You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cl...@apache.org on 2017/08/08 17:34:02 UTC
[3/5] activemq-artemis git commit: [ARTEMIS-1310] add amqp sasl
gssapi mechanism support
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/ca7197b5/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslGssapiTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslGssapiTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslGssapiTest.java
new file mode 100644
index 0000000..a4f9476
--- /dev/null
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslGssapiTest.java
@@ -0,0 +1,151 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.tests.integration.amqp;
+
+import org.apache.activemq.artemis.core.security.Role;
+import org.apache.activemq.artemis.core.server.ActiveMQServer;
+import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
+import org.apache.activemq.artemis.utils.RandomUtil;
+import org.apache.hadoop.minikdc.MiniKdc;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import javax.jms.Connection;
+import javax.jms.MessageConsumer;
+import javax.jms.MessageProducer;
+import javax.jms.Session;
+import javax.jms.TextMessage;
+import java.io.File;
+import java.net.URI;
+import java.net.URL;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+public class JMSSaslGssapiTest extends JMSClientTestSupport {
+
+ static {
+ String path = System.getProperty("java.security.auth.login.config");
+ if (path == null) {
+ URL resource = JMSSaslGssapiTest.class.getClassLoader().getResource("login.config");
+ if (resource != null) {
+ path = resource.getFile();
+ System.setProperty("java.security.auth.login.config", path);
+ }
+ }
+ }
+ MiniKdc kdc = null;
+
+ @Before
+ public void setUpKerberos() throws Exception {
+ kdc = new MiniKdc(MiniKdc.createConf(), temporaryFolder.newFolder("kdc"));
+ kdc.start();
+
+ // hard coded match, default_keytab_name in minikdc-krb5.conf template
+ File userKeyTab = new File("target/test.krb5.keytab");
+ kdc.createPrincipal(userKeyTab, "client", "amqp/localhost");
+
+ java.util.logging.Logger logger = java.util.logging.Logger.getLogger("javax.security.sasl");
+ logger.setLevel(java.util.logging.Level.FINEST);
+ logger.addHandler(new java.util.logging.ConsoleHandler());
+ for (java.util.logging.Handler handler: logger.getHandlers()) {
+ handler.setLevel(java.util.logging.Level.FINEST);
+ }
+
+ }
+
+ @After
+ public void stopKerberos() throws Exception {
+ if (kdc != null) {
+ kdc.stop();
+ }
+ }
+
+ @Override
+ protected boolean isSecurityEnabled() {
+ return true;
+ }
+
+ @Override
+ protected void configureBrokerSecurity(ActiveMQServer server) {
+ server.getConfiguration().setSecurityEnabled(isSecurityEnabled());
+ ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
+ securityManager.setConfigurationName("Krb5SslPlus");
+ securityManager.setConfiguration(null);
+
+ final String roleName = "ALLOW_ALL";
+ Role role = new Role(roleName, true, true, true, true, true, true, true, true, true, true);
+ Set<Role> roles = new HashSet<>();
+ roles.add(role);
+ server.getSecurityRepository().addMatch(getQueueName().toString(), roles);
+
+ }
+
+ @Override
+ protected String getJmsConnectionURIOptions() {
+ return "amqp.saslMechanisms=GSSAPI";
+ }
+
+ @Override
+ protected URI getBrokerQpidJMSConnectionURI() {
+
+ try {
+ int port = AMQP_PORT;
+
+ // match the sasl.service <the host name>
+ String uri = "amqp://localhost:" + port;
+
+ if (!getJmsConnectionURIOptions().isEmpty()) {
+ uri = uri + "?" + getJmsConnectionURIOptions();
+ }
+
+ return new URI(uri);
+ } catch (Exception e) {
+ throw new RuntimeException();
+ }
+ }
+
+ @Override
+ protected void configureAMQPAcceptorParameters(Map<String, Object> params) {
+ params.put("saslMechanisms", "GSSAPI");
+ params.put("saslLoginConfigScope", "amqp-sasl-gssapi");
+ }
+
+ @Test(timeout = 600000)
+ public void testConnection() throws Exception {
+ Connection connection = createConnection("client", null);
+ connection.start();
+
+ try {
+ Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ javax.jms.Queue queue = session.createQueue(getQueueName());
+ MessageConsumer consumer = session.createConsumer(queue);
+ MessageProducer producer = session.createProducer(queue);
+
+ final String text = RandomUtil.randomString();
+ producer.send(session.createTextMessage(text));
+
+ TextMessage m = (TextMessage) consumer.receive(1000);
+ assertNotNull(m);
+ assertEquals(text, m.getText());
+
+ } finally {
+ connection.close();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/ca7197b5/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
index 31acfca..3f814e4 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
@@ -54,7 +54,6 @@ import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl;
import org.apache.activemq.artemis.core.server.impl.AddressInfo;
import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
-import org.apache.activemq.artemis.spi.core.remoting.Connection;
import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2;
@@ -1936,7 +1935,7 @@ public class SecurityTest extends ActiveMQTestBase {
@Override
public String validateUser(final String username,
final String password,
- final Connection connection) {
+ final RemotingConnection remotingConnection) {
if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
return username;
} else {
@@ -1960,9 +1959,9 @@ public class SecurityTest extends ActiveMQTestBase {
final Set<Role> requiredRoles,
final CheckType checkType,
final String address,
- final Connection connection) {
+ final RemotingConnection connection) {
- if (!(connection instanceof InVMConnection)) {
+ if (!(connection.getTransportConnection() instanceof InVMConnection)) {
return null;
}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/ca7197b5/tests/integration-tests/src/test/resources/login.config
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/resources/login.config b/tests/integration-tests/src/test/resources/login.config
index a8ce3e0..5c0e2eb 100644
--- a/tests/integration-tests/src/test/resources/login.config
+++ b/tests/integration-tests/src/test/resources/login.config
@@ -140,7 +140,7 @@ DualAuthenticationPropertiesLogin {
Krb5SslPlus {
- org.apache.activemq.artemis.spi.core.security.jaas.Krb5SslLoginModule optional
+ org.apache.activemq.artemis.spi.core.security.jaas.Krb5LoginModule optional
debug=true;
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule optional
@@ -148,3 +148,17 @@ Krb5SslPlus {
org.apache.activemq.jaas.properties.user="dual-authentication-users.properties"
org.apache.activemq.jaas.properties.role="dual-authentication-roles.properties";
};
+
+amqp-sasl-gssapi {
+ com.sun.security.auth.module.Krb5LoginModule required
+ isInitiator=false
+ storeKey=true
+ useKeyTab=true
+ principal="amqp/localhost"
+ debug=true;
+};
+
+amqp-jms-client {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true;
+};