You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by de...@apache.org on 2009/11/02 17:20:19 UTC
svn commit: r831942 - in /activemq/trunk/activemq-core/src:
main/java/org/apache/activemq/network/
test/java/org/apache/activemq/security/ test/resources/
test/resources/org/apache/activemq/security/
Author: dejanb
Date: Mon Nov 2 16:20:18 2009
New Revision: 831942
URL: http://svn.apache.org/viewvc?rev=831942&view=rev
Log:
https://issues.apache.org/activemq/browse/AMQ-2474 - jaas certificate authentication plugin and network of brokers
Added:
activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/JaasNetworkTest.java
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ks (with props)
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ts (with props)
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.xml
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ks (with props)
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ts (with props)
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.xml
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ks (with props)
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ts (with props)
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users1.properties
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users2.properties
Modified:
activemq/trunk/activemq-core/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java
activemq/trunk/activemq-core/src/test/resources/login.config
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties
Modified: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java?rev=831942&r1=831941&r2=831942&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java (original)
+++ activemq/trunk/activemq-core/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java Mon Nov 2 16:20:18 2009
@@ -18,6 +18,7 @@
import java.io.IOException;
import java.security.GeneralSecurityException;
+import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import java.util.Properties;
@@ -70,7 +71,9 @@
import org.apache.activemq.transport.ResponseCallback;
import org.apache.activemq.transport.Transport;
import org.apache.activemq.transport.TransportDisposedIOException;
+import org.apache.activemq.transport.TransportFilter;
import org.apache.activemq.transport.TransportListener;
+import org.apache.activemq.transport.tcp.SslTransport;
import org.apache.activemq.util.IdGenerator;
import org.apache.activemq.util.IntrospectionSupport;
import org.apache.activemq.util.LongSequenceGenerator;
@@ -285,6 +288,14 @@
localConnectionInfo.setClientId(localClientId);
localConnectionInfo.setUserName(configuration.getUserName());
localConnectionInfo.setPassword(configuration.getPassword());
+ Transport originalTransport = remoteBroker;
+ while (originalTransport instanceof TransportFilter) {
+ originalTransport = ((TransportFilter)originalTransport).getNext();
+ }
+ if (originalTransport instanceof SslTransport) {
+ X509Certificate[] peerCerts = ((SslTransport)originalTransport).getPeerCertificates();
+ localConnectionInfo.setTransportContext(peerCerts);
+ }
localBroker.oneway(localConnectionInfo);
localSessionInfo = new SessionInfo(localConnectionInfo, 1);
Added: activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/JaasNetworkTest.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/JaasNetworkTest.java?rev=831942&view=auto
==============================================================================
--- activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/JaasNetworkTest.java (added)
+++ activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/JaasNetworkTest.java Mon Nov 2 16:20:18 2009
@@ -0,0 +1,85 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.security;
+
+import java.net.URI;
+
+import javax.jms.Connection;
+import javax.jms.MessageConsumer;
+import javax.jms.MessageProducer;
+import javax.jms.Session;
+import javax.jms.TextMessage;
+
+import junit.framework.TestCase;
+
+import org.apache.activemq.ActiveMQConnectionFactory;
+import org.apache.activemq.broker.BrokerFactory;
+import org.apache.activemq.broker.BrokerService;
+import org.apache.activemq.command.ActiveMQQueue;
+
+public class JaasNetworkTest extends TestCase {
+
+ BrokerService broker1;
+ BrokerService broker2;
+
+ public void setUp() throws Exception {
+ System.setProperty("java.security.auth.login.config", "src/test/resources/login.config");
+ broker1 = BrokerFactory.createBroker(new URI("xbean:org/apache/activemq/security/broker1.xml"));
+ broker2 = BrokerFactory.createBroker(new URI("xbean:org/apache/activemq/security/broker2.xml"));
+ broker1.waitUntilStarted();
+ broker2.waitUntilStarted();
+ Thread.sleep(2000);
+ }
+
+ protected void tearDown() throws Exception {
+ super.tearDown();
+ broker1.stop();
+ broker1.waitUntilStopped();
+ broker2.stop();
+ broker2.waitUntilStopped();
+ }
+
+
+
+ public void testNetwork() throws Exception {
+
+ System.setProperty("javax.net.ssl.trustStore", "src/test/resources/org/apache/activemq/security/client.ts");
+ System.setProperty("javax.net.ssl.trustStorePassword", "password");
+ System.setProperty("javax.net.ssl.trustStoreType", "jks");
+ System.setProperty("javax.net.ssl.keyStore", "src/test/resources/org/apache/activemq/security/client.ks");
+ System.setProperty("javax.net.ssl.keyStorePassword", "password");
+ System.setProperty("javax.net.ssl.keyStoreType", "jks");
+
+ ActiveMQConnectionFactory producerFactory = new ActiveMQConnectionFactory("ssl://localhost:61617");
+ Connection producerConn = producerFactory.createConnection();
+ Session producerSess = producerConn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ MessageProducer producer = producerSess.createProducer(new ActiveMQQueue("test"));
+ producerConn.start();
+ TextMessage sentMessage = producerSess.createTextMessage("test");
+ producer.send(sentMessage);
+
+ ActiveMQConnectionFactory consumerFactory = new ActiveMQConnectionFactory("ssl://localhost:61618");
+ Connection consumerConn = consumerFactory.createConnection();
+ Session consumerSess = consumerConn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ consumerConn.start();
+ MessageConsumer consumer = consumerSess.createConsumer(new ActiveMQQueue("test"));
+ TextMessage receivedMessage = (TextMessage)consumer.receive(100);
+ assertEquals(sentMessage, receivedMessage);
+
+ }
+
+}
Modified: activemq/trunk/activemq-core/src/test/resources/login.config
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/login.config?rev=831942&r1=831941&r2=831942&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/test/resources/login.config (original)
+++ activemq/trunk/activemq-core/src/test/resources/login.config Mon Nov 2 16:20:18 2009
@@ -29,3 +29,16 @@
};
+broker1 {
+ org.apache.activemq.jaas.TextFileCertificateLoginModule required
+ debug=true
+ org.apache.activemq.jaas.textfiledn.user="org/apache/activemq/security/users1.properties"
+ org.apache.activemq.jaas.textfiledn.group="org/apache/activemq/security/groups.properties";
+};
+
+broker2 {
+ org.apache.activemq.jaas.TextFileCertificateLoginModule required
+ debug=true
+ org.apache.activemq.jaas.textfiledn.user="org/apache/activemq/security/users2.properties"
+ org.apache.activemq.jaas.textfiledn.group="org/apache/activemq/security/groups.properties";
+};
\ No newline at end of file
Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ks
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ks?rev=831942&view=auto
==============================================================================
Binary file - no diff available.
Propchange: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ts
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ts?rev=831942&view=auto
==============================================================================
Binary file - no diff available.
Propchange: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.ts
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.xml
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.xml?rev=831942&view=auto
==============================================================================
--- activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.xml (added)
+++ activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker1.xml Mon Nov 2 16:20:18 2009
@@ -0,0 +1,71 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- START SNIPPET: example -->
+<beans
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:amq="http://activemq.apache.org/schema/core"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+
+ <broker xmlns="http://activemq.apache.org/schema/core" brokerName="broker1" useJmx="false" persistent="false">
+
+ <sslContext>
+ <sslContext keyStore="org/apache/activemq/security/broker1.ks"
+ keyStorePassword="password"
+ trustStore="org/apache/activemq/security/broker1.ts"
+ trustStorePassword="password"/>
+ </sslContext>
+
+
+ <!-- The transport connectors ActiveMQ will listen to -->
+ <transportConnectors>
+ <transportConnector name="ssl" uri="ssl://0.0.0.0:61617?transport.closeAsync=false&wantClientAuth=true&needClientAuth=true"/>
+ </transportConnectors>
+
+ <networkConnectors>
+ <networkConnector uri="static://(ssl://localhost:61618)"
+ name="tobackbone"
+ duplex="true"
+ prefetchSize="1"
+ networkTTL="10">
+ </networkConnector>
+ </networkConnectors>
+
+ <plugins>
+ <jaasCertificateAuthenticationPlugin configuration="broker1" />
+ <!-- lets configure a destination based authorization mechanism -->
+
+ <authorizationPlugin>
+ <map>
+ <authorizationMap>
+ <authorizationEntries>
+ <authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
+
+ <authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
+
+ <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>
+ </authorizationEntries>
+
+ </authorizationMap>
+ </map>
+ </authorizationPlugin>
+ </plugins>
+ </broker>
+
+</beans>
+<!-- END SNIPPET: example -->
Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ks
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ks?rev=831942&view=auto
==============================================================================
Binary file - no diff available.
Propchange: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ts
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ts?rev=831942&view=auto
==============================================================================
Binary file - no diff available.
Propchange: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.ts
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.xml
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.xml?rev=831942&view=auto
==============================================================================
--- activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.xml (added)
+++ activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/broker2.xml Mon Nov 2 16:20:18 2009
@@ -0,0 +1,62 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- START SNIPPET: example -->
+<beans
+ xmlns="http://www.springframework.org/schema/beans"
+ xmlns:amq="http://activemq.apache.org/schema/core"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+
+ <broker xmlns="http://activemq.apache.org/schema/core" brokerName="broker2" useJmx="false" persistent="false">
+
+ <sslContext>
+ <sslContext keyStore="org/apache/activemq/security/broker2.ks"
+ keyStorePassword="password"
+ trustStore="org/apache/activemq/security/broker2.ts"
+ trustStorePassword="password"/>
+ </sslContext>
+
+
+ <!-- The transport connectors ActiveMQ will listen to -->
+ <transportConnectors>
+ <transportConnector name="ssl" uri="ssl://0.0.0.0:61618?transport.closeAsync=false&wantClientAuth=true&needClientAuth=true"/>
+ </transportConnectors>
+
+ <plugins>
+ <jaasCertificateAuthenticationPlugin configuration="broker2" />
+
+ <authorizationPlugin>
+ <map>
+ <authorizationMap>
+ <authorizationEntries>
+ <authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
+
+ <authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
+
+ <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>
+ </authorizationEntries>
+
+ </authorizationMap>
+ </map>
+ </authorizationPlugin>
+ </plugins>
+
+ </broker>
+
+</beans>
+<!-- END SNIPPET: example -->
Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ks
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ks?rev=831942&view=auto
==============================================================================
Binary file - no diff available.
Propchange: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ts
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ts?rev=831942&view=auto
==============================================================================
Binary file - no diff available.
Propchange: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/client.ts
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties?rev=831942&r1=831941&r2=831942&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties (original)
+++ activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties Mon Nov 2 16:20:18 2009
@@ -15,7 +15,7 @@
## limitations under the License.
## ---------------------------------------------------------------------------
-admins=system,sslclient
-tempDestinationAdmins=system,user,sslclient
-users=system,user,sslclient
+admins=system,sslclient,client,broker1,broker2
+tempDestinationAdmins=system,user,sslclient,client,broker1,broker2
+users=system,user,sslclient,client,broker1,broker2
guests=guest
Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users1.properties
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users1.properties?rev=831942&view=auto
==============================================================================
--- activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users1.properties (added)
+++ activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users1.properties Mon Nov 2 16:20:18 2009
@@ -0,0 +1,19 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+
+client=CN=client, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
+broker2=CN=broker2, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
\ No newline at end of file
Added: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users2.properties
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users2.properties?rev=831942&view=auto
==============================================================================
--- activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users2.properties (added)
+++ activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users2.properties Mon Nov 2 16:20:18 2009
@@ -0,0 +1,19 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+
+client=CN=client, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
+broker1=CN=broker1, OU=activemq, O=apache, L=Unknown, ST=Unknown, C=Unknown
\ No newline at end of file