConnection(connection);
+ }
+ finally
+ {
+
+ connection.close();
+ }
+
+ try
+ {
+ getConnectionBuilder().setUsername(USER2).setPassword(USER2_PASSWORD).build();
+ fail("Access should be denied");
+ }
+ catch (JMSException e)
+ {
+ assertAccessDeniedException(e);
+ }
+ }
+
+ @Test
+ public void testAccessVirtualHostWildCard() throws Exception
+ {
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST name='*'", USER1),
+ String.format("ACL DENY-LOG %s ACCESS VIRTUALHOST name='*'", USER2));
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ assertConnection(connection);
+ }
+ finally
+ {
+
+ connection.close();
+ }
+
+ try
+ {
+ getConnectionBuilder().setUsername(USER2).setPassword(USER2_PASSWORD).build();
+ fail("Access should be denied");
+ }
+ catch (JMSException e)
+ {
+ assertAccessDeniedException(e);
+ }
+ }
+
+ @Test
+ public void testConsumeFromTempQueueSuccess() throws Exception
+ {
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ String.format("ACL ALLOW-LOG %s CREATE QUEUE temporary=\"true\"", USER1),
+ String.format("ACL ALLOW-LOG %s CONSUME QUEUE temporary=\"true\"", USER1),
+ isLegacyClient() ? String.format("ACL ALLOW-LOG %s BIND EXCHANGE name=\"*\"", USER1) : "");
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ connection.start();
+ session.createConsumer(session.createTemporaryQueue()).close();
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ @Test
+ public void testConsumeFromTempQueueFailure() throws Exception
+ {
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ String.format("ACL ALLOW-LOG %s CREATE QUEUE temporary=\"true\"", USER1),
+ String.format("ACL DENY-LOG %s CONSUME QUEUE temporary=\"true\"", USER1),
+ isLegacyClient() ? String.format("ACL ALLOW-LOG %s BIND EXCHANGE name=\"*\"", USER1) : "");
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ connection.start();
+
+ TemporaryQueue temporaryQueue = session.createTemporaryQueue();
+ try
+ {
+ session.createConsumer(temporaryQueue);
+ fail("Exception is not thrown");
+ }
+ catch (JMSException e)
+ {
+ // pass
+ }
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ @Test
+ public void testConsumeFromTempTopicSuccess() throws Exception
+ {
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ String.format("ACL ALLOW-LOG %s CREATE QUEUE temporary=\"true\"", USER1),
+ String.format("ACL ALLOW-LOG %s CONSUME QUEUE temporary=\"true\"", USER1),
+ String.format(isLegacyClient()
+ ? "ACL ALLOW-LOG %s BIND EXCHANGE name=\"amq.topic\""
+ : "ACL ALLOW-LOG %s BIND EXCHANGE temporary=\"true\"", USER1));
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ connection.start();
+ TemporaryTopic temporaryTopic = session.createTemporaryTopic();
+ session.createConsumer(temporaryTopic);
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ @Test
+ public void testConsumeFromNamedQueueValid() throws Exception
+ {
+ final String queueName = getTestName();
+ Queue queue = createQueue(queueName);
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ String.format("ACL ALLOW-LOG %s CONSUME QUEUE name=\"%s\"", USER1, queueName),
+ isLegacyClient() ? String.format("ACL ALLOW-LOG %s CREATE QUEUE name=\"%s\"", USER1, queueName) : "",
+ isLegacyClient() ? String.format("ACL ALLOW-LOG %s BIND EXCHANGE name=\"*\" routingKey=\"%s\"", USER1, queueName) : "");
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ connection.start();
+ session.createConsumer(queue).close();
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ @Test
+ public void testConsumeFromNamedQueueFailure() throws Exception
+ {
+ String queueName = getTestName();
+ Queue queue = createQueue(queueName);
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ String.format("ACL DENY-LOG %s CONSUME QUEUE name=\"%s\"", USER1, queueName),
+ isLegacyClient() ? String.format("ACL ALLOW-LOG %s CREATE QUEUE name=\"%s\"", USER1, queueName) : "",
+ isLegacyClient() ? String.format("ACL ALLOW-LOG %s BIND EXCHANGE name=\"*\" routingKey=\"%s\"", USER1, queueName) : "");
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ connection.start();
+ try
+ {
+ session.createConsumer(queue);
+ fail("Test failed as consumer was created.");
+ }
+ catch (JMSException e)
+ {
+ // pass
+ }
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ @Test
+ public void testCreateTemporaryQueueSuccess() throws Exception
+ {
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ String.format("ACL ALLOW-LOG %s CREATE QUEUE temporary=\"true\"", USER1),
+ isLegacyClient() ? String.format("ACL ALLOW-LOG %s BIND EXCHANGE name=\"*\" temporary=true", USER1) : "");
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ TemporaryQueue queue = session.createTemporaryQueue();
+ assertNotNull(queue);
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ // For AMQP 1.0 the server causes a temporary instance of the fanout exchange to come into being.
+ // For early AMQP version, there are no server side objects created as amq.topic is used.
+ @Test
+ public void testCreateTempTopicSuccess() throws Exception
+ {
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1));
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ TemporaryTopic temporaryTopic = session.createTemporaryTopic();
+ assertNotNull(temporaryTopic);
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ @Test
+ public void testCreateTemporaryQueueFailed() throws Exception
+ {
+ assumeThat("QPID-7919",
+ getProtocol(),
+ is(not(equalTo(Protocol.AMQP_1_0))));
+
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ String.format("ACL DENY-LOG %s CREATE QUEUE temporary=\"true\"", USER1));
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ connection.start();
+
+ try
+ {
+ session.createTemporaryQueue();
+ fail("Test failed as creation succeeded.");
+ }
+ catch (JMSException e)
+ {
+ assertJMSExceptionMessageContains(e, "Permission CREATE is denied for : Queue");
+ }
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ @Test
+ public void testPublishUsingTransactionSuccess() throws Exception
+ {
+ String queueName = getTestName();
+ Queue queue = createQueue(queueName);
+
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ String.format(isLegacyClient()
+ ? "ACL ALLOW-LOG %s PUBLISH EXCHANGE name=\"amq.direct\" routingKey=\"%s\""
+ : "ACL ALLOW-LOG %s PUBLISH EXCHANGE name=\"\" routingKey=\"%s\"",
+ USER1,
+ queueName));
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
+ MessageProducer sender = session.createProducer(queue);
+ sender.send(session.createTextMessage("test"));
+ session.commit();
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ @Test
+ public void testPublishToExchangeUsingTransactionSuccess() throws Exception
+ {
+ String queueName = getTestName();
+ createQueue(queueName);
+ final Map<String, Object> bindingArguments = new HashMap<>();
+ bindingArguments.put("destination", queueName);
+ bindingArguments.put("bindingKey", queueName);
+
+ performOperationUsingAmqpManagement("amq.direct",
+ "bind",
+ EXCHANGE_TYPE,
+ bindingArguments);
+
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ String.format("ACL ALLOW-LOG %s PUBLISH EXCHANGE name=\"amq.direct\" routingKey=\"%s\"", USER1, queueName));
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
+
+ String address = String.format(isLegacyClient() ? "ADDR:amq.direct/%s" : "amq.direct/%s", queueName);
+ Queue queue = session.createQueue(address);
+ MessageProducer sender = session.createProducer(queue);
+ sender.send(session.createTextMessage("test"));
+ session.commit();
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ @Test
+ public void testRequestResponseSuccess() throws Exception
+ {
+ String queueName = getTestName();
+ Queue queue = createQueue(queueName);
+ String groupName = "messaging-users";
+ createGroupProvider(groupName, USER1, USER2);
+
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", groupName),
+ String.format("ACL ALLOW-LOG %s CONSUME QUEUE name=\"%s\"", USER1, queueName),
+ String.format("ACL ALLOW-LOG %s CONSUME QUEUE temporary=true", USER2),
+ String.format("ACL ALLOW-LOG %s CREATE QUEUE temporary=true", USER2),
+ isLegacyClient() ?
+ String.format("ACL ALLOW-LOG %s BIND EXCHANGE name=\"amq.direct\" temporary=true", USER2) :
+ String.format("ACL ALLOW-LOG %s PUBLISH EXCHANGE name=\"\" routingKey=\"TempQueue*\"", USER1),
+ isLegacyClient() ?
+ String.format("ACL ALLOW-LOG %s PUBLISH EXCHANGE name=\"amq.direct\" routingKey=\"%s\"", USER2, queueName) :
+ String.format("ACL ALLOW-LOG %s PUBLISH EXCHANGE name=\"\" routingKey=\"%s\"", USER2, queueName),
+ isLegacyClient() ? String.format("ACL ALLOW-LOG %s CREATE QUEUE name=\"%s\"", USER1, queueName) : "",
+ isLegacyClient() ? String.format("ACL ALLOW-LOG %s BIND EXCHANGE", USER1) : "",
+ isLegacyClient() ? String.format("ACL ALLOW-LOG %s PUBLISH EXCHANGE name=\"amq.direct\" routingKey=\"TempQueue*\"", USER1) : ""
+ );
+
+ Connection responderConnection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session responderSession = responderConnection.createSession(true, Session.SESSION_TRANSACTED);
+ MessageConsumer requestConsumer = responderSession.createConsumer(queue);
+ responderConnection.start();
+
+ Connection requesterConnection = getConnectionBuilder().setUsername(USER2).setPassword(USER2_PASSWORD).build();
+ try
+ {
+ Session requesterSession = requesterConnection.createSession(true, Session.SESSION_TRANSACTED);
+ Queue responseQueue = requesterSession.createTemporaryQueue();
+ MessageConsumer responseConsumer = requesterSession.createConsumer(responseQueue);
+ requesterConnection.start();
+
+ Message request = requesterSession.createTextMessage("Request");
+ request.setJMSReplyTo(responseQueue);
+
+ requesterSession.createProducer(queue).send(request);
+ requesterSession.commit();
+
+ Message receivedRequest = requestConsumer.receive(getReceiveTimeout());
+ assertNotNull("Request is not received", receivedRequest);
+ assertNotNull("Request should have Reply-To", receivedRequest.getJMSReplyTo());
+
+ MessageProducer responder = responderSession.createProducer(receivedRequest.getJMSReplyTo());
+ responder.send(responderSession.createTextMessage("Response"));
+ responderSession.commit();
+
+ Message receivedResponse = responseConsumer.receive(getReceiveTimeout());
+ requesterSession.commit();
+ assertNotNull("Response is not received", receivedResponse);
+ assertEquals("Unexpected response is received", "Response", ((TextMessage) receivedResponse).getText());
+ }
+ finally
+ {
+ requesterConnection.close();
+ }
+ }
+ finally
+ {
+ responderConnection.close();
+ }
+
+ }
+
+ @Test
+ public void testPublishToTempTopicSuccess() throws Exception
+ {
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ isLegacyClient() ? String.format("ACL ALLOW-LOG %s PUBLISH EXCHANGE name=\"amq.topic\"", USER1) :
+ String.format("ACL ALLOW-LOG %s PUBLISH EXCHANGE temporary=\"true\"", USER1));
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
+ connection.start();
+
+ TemporaryTopic temporaryTopic = session.createTemporaryTopic();
+ MessageProducer producer = session.createProducer(temporaryTopic);
+ producer.send(session.createMessage());
+ session.commit();
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ @Test
+ public void testFirewallAllow() throws Exception
+ {
+ configureACL(String.format("ACL ALLOW %s ACCESS VIRTUALHOST from_network=\"127.0.0.1\"", USER1));
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ assertConnection(connection);
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ @Test
+ public void testFirewallDeny() throws Exception
+ {
+ configureACL(String.format("ACL DENY %s ACCESS VIRTUALHOST from_network=\"127.0.0.1\"", USER1));
+
+ try
+ {
+ getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ fail("We expected the connection to fail");
+ }
+ catch (JMSException e)
+ {
+ // pass
+ }
+ }
+
+ @Test
+ public void testPublishToDefaultExchangeSuccess() throws Exception
+ {
+ assumeThat("Test not applicable for AMQP 1.0",
+ getProtocol(),
+ is(not(equalTo(Protocol.AMQP_1_0))));
+
+ String queueName = getTestName();
+ createQueue(queueName);
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ String.format("ACL ALLOW-LOG %s PUBLISH EXCHANGE name=\"\" routingKey=\"%s\"", USER1, queueName));
+
+
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
+ MessageProducer sender = session.createProducer(session.createQueue(String.format("ADDR: %s", queueName)));
+ sender.send(session.createTextMessage("test"));
+ session.commit();
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ @Test
+ public void testPublishToDefaultExchangeFailure() throws Exception
+ {
+ assumeThat("Test not applicable for AMQP 1.0",
+ getProtocol(),
+ is(not(equalTo(Protocol.AMQP_1_0))));
+
+ String queueName = getTestName();
+ createQueue(queueName);
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ String.format("ACL DENY-LOG %s PUBLISH EXCHANGE name=\"\" routingKey=\"%s\"", USER1, queueName));
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
+ MessageProducer sender = session.createProducer(session.createQueue(String.format("ADDR: %s", queueName)));
+ sender.send(session.createTextMessage("test"));
+ session.commit();
+ fail("Sending to the anonymousExchange without permission should fail");
+ }
+ catch (JMSException e)
+ {
+ assertJMSExceptionMessageContains(e, "Access denied to publish to default exchange");
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ @Test
+ public void testAnonymousProducerFailsToSendMessageIntoDeniedDestination() throws Exception
+ {
+ final String allowedDestinationName = "example.RequestQueue";
+ final String deniedDestinationName = "deniedQueue";
+ createQueue(allowedDestinationName);
+ createQueue(deniedDestinationName);
+
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ String.format(isLegacyClient()
+ ? "ACL ALLOW-LOG %s PUBLISH EXCHANGE name=\"amq.direct\" routingKey=\"%s\""
+ : "ACL ALLOW-LOG %s PUBLISH EXCHANGE name=\"\" routingKey=\"%s\"", USER1, allowedDestinationName),
+ String.format("ACL DENY-LOG %s PUBLISH EXCHANGE name=\"*\" routingKey=\"%s\"", USER1, deniedDestinationName));
+
+ Connection connection = getConnectionBuilder().setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
+ MessageProducer producer = session.createProducer(null);
+ producer.send(session.createQueue(allowedDestinationName), session.createTextMessage("test1"));
+ session.commit();
+ }
+ finally
+ {
+ connection.close();
+ }
+
+ Connection connection2 = getConnectionBuilder().setSyncPublish(true).setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection2.createSession(true, Session.SESSION_TRANSACTED);
+ try
+ {
+ MessageProducer producer = session.createProducer(null);
+ producer.send(session.createQueue(deniedDestinationName), session.createTextMessage("test2"));
+
+ fail("Sending should fail");
+ }
+ catch (JMSException e)
+ {
+ assertJMSExceptionMessageContains(e,
+ String.format(
+ "Permission PERFORM_ACTION(publish) is denied for : %s",
+ (!isLegacyClient() ? "Queue" : "Exchange")));
+ }
+
+ try
+ {
+ session.commit();
+ fail("Commit should fail");
+ }
+ catch (JMSException e)
+ {
+ // pass
+ }
+ }
+ finally
+ {
+ connection2.close();
+ }
+ }
+
+ @Test
+ public void testPublishIntoDeniedDestinationFails() throws Exception
+ {
+ final String deniedDestinationName = "deniedQueue";
+ createQueue(deniedDestinationName);
+
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ String.format("ACL DENY-LOG %s PUBLISH EXCHANGE name=\"*\" routingKey=\"%s\"", USER1, deniedDestinationName));
+
+
+ Connection connection = getConnectionBuilder().setSyncPublish(true).setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
+ MessageProducer producer = session.createProducer(session.createQueue(deniedDestinationName));
+ producer.send(session.createTextMessage("test"));
+
+ fail("Sending should fail");
+ }
+ catch (JMSException e)
+ {
+ assertJMSExceptionMessageContains(e,
+ String.format(
+ "Permission PERFORM_ACTION(publish) is denied for : %s",
+ (!isLegacyClient() ? "Queue" : "Exchange")));
+ }
+ }
+
+ @Test
+ public void testCreateNamedQueueFailure() throws Exception
+ {
+ assumeThat("Test not applicable for AMQP 1.0",
+ getProtocol(),
+ is(not(equalTo(Protocol.AMQP_1_0))));
+
+ String queueName = getTestName();
+ configureACL(String.format("ACL ALLOW-LOG %s ACCESS VIRTUALHOST", USER1),
+ String.format("ACL ALLOW-LOG %s CREATE QUEUE name=\"%s\"", USER1, queueName),
+ isLegacyClient() ? String.format("ACL ALLOW-LOG %s BIND EXCHANGE name=\"*\" routingKey=\"%s\"", USER1, queueName) : "");
+
+ Connection connection = getConnectionBuilder().setSyncPublish(true).setUsername(USER1).setPassword(USER1_PASSWORD).build();
+ try
+ {
+ Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ try
+ {
+ session.createConsumer(session.createQueue("IllegalQueue"));
+ fail("Test failed as Queue creation succeeded.");
+ }
+ catch (JMSException e)
+ {
+ assertJMSExceptionMessageContains(e, "Permission CREATE is denied for : Queue");
+ }
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ private void assertJMSExceptionMessageContains(final JMSException e, final String expectedMessage)
+ {
+ Set<Throwable> examined = new HashSet<>();
+ Throwable current = e;
+ do
+ {
+ if (current.getMessage().contains(expectedMessage))
+ {
+ return;
+ }
+ examined.add(current);
+ current = current.getCause();
+ }
+ while (current != null && !examined.contains(current));
+ e.printStackTrace();
+ fail(String.format("Unexpected message. Root exception : %s. Expected root or underlying(s) to contain : %s", e.getMessage(), expectedMessage));
+ }
+
+
+ private void configureACL(String... rules) throws Exception
+ {
+ EventLoggerProvider eventLoggerProvider = mock(EventLoggerProvider.class);
+ EventLogger eventLogger = mock(EventLogger.class);
+ when(eventLoggerProvider.getEventLogger()).thenReturn(eventLogger);
+
+ List<AclRule> aclRules = new ArrayList<>();
+ try(StringReader stringReader = new StringReader(Arrays.stream(rules).collect(Collectors.joining(LINE_SEPARATOR))))
+ {
+ RuleSet ruleSet = AclFileParser.parse(stringReader, eventLoggerProvider);
+ final List<Rule> parsedRules = ruleSet.getAllRules();
+ for(final Rule rule: parsedRules)
+ {
+ aclRules.add(new AclRule(){
+ @Override
+ public String getIdentity()
+ {
+ return rule.getIdentity();
+ }
+
+ @Override
+ public ObjectType getObjectType()
+ {
+ return rule.getAction().getObjectType();
+ }
+
+ @Override
+ public LegacyOperation getOperation()
+ {
+ return rule.getAction().getOperation();
+ }
+
+ @Override
+ public Map<ObjectProperties.Property, String> getAttributes()
+ {
+ Map<ObjectProperties.Property, String> attributes = new HashMap<>(rule.getAction().getProperties().asPropertyMap());
+ FirewallRule firewallRule = rule.getAclAction().getFirewallRule();
+ if (firewallRule != null)
+ {
+ if (firewallRule instanceof HostnameFirewallRule)
+ {
+ attributes.put(ObjectProperties.Property.FROM_HOSTNAME, "127.0.0.1");
+ }
+ else if (firewallRule instanceof NetworkFirewallRule)
+ {
+ // tests use only 127.0.0.1 at the moment
+ attributes.put(ObjectProperties.Property.FROM_NETWORK, "127.0.0.1");
+ }
+ }
+ return attributes;
+ }
+
+ @Override
+ public RuleOutcome getOutcome()
+ {
+ return rule.getRuleOutcome();
+ }
+ });
+ }
+ }
+
+ configureACL(aclRules.toArray(new AclRule[aclRules.size()]));
+ }
+
+ private void configureACL(AclRule... rules) throws Exception
+ {
+ final String serializedRules = new ObjectMapper().writeValueAsString(rules);
+ final Map<String, Object> attributes = new HashMap<>();
+ attributes.put(RuleBasedVirtualHostAccessControlProvider.RULES, serializedRules);
+ attributes.put(RuleBasedVirtualHostAccessControlProvider.DEFAULT_RESULT, "DENIED");
+ createEntityUsingAmqpManagement("acl", RULE_BASED_VIRTUAL_HOST_ACCESS_CONTROL_PROVIDER_TYPE, attributes);
+ }
+
+ private void createGroupProvider(final String groupName, final String... groupMembers) throws Exception
+ {
+ String groupProviderName = "groups";
+ Connection connection = getConnectionBuilder().setVirtualHost("$management").build();
+ try
+ {
+ connection.start();
+ createEntity(groupProviderName,
+ GroupProviderImpl.class.getName(),
+ Collections.emptyMap(),
+ connection);
+
+ createEntity(groupName,
+ Group.class.getName(),
+ Collections.singletonMap("object-path", groupProviderName),
+ connection);
+
+ for (String groupMember: groupMembers)
+ {
+ createEntity(groupMember,
+ GroupMember.class.getName(),
+ Collections.singletonMap("object-path", groupProviderName + "/" + groupName),
+ connection);
+ }
+ }
+ finally
+ {
+ connection.close();
+ }
+
+ }
+
+ private void assertConnection(final Connection connection) throws JMSException
+ {
+ assertNotNull("create session should be successful",
+ connection.createSession(false, Session.AUTO_ACKNOWLEDGE));
+ }
+
+ private void assertAccessDeniedException(JMSException e) throws Exception
+ {
+ assertTrue("Unexpected exception message:" + e.getMessage(),
+ e.getMessage().contains("Permission PERFORM_ACTION(connect) is denied"));
+ if (getProtocol() == Protocol.AMQP_1_0)
+ {
+ assertTrue("Unexpected error condition reported:" + e.getMessage(),
+ e.getMessage().contains("amqp:not-allowed"));
+ }
+ }
+
+ private boolean isLegacyClient()
+ {
+ return getProtocol() != Protocol.AMQP_1_0;
+ }
+}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/461f842a/systests/src/main/java/org/apache/qpid/test/utils/TestUtils.java
----------------------------------------------------------------------
diff --git a/systests/src/main/java/org/apache/qpid/test/utils/TestUtils.java b/systests/src/main/java/org/apache/qpid/test/utils/TestUtils.java
index 5069e20..b112601 100644
--- a/systests/src/main/java/org/apache/qpid/test/utils/TestUtils.java
+++ b/systests/src/main/java/org/apache/qpid/test/utils/TestUtils.java
@@ -21,6 +21,10 @@
package org.apache.qpid.test.utils;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.PrintWriter;
import java.lang.management.ManagementFactory;
import java.lang.management.ThreadInfo;
import java.lang.management.ThreadMXBean;
@@ -52,4 +56,22 @@ public class TestUtils
}
return dump.toString();
}
+
+ public static String writeACLFileUtil(QpidBrokerTestCase testcase, String...rules) throws IOException
+ {
+ File aclFile = File.createTempFile(testcase.getClass().getSimpleName(), testcase.getName());
+ aclFile.deleteOnExit();
+
+ testcase.getDefaultBrokerConfiguration().addAclFileConfiguration(aclFile.getAbsolutePath());
+
+ try (PrintWriter out = new PrintWriter(new FileWriter(aclFile)))
+ {
+ out.println(String.format("# %s", testcase.getName()));
+ for (String line : rules)
+ {
+ out.println(line);
+ }
+ }
+ return aclFile.getCanonicalPath();
+ }
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/461f842a/systests/src/test/java/org/apache/qpid/server/logging/AccessControlLoggingTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/server/logging/AccessControlLoggingTest.java b/systests/src/test/java/org/apache/qpid/server/logging/AccessControlLoggingTest.java
index 1d3bb53..fa366b4 100644
--- a/systests/src/test/java/org/apache/qpid/server/logging/AccessControlLoggingTest.java
+++ b/systests/src/test/java/org/apache/qpid/server/logging/AccessControlLoggingTest.java
@@ -30,7 +30,7 @@ import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.ExclusivityPolicy;
import org.apache.qpid.server.model.LifetimePolicy;
import org.apache.qpid.server.model.Queue;
-import org.apache.qpid.server.security.acl.AbstractACLTestCase;
+import org.apache.qpid.test.utils.TestUtils;
/**
* ACL version 2/3 file testing to verify that ACL actor logging works correctly.
@@ -55,12 +55,12 @@ public class AccessControlLoggingTest extends AbstractTestLogging
public void setUp() throws Exception
{
// Write out ACL for this test
- AbstractACLTestCase.writeACLFileUtil(this, "ACL ALLOW client ACCESS VIRTUALHOST",
- "ACL ALLOW client CREATE QUEUE name='allow'",
- "ACL ALLOW-LOG client CREATE QUEUE name='allow-log'",
- "ACL DENY client CREATE QUEUE name='deny'",
- "ACL DENY-LOG client CREATE QUEUE name='deny-log'",
- "ACL ALLOW client PUBLISH EXCHANGE name='' routingkey='$management");
+ TestUtils.writeACLFileUtil(this, "ACL ALLOW client ACCESS VIRTUALHOST",
+ "ACL ALLOW client CREATE QUEUE name='allow'",
+ "ACL ALLOW-LOG client CREATE QUEUE name='allow-log'",
+ "ACL DENY client CREATE QUEUE name='deny'",
+ "ACL DENY-LOG client CREATE QUEUE name='deny-log'",
+ "ACL ALLOW client PUBLISH EXCHANGE name='' routingkey='$management");
super.setUp();
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/461f842a/systests/src/test/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java b/systests/src/test/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java
deleted file mode 100644
index 3491215..0000000
--- a/systests/src/test/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java
+++ /dev/null
@@ -1,169 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
-* "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.qpid.server.security.acl;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import javax.jms.Connection;
-import javax.jms.JMSException;
-import javax.jms.Session;
-
-import org.apache.qpid.test.utils.QpidBrokerTestCase;
-
-/**
- * Abstract test case for ACLs.
- *
- * This base class contains convenience methods to manage ACL files and implements a mechanism that allows each
- * test method to run its own setup code before the broker starts.
- *
- * @see MessagingACLTest
- */
-public abstract class AbstractACLTestCase extends QpidBrokerTestCase
-{
- private Connection _adminConnection;
- private Session _adminSession;
-
- @Override
- public void setUp() throws Exception
- {
- getDefaultBrokerConfiguration().addGroupFileConfiguration(QPID_HOME + "/etc/groups-systests");
-
- // run test specific setup
- String testSetup = getName().replace("test", "setUp");
- try
- {
- Method setup = getClass().getDeclaredMethod(testSetup);
- setup.invoke(this);
- }
- catch (NoSuchMethodException e)
- {
- // Ignore
- }
- catch (InvocationTargetException e)
- {
- throw (Exception) e.getTargetException();
- }
-
- super.setUp();
-
- _adminConnection = getConnection("test", "admin", "admin");
- _adminSession = _adminConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- _adminConnection.start();
- }
-
- public Connection getAdminConnection()
- {
- return _adminConnection;
- }
-
- public Session getAdminSession()
- {
- return _adminSession;
- }
-
- public void writeACLFile(final String...rules) throws IOException
- {
- writeACLFileUtil(this, rules);
- }
-
- public static String writeACLFileUtil(QpidBrokerTestCase testcase, String...rules) throws IOException
- {
- File aclFile = File.createTempFile(testcase.getClass().getSimpleName(), testcase.getName());
- aclFile.deleteOnExit();
-
- testcase.getDefaultBrokerConfiguration().addAclFileConfiguration(aclFile.getAbsolutePath());
-
- PrintWriter out = new PrintWriter(new FileWriter(aclFile));
- out.println(String.format("# %s", testcase.getName()));
- for (String line : rules)
- {
- out.println(line);
- }
- out.close();
- return aclFile.getCanonicalPath();
- }
-
- public Connection getConnection(String vhost, String username, String password) throws Exception
- {
- return getConnectionBuilder().setFailover(false)
- .setVirtualHost(vhost)
- .setSyncPublish(true)
- .setPassword(password)
- .setUsername(username)
- .build();
- }
-
- public void writeACLFileWithAdminSuperUser(String... rules) throws IOException
- {
- List<String> newRules = new ArrayList<>(Arrays.asList(rules));
- newRules.add(0, "ACL ALLOW-LOG admin ALL ALL");
- writeACLFile(newRules.toArray(new String[newRules.size()]));
- }
-
- protected void createQueue(final String queueName) throws JMSException
- {
- createEntityUsingAmqpManagement(queueName, getAdminSession(), "org.apache.qpid.Queue");
- }
-
- protected void bindExchangeToQueue(final String exchangeName, final String queueName) throws JMSException
- {
- final Map<String, Object> bindingArguments = new HashMap<>();
- bindingArguments.put("destination", queueName);
- bindingArguments.put("bindingKey", queueName);
-
- performOperationUsingAmqpManagement(exchangeName,
- "bind",
- _adminConnection.createSession(false, Session.AUTO_ACKNOWLEDGE),
- "org.apache.qpid.Exchange",
- bindingArguments);
- }
-
- protected void assertJMSExceptionMessageContains(final JMSException e, final String expectedMessage)
- {
- Set<Throwable> examined = new HashSet<>();
- Throwable current = e;
- do
- {
- if (current.getMessage().contains(expectedMessage))
- {
- return;
- }
- examined.add(current);
- current = current.getCause();
- }
- while (current != null && !examined.contains(current));
- e.printStackTrace();
- fail("Unexpected message. Root exception : "
- + e.getMessage()
- + " expected root or underlyings to contain : "
- + expectedMessage);
- }
-}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/461f842a/systests/src/test/java/org/apache/qpid/server/security/acl/Amqp0xMessagingACLTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/server/security/acl/Amqp0xMessagingACLTest.java b/systests/src/test/java/org/apache/qpid/server/security/acl/Amqp0xMessagingACLTest.java
deleted file mode 100644
index 319c988..0000000
--- a/systests/src/test/java/org/apache/qpid/server/security/acl/Amqp0xMessagingACLTest.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
-* "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.qpid.server.security.acl;
-
-import javax.jms.Connection;
-import javax.jms.Destination;
-import javax.jms.JMSException;
-import javax.jms.Session;
-
-
-public class Amqp0xMessagingACLTest extends AbstractACLTestCase
-{
- public void setUpCreateNamedQueueFailure() throws Exception
- {
- writeACLFileWithAdminSuperUser("ACL ALLOW-LOG client ACCESS VIRTUALHOST",
- "ACL ALLOW-LOG client CREATE QUEUE name=\"ValidQueue\"");
- }
-
- /*
- * Legacy client creates the queue as part of consumer creation
- */
- public void testCreateNamedQueueFailure() throws Exception
- {
- Connection conn = getConnection("test", "client", "guest");
- Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
- Destination dest = sess.createQueue("IllegalQueue");
-
- try
- {
- sess.createConsumer(dest);
- fail("Test failed as Queue creation succeeded.");
- }
- catch (JMSException e)
- {
- assertJMSExceptionMessageContains(e, "Permission CREATE is denied for : Queue");
- }
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/461f842a/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java b/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java
deleted file mode 100644
index 8913baa..0000000
--- a/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java
+++ /dev/null
@@ -1,678 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
-* "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.qpid.server.security.acl;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-
-import javax.jms.Connection;
-import javax.jms.Destination;
-import javax.jms.JMSException;
-import javax.jms.Message;
-import javax.jms.MessageConsumer;
-import javax.jms.MessageProducer;
-import javax.jms.Queue;
-import javax.jms.Session;
-import javax.jms.TemporaryQueue;
-import javax.jms.TemporaryTopic;
-import javax.jms.TextMessage;
-
-
-public class MessagingACLTest extends AbstractACLTestCase
-{
- public void setUpAccessAuthorizedSuccess() throws Exception
- {
- writeACLFileWithAdminSuperUser("ACL ALLOW-LOG client ACCESS VIRTUALHOST");
- }
-
- public void testAccessAuthorizedSuccess() throws Exception
- {
- Connection conn = getConnection("test", "client", "guest");
- conn.close();
- }
-
- public void setUpAccessNoRightsFailure() throws Exception
- {
- writeACLFileWithAdminSuperUser("ACL DENY-LOG client ACCESS VIRTUALHOST");
- }
-
- public void testAccessNoRightsFailure() throws Exception
- {
- try
- {
- getConnection("test", "client", "guest");
- fail("Connection was created.");
- }
- catch (JMSException e)
- {
- assertAccessDeniedException(e);
- }
- }
-
- private void assertAccessDeniedException(JMSException e) throws Exception
- {
- assertTrue("Unexpected exception message:" + e.getMessage(),
- e.getMessage().contains("Permission PERFORM_ACTION(connect) is denied"));
- if (isBroker10())
- {
- assertTrue("Unexpected error condition reported:" + e.getMessage(),
- e.getMessage().contains("amqp:not-allowed"));
- }
- }
-
- public void setUpAccessVirtualHostWithName() throws Exception
- {
- writeACLFileWithAdminSuperUser("ACL ALLOW-LOG client ACCESS VIRTUALHOST name='test'",
- "ACL DENY-LOG guest ACCESS VIRTUALHOST name='test'",
- "ACL ALLOW-LOG server ACCESS VIRTUALHOST name='*'");
- }
-
- public void testAccessVirtualHostWithName() throws Exception
- {
- Connection conn = getConnection("test", "client", "guest");
- conn.close();
-
- try
- {
- getConnection("test", "guest", "guest");
- fail("Access should be denied");
- }
- catch (JMSException e)
- {
- assertAccessDeniedException(e);
- }
-
- Connection conn2 = getConnection("test", "server", "guest");
- conn2.close();
- }
-
- public void setUpConsumeFromTempQueueSuccess() throws Exception
- {
- List<String> rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client ACCESS VIRTUALHOST",
- "ACL ALLOW-LOG client CREATE QUEUE temporary=\"true\"",
- "ACL ALLOW-LOG client CONSUME QUEUE temporary=\"true\""));
- if (!isBroker10())
- {
- rules.add("ACL ALLOW-LOG client BIND EXCHANGE name=\"amq.direct\"");
- }
- writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
- }
-
- public void testConsumeFromTempQueueSuccess() throws Exception
- {
- Connection conn = getConnection("test", "client", "guest");
-
- Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
-
- conn.start();
-
- sess.createConsumer(sess.createTemporaryQueue());
- }
-
- public void setUpConsumeFromTempQueueFailure() throws Exception
- {
- List<String> rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client ACCESS VIRTUALHOST",
- "ACL ALLOW-LOG client CREATE QUEUE temporary=\"true\"",
- "ACL DENY-LOG client CONSUME QUEUE temporary=\"true\""));
- if (!isBroker10())
- {
- rules.add("ACL ALLOW-LOG client BIND EXCHANGE name=\"amq.direct\"");
- }
- writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
- }
-
- public void testConsumeFromTempQueueFailure() throws Exception
- {
- Connection conn = getConnection("test", "client", "guest");
-
- Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
-
- conn.start();
-
- TemporaryQueue temporaryQueue = sess.createTemporaryQueue();
- try
- {
- sess.createConsumer(temporaryQueue);
- fail("Exception is not thrown");
- }
- catch (JMSException e)
- {
- assertJMSExceptionMessageContains(e,
- isBrokerPre010()
- ? "Cannot subscribe to queue"
- : "Permission CREATE is denied for : Consumer");
- }
- }
-
- public void setUpConsumeFromTempTopicSuccess() throws Exception
- {
- List<String> rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client ACCESS VIRTUALHOST",
- "ACL ALLOW-LOG client CREATE QUEUE temporary=\"true\"",
- "ACL ALLOW-LOG client CONSUME QUEUE temporary=\"true\""));
-
- if (isBroker10())
- {
- rules.add("ACL ALLOW-LOG client BIND EXCHANGE temporary=\"true\"");
- }
- else
- {
- rules.add("ACL ALLOW-LOG client BIND EXCHANGE name=\"amq.topic\"");
- }
- writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
- }
-
- public void testConsumeFromTempTopicSuccess() throws Exception
- {
- Connection conn = getConnection("test", "client", "guest");
-
- Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
- conn.start();
-
- TemporaryTopic temporaryTopic = sess.createTemporaryTopic();
- sess.createConsumer(temporaryTopic);
- }
-
- public void setUpConsumeFromNamedQueueValid() throws Exception
- {
- List<String> rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client ACCESS VIRTUALHOST",
- "ACL ALLOW-LOG client CONSUME QUEUE name=\"example.RequestQueue\""));
- if (!isBroker10())
- {
- rules.add("ACL ALLOW-LOG client CREATE QUEUE name=\"example.RequestQueue\"");
- rules.add("ACL ALLOW-LOG client BIND EXCHANGE name=\"amq.direct\" routingKey=\"example.RequestQueue\"");
- }
- writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
- }
-
-
- public void testConsumeFromNamedQueueValid() throws Exception
- {
- final String testQueueName = "example.RequestQueue";
- createQueue(testQueueName);
-
- Connection conn = getConnection("test", "client", "guest");
-
- Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
-
- conn.start();
-
- Queue queue = createTestQueue(sess, testQueueName);
-
- sess.createConsumer(queue);
- }
-
- public void setUpConsumeFromNamedQueueFailure() throws Exception
- {
- List<String> rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client ACCESS VIRTUALHOST",
- "ACL DENY-LOG client CONSUME QUEUE name=\"example.RequestQueue\""));
- if (!isBroker10())
- {
- rules.add("ACL ALLOW-LOG client CREATE QUEUE name=\"example.RequestQueue\"");
- rules.add("ACL ALLOW-LOG client BIND EXCHANGE name=\"amq.direct\" routingKey=\"example.RequestQueue\"");
- }
- writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
- }
-
- public void testConsumeFromNamedQueueFailure() throws Exception
- {
- String testQueueName = "example.RequestQueue";
- createQueue(testQueueName);
-
- Connection conn = getConnection("test", "client", "guest");
- Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
- conn.start();
-
- Destination dest = sess.createQueue(testQueueName);
-
- try
- {
- sess.createConsumer(dest);
-
- fail("Test failed as consumer was created.");
- }
- catch (JMSException e)
- {
- assertJMSExceptionMessageContains(e,
- isBrokerPre010()
- ? "Cannot subscribe to queue"
- : "Permission CREATE is denied for : Consumer");
- }
- }
-
- public void setUpCreateTemporaryQueueSuccess() throws Exception
- {
- List<String> rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client ACCESS VIRTUALHOST",
- "ACL ALLOW-LOG client CREATE QUEUE temporary=\"true\""));
- if (!isBroker10())
- {
- rules.add("ACL ALLOW-LOG client BIND EXCHANGE name=\"amq.direct\" temporary=true");
- }
- writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
- }
-
- public void testCreateTemporaryQueueSuccess() throws Exception
- {
- Connection conn = getConnection("test", "client", "guest");
- Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
-
- sess.createTemporaryQueue();
- conn.close();
- }
-
- public void setUpCreateTempTopicSuccess() throws Exception
- {
- List<String> rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client ACCESS VIRTUALHOST"));
- writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
- }
-
- /* For AMQP 1.0 the server causes a temporary instance of the fanout exchange to come into being. For early AMQP
- version, there are no server side objects created as amq.topic is used.
- */
- public void testCreateTempTopicSuccess() throws Exception
- {
- Connection conn = getConnection("test", "client", "guest");
-
- Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
- conn.start();
-
- TemporaryTopic temporaryTopic = sess.createTemporaryTopic();
- conn.close();
- }
-
- public void setUpCreateTemporaryQueueFailed() throws Exception
- {
- writeACLFileWithAdminSuperUser("ACL ALLOW-LOG client ACCESS VIRTUALHOST",
- "ACL DENY-LOG client CREATE QUEUE temporary=\"true\"");
- }
-
- public void testCreateTemporaryQueueFailed() throws Exception
- {
- Connection conn = getConnection("test", "client", "guest");
- Session session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
- conn.start();
-
- try
- {
-
- session.createTemporaryQueue();
-
- fail("Test failed as creation succeeded.");
- }
- catch (JMSException e)
- {
- assertJMSExceptionMessageContains(e, "Permission CREATE is denied for : Queue");
- }
- }
-
- public void setUpPublishUsingTransactionSuccess() throws Exception
- {
- List<String> rules = new ArrayList<>();
- rules.add("ACL ALLOW-LOG client ACCESS VIRTUALHOST");
-
- if (isBroker10())
- {
- rules.add("ACL ALLOW-LOG client PUBLISH EXCHANGE name=\"\" routingKey=\"example.RequestQueue\"");
- }
- else
- {
- rules.add("ACL ALLOW-LOG client PUBLISH EXCHANGE name=\"amq.direct\" routingKey=\"example.RequestQueue\"");
- }
- writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
- }
-
- public void testPublishUsingTransactionSuccess() throws Exception
- {
- String queueName = "example.RequestQueue";
- createQueue(queueName);
-
- bindExchangeToQueue("amq.direct", queueName);
-
- Connection conn = getConnection("test", "client", "guest");
-
- Session sess = conn.createSession(true, Session.SESSION_TRANSACTED);
-
- Queue queue = sess.createQueue(queueName);
-
- MessageProducer sender = sess.createProducer(queue);
-
- sender.send(sess.createTextMessage("test"));
-
- //Send the message using a transaction as this will allow us to retrieve any errors that occur on the broker.
- sess.commit();
-
- conn.close();
- }
-
- public void setUpPublishToExchangeUsingTransactionSuccess() throws Exception
- {
- writeACLFileWithAdminSuperUser("ACL ALLOW-LOG client ACCESS VIRTUALHOST",
- "ACL ALLOW-LOG client PUBLISH EXCHANGE name=\"amq.direct\" routingKey=\"example.RequestQueue\"");
- }
-
- public void testPublishToExchangeUsingTransactionSuccess() throws Exception
- {
- String queueName = "example.RequestQueue";
- createQueue(queueName);
- bindExchangeToQueue("amq.direct", queueName);
-
- Connection conn = getConnection("test", "client", "guest");
-
- Session sess = conn.createSession(true, Session.SESSION_TRANSACTED);
-
- Queue queue = sess.createQueue(isBroker10() ? ("amq.direct/" + queueName) : ("ADDR:amq.direct/" + queueName));
-
- MessageProducer sender = sess.createProducer(queue);
-
- sender.send(sess.createTextMessage("test"));
-
- //Send the message using a transaction as this will allow us to retrieve any errors that occur on the broker.
- sess.commit();
-
- conn.close();
- }
-
- public void setUpRequestResponseSuccess() throws Exception
- {
- // The group "messaging-users", referenced in the ACL below, is currently defined
- // in broker/etc/groups-systests.
- // We tolerate a dependency from this test to that file because its
- // contents are expected to change rarely.
-
- List<String> rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG messaging-users ACCESS VIRTUALHOST",
- "# Server side",
- "ACL ALLOW-LOG server CONSUME QUEUE name=\"example.RequestQueue\"",
- "# Client side",
- "ACL ALLOW-LOG client CONSUME QUEUE temporary=true",
- "ACL ALLOW-LOG client CREATE QUEUE temporary=true"));
- if (isBroker10())
- {
- rules.add("ACL ALLOW-LOG server PUBLISH EXCHANGE name=\"\" routingKey=\"TempQueue*\"");
- rules.add("ACL ALLOW-LOG client PUBLISH EXCHANGE name=\"\" routingKey=\"example.RequestQueue\"");
- }
- else
- {
- rules.add("ACL ALLOW-LOG client BIND EXCHANGE name=\"amq.direct\" temporary=true");
- rules.add("ACL ALLOW-LOG client PUBLISH EXCHANGE name=\"amq.direct\" routingKey=\"example.RequestQueue\"");
-
- rules.add("ACL ALLOW-LOG server CREATE QUEUE name=\"example.RequestQueue\"");
- rules.add("ACL ALLOW-LOG server BIND EXCHANGE");
- rules.add("ACL ALLOW-LOG server PUBLISH EXCHANGE name=\"amq.direct\" routingKey=\"TempQueue*\"");
- }
- writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
- }
-
-
- public void testRequestResponseSuccess() throws Exception
- {
- String queueName = "example.RequestQueue";
- createQueue(queueName);
-
- //Set up the Server
- Connection serverConnection = getConnection("test", "server", "guest");
- Session serverSession = serverConnection.createSession(true, Session.SESSION_TRANSACTED);
- Queue requestQueue = serverSession.createQueue(queueName);
- MessageConsumer server = serverSession.createConsumer(requestQueue);
- serverConnection.start();
-
- //Set up the consumer
- Connection clientConnection = getConnection("test", "client", "guest");
- Session clientSession = clientConnection.createSession(true, Session.SESSION_TRANSACTED);
- Queue responseQueue = clientSession.createTemporaryQueue();
- MessageConsumer clientResponse = clientSession.createConsumer(responseQueue);
- clientConnection.start();
-
- // Client
- Message request = clientSession.createTextMessage("Request");
- request.setJMSReplyTo(responseQueue);
-
- clientSession.createProducer(requestQueue).send(request);
- clientSession.commit();
-
- // Server
- Message msg = server.receive(getReceiveTimeout());
- assertNotNull("Server should have received client's request", msg);
- assertNotNull("Received msg should have Reply-To", msg.getJMSReplyTo());
-
- MessageProducer sender = serverSession.createProducer(msg.getJMSReplyTo());
- sender.send(serverSession.createTextMessage("Response"));
- serverSession.commit();
-
- // Client
- Message clientResponseMsg = clientResponse.receive(getReceiveTimeout());
- clientSession.commit();
- assertNotNull("Client did not receive response message,", clientResponseMsg);
- assertEquals("Incorrect message received", "Response", ((TextMessage) clientResponseMsg).getText());
- }
-
- public void setUpPublishToTempTopicSuccess() throws Exception
- {
- List<String> rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client ACCESS VIRTUALHOST"));
-
- if (isBroker10())
- {
- rules.add("ACL ALLOW-LOG client PUBLISH EXCHANGE temporary=\"true\"");
- }
- else
- {
- rules.add("ACL ALLOW-LOG client PUBLISH EXCHANGE name=\"amq.topic\"");
- }
- writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
- }
-
- public void testPublishToTempTopicSuccess() throws Exception
- {
- Connection conn = getConnection("test", "client", "guest");
-
- Session sess = conn.createSession(true, Session.SESSION_TRANSACTED);
- conn.start();
-
- TemporaryTopic temporaryTopic = sess.createTemporaryTopic();
- MessageProducer producer = sess.createProducer(temporaryTopic);
- producer.send(sess.createMessage());
- sess.commit();
- }
-
-
- public void setUpFirewallAllow() throws Exception
- {
- writeACLFileWithAdminSuperUser("ACL ALLOW client ACCESS VIRTUALHOST from_network=\"127.0.0.1\"");
- }
-
- public void testFirewallAllow() throws Exception
- {
- getConnection("test", "client", "guest");
- }
-
- public void setUpFirewallDeny() throws Exception
- {
- writeACLFileWithAdminSuperUser("ACL DENY client ACCESS VIRTUALHOST from_network=\"127.0.0.1\"");
- }
-
- public void testFirewallDeny() throws Exception
- {
- try
- {
- getConnection("test", "client", "guest");
- fail("We expected the connection to fail");
- }
- catch (JMSException e)
- {
- // pass
- }
- }
-
-
- public void setUpPublishToDefaultExchangeSuccess() throws Exception
- {
- writeACLFileWithAdminSuperUser("ACL ALLOW-LOG client ACCESS VIRTUALHOST",
- "ACL ALLOW-LOG client PUBLISH EXCHANGE name=\"\" routingKey=\"example.RequestQueue\"",
- "ACL DENY-LOG ALL ALL");
- }
-
- public void testPublishToDefaultExchangeSuccess() throws Exception
- {
- String queueName = "example.RequestQueue";
- createQueue(queueName);
-
- Connection conn = getConnection("test", "client", "guest");
-
- Session sess = conn.createSession(true, Session.SESSION_TRANSACTED);
-
- MessageProducer sender = sess.createProducer(sess.createQueue("ADDR: example.RequestQueue"));
-
- sender.send(sess.createTextMessage("test"));
-
- //Send the message using a transaction as this will allow us to retrieve any errors that occur on the broker.
- sess.commit();
-
- conn.close();
- }
-
-
- public void setUpPublishToDefaultExchangeFailure() throws Exception
- {
- writeACLFileWithAdminSuperUser("ACL ALLOW-LOG client ACCESS VIRTUALHOST",
- "ACL DENY-LOG ALL ALL");
- }
-
- public void testPublishToDefaultExchangeFailure() throws Exception
- {
- String queueName = "example.RequestQueue";
- createQueue(queueName);
-
- try
- {
- Connection conn = getConnection("test", "client", "guest");
- Session sess = conn.createSession(true, Session.SESSION_TRANSACTED);
-
- MessageProducer sender = sess.createProducer(sess.createQueue("ADDR: example.RequestQueue"));
-
- sender.send(sess.createTextMessage("test"));
-
- //Send the message using a transaction as this will allow us to retrieve any errors that occur on the broker.
- sess.commit();
-
- fail("Sending to the anonymousExchange without permission should fail");
- }
- catch (JMSException e)
- {
- assertJMSExceptionMessageContains(e, "Access denied to publish to default exchange");
- }
- }
-
- public void setUpAnonymousProducerFailsToSendMessageIntoDeniedDestination() throws Exception
- {
- List<String> rules = new ArrayList<>();
- rules.add("ACL ALLOW-LOG client ACCESS VIRTUALHOST");
-
- if (isBroker10())
- {
- rules.add("ACL ALLOW-LOG client PUBLISH EXCHANGE name=\"\" routingKey=\"example.RequestQueue\"");
- }
- else
- {
- rules.add("ACL ALLOW-LOG client PUBLISH EXCHANGE name=\"amq.direct\" routingKey=\"example.RequestQueue\"");
- }
- rules.add("ACL DENY-LOG client PUBLISH EXCHANGE name=\"*\" routingKey=\"deniedQueue\"");
- writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
- }
-
- public void testAnonymousProducerFailsToSendMessageIntoDeniedDestination() throws Exception
- {
- final String allowedDestinationName = "example.RequestQueue";
- final String deniedDestinationName = "deniedQueue";
- createQueue(allowedDestinationName);
- createQueue(deniedDestinationName);
-
- if (!isBroker10())
- {
- bindExchangeToQueue("amq.direct", allowedDestinationName);
- bindExchangeToQueue("amq.direct", deniedDestinationName);
- }
-
- Connection connection = getConnection("test", "client", "guest");
- Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
-
- MessageProducer producer = session.createProducer(null);
- producer.send(session.createQueue(allowedDestinationName), session.createTextMessage("test1"));
-
- try
- {
- producer.send(session.createQueue(deniedDestinationName), session.createTextMessage("test2"));
-
- fail("Sending should fail");
- }
- catch (JMSException e)
- {
- assertJMSExceptionMessageContains(e,
- "Permission PERFORM_ACTION(publish) is denied for : " + (isBroker10()
- ? "Queue"
- : "Exchange"));
- }
-
- try
- {
- session.commit();
- fail("Commit should fail");
- }
- catch (JMSException e)
- {
- // pass
- }
- }
-
- public void setUpPublishIntoDeniedDestinationFails() throws Exception
- {
- List<String> rules = new ArrayList<>();
- rules.add("ACL ALLOW-LOG client ACCESS VIRTUALHOST");
- rules.add("ACL DENY-LOG client PUBLISH EXCHANGE name=\"*\" routingKey=\"deniedQueue\"");
- writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
- }
-
- public void testPublishIntoDeniedDestinationFails() throws Exception
- {
- final String deniedDestinationName = "deniedQueue";
- createQueue(deniedDestinationName);
-
- if (!isBroker10())
- {
- bindExchangeToQueue("amq.direct", deniedDestinationName);
- }
-
- try
- {
- Connection connection = getConnection("test", "client", "guest");
- Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
-
- MessageProducer producer = session.createProducer(session.createQueue(deniedDestinationName));
-
- producer.send(session.createTextMessage("test"));
-
- fail("Sending should fail");
- }
- catch (JMSException e)
- {
- assertJMSExceptionMessageContains(e,
- "Permission PERFORM_ACTION(publish) is denied for : " + (isBroker10()
- ? "Queue"
- : "Exchange"));
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/461f842a/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
index 9f704cf..4e85329 100644
--- a/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
+++ b/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
@@ -52,13 +52,13 @@ import org.apache.qpid.server.security.AllowAllAccessControlProvider;
import org.apache.qpid.server.security.FileKeyStore;
import org.apache.qpid.server.security.FileTrustStore;
import org.apache.qpid.server.security.access.plugins.AclFileAccessControlProvider;
-import org.apache.qpid.server.security.acl.AbstractACLTestCase;
import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager;
import org.apache.qpid.server.security.auth.manager.PlainPasswordDatabaseAuthenticationManager;
import org.apache.qpid.systest.rest.QpidRestTestCase;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
import org.apache.qpid.test.utils.TestFileUtils;
import org.apache.qpid.test.utils.TestSSLConstants;
+import org.apache.qpid.test.utils.TestUtils;
public class BrokerACLTest extends QpidRestTestCase
{
@@ -73,7 +73,7 @@ public class BrokerACLTest extends QpidRestTestCase
final TestBrokerConfiguration defaultBrokerConfiguration = getDefaultBrokerConfiguration();
defaultBrokerConfiguration.configureTemporaryPasswordFile(ALLOWED_USER, DENIED_USER);
- AbstractACLTestCase.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
+ TestUtils.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
"ACL ALLOW-LOG " + ALLOWED_USER + " CONFIGURE BROKER",
"ACL DENY-LOG " + DENIED_USER + " CONFIGURE BROKER",
"ACL ALLOW-LOG " + ALLOWED_USER + " ACCESS_LOGS BROKER",
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/461f842a/systests/src/test/java/org/apache/qpid/systest/rest/acl/ExchangeRestACLTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/acl/ExchangeRestACLTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/acl/ExchangeRestACLTest.java
index 7ee3467..41fdba2 100644
--- a/systests/src/test/java/org/apache/qpid/systest/rest/acl/ExchangeRestACLTest.java
+++ b/systests/src/test/java/org/apache/qpid/systest/rest/acl/ExchangeRestACLTest.java
@@ -20,7 +20,7 @@
*/
package org.apache.qpid.systest.rest.acl;
-import static org.apache.qpid.server.security.acl.AbstractACLTestCase.writeACLFileUtil;
+import static org.apache.qpid.test.utils.TestUtils.writeACLFileUtil;
import static org.apache.qpid.test.utils.TestBrokerConfiguration.ENTRY_NAME_ACL_FILE;
import java.io.FileWriter;
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/461f842a/systests/src/test/java/org/apache/qpid/systest/rest/acl/GroupRestACLTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/acl/GroupRestACLTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/acl/GroupRestACLTest.java
index b3d7d11..70954c5 100644
--- a/systests/src/test/java/org/apache/qpid/systest/rest/acl/GroupRestACLTest.java
+++ b/systests/src/test/java/org/apache/qpid/systest/rest/acl/GroupRestACLTest.java
@@ -30,9 +30,9 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.qpid.server.management.plugin.HttpManagement;
import org.apache.qpid.server.model.Plugin;
-import org.apache.qpid.server.security.acl.AbstractACLTestCase;
import org.apache.qpid.systest.rest.QpidRestTestCase;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
+import org.apache.qpid.test.utils.TestUtils;
public class GroupRestACLTest extends QpidRestTestCase
{
@@ -97,7 +97,7 @@ public class GroupRestACLTest extends QpidRestTestCase
public void testCreateGroup() throws Exception
{
- AbstractACLTestCase.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
+ TestUtils.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
"ACL ALLOW-LOG " + ALLOWED_GROUP + " CREATE GROUP",
"ACL DENY-LOG " + DENIED_GROUP + " CREATE GROUP");
@@ -124,7 +124,7 @@ public class GroupRestACLTest extends QpidRestTestCase
public void testDeleteGroup() throws Exception
{
- AbstractACLTestCase.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
+ TestUtils.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
"ACL ALLOW-LOG " + ALLOWED_GROUP + " DELETE GROUP",
"ACL DENY-LOG " + DENIED_GROUP + " DELETE GROUP");
@@ -151,7 +151,7 @@ public class GroupRestACLTest extends QpidRestTestCase
public void testUpdateGroupAddMember() throws Exception
{
- AbstractACLTestCase.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
+ TestUtils.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
"ACL ALLOW-LOG " + ALLOWED_GROUP + " UPDATE GROUP",
"ACL DENY-LOG " + DENIED_GROUP + " UPDATE GROUP");
@@ -171,7 +171,7 @@ public class GroupRestACLTest extends QpidRestTestCase
public void testUpdateGroupDeleteMember() throws Exception
{
- AbstractACLTestCase.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
+ TestUtils.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
"ACL ALLOW-LOG " + ALLOWED_GROUP + " UPDATE GROUP",
"ACL DENY-LOG " + DENIED_GROUP + " UPDATE GROUP");
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/461f842a/systests/src/test/java/org/apache/qpid/systest/rest/acl/QueueRestACLTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/acl/QueueRestACLTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/acl/QueueRestACLTest.java
index 403866b..e23b7d3 100644
--- a/systests/src/test/java/org/apache/qpid/systest/rest/acl/QueueRestACLTest.java
+++ b/systests/src/test/java/org/apache/qpid/systest/rest/acl/QueueRestACLTest.java
@@ -30,9 +30,9 @@ import java.util.HashMap;
import java.util.Map;
import org.apache.qpid.server.model.Queue;
-import org.apache.qpid.server.security.acl.AbstractACLTestCase;
import org.apache.qpid.systest.rest.QpidRestTestCase;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
+import org.apache.qpid.test.utils.TestUtils;
public class QueueRestACLTest extends QpidRestTestCase
{
@@ -56,7 +56,7 @@ public class QueueRestACLTest extends QpidRestTestCase
final TestBrokerConfiguration defaultBrokerConfiguration = getDefaultBrokerConfiguration();
defaultBrokerConfiguration.configureTemporaryPasswordFile(ALLOWED_USER, DENIED_USER);
- AbstractACLTestCase.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
+ TestUtils.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
"ACL ALLOW-LOG " + ALLOWED_USER + " CREATE QUEUE",
"ACL DENY-LOG " + DENIED_USER + " CREATE QUEUE",
"ACL ALLOW-LOG " + ALLOWED_USER + " UPDATE QUEUE",
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/461f842a/systests/src/test/java/org/apache/qpid/systest/rest/acl/UserRestACLTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/acl/UserRestACLTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/acl/UserRestACLTest.java
index 99fb734..6fe6d06 100644
--- a/systests/src/test/java/org/apache/qpid/systest/rest/acl/UserRestACLTest.java
+++ b/systests/src/test/java/org/apache/qpid/systest/rest/acl/UserRestACLTest.java
@@ -26,9 +26,9 @@ import java.util.Properties;
import javax.servlet.http.HttpServletResponse;
-import org.apache.qpid.server.security.acl.AbstractACLTestCase;
import org.apache.qpid.systest.rest.QpidRestTestCase;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
+import org.apache.qpid.test.utils.TestUtils;
public class UserRestACLTest extends QpidRestTestCase
{
@@ -89,7 +89,7 @@ public class UserRestACLTest extends QpidRestTestCase
public void testAddUser() throws Exception
{
- AbstractACLTestCase.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
+ TestUtils.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
"ACL ALLOW-LOG " + ALLOWED_GROUP + " CREATE USER",
"ACL DENY-LOG " + DENIED_GROUP + " CREATE USER");
@@ -112,7 +112,7 @@ public class UserRestACLTest extends QpidRestTestCase
public void testDeleteUser() throws Exception
{
- AbstractACLTestCase.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
+ TestUtils.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
"ACL ALLOW-LOG " + ALLOWED_GROUP + " DELETE USER",
"ACL DENY-LOG " + DENIED_GROUP + " DELETE USER");
@@ -131,7 +131,7 @@ public class UserRestACLTest extends QpidRestTestCase
public void testUpdateUser() throws Exception
{
- AbstractACLTestCase.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
+ TestUtils.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
"ACL ALLOW-LOG " + ALLOWED_GROUP + " UPDATE USER",
"ACL DENY-LOG " + DENIED_GROUP + " UPDATE USER");
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org