activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chir...@apache.org
Subject svn commit: r1044767 - in /activemq/activemq-apollo/trunk: apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/ apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/ apollo-cli/src/main/scala/org/apache/activemq/apollo/cli...
Date Sun, 12 Dec 2010 04:50:59 GMT
Author: chirino
Date: Sun Dec 12 04:50:58 2010
New Revision: 1044767

URL: http://svn.apache.org/viewvc?rev=1044767&view=rev
Log:
You can now extract the user id of the authenticated user
protocol configuration can now be customized per transport.
added a stomp option to set a header to the sender's user id.

Added:
    activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ProtocolDTO.java
      - copied, changed from r1044766, activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authenticator.scala
    activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/StompDTO.java
      - copied, changed from r1044766, activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ConnectorDTO.java
    activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/apollo-stomp-secure.xml
    activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/log4j.properties
    activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/login.config
    activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/users.properties
Modified:
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Broker.scala
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/VirtualHost.scala
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authenticator.scala
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/FileLoginModule.scala
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/JaasAuthenticator.scala
    activemq/activemq-apollo/trunk/apollo-cli/src/main/scala/org/apache/activemq/apollo/cli/commands/Run.scala
    activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/AuthenticationDTO.java
    activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ConnectorDTO.java
    activemq/activemq-apollo/trunk/apollo-dto/src/main/resources/org/apache/activemq/apollo/dto/jaxb.index
    activemq/activemq-apollo/trunk/apollo-dto/src/test/java/org/apache/activemq/apollo/dto/XmlCodecTest.java
    activemq/activemq-apollo/trunk/apollo-dto/src/test/resources/org/apache/activemq/apollo/dto/XmlCodecTest.xml
    activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
    activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/StompTest.scala

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Broker.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Broker.scala?rev=1044767&r1=1044766&r2=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Broker.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Broker.scala
Sun Dec 12 04:50:58 2010
@@ -218,8 +218,8 @@ class Broker() extends BaseService with 
 
       import OptionSupport._
       if( config.authentication != null && config.authentication.enabled.getOrElse(true)
) {
-        authenticator = new JaasAuthenticator(config.authentication.domain)
-        authorizer = new AclAuthorizer(config.authentication.kinds().toList)
+        authenticator = new JaasAuthenticator(config.authentication)
+        authorizer = new AclAuthorizer(config.authentication.acl_principal_kinds().toList)
       }
 
       default_virtual_host = null

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala?rev=1044767&r1=1044766&r2=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala
Sun Dec 12 04:50:58 2010
@@ -145,7 +145,7 @@ class Connector(val broker:Broker, val i
 
   override def _start(onCompleted:Runnable) = {
     assert(config!=null, "Connector must be configured before it is started.")
-    protocol = ProtocolFactory.get(config.protocol).get
+    protocol = ProtocolFactory.get(config.protocol.getOrElse("multi")).get
     transportServer = TransportFactory.bind( config.bind )
     transportServer.setDispatchQueue(dispatchQueue)
     transportServer.setAcceptListener(BrokerAcceptListener)

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/VirtualHost.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/VirtualHost.scala?rev=1044767&r1=1044766&r2=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/VirtualHost.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/VirtualHost.scala
Sun Dec 12 04:50:58 2010
@@ -119,8 +119,8 @@ class VirtualHost(val broker: Broker, va
     if( config.authentication != null ) {
       if( config.authentication.enabled.getOrElse(true) ) {
         // Virtual host has it's own settings.
-        authenticator = new JaasAuthenticator(config.authentication.domain)
-        authorizer = new AclAuthorizer(config.authentication.kinds().toList)
+        authenticator = new JaasAuthenticator(config.authentication)
+        authorizer = new AclAuthorizer(config.authentication.acl_principal_kinds().toList)
       } else {
         // Don't use security on this host.
         authenticator = null

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authenticator.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authenticator.scala?rev=1044767&r1=1044766&r2=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authenticator.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authenticator.scala
Sun Dec 12 04:50:58 2010
@@ -33,4 +33,9 @@ trait Authenticator {
    */
   def authenticate(ctx:SecurityContext):Boolean @suspendable
 
+  /**
+   * Extracts the user name of the logged in user.
+   */
+  def user_name(ctx:SecurityContext):Option[String]
+
 }
\ No newline at end of file

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/FileLoginModule.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/FileLoginModule.scala?rev=1044767&r1=1044766&r2=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/FileLoginModule.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/FileLoginModule.scala
Sun Dec 12 04:50:58 2010
@@ -132,13 +132,12 @@ class FileLoginModule extends LoginModul
     principals.add(new UserPrincipal(user))
     val en = groups.keys()
     while (en.hasMoreElements()) {
-      val name = en.nextElement().asInstanceOf[String]
-      val userList = (groups.getProperty(name) + "").split(",")
-      userList.foreach{
-        x =>
-          if (user == x) {
-            principals.add(new GroupPrincipal(name))
-          }
+      val group_name = en.nextElement().asInstanceOf[String]
+      val users = groups.getProperty(group_name).split(",").map(_.trim)
+      users.foreach { x =>
+        if (user == x) {
+          principals.add(new GroupPrincipal(group_name))
+        }
       }
     }
 

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/JaasAuthenticator.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/JaasAuthenticator.scala?rev=1044767&r1=1044766&r2=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/JaasAuthenticator.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/JaasAuthenticator.scala
Sun Dec 12 04:50:58 2010
@@ -28,6 +28,7 @@ import org.apache.activemq.jaas._
 import org.apache.activemq.apollo.util.OptionSupport._
 import org.apache.activemq.apollo.broker.Broker.BLOCKABLE_THREAD_POOL
 import org.fusesource.hawtdispatch._
+import org.apache.activemq.apollo.dto.{PrincipalDTO, AuthenticationDTO}
 
 /**
  * <p>
@@ -36,7 +37,10 @@ import org.fusesource.hawtdispatch._
  * @author <a href="http://hiramchirino.com">Hiram Chirino</a>
  */
 
-class JaasAuthenticator(val jass_realm: String) extends Authenticator {
+class JaasAuthenticator(val config: AuthenticationDTO) extends Authenticator {
+
+  val jass_realm = config.domain.getOrElse("apollo")
+  val user_principal_kinds = config.user_principal_kinds()
 
   /*
    * The 'BLOCKABLE_THREAD_POOL ! { ... }' magic makes the code block
@@ -47,6 +51,18 @@ class JaasAuthenticator(val jass_realm: 
     _authenticate(security_ctx)
   }
 
+  /**
+   * Extracts the user name of the logged in user.
+   */
+  def user_name(ctx:SecurityContext):Option[String] = {
+    if( ctx.subject!=null ) {
+      import collection.JavaConversions._
+      ctx.subject.getPrincipals.find( x=> user_principal_kinds.contains( x.getClass.getName
) ).map(_.getName)
+    } else {
+      None
+    }
+  }
+
   def _authenticate(security_ctx: SecurityContext): Boolean = {
     val original = Thread.currentThread().getContextClassLoader()
     Thread.currentThread().setContextClassLoader(getClass.getClassLoader())

Modified: activemq/activemq-apollo/trunk/apollo-cli/src/main/scala/org/apache/activemq/apollo/cli/commands/Run.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-cli/src/main/scala/org/apache/activemq/apollo/cli/commands/Run.scala?rev=1044767&r1=1044766&r2=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-cli/src/main/scala/org/apache/activemq/apollo/cli/commands/Run.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-cli/src/main/scala/org/apache/activemq/apollo/cli/commands/Run.scala
Sun Dec 12 04:50:58 2010
@@ -140,7 +140,7 @@ class Run extends Action with Logging {
 
             val security_handler = new ConstraintSecurityHandler
             val login_service = new JAASLoginService(config.authentication.domain)
-            val role_class_names:List[String] = config.authentication.kinds().toList
+            val role_class_names:List[String] = config.authentication.acl_principal_kinds().toList
 
             login_service.setRoleClassNames(role_class_names.toArray)
             security_handler.setLoginService(login_service)

Modified: activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/AuthenticationDTO.java
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/AuthenticationDTO.java?rev=1044767&r1=1044766&r2=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/AuthenticationDTO.java
(original)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/AuthenticationDTO.java
Sun Dec 12 04:50:58 2010
@@ -21,9 +21,7 @@ import javax.xml.bind.annotation.XmlAcce
 import javax.xml.bind.annotation.XmlAttribute;
 import javax.xml.bind.annotation.XmlElement;
 import java.util.ArrayList;
-import java.util.HashSet;
 import java.util.List;
-import java.util.Set;
 
 /**
  * <p>
@@ -40,17 +38,35 @@ public class AuthenticationDTO {
     @XmlAttribute
     public String domain;
 
-    @XmlElement(name="kind")
-    public List<String> kinds = new ArrayList<String>();
+    /**
+     * The class names for the types of principles that
+     * the acl lists check against.
+     */
+    @XmlElement(name="acl-principal-kinds")
+    public List<String> acl_principal_kinds = new ArrayList<String>();
 
-
-    public List<String> kinds() {
-        if( kinds.isEmpty() ) {
+    public List<String> acl_principal_kinds() {
+        if( acl_principal_kinds.isEmpty() ) {
             ArrayList<String> rc = new ArrayList<String>();
             rc.add("org.apache.activemq.jaas.GroupPrincipal");
             return rc;
         }
-        return kinds;
+        return acl_principal_kinds;
     }
 
+    /**
+     * The class names for the types of principles that
+     * the user name is extracted from.
+     */
+    @XmlElement(name="user-principal-kinds")
+    public List<String> user_principal_kinds = new ArrayList<String>();
+
+    public List<String> user_principal_kinds() {
+        if( user_principal_kinds.isEmpty() ) {
+            ArrayList<String> rc = new ArrayList<String>();
+            rc.add("org.apache.activemq.jaas.UserPrincipal");
+            return rc;
+        }
+        return user_principal_kinds;
+    }
 }

Modified: activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ConnectorDTO.java
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ConnectorDTO.java?rev=1044767&r1=1044766&r2=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ConnectorDTO.java
(original)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ConnectorDTO.java
Sun Dec 12 04:50:58 2010
@@ -16,10 +16,9 @@
  */
 package org.apache.activemq.apollo.dto;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.*;
+import java.util.ArrayList;
+import java.util.List;
 
 /**
  *
@@ -52,5 +51,11 @@ public class ConnectorDTO extends Servic
     @XmlAttribute(name="connection-limit")
     public Integer connection_limit;
 
+    /**
+     * A broker accepts connections via it's configured connectors.
+     */
+    @XmlElementRef
+    public List<ProtocolDTO> protocols = new ArrayList<ProtocolDTO>();
+
     
 }
\ No newline at end of file

Copied: activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ProtocolDTO.java
(from r1044766, activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authenticator.scala)
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ProtocolDTO.java?p2=activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ProtocolDTO.java&p1=activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authenticator.scala&r1=1044766&r2=1044767&rev=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authenticator.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ProtocolDTO.java
Sun Dec 12 04:50:58 2010
@@ -14,23 +14,17 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.activemq.apollo.broker.security
-import scala.util.continuations._
+package org.apache.activemq.apollo.dto;
+
+import org.codehaus.jackson.annotate.JsonTypeInfo;
+
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlType;
 
 /**
- * <p>
- * </p>
- *
  * @author <a href="http://hiramchirino.com">Hiram Chirino</a>
  */
-trait Authenticator {
-
-  /**
-   * If the authentication succeeds, then the subject and
-   * principles fields of the SecurityContext should be populated.
-   *
-   * @returns true if the SecurityContext was authenticated.
-   */
-  def authenticate(ctx:SecurityContext):Boolean @suspendable
+@JsonTypeInfo(use=JsonTypeInfo.Id.CLASS, include=JsonTypeInfo.As.PROPERTY, property="@class")
+public abstract class ProtocolDTO {
 
-}
\ No newline at end of file
+}

Copied: activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/StompDTO.java
(from r1044766, activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ConnectorDTO.java)
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/StompDTO.java?p2=activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/StompDTO.java&p1=activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ConnectorDTO.java&r1=1044766&r2=1044767&rev=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/ConnectorDTO.java
(original)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/StompDTO.java
Sun Dec 12 04:50:58 2010
@@ -22,35 +22,15 @@ import javax.xml.bind.annotation.XmlAttr
 import javax.xml.bind.annotation.XmlRootElement;
 
 /**
- *
- * 
+ * Allow you to customize the stomp protocol implementation.
  *
  * @author <a href="http://hiramchirino.com">Hiram Chirino</a>
  */
-@XmlRootElement(name = "connector")
+@XmlRootElement(name="stomp")
 @XmlAccessorType(XmlAccessType.FIELD)
-public class ConnectorDTO extends ServiceDTO<String> {
-
-    /**
-     * The transport uri which it will accept connections on.
-     */
-    @XmlAttribute
-    public String bind;
-
-    /**
-     * The protocol that the transport will use.
-     */
-    @XmlAttribute
-    public String protocol;
-
-    /**
-     * The uri which will be advertised for remote endpoints to connect to.
-     */
-    @XmlAttribute
-    public String advertise;
+public class StompDTO extends ProtocolDTO {
 
-    @XmlAttribute(name="connection-limit")
-    public Integer connection_limit;
+    @XmlAttribute(name = "add-user-header")
+    public String add_user_header;
 
-    
-}
\ No newline at end of file
+}

Modified: activemq/activemq-apollo/trunk/apollo-dto/src/main/resources/org/apache/activemq/apollo/dto/jaxb.index
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/main/resources/org/apache/activemq/apollo/dto/jaxb.index?rev=1044767&r1=1044766&r2=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/main/resources/org/apache/activemq/apollo/dto/jaxb.index
(original)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/main/resources/org/apache/activemq/apollo/dto/jaxb.index
Sun Dec 12 04:50:58 2010
@@ -45,3 +45,4 @@ QueueDTO
 DestinationDTO
 LinkDTO
 QueueConsumerStatusDTO
+StompDTO
\ No newline at end of file

Modified: activemq/activemq-apollo/trunk/apollo-dto/src/test/java/org/apache/activemq/apollo/dto/XmlCodecTest.java
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/test/java/org/apache/activemq/apollo/dto/XmlCodecTest.java?rev=1044767&r1=1044766&r2=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/test/java/org/apache/activemq/apollo/dto/XmlCodecTest.java
(original)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/test/java/org/apache/activemq/apollo/dto/XmlCodecTest.java
Sun Dec 12 04:50:58 2010
@@ -38,6 +38,14 @@ public class XmlCodecTest {
         BrokerDTO dto = XmlCodec.unmarshalBrokerDTO(resource("XmlCodecTest.xml"));
         assertNotNull(dto);
         assertEquals("default", dto.id);
+        assertEquals(1, dto.connectors.size());
+        ConnectorDTO connector = dto.connectors.get(0);
+        assertEquals(1, connector.protocols.size());
+        ProtocolDTO stomp = connector.protocols.get(0);
+        assertTrue(stomp instanceof StompDTO);
+        assertEquals("JMSXUserID", ((StompDTO) stomp).add_user_header);
+
+
         VirtualHostDTO host = dto.virtual_hosts.get(0);
         assertNotNull(host.acl);
         assertEquals("vh-local", host.id);

Modified: activemq/activemq-apollo/trunk/apollo-dto/src/test/resources/org/apache/activemq/apollo/dto/XmlCodecTest.xml
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/test/resources/org/apache/activemq/apollo/dto/XmlCodecTest.xml?rev=1044767&r1=1044766&r2=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/test/resources/org/apache/activemq/apollo/dto/XmlCodecTest.xml
(original)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/test/resources/org/apache/activemq/apollo/dto/XmlCodecTest.xml
Sun Dec 12 04:50:58 2010
@@ -28,5 +28,7 @@
     <host-name>localhost</host-name>
     <host-name>example.com</host-name>
   </virtual-host>
-  <connector bind="tcp://0.0.0.0:61616" enabled="true" id="port-61616"/>
+  <connector bind="tcp://0.0.0.0:61616" enabled="true" id="port-61616">
+    <stomp add-user-header="JMSXUserID"/>
+  </connector>
 </broker>

Modified: activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala?rev=1044767&r1=1044766&r2=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
Sun Dec 12 04:50:58 2010
@@ -33,8 +33,8 @@ import org.apache.activemq.apollo.store.
 import org.apache.activemq.apollo.util._
 import java.util.concurrent.TimeUnit
 import java.util.Map.Entry
-import org.apache.activemq.apollo.dto.{StompConnectionStatusDTO, BindingDTO, SubscriptionBindingDTO,
QueueBindingDTO}
 import scala.util.continuations._
+import org.apache.activemq.apollo.dto._
 
 object StompProtocolHandler extends Log {
 
@@ -165,6 +165,7 @@ class StompProtocolHandler extends Proto
     val dispatchQueue = StompProtocolHandler.this.dispatchQueue
 
 
+
     dispatchQueue.retain
     setDisposer(^{
       session_manager.release
@@ -250,7 +251,13 @@ class StompProtocolHandler extends Proto
   var heart_beat_monitor:HeartBeatMonitor = new HeartBeatMonitor
   val security_context = new SecurityContext
   var waiting_on:String = "client request"
+  var config:StompDTO = _
 
+  override def setConnection(connection: BrokerConnection) = {
+    super.setConnection(connection)
+    import collection.JavaConversions._
+    config = connection.connector.config.protocols.find( _.isInstanceOf[StompDTO]).map(_.asInstanceOf[StompDTO]).getOrElse(new
StompDTO)
+  }
 
   override def create_connection_status = {
     var rc = new StompConnectionStatusDTO
@@ -595,10 +602,25 @@ class StompProtocolHandler extends Proto
 
 
   var message_id_counter = 0;
-  def next_message_id = {
-    message_id_counter += 1
-    // TODO: properly generate mesage ids
-    new AsciiBuffer("msg:"+message_id_counter);
+
+  def updated_headers(headers:HeaderMap) = {
+    var rc:HeaderMap=Nil
+
+    // Do we need to add the message id?
+    if( get( headers, MESSAGE_ID) == None ) {
+      // TODO: properly generate mesage ids
+      message_id_counter += 1
+      rc ::= (MESSAGE_ID, ascii("msg:"+message_id_counter))
+    }
+
+    // Do we need to add the user id?
+    if( host.authenticator!=null && config.add_user_header!=null ) {
+      host.authenticator.user_name(security_context).foreach{ name=>
+        rc ::= (ascii(config.add_user_header), ascii(name))
+      }
+    }
+
+    rc
   }
 
   def send_via_route(route:DeliveryProducerRoute, frame:StompFrame, uow:StoreUOW) = {
@@ -609,13 +631,11 @@ class StompProtocolHandler extends Proto
     if( !route.targets.isEmpty ) {
 
       // We may need to add some headers..
-      var message = get( frame.headers, MESSAGE_ID) match {
-        case None=>
-          var updated_headers:HeaderMap=Nil;
-          updated_headers ::= (MESSAGE_ID, next_message_id)
-          StompFrameMessage(StompFrame(MESSAGE, frame.headers, frame.content, updated_headers))
-        case Some(id)=>
+      var message = updated_headers(frame.headers) match {
+        case Nil=>
           StompFrameMessage(StompFrame(MESSAGE, frame.headers, frame.content))
+        case updated_headers =>
+          StompFrameMessage(StompFrame(MESSAGE, frame.headers, frame.content, updated_headers))
       }
 
       val delivery = new Delivery

Added: activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/apollo-stomp-secure.xml
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/apollo-stomp-secure.xml?rev=1044767&view=auto
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/apollo-stomp-secure.xml
(added)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/apollo-stomp-secure.xml
Sun Dec 12 04:50:58 2010
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<broker id="default" rev="1" xmlns="http://activemq.apache.org/schema/activemq/apollo">
+
+  <authentication domain="StompSecurityTest"/>
+
+  <virtual-host id="default" purge-on-startup="true">
+    <host-name>localhost</host-name>
+
+    <acl>
+      <connect name="connect_group"/>
+    </acl>
+
+    <!-- queue security -->
+    <queue path="**" kind="ptp">
+      <acl>
+        <create  name="can_send_create_queue"/>
+        <send    name="can_send_create_queue"/>
+        <send    name="can_send_queue"/>
+        <receive name="can_receive_queue"/>
+        <consume name="can_consume_queue"/>
+      </acl>
+    </queue>
+
+    <!-- topic security -->
+    <destination path="**">
+      <acl>
+        <create  name="can_send_create_topic"/>
+        <send    name="can_send_create_topic"/>
+        <send    name="can_send_topic"/>
+        <receive name="can_recieve_topic"/>
+      </acl>
+    </destination>
+
+    <!-- durable sub security -->
+    <queue path="**" kind="ds">
+      <acl>
+        <create  name="can_consume_create_ds"/>
+        <consume name="can_consume_create_ds"/>
+        <consume name="can_consume_ds"/>
+      </acl>
+    </queue>
+  </virtual-host>
+
+  <connector id="tcp" protocol="stomp" bind="tcp://0.0.0.0:0">
+    <stomp add-user-header="JMSXUserID"/>
+  </connector>
+
+</broker>
\ No newline at end of file

Added: activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/log4j.properties
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/log4j.properties?rev=1044767&view=auto
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/log4j.properties (added)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/log4j.properties Sun Dec
12 04:50:58 2010
@@ -0,0 +1,46 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements.  See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License.  You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+
+#
+# Setup the default logging levels
+#
+log4j.rootLogger=WARN, console, logfile
+log4j.logger.org.apache.activemq.apollo=INFO
+
+#
+# Uncomment one of the following to enable debug logging
+#
+# log4j.logger.org.apache.activemq.apollo=DEBUG
+# log4j.logger.org.apache.activemq.apollo.broker=DEBUG
+# log4j.logger.org.apache.activemq.apollo.web=DEBUG
+# log4j.logger.org.apache.activemq.apollo.cli=DEBUG
+# log4j.logger.org.apache.activemq.apollo.store.hawtdb=DEBUG
+
+# Console Settings
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%-5p | %m%n
+log4j.appender.console.threshold=INFO
+
+# File Settings
+log4j.appender.logfile=org.apache.log4j.RollingFileAppender
+log4j.appender.logfile.file=${apollo.base}/log/apollo.log
+log4j.appender.logfile.maxFileSize=5MB
+log4j.appender.logfile.maxBackupIndex=5
+log4j.appender.logfile.append=true
+log4j.appender.logfile.layout=org.apache.log4j.PatternLayout
+log4j.appender.logfile.layout.ConversionPattern=%d | %-5p | %m | %c | %t%n
\ No newline at end of file

Added: activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/login.config
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/login.config?rev=1044767&view=auto
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/login.config (added)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/login.config Sun Dec 12
04:50:58 2010
@@ -0,0 +1,29 @@
+// ---------------------------------------------------------------------------
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements.  See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License.  You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ---------------------------------------------------------------------------
+StompSecurityTest {
+
+  //
+  // For testing purposes, we do a funny thing where we set the user
+  // file to also be used as the groups file.  This only works for the
+  // test since  user==password==group for our tests.
+  //
+  org.apache.activemq.apollo.broker.security.FileLoginModule required
+    users_file="users.properties"
+    groups_file="users.properties"
+    ;
+
+};
\ No newline at end of file

Added: activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/users.properties
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/users.properties?rev=1044767&view=auto
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/users.properties (added)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/test/resources/users.properties Sun Dec
12 04:50:58 2010
@@ -0,0 +1,39 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements.  See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License.  You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+
+connect_group=can_only_connect,can_send_create_queue,can_send_queue,can_receive_queue,can_consume_queue,can_send_create_topic,can_send_topic,can_recieve_topic,can_consume_create_ds,can_consume_ds
+
+can_not_connect=can_not_connect
+can_only_connect=can_only_connect
+
+#
+# Users with specific roles related to queues
+#
+can_send_create_queue=can_send_create_queue
+can_send_queue=can_send_queue
+can_receive_queue=can_receive_queue
+can_consume_queue=can_consume_queue
+
+#
+# Users with specific roles related to topics
+#
+can_send_create_topic=can_send_create_topic
+can_send_topic=can_send_topic
+can_recieve_topic=can_recieve_topic
+can_consume_create_ds=can_consume_create_ds
+can_consume_ds=can_consume_ds
+

Modified: activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/StompTest.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/StompTest.scala?rev=1044767&r1=1044766&r2=1044767&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/StompTest.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/StompTest.scala
Sun Dec 12 04:50:58 2010
@@ -49,26 +49,32 @@ class StompTestSupport extends FunSuiteS
     clients = Nil
   }
 
-  def connect(version:String, c: StompClient = client) = {
+  def connect_request(version:String, c: StompClient, headers:String="") = {
     c.open("localhost", port)
     version match {
       case "1.0"=>
         c.write(
           "CONNECT\n" +
+          headers +
           "\n")
       case "1.1"=>
         c.write(
           "CONNECT\n" +
           "accept-version:1.1\n" +
           "host:localhost\n" +
+          headers +
           "\n")
       case x=> throw new RuntimeException("invalid version: %f".format(x))
     }
-    val frame = c.receive()
+    clients ::= c
+    c.receive()
+  }
+
+  def connect(version:String, c: StompClient = client, headers:String="") = {
+    val frame = connect_request(version, c, headers)
     frame should startWith("CONNECTED\n")
     frame should include regex("""session:.+?\n""")
     frame should include("version:"+version+"\n")
-    clients ::= c
     c
   }
 
@@ -695,4 +701,172 @@ class StompAckModeTest extends StompTest
 
   }
 
-}
\ No newline at end of file
+}
+
+class StompSecurityTest extends StompTestSupport {
+
+  override val broker_config_uri: String = "xml:classpath:apollo-stomp-secure.xml"
+
+  override protected def beforeAll = {
+    try {
+      val login_file = new java.io.File(getClass.getClassLoader.getResource("login.config").getFile())
+      System.setProperty("java.security.auth.login.config", login_file.getCanonicalPath)
+    } catch {
+      case x:Throwable => x.printStackTrace
+    }
+    super.beforeAll
+  }
+
+  test("Connect with no id password") {
+    val frame = connect_request("1.1", client)
+    frame should startWith("ERROR\n")
+    frame should include("message:Authentication failed.\n")
+  }
+
+  test("Connect with invalid id password") {
+    val frame = connect_request("1.1", client,
+      "login:foo\n" +
+      "passcode:bar\n")
+    frame should startWith("ERROR\n")
+    frame should include("message:Authentication failed.\n")
+
+  }
+
+  test("Connect with valid id password but can't connect") {
+
+    val frame = connect_request("1.1", client,
+      "login:can_not_connect\n" +
+      "passcode:can_not_connect\n")
+    frame should startWith("ERROR\n")
+    frame should include("message:Connect not authorized.\n")
+
+  }
+
+  test("Connect with valid id password that can connect") {
+    connect("1.1", client,
+      "login:can_only_connect\n" +
+      "passcode:can_only_connect\n")
+
+  }
+
+  test("Send not authorized") {
+    connect("1.1", client,
+      "login:can_only_connect\n" +
+      "passcode:can_only_connect\n")
+
+    client.write(
+      "SEND\n" +
+      "destination:/queue/secure\n" +
+      "receipt:0\n" +
+      "\n" +
+      "Hello Wolrd\n")
+
+    val frame = client.receive()
+    frame should startWith("ERROR\n")
+    frame should include("message:Not authorized to send to the queue\n")
+  }
+
+  test("Send authorized but not create") {
+    connect("1.1", client,
+      "login:can_send_queue\n" +
+      "passcode:can_send_queue\n")
+
+    client.write(
+      "SEND\n" +
+      "destination:/queue/secure\n" +
+      "receipt:0\n" +
+      "\n" +
+      "Hello Wolrd\n")
+
+    val frame = client.receive()
+    frame should startWith("ERROR\n")
+    frame should include("message:Not authorized to create the queue\n")
+
+  }
+
+//
+//  test("Consume authorized but not create") {
+//    connect("1.1", client,
+//      "login:can_consume_queue\n" +
+//      "passcode:can_consume_queue\n")
+//
+//    client.write(
+//      "SUBSCRIBE\n" +
+//      "destination:/queue/secure\n" +
+//      "id:0\n" +
+//      "receipt:0\n" +
+//      "\n")
+//    wait_for_receipt("0")
+//
+//    val frame = client.receive()
+//    frame should startWith("ERROR\n")
+//    frame should include("message:Not authorized to create the queue\n")
+//  }
+
+  test("Send and create authorized") {
+    connect("1.1", client,
+      "login:can_send_create_queue\n" +
+      "passcode:can_send_create_queue\n")
+
+    client.write(
+      "SEND\n" +
+      "destination:/queue/secure\n" +
+      "receipt:0\n" +
+      "\n" +
+      "Hello Wolrd\n")
+
+    wait_for_receipt("0")
+
+  }
+
+  test("Can send and once created") {
+
+    // Now try sending with the lower access id.
+    connect("1.1", client,
+      "login:can_send_queue\n" +
+      "passcode:can_send_queue\n")
+
+    client.write(
+      "SEND\n" +
+      "destination:/queue/secure\n" +
+      "receipt:0\n" +
+      "\n" +
+      "Hello Wolrd\n")
+
+    wait_for_receipt("0")
+
+  }
+
+  test("Consume not authorized") {
+    connect("1.1", client,
+      "login:can_only_connect\n" +
+      "passcode:can_only_connect\n")
+
+    client.write(
+      "SUBSCRIBE\n" +
+      "destination:/queue/secure\n" +
+      "id:0\n" +
+      "receipt:0\n" +
+      "\n")
+
+    val frame = client.receive()
+    frame should startWith("ERROR\n")
+    frame should include("message:Not authorized to consume from the queue\n")
+  }
+
+//  test("Consume authorized and JMSXUserID is set on message") {
+//    connect("1.1", client,
+//      "login:can_consume_queue\n" +
+//      "passcode:can_consume_queue\n")
+//
+//    client.write(
+//      "SUBSCRIBE\n" +
+//      "destination:/queue/secure\n" +
+//      "id:0\n" +
+//      "\n")
+//
+//    val frame = client.receive()
+//    frame should startWith("MESSAGE\n")
+//    frame should include("JMSXUserID:can_send_create_queue\n")
+//  }
+}



Mime
View raw message