activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cepo...@apache.org
Subject [2/4] Fix for https://issues.apache.org/jira/browse/AMQ-3621 - Integrate Apache Shiro with ActiveMQ as "security solution" - many thanks to Les Hazlewood (lhazlewood) for the patch!
Date Mon, 24 Feb 2014 15:30:49 GMT
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/authc/DefaultAuthenticationPolicyTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authc/DefaultAuthenticationPolicyTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authc/DefaultAuthenticationPolicyTest.java
new file mode 100644
index 0000000..0d39061
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authc/DefaultAuthenticationPolicyTest.java
@@ -0,0 +1,339 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authc;
+
+import org.apache.activemq.broker.Connection;
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.broker.Connector;
+import org.apache.activemq.broker.region.ConnectionStatistics;
+import org.apache.activemq.command.Command;
+import org.apache.activemq.command.ConnectionControl;
+import org.apache.activemq.command.ConnectionInfo;
+import org.apache.activemq.command.Response;
+import org.apache.activemq.shiro.subject.SubjectAdapter;
+import org.apache.activemq.shiro.subject.SubjectConnectionReference;
+import org.apache.shiro.env.DefaultEnvironment;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.subject.SimplePrincipalCollection;
+import org.apache.shiro.subject.Subject;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class DefaultAuthenticationPolicyTest {
+
+    private DefaultAuthenticationPolicy policy;
+
+    @Before
+    public void setUp() {
+        this.policy = new DefaultAuthenticationPolicy();
+    }
+
+    @Test
+    public void testVmConnectionAuthenticationRequired() {
+        boolean required = true;
+        policy.setVmConnectionAuthenticationRequired(required);
+        assertEquals(required, policy.isVmConnectionAuthenticationRequired());
+    }
+
+    @Test
+    public void testSystemAccountUsername() {
+        String name = "foo";
+        policy.setSystemAccountUsername(name);
+        assertEquals(name, policy.getSystemAccountUsername());
+    }
+
+    @Test
+    public void testSystemAccountRealmName() {
+        String name = "fooRealm";
+        policy.setSystemAccountRealmName(name);
+        assertEquals(name, policy.getSystemAccountRealmName());
+    }
+
+    @Test
+    public void testAnonymousAllowed() {
+        boolean allowed = true;
+        policy.setAnonymousAccessAllowed(allowed);
+        assertEquals(allowed, policy.isAnonymousAccessAllowed());
+    }
+
+    @Test
+    public void testAnonymousAccountUsername() {
+        String name = "blah";
+        policy.setAnonymousAccountUsername(name);
+        assertEquals(name, policy.getAnonymousAccountUsername());
+    }
+
+    @Test
+    public void testAnonymousAccountRealmName() {
+        String name = "blahRealm";
+        policy.setAnonymousAccountRealmName(name);
+        assertEquals(name, policy.getAnonymousAccountRealmName());
+    }
+
+    @Test
+    public void testIsAnonymousAccount() {
+        Subject subject = new SubjectAdapter() {
+            @Override
+            public PrincipalCollection getPrincipals() {
+                return new SimplePrincipalCollection("anonymous", "iniRealm");
+            }
+        };
+        assertTrue(policy.isAnonymousAccount(subject));
+    }
+
+    @Test
+    public void testIsAnonymousAccountWithNullPrincipals() {
+        assertFalse(policy.isAnonymousAccount(new SubjectAdapter()));
+    }
+
+    @Test
+    public void testIsSystemAccountWithNullPrincipals() {
+        assertFalse(policy.isSystemAccount(new SubjectAdapter()));
+    }
+
+    @Test
+    public void testIsAuthenticationRequiredWhenAlreadyRequired() {
+        Subject subject = new SubjectAdapter() {
+            @Override
+            public boolean isAuthenticated() {
+                return true;
+            }
+        };
+        SubjectConnectionReference sc = new SubjectConnectionReference(new ConnectionContext(), new ConnectionInfo(),
+                new DefaultEnvironment(), subject);
+
+        assertFalse(policy.isAuthenticationRequired(sc));
+    }
+
+    @Test
+    public void testIsAuthenticationRequiredWhenAnonymousAllowedAnonymousSubject() {
+
+        policy.setAnonymousAccessAllowed(true);
+
+        Subject subject = new SubjectAdapter() {
+            @Override
+            public PrincipalCollection getPrincipals() {
+                return new SimplePrincipalCollection("anonymous", "iniRealm");
+            }
+        };
+        SubjectConnectionReference sc = new SubjectConnectionReference(new ConnectionContext(), new ConnectionInfo(),
+                new DefaultEnvironment(), subject);
+
+        assertFalse(policy.isAuthenticationRequired(sc));
+    }
+
+    @Test
+    public void testIsAuthenticationRequiredWhenAnonymousAllowedAndNotAnonymousSubject() {
+
+        policy.setAnonymousAccessAllowed(true);
+
+        Subject subject = new SubjectAdapter() {
+            @Override
+            public PrincipalCollection getPrincipals() {
+                return new SimplePrincipalCollection("system", "iniRealm");
+            }
+        };
+        SubjectConnectionReference sc = new SubjectConnectionReference(new ConnectionContext(), new ConnectionInfo(),
+                new DefaultEnvironment(), subject);
+
+        assertFalse(policy.isAuthenticationRequired(sc));
+    }
+
+    @Test
+    public void testIsAuthenticationRequiredWhenSystemConnectionAndSystemSubject() {
+
+        Subject subject = new SubjectAdapter() {
+            @Override
+            public PrincipalCollection getPrincipals() {
+                return new SimplePrincipalCollection("system", "iniRealm");
+            }
+        };
+        SubjectConnectionReference sc = new SubjectConnectionReference(new ConnectionContext(), new ConnectionInfo(),
+                new DefaultEnvironment(), subject);
+
+        assertFalse(policy.isAuthenticationRequired(sc));
+    }
+
+    @Test
+    public void testIsAuthenticationRequiredWhenSystemConnectionRequiresAuthentication() {
+
+        policy.setVmConnectionAuthenticationRequired(true);
+
+        Subject subject = new SubjectAdapter() {
+            @Override
+            public PrincipalCollection getPrincipals() {
+                return new SimplePrincipalCollection("system", "iniRealm");
+            }
+        };
+        SubjectConnectionReference sc = new SubjectConnectionReference(new ConnectionContext(), new ConnectionInfo(),
+                new DefaultEnvironment(), subject);
+
+        assertTrue(policy.isAuthenticationRequired(sc));
+    }
+
+    @Test
+    public void testIsAuthenticationRequiredWhenSystemConnectionDoesNotRequireAuthenticationAndNotSystemAccount() {
+
+        Subject subject = new SubjectAdapter() {
+            @Override
+            public PrincipalCollection getPrincipals() {
+                return new SimplePrincipalCollection("foo", "iniRealm");
+            }
+        };
+        SubjectConnectionReference sc = new SubjectConnectionReference(new ConnectionContext(), new ConnectionInfo(),
+                new DefaultEnvironment(), subject);
+
+        assertTrue(policy.isAuthenticationRequired(sc));
+    }
+
+    @Test
+    public void testIsAssumeIdentity() {
+        policy.setAnonymousAccessAllowed(true);
+        assertTrue(policy.isAssumeIdentity(null));
+    }
+
+    @Test
+    public void testIsAssumeIdentityWithSystemConnection() {
+
+        ConnectionContext ctx = new ConnectionContext();
+        Connection connection = new Connection() {
+            @Override
+            public Connector getConnector() {
+                return null;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public void dispatchSync(Command message) {
+                //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public void dispatchAsync(Command command) {
+                //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public Response service(Command command) {
+                return null;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public void serviceException(Throwable error) {
+                //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public boolean isSlow() {
+                return false;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public boolean isBlocked() {
+                return false;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public boolean isConnected() {
+                return false;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public boolean isActive() {
+                return false;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public int getDispatchQueueSize() {
+                return 0;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public ConnectionStatistics getStatistics() {
+                return null;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public boolean isManageable() {
+                return false;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public String getRemoteAddress() {
+                return "vm://localhost";
+            }
+
+            @Override
+            public void serviceExceptionAsync(IOException e) {
+                //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public String getConnectionId() {
+                return null;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public boolean isNetworkConnection() {
+                return false;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public boolean isFaultTolerantConnection() {
+                return false;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public void updateClient(ConnectionControl control) {
+                //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public void start() throws Exception {
+                //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public void stop() throws Exception {
+                //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public int getActiveTransactionCount() {
+                return 0;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public Long getOldestActiveTransactionDuration() {
+                return null;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+        };
+
+        ctx.setConnection(connection);
+
+        SubjectConnectionReference sc = new SubjectConnectionReference(ctx, new ConnectionInfo(),
+                new DefaultEnvironment(), new SubjectAdapter());
+
+        assertTrue(policy.isAssumeIdentity(sc));
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQPermissionResolverTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQPermissionResolverTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQPermissionResolverTest.java
new file mode 100644
index 0000000..363f60b
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQPermissionResolverTest.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authz;
+
+import org.apache.shiro.authz.Permission;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class ActiveMQPermissionResolverTest {
+
+    @Test
+    public void testDefault() {
+        ActiveMQPermissionResolver resolver = new ActiveMQPermissionResolver();
+        assertTrue(resolver.isCaseSensitive());
+        Permission p = resolver.resolvePermission("Foo:Bar");
+        assertNotNull(p);
+        assertTrue(p instanceof ActiveMQWildcardPermission);
+        assertTrue(p.implies(new ActiveMQWildcardPermission("Foo:Bar")));
+        assertFalse(p.implies(new ActiveMQWildcardPermission("foo:bar")));
+    }
+
+    @Test
+    public void testCaseInsensitive() {
+        ActiveMQPermissionResolver resolver = new ActiveMQPermissionResolver();
+        resolver.setCaseSensitive(false);
+        assertFalse(resolver.isCaseSensitive());
+        Permission p = resolver.resolvePermission("Foo:Bar");
+        assertNotNull(p);
+        assertTrue(p instanceof ActiveMQWildcardPermission);
+        assertTrue(p.implies(new ActiveMQWildcardPermission("foo:bar")));
+        assertTrue(p.implies(new ActiveMQWildcardPermission("Foo:Bar", true)));
+    }
+
+
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermissionTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermissionTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermissionTest.java
new file mode 100644
index 0000000..515aeeb
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermissionTest.java
@@ -0,0 +1,158 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authz;
+
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.permission.WildcardPermission;
+import org.junit.Test;
+
+import java.util.List;
+import java.util.Set;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class ActiveMQWildcardPermissionTest {
+
+    @Test
+    public void testNotWildcardPermission() {
+        ActiveMQWildcardPermission perm = new ActiveMQWildcardPermission("topic:TEST:*");
+        Permission dummy = new Permission() {
+            @Override
+            public boolean implies(Permission p) {
+                return false;
+            }
+        };
+       assertFalse(perm.implies(dummy));
+    }
+
+    @Test
+    public void testIntrapartWildcard() {
+        ActiveMQWildcardPermission superset = new ActiveMQWildcardPermission("topic:ActiveMQ.Advisory.*:read");
+        ActiveMQWildcardPermission subset = new ActiveMQWildcardPermission("topic:ActiveMQ.Advisory.Topic:read");
+
+        assertTrue(superset.implies(subset));
+        assertFalse(subset.implies(superset));
+    }
+
+    @Test
+    public void testMatches() {
+        assertMatch("x", "x");
+        assertNoMatch("x", "y");
+
+        assertMatch("xx", "xx");
+        assertNoMatch("xy", "xz");
+
+        assertMatch("?", "x");
+        assertMatch("x?", "xy");
+        assertMatch("?y", "xy");
+        assertMatch("x?z", "xyz");
+
+        assertMatch("*", "x");
+        assertMatch("x*", "x");
+        assertMatch("x*", "xy");
+        assertMatch("xy*", "xy");
+        assertMatch("xy*", "xyz");
+
+        assertMatch("*x", "x");
+        assertNoMatch("*x", "y");
+
+        assertMatch("*x", "wx");
+        assertNoMatch("*x", "wz");
+        assertMatch("*x", "vwx");
+
+        assertMatch("x*z", "xz");
+        assertMatch("x*z", "xyz");
+        assertMatch("x*z", "xyyz");
+
+        assertNoMatch("ab*t?z", "abz");
+        assertNoMatch("ab*d*yz", "abcdz");
+
+        assertMatch("ab**cd**ef*yz", "abcdefyz");
+        assertMatch("a*c?*z", "abcxyz");
+        assertMatch("a*cd*z", "abcdxyz");
+
+        assertMatch("*", "x:x");
+        assertMatch("*", "x:x:x");
+        assertMatch("x", "x:y");
+        assertMatch("x", "x:y:z");
+
+        assertMatch("foo?armat*", "foobarmatches");
+        assertMatch("f*", "f");
+        assertNoMatch("foo", "f");
+        assertMatch("fo*b", "foob");
+        assertNoMatch("fo*b*r", "fooba");
+        assertNoMatch("foo*", "f");
+
+        assertMatch("t*k?ou", "thankyou");
+        assertMatch("he*l*world", "helloworld");
+        assertNoMatch("foo", "foob");
+
+        assertMatch("*:ActiveMQ.Advisory", "foo:ActiveMQ.Advisory");
+        assertNoMatch("*:ActiveMQ.Advisory", "foo:ActiveMQ.Advisory.");
+        assertMatch("*:ActiveMQ.Advisory*", "foo:ActiveMQ.Advisory");
+        assertMatch("*:ActiveMQ.Advisory*", "foo:ActiveMQ.Advisory.");
+        assertMatch("*:ActiveMQ.Advisory.*", "foo:ActiveMQ.Advisory.Connection");
+        assertMatch("*:ActiveMQ.Advisory*:read", "foo:ActiveMQ.Advisory.Connection:read");
+        assertNoMatch("*:ActiveMQ.Advisory*:read", "foo:ActiveMQ.Advisory.Connection:write");
+        assertMatch("*:ActiveMQ.Advisory*:*", "foo:ActiveMQ.Advisory.Connection:read");
+        assertMatch("*:ActiveMQ.Advisory*:*", "foo:ActiveMQ.Advisory.");
+        assertMatch("topic", "topic:TEST:*");
+        assertNoMatch("*:ActiveMQ*", "topic:TEST:*");
+        assertMatch("topic:ActiveMQ.Advisory*", "topic:ActiveMQ.Advisory.Connection:create");
+        assertMatch("foo?ar", "foobar");
+    }
+
+    protected static void assertMatch(String pattern, String value) {
+        assertTrue(matches(pattern, value));
+    }
+
+    protected static void assertNoMatch(String pattern, String value) {
+        assertFalse(matches(pattern, value));
+    }
+
+    protected static boolean matches(String pattern, String value) {
+        ActiveMQWildcardPermission patternPerm = new ActiveMQWildcardPermission(pattern);
+        WildcardPermission valuePerm = new WildcardPermission(value, true);
+        return patternPerm.implies(valuePerm);
+    }
+
+    @Test(expected=IllegalStateException.class)
+    public void testGetPartsByReflectionThrowingException() {
+
+        ActiveMQWildcardPermission perm = new ActiveMQWildcardPermission("foo:bar") {
+            @Override
+            protected List<Set<String>> doGetPartsByReflection(WildcardPermission wp) throws Exception {
+                throw new RuntimeException("Testing failure");
+            }
+        };
+
+        WildcardPermission otherPerm = new WildcardPermission("foo:bar:baz");
+
+        perm.implies(otherPerm);
+    }
+
+    @Test
+    public void testImpliesWithExtraParts() {
+        ActiveMQWildcardPermission perm1 = new ActiveMQWildcardPermission("foo:bar:baz");
+        ActiveMQWildcardPermission perm2 = new ActiveMQWildcardPermission("foo:bar");
+        assertFalse(perm1.implies(perm2));
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/AuthorizationFilterTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/AuthorizationFilterTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/AuthorizationFilterTest.java
new file mode 100644
index 0000000..bc63f30
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/AuthorizationFilterTest.java
@@ -0,0 +1,364 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authz;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.broker.ProducerBrokerExchange;
+import org.apache.activemq.broker.StubBroker;
+import org.apache.activemq.command.ActiveMQDestination;
+import org.apache.activemq.command.ActiveMQTextMessage;
+import org.apache.activemq.command.ActiveMQTopic;
+import org.apache.activemq.command.ConnectionInfo;
+import org.apache.activemq.command.ConsumerInfo;
+import org.apache.activemq.command.DestinationInfo;
+import org.apache.activemq.command.ProducerInfo;
+import org.apache.activemq.shiro.subject.SubjectAdapter;
+import org.apache.activemq.shiro.subject.SubjectConnectionReference;
+import org.apache.activemq.shiro.subject.SubjectSecurityContext;
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.UnauthorizedException;
+import org.apache.shiro.env.Environment;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.subject.SimplePrincipalCollection;
+import org.apache.shiro.subject.Subject;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.Collection;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class AuthorizationFilterTest {
+
+    private AuthorizationFilter filter;
+    private StubBroker nextBroker;
+
+    @Before
+    public void setUp() {
+        filter = new AuthorizationFilter();
+        nextBroker = new StubBroker();
+        filter.setNext(nextBroker);
+    }
+
+    @Test
+    public void testDefaults() {
+        ActionPermissionResolver resolver = filter.getActionPermissionResolver();
+        assertNotNull(resolver);
+        assertTrue(resolver instanceof DestinationActionPermissionResolver);
+    }
+
+    @Test
+    public void testSetActionPermissionResolver() {
+        ActionPermissionResolver resolver = new DestinationActionPermissionResolver();
+        filter.setActionPermissionResolver(resolver);
+        assertSame(resolver, filter.getActionPermissionResolver());
+    }
+
+    private ConnectionContext createContext(Subject subject) {
+        ConnectionContext ctx = new ConnectionContext();
+        ConnectionInfo info = new ConnectionInfo();
+        Environment environment = new Environment() {
+            @Override
+            public org.apache.shiro.mgt.SecurityManager getSecurityManager() {
+                return null; //not needed in this test.
+            }
+        };
+        SubjectConnectionReference ref = new SubjectConnectionReference(ctx, info, environment, subject);
+        SubjectSecurityContext secCtx = new SubjectSecurityContext(ref);
+        ctx.setSecurityContext(secCtx);
+        return ctx;
+    }
+
+    @Test
+    public void testSubjectToString() {
+        Subject subject = new PermsSubject() {
+            @Override
+            public PrincipalCollection getPrincipals() {
+                return null;
+            }
+        };
+        String string = filter.toString(subject);
+        assertEquals("", string);
+    }
+
+    @Test(expected=UnauthorizedException.class)
+    public void testAddDestinationInfoNotAuthorized() throws Exception {
+        String name = "myTopic";
+        ActiveMQDestination dest = new ActiveMQTopic(name);
+        DestinationInfo info = new DestinationInfo(null, DestinationInfo.ADD_OPERATION_TYPE, dest);
+
+        Subject subject = new PermsSubject();
+        ConnectionContext context = createContext(subject);
+
+        filter.addDestinationInfo(context, info);
+    }
+
+    @Test
+    public void testAddDestinationInfoAuthorized() throws Exception {
+
+        String name = "myTopic";
+        ActiveMQDestination dest = new ActiveMQTopic(name);
+        DestinationInfo info = new DestinationInfo(null, DestinationInfo.ADD_OPERATION_TYPE, dest);
+
+        Subject subject = new PermsSubject() {
+            @Override
+            public boolean isPermitted(Permission toCheck) {
+                Permission assigned = createPerm("topic:myTopic:create");
+                assertEquals(assigned.toString(), toCheck.toString());
+                return assigned.implies(toCheck);
+            }
+        };
+
+        ConnectionContext context = createContext(subject);
+
+        filter.addDestinationInfo(context, info);
+    }
+
+    @Test(expected=UnauthorizedException.class)
+    public void testAddDestinationNotAuthorized() throws Exception {
+        String name = "myTopic";
+        ActiveMQDestination dest = new ActiveMQTopic(name);
+
+        Subject subject = new PermsSubject();
+        ConnectionContext context = createContext(subject);
+
+        filter.addDestination(context, dest, true);
+    }
+
+    @Test
+    public void testAddDestinationAuthorized() throws Exception {
+        String name = "myTopic";
+        ActiveMQDestination dest = new ActiveMQTopic(name);
+
+        Subject subject = new PermsSubject() {
+            @Override
+            public boolean isPermitted(Permission toCheck) {
+                Permission assigned = createPerm("topic:myTopic:create");
+                assertEquals(assigned.toString(), toCheck.toString());
+                return assigned.implies(toCheck);
+            }
+        };
+
+        ConnectionContext context = createContext(subject);
+
+        filter.addDestination(context, dest, true);
+    }
+
+    @Test(expected=UnauthorizedException.class)
+    public void testRemoveDestinationInfoNotAuthorized() throws Exception {
+        String name = "myTopic";
+        ActiveMQDestination dest = new ActiveMQTopic(name);
+        DestinationInfo info = new DestinationInfo(null, DestinationInfo.REMOVE_OPERATION_TYPE, dest);
+
+        Subject subject = new PermsSubject();
+        ConnectionContext context = createContext(subject);
+
+        filter.removeDestinationInfo(context, info);
+    }
+
+    @Test
+    public void testRemoveDestinationInfoAuthorized() throws Exception {
+
+        String name = "myTopic";
+        ActiveMQDestination dest = new ActiveMQTopic(name);
+        DestinationInfo info = new DestinationInfo(null, DestinationInfo.REMOVE_OPERATION_TYPE, dest);
+
+        Subject subject = new PermsSubject() {
+            @Override
+            public boolean isPermitted(Permission toCheck) {
+                Permission assigned = createPerm("topic:myTopic:remove");
+                assertEquals(assigned.toString(), toCheck.toString());
+                return assigned.implies(toCheck);
+            }
+        };
+
+        ConnectionContext context = createContext(subject);
+
+        filter.removeDestinationInfo(context, info);
+    }
+
+    @Test(expected=UnauthorizedException.class)
+    public void testRemoveDestinationNotAuthorized() throws Exception {
+        String name = "myTopic";
+        ActiveMQDestination dest = new ActiveMQTopic(name);
+
+        Subject subject = new PermsSubject();
+        ConnectionContext context = createContext(subject);
+
+        filter.removeDestination(context, dest, 1000);
+    }
+
+    @Test
+    public void testRemoveDestinationAuthorized() throws Exception {
+        String name = "myTopic";
+        ActiveMQDestination dest = new ActiveMQTopic(name);
+
+        Subject subject = new PermsSubject() {
+            @Override
+            public boolean isPermitted(Permission toCheck) {
+                Permission assigned = createPerm("topic:myTopic:remove");
+                assertEquals(assigned.toString(), toCheck.toString());
+                return assigned.implies(toCheck);
+            }
+        };
+
+        ConnectionContext context = createContext(subject);
+
+        filter.removeDestination(context, dest, 1000);
+    }
+
+    @Test(expected=UnauthorizedException.class)
+    public void testAddConsumerNotAuthorized() throws Exception {
+        String name = "myTopic";
+        ActiveMQDestination dest = new ActiveMQTopic(name);
+
+        Subject subject = new PermsSubject();
+        ConnectionContext context = createContext(subject);
+        ConsumerInfo info = new ConsumerInfo(null);
+        info.setDestination(dest);
+
+        filter.addConsumer(context, info);
+    }
+
+    @Test
+    public void testAddConsumerAuthorized() throws Exception {
+        String name = "myTopic";
+        ActiveMQDestination dest = new ActiveMQTopic(name);
+
+        Subject subject = new PermsSubject() {
+            @Override
+            public boolean isPermitted(Permission toCheck) {
+                Permission assigned = createPerm("topic:myTopic:read");
+                assertEquals(assigned.toString(), toCheck.toString());
+                return assigned.implies(toCheck);
+            }
+        };
+
+        ConnectionContext context = createContext(subject);
+        ConsumerInfo info = new ConsumerInfo(null);
+        info.setDestination(dest);
+
+        filter.addConsumer(context, info);
+    }
+
+    @Test
+    public void testAddProducerWithoutDestination() throws Exception {
+        Subject subject = new PermsSubject();
+        ConnectionContext context = createContext(subject);
+        ProducerInfo info = new ProducerInfo(null);
+        filter.addProducer(context, info);
+    }
+
+    @Test(expected=UnauthorizedException.class)
+    public void testAddProducerNotAuthorized() throws Exception {
+        String name = "myTopic";
+        ActiveMQDestination dest = new ActiveMQTopic(name);
+
+        Subject subject = new PermsSubject();
+        ConnectionContext context = createContext(subject);
+        ProducerInfo info = new ProducerInfo(null);
+        info.setDestination(dest);
+
+        filter.addProducer(context, info);
+    }
+
+    @Test
+    public void testAddProducerAuthorized() throws Exception {
+        String name = "myTopic";
+        ActiveMQDestination dest = new ActiveMQTopic(name);
+
+        Subject subject = new PermsSubject() {
+            @Override
+            public boolean isPermitted(Permission toCheck) {
+                Permission assigned = createPerm("topic:myTopic:write");
+                assertEquals(assigned.toString(), toCheck.toString());
+                return assigned.implies(toCheck);
+            }
+        };
+
+        ConnectionContext context = createContext(subject);
+        ProducerInfo info = new ProducerInfo(null);
+        info.setDestination(dest);
+
+        filter.addProducer(context, info);
+    }
+
+    @Test(expected=UnauthorizedException.class)
+    public void testBrokerExchangeSendNotAuthorized() throws Exception {
+        String name = "myTopic";
+
+        ActiveMQDestination dest = new ActiveMQTopic(name);
+        ActiveMQTextMessage message = new ActiveMQTextMessage();
+        message.setDestination(dest);
+        message.setText("Hello, world!");
+
+        Subject subject = new PermsSubject();
+        ConnectionContext context = createContext(subject);
+        ProducerBrokerExchange exchange = new ProducerBrokerExchange();
+        exchange.setConnectionContext(context);
+
+        filter.send(exchange, message);
+    }
+
+    @Test
+    public void testBrokerExchangeSendAuthorized() throws Exception {
+        String name = "myTopic";
+        ActiveMQDestination dest = new ActiveMQTopic(name);
+        ActiveMQTextMessage message = new ActiveMQTextMessage();
+        message.setDestination(dest);
+        message.setText("Hello, world!");
+
+        Subject subject = new PermsSubject() {
+            @Override
+            public boolean isPermitted(Permission toCheck) {
+                Permission assigned = createPerm("topic:myTopic:write");
+                assertEquals(assigned.toString(), toCheck.toString());
+                return assigned.implies(toCheck);
+            }
+        };
+
+        ConnectionContext context = createContext(subject);
+        ProducerBrokerExchange exchange = new ProducerBrokerExchange();
+        exchange.setConnectionContext(context);
+
+        filter.send(exchange, message);
+    }
+
+
+    protected Permission createPerm(String perm) {
+        return new DestinationActionPermissionResolver().createPermission(perm);
+    }
+
+
+    private static class PermsSubject extends SubjectAdapter {
+
+        @Override
+        public PrincipalCollection getPrincipals() {
+            return new SimplePrincipalCollection("foo", "someRealm");
+        }
+
+        @Override
+        public boolean isPermittedAll(Collection<Permission> permissions) {
+            assertNotNull(permissions);
+            assertEquals(1, permissions.size());
+            return isPermitted(permissions.iterator().next());
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionPermissionResolverTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionPermissionResolverTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionPermissionResolverTest.java
new file mode 100644
index 0000000..329979f
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionPermissionResolverTest.java
@@ -0,0 +1,153 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authz;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ActiveMQDestination;
+import org.apache.activemq.command.ActiveMQQueue;
+import org.apache.activemq.command.ActiveMQTempQueue;
+import org.apache.activemq.command.ActiveMQTempTopic;
+import org.apache.activemq.command.ActiveMQTopic;
+import org.apache.activemq.filter.AnyDestination;
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.permission.WildcardPermission;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.Collection;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class DestinationActionPermissionResolverTest {
+
+    private DestinationActionPermissionResolver resolver;
+
+    @Before
+    public void setUp() {
+        this.resolver = new DestinationActionPermissionResolver();
+    }
+
+    @Test
+    public void testDefaults() {
+        assertNull(resolver.getPermissionStringPrefix());
+        //default is true to reflect ActiveMQ's case-sensitive destination names:
+        assertTrue(resolver.isPermissionStringCaseSensitive());
+    }
+
+    @Test
+    public void testPermissionStringPrefixProp() {
+        String prefix = "foo";
+        resolver.setPermissionStringPrefix(prefix);
+        assertEquals(prefix, resolver.getPermissionStringPrefix());
+    }
+
+    @Test
+    public void testCaseSensitiveProp() {
+        resolver.setPermissionStringCaseSensitive(true);
+        assertTrue(resolver.isPermissionStringCaseSensitive());
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testGetPermissionsWithNonDestinationActionInstance() {
+        resolver.getPermissions(new Action() {
+            @Override
+            public String toString() {
+                return "foo";
+            }
+        });
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testGetPermissionsWithNullArgument() {
+        resolver.getPermissions((Action)null);
+    }
+
+    void assertPermString(String perm, Collection<Permission> perms) {
+        assertEquals(1, perms.size());
+        assertEquals(perm, perms.iterator().next().toString());
+    }
+
+    @Test
+    public void testGetPermissionsWithTopic() {
+        ActiveMQTopic topic = new ActiveMQTopic("myTopic");
+        DestinationAction action = new DestinationAction(new ConnectionContext(), topic, "create");
+        Collection<Permission> perms = resolver.getPermissions(action);
+        assertPermString("topic:myTopic:create", perms);
+    }
+
+    @Test
+    public void testGetPermissionsWithTemporaryTopic() {
+        ActiveMQTempTopic topic = new ActiveMQTempTopic("myTempTopic");
+        DestinationAction action = new DestinationAction(new ConnectionContext(), topic, "remove");
+        Collection<Permission> perms = resolver.getPermissions(action);
+        assertPermString("temp-topic:myTempTopic:remove", perms);
+    }
+
+    @Test
+    public void testGetPermissionsWithQueue() {
+        ActiveMQQueue queue = new ActiveMQQueue("myQueue");
+        DestinationAction action = new DestinationAction(new ConnectionContext(), queue, "write");
+        Collection<Permission> perms = resolver.getPermissions(action);
+        assertPermString("queue:myQueue:write", perms);
+    }
+
+    @Test
+    public void testGetPermissionsWithTemporaryQueue() {
+        ActiveMQTempQueue queue = new ActiveMQTempQueue("myTempQueue");
+        DestinationAction action = new DestinationAction(new ConnectionContext(), queue, "read");
+        Collection<Permission> perms = resolver.getPermissions(action);
+        assertPermString("temp-queue:myTempQueue:read", perms);
+    }
+
+    @Test
+    public void testPermissionWithPrefix() {
+        resolver.setPermissionStringPrefix("activeMQ");
+        ActiveMQTopic topic = new ActiveMQTopic("myTopic");
+        DestinationAction action = new DestinationAction(new ConnectionContext(), topic, "create");
+        Collection<Permission> perms = resolver.getPermissions(action);
+        assertPermString("activeMQ:topic:myTopic:create", perms);
+    }
+
+    //Ensures if they explicitly set a prefix with a colon suffix that we don't add another one
+    @Test
+    public void testPermissionWithPrefixAndExplicitColon() {
+        resolver.setPermissionStringPrefix("activeMQ:");
+        ActiveMQTopic topic = new ActiveMQTopic("myTopic");
+        DestinationAction action = new DestinationAction(new ConnectionContext(), topic, "create");
+        Collection<Permission> perms = resolver.getPermissions(action);
+        assertPermString("activeMQ:topic:myTopic:create", perms);
+    }
+
+    @Test
+    public void testAlternateWildcardPermissionToStringWithMultipleActions() {
+        Permission perm = resolver.createPermission("foo:bar:action1,action2");
+        assertTrue(perm instanceof WildcardPermission);
+        assertEquals("foo:bar:action1,action2", perm.toString());
+
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testCreatePermissionStringWithCompositeDestination() {
+        ActiveMQTopic topicA = new ActiveMQTopic("A");
+        ActiveMQTopic topicB = new ActiveMQTopic("B");
+        ActiveMQDestination composite = new AnyDestination(new ActiveMQDestination[]{topicA, topicB});
+        resolver.createPermissionString(composite, "read");
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionTest.java
new file mode 100644
index 0000000..a5a9158
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionTest.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authz;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ActiveMQQueue;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class DestinationActionTest {
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testNullConnectionContext() {
+        new DestinationAction(null, new ActiveMQQueue("foo"), "create");
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testNullDestination() {
+        new DestinationAction(new ConnectionContext(), null, "create");
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testNullVerb() {
+        new DestinationAction(new ConnectionContext(), new ActiveMQQueue("foo"), null);
+    }
+
+    @Test
+    public void testDefault() {
+        ConnectionContext ctx = new ConnectionContext();
+        ActiveMQQueue queue = new ActiveMQQueue("foo");
+        String verb = "create";
+
+        DestinationAction action = new DestinationAction(ctx, queue, verb);
+        assertSame(ctx, action.getConnectionContext());
+        assertSame(queue, action.getDestination());
+        assertEquals(verb, action.getVerb());
+        assertEquals("create destination: queue://foo", action.toString());
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/EnvironmentFilterTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/EnvironmentFilterTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/EnvironmentFilterTest.java
new file mode 100644
index 0000000..b95c9fb
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/EnvironmentFilterTest.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.env;
+
+import org.junit.Test;
+
+/**
+ * @since 5.10.0
+ */
+public class EnvironmentFilterTest {
+
+    @Test(expected=IllegalStateException.class)
+    public void testNullEnvironment() {
+        new EnvironmentFilter(){}.getEnvironment();
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/IniEnvironmentTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/IniEnvironmentTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/IniEnvironmentTest.java
new file mode 100644
index 0000000..0d7d654
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/IniEnvironmentTest.java
@@ -0,0 +1,121 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.env;
+
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.config.ConfigurationException;
+import org.apache.shiro.config.Ini;
+import org.apache.shiro.subject.Subject;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * @since 5.10.0
+ */
+public class IniEnvironmentTest {
+
+    IniEnvironment env;
+
+    @Before
+    public void setUp() {
+        env = new IniEnvironment();
+    }
+
+    protected void authenticate() {
+        authenticate("foo", "bar");
+    }
+
+    protected void authenticate(String username, String password) {
+        Subject subject = new Subject.Builder(env.getSecurityManager()).buildSubject();
+        subject.login(new UsernamePasswordToken(username, password));
+    }
+
+    @Test
+    public void testIniInstanceConstructorArg() {
+        Ini ini = new Ini();
+        ini.addSection("users").put("foo", "bar");
+        env = new IniEnvironment(ini);
+        authenticate();
+    }
+
+    @Test
+    public void testStringConstructorArg() {
+        String config =
+                "[users]\n" +
+                "foo = bar";
+
+        env = new IniEnvironment(config);
+        authenticate();
+    }
+
+    @Test
+    public void testSetIni() {
+        Ini ini = new Ini();
+        ini.addSection("users").put("foo", "bar");
+
+        env = new IniEnvironment();
+        env.setIni(ini);
+        env.init();
+
+        authenticate();
+    }
+
+    @Test
+    public void testSetIniString() {
+        String config =
+                "[users]\n" +
+                "foo = bar";
+
+        env = new IniEnvironment();
+        env.setIniConfig(config);
+        env.init();
+
+        authenticate();
+    }
+
+    @Test
+    public void testSetIniResourcePath() {
+        env = new IniEnvironment();
+        env.setIniResourcePath("classpath:minimal.shiro.ini");
+        env.init();
+
+        authenticate("system", "manager");
+    }
+
+    @Test
+    public void testDefaultClasspathIni() {
+        env = new IniEnvironment();
+        env.init();
+
+        authenticate("system", "manager");
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testNoDefaultClasspathIni() {
+        env = new IniEnvironment() {
+            @Override
+            protected void apply(Ini ini) {
+                super.apply(ini);
+                //clear out the objects to simulate as if the ini file wasn't found:
+                this.objects.clear();
+            }
+        };
+        env.init();
+        authenticate("system", "manager");
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/session/mgt/DisabledSessionManagerTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/session/mgt/DisabledSessionManagerTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/session/mgt/DisabledSessionManagerTest.java
new file mode 100644
index 0000000..df02ee0
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/session/mgt/DisabledSessionManagerTest.java
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.session.mgt;
+
+import org.apache.shiro.session.mgt.DefaultSessionKey;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class DisabledSessionManagerTest {
+
+    private DisabledSessionManager mgr;
+
+    @Before
+    public void setUp() {
+        this.mgr = new DisabledSessionManager();
+    }
+
+    @Test(expected = UnsupportedOperationException.class)
+    public void testStart() {
+        mgr.start(null);
+    }
+
+    @Test
+    public void testGetSession() {
+        assertNull(mgr.getSession(null));
+        assertNull(mgr.getSession(new DefaultSessionKey("foo")));
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/ConnectionSubjectResolverTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/ConnectionSubjectResolverTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/ConnectionSubjectResolverTest.java
new file mode 100644
index 0000000..1404b71
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/ConnectionSubjectResolverTest.java
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ConnectionInfo;
+import org.apache.activemq.security.SecurityContext;
+import org.apache.shiro.env.DefaultEnvironment;
+import org.apache.shiro.subject.Subject;
+import org.junit.Test;
+
+import java.security.Principal;
+import java.util.Set;
+
+/**
+ * @since 5.10.0
+ */
+public class ConnectionSubjectResolverTest {
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testNullConstructorArg() {
+        new ConnectionSubjectResolver((ConnectionContext)null);
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testNullSecurityContext() {
+        SubjectConnectionReference reference =
+                new SubjectConnectionReference(new ConnectionContext(), new ConnectionInfo(),
+                        new DefaultEnvironment(), new SubjectAdapter());
+
+        new ConnectionSubjectResolver(reference);
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testNonSubjectSecurityContext() {
+        SubjectConnectionReference reference =
+                new SubjectConnectionReference(new ConnectionContext(), new ConnectionInfo(),
+                        new DefaultEnvironment(), new SubjectAdapter());
+        reference.getConnectionContext().setSecurityContext(new SecurityContext("") {
+            @Override
+            public Set<Principal> getPrincipals() {
+                return null;
+            }
+        });
+
+        new ConnectionSubjectResolver(reference);
+    }
+
+    @Test(expected = IllegalStateException.class)
+    public void testNullSubject() {
+
+        SubjectConnectionReference reference =
+                new SubjectConnectionReference(new ConnectionContext(), new ConnectionInfo(),
+                        new DefaultEnvironment(), new SubjectAdapter());
+        reference.getConnectionContext().setSecurityContext(new SubjectSecurityContext(reference) {
+            @Override
+            public Subject getSubject() {
+                return null;
+            }
+        });
+
+        ConnectionSubjectResolver resolver = new ConnectionSubjectResolver(reference);
+        resolver.getSubject();
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/DefaultConnectionSubjectFactoryTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/DefaultConnectionSubjectFactoryTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/DefaultConnectionSubjectFactoryTest.java
new file mode 100644
index 0000000..1774f50
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/DefaultConnectionSubjectFactoryTest.java
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.shiro.ConnectionReference;
+import org.apache.activemq.shiro.authc.AuthenticationPolicy;
+import org.apache.shiro.subject.Subject;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class DefaultConnectionSubjectFactoryTest {
+
+    private DefaultConnectionSubjectFactory factory;
+
+    @Before
+    public void setUp() {
+        this.factory = new DefaultConnectionSubjectFactory();
+    }
+
+    @Test
+    public void testSetAuthenticationPolicy() {
+        AuthenticationPolicy policy = new AuthenticationPolicy() {
+            @Override
+            public void customizeSubject(Subject.Builder subjectBuilder, ConnectionReference ref) {
+                //To change body of implemented methods use File | Settings | File Templates.
+            }
+
+            @Override
+            public boolean isAuthenticationRequired(SubjectConnectionReference ref) {
+                return false;  //To change body of implemented methods use File | Settings | File Templates.
+            }
+        };
+        factory.setAuthenticationPolicy(policy);
+        assertSame(policy, factory.getAuthenticationPolicy());
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectAdapter.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectAdapter.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectAdapter.java
new file mode 100644
index 0000000..58f25e5
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectAdapter.java
@@ -0,0 +1,185 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authz.AuthorizationException;
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.ExecutionException;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.subject.Subject;
+
+import java.util.Collection;
+import java.util.List;
+import java.util.concurrent.Callable;
+
+/**
+ * @since 5.10.0
+ */
+public class SubjectAdapter implements Subject {
+
+    @Override
+    public Object getPrincipal() {
+        return null;
+    }
+
+    @Override
+    public PrincipalCollection getPrincipals() {
+        return null;
+    }
+
+    @Override
+    public boolean isPermitted(String permission) {
+        return false;
+    }
+
+    @Override
+    public boolean isPermitted(Permission permission) {
+        return false;
+    }
+
+    @Override
+    public boolean[] isPermitted(String... permissions) {
+        return new boolean[0];
+    }
+
+    @Override
+    public boolean[] isPermitted(List<Permission> permissions) {
+        return new boolean[0];
+    }
+
+    @Override
+    public boolean isPermittedAll(String... permissions) {
+        return false;
+    }
+
+    @Override
+    public boolean isPermittedAll(Collection<Permission> permissions) {
+        return false;
+    }
+
+    @Override
+    public void checkPermission(String permission) throws AuthorizationException {
+    }
+
+    @Override
+    public void checkPermission(Permission permission) throws AuthorizationException {
+    }
+
+    @Override
+    public void checkPermissions(String... permissions) throws AuthorizationException {
+    }
+
+    @Override
+    public void checkPermissions(Collection<Permission> permissions) throws AuthorizationException {
+    }
+
+    @Override
+    public boolean hasRole(String roleIdentifier) {
+        return false;
+    }
+
+    @Override
+    public boolean[] hasRoles(List<String> roleIdentifiers) {
+        return new boolean[0];  //To change body of implemented methods use File | Settings | File Templates.
+    }
+
+    @Override
+    public boolean hasAllRoles(Collection<String> roleIdentifiers) {
+        return false;
+    }
+
+    @Override
+    public void checkRole(String roleIdentifier) throws AuthorizationException {
+    }
+
+    @Override
+    public void checkRoles(Collection<String> roleIdentifiers) throws AuthorizationException {
+    }
+
+    @Override
+    public void checkRoles(String... roleIdentifiers) throws AuthorizationException {
+    }
+
+    @Override
+    public void login(AuthenticationToken token) throws AuthenticationException {
+    }
+
+    @Override
+    public boolean isAuthenticated() {
+        return false;
+    }
+
+    @Override
+    public boolean isRemembered() {
+        return false;
+    }
+
+    @Override
+    public Session getSession() {
+        return null;
+    }
+
+    @Override
+    public Session getSession(boolean create) {
+        return null;
+    }
+
+    @Override
+    public void logout() {
+    }
+
+    @Override
+    public <V> V execute(Callable<V> callable) throws ExecutionException {
+        return null;
+    }
+
+    @Override
+    public void execute(Runnable runnable) {
+    }
+
+    @Override
+    public <V> Callable<V> associateWith(Callable<V> callable) {
+        return null;
+    }
+
+    @Override
+    public Runnable associateWith(Runnable runnable) {
+        return runnable;
+    }
+
+    @Override
+    public void runAs(PrincipalCollection principals) throws NullPointerException, IllegalStateException {
+    }
+
+    @Override
+    public boolean isRunAs() {
+        return false;
+    }
+
+    @Override
+    public PrincipalCollection getPreviousPrincipals() {
+        return null;
+    }
+
+    @Override
+    public PrincipalCollection releaseRunAs() {
+        return null;
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectConnectionReferenceTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectConnectionReferenceTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectConnectionReferenceTest.java
new file mode 100644
index 0000000..82b187b
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectConnectionReferenceTest.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ConnectionInfo;
+import org.apache.shiro.env.DefaultEnvironment;
+import org.junit.Test;
+
+/**
+ * @since 5.10.0
+ */
+public class SubjectConnectionReferenceTest {
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testNullSubject() {
+        new SubjectConnectionReference(new ConnectionContext(), new ConnectionInfo(), new DefaultEnvironment(), null);
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectFilterTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectFilterTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectFilterTest.java
new file mode 100644
index 0000000..e2cbec7
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectFilterTest.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.security.SecurityContext;
+import org.apache.activemq.shiro.SecurityContextFactory;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class SubjectFilterTest {
+
+    private SubjectFilter filter;
+
+    @Before
+    public void setUp() {
+        filter = new SubjectFilter();
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void setNullSubjectConnectionFactory() {
+        filter.setConnectionSubjectFactory(null);
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void setNullSecurityContextFactory() {
+        filter.setSecurityContextFactory(null);
+    }
+
+    @Test
+    public void testSetSecurityContextFactory() {
+        SecurityContextFactory factory = new SecurityContextFactory() {
+            @Override
+            public SecurityContext createSecurityContext(SubjectConnectionReference ref) {
+                return null;
+            }
+        };
+        filter.setSecurityContextFactory(factory);
+        assertSame(factory, filter.getSecurityContextFactory());
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java
new file mode 100644
index 0000000..49d70ed
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ConnectionInfo;
+import org.apache.shiro.env.DefaultEnvironment;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * @since 5.10.0
+ */
+public class SubjectSecurityContextTest {
+
+    SubjectSecurityContext ctx;
+
+    @Before
+    public void setUp() {
+        SubjectConnectionReference conn = new SubjectConnectionReference(new ConnectionContext(), new ConnectionInfo(),
+                new DefaultEnvironment(), new SubjectAdapter());
+        ctx = new SubjectSecurityContext(conn);
+    }
+
+    @Test(expected=UnsupportedOperationException.class)
+    public void testInOneOf() {
+        ctx.isInOneOf(null);
+    }
+
+    @Test(expected=UnsupportedOperationException.class)
+    public void testGetAuthorizedReadDests() {
+        ctx.getAuthorizedReadDests();
+    }
+
+    @Test(expected=UnsupportedOperationException.class)
+    public void testGetAuthorizedWriteDests() {
+        ctx.getAuthorizedWriteDests();
+    }
+
+    @Test(expected=UnsupportedOperationException.class)
+    public void testGetPrincipals() {
+        ctx.getPrincipals();
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/resources/empty.shiro.ini
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/resources/empty.shiro.ini b/activemq-shiro/src/test/resources/empty.shiro.ini
new file mode 100644
index 0000000..abe7ae5
--- /dev/null
+++ b/activemq-shiro/src/test/resources/empty.shiro.ini
@@ -0,0 +1,20 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# This empty file will cause an error at Shiro startup (as expected).  Used for testing purposes only.
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/resources/minimal.shiro.ini
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/resources/minimal.shiro.ini b/activemq-shiro/src/test/resources/minimal.shiro.ini
new file mode 100644
index 0000000..0ccfc86
--- /dev/null
+++ b/activemq-shiro/src/test/resources/minimal.shiro.ini
@@ -0,0 +1,63 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+[main]
+
+# Shiro object graph configuration here if desired/necessary
+
+[users]
+
+# users section format:
+#
+# username = password [, assignedRole1, assignedRole2, ..., assignedRoleN]
+#
+# for example:
+#
+# scott = tiger, users, administrators, advisory
+#
+# Roles and permissions assigned to roles are defined in the [roles] section
+# below. By transitive association, any user assigned a role is granted the
+# role's permissions.
+
+# ActiveMQ System User
+# needed for in-VM/local connections when authentication is enabled:
+system = manager, system
+
+[roles]
+
+# roles section format:
+#
+# roleName = wildcardPermission1, wildcardPermission2, ..., wildcardPermissionN
+
+# The 'system' role is assigned all permissions (*).  Be careful when assigning
+# this to actual users other than then system user!
+system = *
+
+# Full access rights should generally be given to the ActiveMQ.Advisory.*
+# destinations because by default an ActiveMQConnection uses advisory topics to
+# get early knowledge of temp destination creation and deletion. For more info:
+#
+#   http://activemq.apache.org/security.html
+#
+# So we create an 'advisory' role here with a wildcard/catch-all permissions
+# for all advisory topics.  To make your life easy, ensure you assign this to
+# any/all users, e.g.
+#
+#   jsmith = password, advisory, ...
+
+advisory = topic:ActiveMQ.Advisory*
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/resources/nosystem.shiro.ini
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/resources/nosystem.shiro.ini b/activemq-shiro/src/test/resources/nosystem.shiro.ini
new file mode 100644
index 0000000..6409c7f
--- /dev/null
+++ b/activemq-shiro/src/test/resources/nosystem.shiro.ini
@@ -0,0 +1,38 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+[main]
+
+# THIS IS USED FOR TESTING PURPOSES ONLY.  DO NOT BASE YOUR CONFIGURATION OFF OF THIS FILE.
+
+# Shiro object graph configuration here if desired/necessary
+
+[users]
+# username is purposefully different than the system username:
+foo = bar, foo, advisory
+
+[roles]
+# Full access rights should generally be given to the ActiveMQ.Advisory.* destinations because by default an
+# ActiveMQConnection uses advisory topics to get early knowledge of temp destination creation and deletion.
+# See http://activemq.apache.org/security.html for more.
+#
+# So we create an 'advisory' role here with a wildcard/catch-all permissions for all advisory topics:
+advisory = topic:ActiveMQ.Advisory*
+
+# test specific roles/perms:
+foo = queue:QUEUE.org.apache.activemq.shiro.ShiroPluginTest.testRuntimeDisableEnableChanges:*

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/resources/org/apache/activemq/shiro/embedded-ini-config.xml
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/resources/org/apache/activemq/shiro/embedded-ini-config.xml b/activemq-shiro/src/test/resources/org/apache/activemq/shiro/embedded-ini-config.xml
new file mode 100644
index 0000000..dfe8e68
--- /dev/null
+++ b/activemq-shiro/src/test/resources/org/apache/activemq/shiro/embedded-ini-config.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- this file can only be parsed using the xbean-spring library -->
+<!-- START SNIPPET: example -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:amq="http://activemq.apache.org/schema/core"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="
+       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+       http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+
+    <broker xmlns="http://activemq.apache.org/schema/core"
+            useJmx="false" persistent="false" populateJMSXUserID="true">
+
+        <destinations>
+            <queue physicalName="TEST.Q"/>
+        </destinations>
+
+        <transportConnectors>
+            <transportConnector name="default" uri="tcp://0.0.0.0:61616"/>
+        </transportConnectors>
+
+        <plugins>
+            <bean id="shiroPlugin"
+                  class="org.apache.activemq.shiro.ShiroPlugin"
+                  xmlns="http://www.springframework.org/schema/beans">
+                <property name="iniConfig">
+                    <value>
+                        [main]
+
+                        # Shiro object graph configuration here if desired/necessary
+
+                        [users]
+
+                        # users section format:
+                        #
+                        # username = password [, assignedRole1, assignedRole2, ..., assignedRoleN]
+                        #
+                        # for example:
+                        #
+                        # scott = tiger, users, administrators, advisory
+                        #
+                        # Roles and permissions assigned to roles are defined in the [roles] section
+                        # below. By transitive association, any user assigned a role is granted the
+                        # role's permissions.
+
+                        # ActiveMQ System User
+                        # needed for in-VM/local connections when authentication is enabled:
+                        system = manager, system
+
+                        [roles]
+
+                        # roles section format:
+                        #
+                        # roleName = wildcardPermission1, wildcardPermission2, ..., wildcardPermissionN
+
+                        # The 'system' role is assigned all permissions (*). Be careful when assigning
+                        # this to actual users other than then system user:
+                        system = *
+
+                        # Full access rights should generally be given to the ActiveMQ.Advisory.*
+                        # destinations because by default an ActiveMQConnection uses advisory topics to
+                        # get early knowledge of temp destination creation and deletion. For more info:
+                        #
+                        # http://activemq.apache.org/security.html
+                        #
+                        # So we create an 'advisory' role here with a wildcard/catch-all permissions
+                        # for all advisory topics. To make your life easy, ensure you assign this to
+                        # any/all users, e.g.
+                        #
+                        # jsmith = password, advisory, ...
+
+                        advisory = topic:ActiveMQ.Advisory*
+                    </value>
+                </property>
+            </bean>
+        </plugins>
+    </broker>
+
+</beans>

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/resources/org/apache/activemq/shiro/external-ini-config.xml
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/resources/org/apache/activemq/shiro/external-ini-config.xml b/activemq-shiro/src/test/resources/org/apache/activemq/shiro/external-ini-config.xml
new file mode 100644
index 0000000..b4102d6
--- /dev/null
+++ b/activemq-shiro/src/test/resources/org/apache/activemq/shiro/external-ini-config.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+<!-- this file can only be parsed using the xbean-spring library -->
+<!-- START SNIPPET: example -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:amq="http://activemq.apache.org/schema/core"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="
+       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+       http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+
+    <broker xmlns="http://activemq.apache.org/schema/core"
+            useJmx="false" persistent="false" populateJMSXUserID="true">
+
+        <destinations>
+            <queue physicalName="TEST.Q"/>
+        </destinations>
+
+        <transportConnectors>
+            <transportConnector name="default" uri="tcp://0.0.0.0:61616"/>
+        </transportConnectors>
+
+        <plugins>
+            <bean id="shiroPlugin" class="org.apache.activemq.shiro.ShiroPlugin"
+                  xmlns="http://www.springframework.org/schema/beans">
+
+                <!-- Reference Shiro's ini config from an external path, e.g. classpath: -->
+                <property name="iniResourcePath" value="classpath:org/apache/activemq/shiro/external-ini-config.xml"/>
+
+                <!-- or it could be in another location, such as a URL or file:
+                <property name="iniResourcePath" value="url:http://config.somehost.com/mybroker/shiro.ini"/>
+                <property name="iniResourcePath" value="file:/usr/local/somewhere/shiro.ini"/> -->
+            </bean>
+        </plugins>
+    </broker>
+
+</beans>


Mime
View raw message