activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dej...@apache.org
Subject svn commit: r781022 - in /activemq/trunk/activemq-core/src: main/java/org/apache/activemq/broker/jmx/ main/java/org/apache/activemq/security/ test/java/org/apache/activemq/security/ test/resources/org/apache/activemq/security/
Date Tue, 02 Jun 2009 12:48:47 GMT
Author: dejanb
Date: Tue Jun  2 12:48:47 2009
New Revision: 781022

URL: http://svn.apache.org/viewvc?rev=781022&view=rev
Log:
fix for https://issues.apache.org/activemq/browse/AMQ-2232 - jmx operations on secured broker

Added:
    activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/SecurityJMXTest.java
Modified:
    activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/jmx/DestinationView.java
    activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
    activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml

Modified: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/jmx/DestinationView.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/jmx/DestinationView.java?rev=781022&r1=781021&r2=781022&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/jmx/DestinationView.java
(original)
+++ activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/jmx/DestinationView.java
Tue Jun  2 12:48:47 2009
@@ -253,7 +253,7 @@
     }
 
     public String sendTextMessage(String body, String user, String password) throws Exception
{
-        return sendTextMessage(Collections.EMPTY_MAP,body,null,null);
+        return sendTextMessage(Collections.EMPTY_MAP,body,user,password);
     }
 
     public String sendTextMessage(Map headers, String body,String userName,String password)
throws Exception {

Modified: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java?rev=781022&r1=781021&r2=781022&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
(original)
+++ activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
Tue Jun  2 12:48:47 2009
@@ -87,7 +87,7 @@
             allowedACLs = authorizationMap.getTempDestinationAdminACLs();
         }
 
-        if (allowedACLs != null && !securityContext.isInOneOf(allowedACLs)) {
+        if (!securityContext.isBrokerContext() && allowedACLs != null &&
!securityContext.isInOneOf(allowedACLs)) {
             throw new SecurityException("User " + securityContext.getUserName() + " is not
authorized to remove: " + destination);
         }
         super.removeDestination(context, destination, timeout);
@@ -106,7 +106,7 @@
             allowedACLs = authorizationMap.getTempDestinationReadACLs();
         }
 
-        if (allowedACLs != null && !subject.isInOneOf(allowedACLs)) {
+        if (!subject.isBrokerContext() && allowedACLs != null && !subject.isInOneOf(allowedACLs))
{
             throw new SecurityException("User " + subject.getUserName() + " is not authorized
to read from: " + info.getDestination());
         }
         subject.getAuthorizedReadDests().put(info.getDestination(), info.getDestination());
@@ -141,7 +141,7 @@
         if (subject == null) {
             throw new SecurityException("User is not authenticated.");
         }
-        if (info.getDestination() != null) {
+        if (!subject.isBrokerContext() && info.getDestination() != null) {
 
             Set<?> allowedACLs = null;
             if (!info.getDestination().isTemporary()) {
@@ -163,7 +163,7 @@
         if (subject == null) {
             throw new SecurityException("User is not authenticated.");
         }
-        if (!subject.getAuthorizedWriteDests().contains(messageSend.getDestination())) {
+        if (!subject.isBrokerContext() && !subject.getAuthorizedWriteDests().contains(messageSend.getDestination()))
{
 
             Set<?> allowedACLs = null;
             if (!messageSend.getDestination().isTemporary()) {

Added: activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/SecurityJMXTest.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/SecurityJMXTest.java?rev=781022&view=auto
==============================================================================
--- activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/SecurityJMXTest.java
(added)
+++ activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/SecurityJMXTest.java
Tue Jun  2 12:48:47 2009
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.security;
+
+
+import java.net.URI;
+import java.util.HashMap;
+
+import javax.management.MBeanServerConnection;
+import javax.management.MBeanServerInvocationHandler;
+import javax.management.ObjectName;
+import javax.management.remote.JMXConnector;
+import javax.management.remote.JMXConnectorFactory;
+import javax.management.remote.JMXServiceURL;
+
+import junit.framework.TestCase;
+
+import org.apache.activemq.broker.BrokerFactory;
+import org.apache.activemq.broker.BrokerService;
+import org.apache.activemq.broker.jmx.QueueViewMBean;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class SecurityJMXTest extends TestCase {
+	
+	private static final Log LOG = LogFactory.getLog(SimpleAuthenticationPluginTest.class);
+	private BrokerService broker; 
+	
+	public void setUp() throws Exception {
+		broker = createBroker();
+		Thread.sleep(500);
+	}
+
+	public void tearDown() throws Exception {
+	}
+
+	public void testMoveMessages() throws Exception {
+		JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi");
+		JMXConnector connector = JMXConnectorFactory.connect(url, null);
+		connector.connect();
+		MBeanServerConnection connection = connector.getMBeanServerConnection();
+		ObjectName name = new ObjectName("org.apache.activemq:BrokerName=localhost,Type=Queue,Destination=TEST.Q");
+		QueueViewMBean queueMbean = (QueueViewMBean) MBeanServerInvocationHandler.newProxyInstance(connection,
name, QueueViewMBean.class, true);
+		String msgId = queueMbean.sendTextMessage("test", "system", "manager");
+		queueMbean.moveMessageTo(msgId, "TEST1.Q");
+	}
+	
+    protected BrokerService createBroker() throws Exception {
+        return createBroker("org/apache/activemq/security/simple-auth-broker.xml");
+    }
+
+    protected BrokerService createBroker(String uri) throws Exception {
+        LOG.info("Loading broker configuration from the classpath with URI: " + uri);
+        return BrokerFactory.createBroker(new URI("xbean:" + uri));
+    }
+	
+}

Modified: activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml?rev=781022&r1=781021&r2=781022&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml
(original)
+++ activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml
Tue Jun  2 12:48:47 2009
@@ -21,7 +21,7 @@
 <beans>
   <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
 
-  <broker useJmx="false" persistent="false" xmlns="http://activemq.apache.org/schema/core"
populateJMSXUserID="true">
+  <broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core"
populateJMSXUserID="true">
 
     <destinations>
       <queue physicalName="TEST.Q" />      



Mime
View raw message