activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cepo...@apache.org
Subject [3/4] Fix for https://issues.apache.org/jira/browse/AMQ-3621 - Integrate Apache Shiro with ActiveMQ as "security solution" - many thanks to Les Hazlewood (lhazlewood) for the patch!
Date Mon, 24 Feb 2014 15:30:50 GMT
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/AuthorizationFilter.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/AuthorizationFilter.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/AuthorizationFilter.java
new file mode 100644
index 0000000..0c147d9
--- /dev/null
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/AuthorizationFilter.java
@@ -0,0 +1,226 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authz;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.broker.ProducerBrokerExchange;
+import org.apache.activemq.broker.region.Destination;
+import org.apache.activemq.broker.region.Subscription;
+import org.apache.activemq.command.ActiveMQDestination;
+import org.apache.activemq.command.ConsumerInfo;
+import org.apache.activemq.command.DestinationInfo;
+import org.apache.activemq.command.Message;
+import org.apache.activemq.command.ProducerInfo;
+import org.apache.activemq.security.SecurityContext;
+import org.apache.activemq.shiro.env.EnvironmentFilter;
+import org.apache.activemq.shiro.subject.ConnectionSubjectResolver;
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.UnauthorizedException;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.subject.Subject;
+
+import java.util.Collection;
+
+/**
+ * The {@code AuthorizationFilter} asserts that actions are allowed to execute first before they are actually
+ * executed.  Such actions include creating, removing, reading from and writing to destinations.
+ * <p/>
+ * This implementation is strictly permission-based, allowing for the finest-grained security policies possible.
+ * Whenever a {@link Subject} associated with a connection attempts to perform an {@link org.apache.activemq.shiro.authz.Action} (such as creating a
+ * destination, or reading from a queue, etc), one or more {@link Permission}s representing that {@code action} are
+ * checked.
+ * <p/>
+ * If the {@code Subject}{@link Subject#isPermitted(org.apache.shiro.authz.Permission) isPermitted} to perform the
+ * {@code action}, the action is allowed to execute and the broker filter chain executes uninterrupted.
+ * <p/>
+ * However, if the {@code Subject} is not permitted to perform the action, an {@link UnauthorizedException} will be
+ * thrown, preventing the filter chain from executing that action.
+ * <h2>ActionPermissionResolver</h2>
+ * The attempted {@code Action} is guarded by one or more {@link Permission}s as indicated by a configurable
+ * {@link #setActionPermissionResolver(org.apache.activemq.shiro.authz.ActionPermissionResolver) actionPermissionResolver}.  The
+ * {@code actionPermissionResolver} indicates which permissions must be granted to the connection {@code Subject} in
+ * order for the action to execute.
+ * <p/>
+ * The default {@code actionPermissionResolver} instance is a
+ * {@link org.apache.activemq.shiro.authz.DestinationActionPermissionResolver DestinationActionPermissionResolver}, which indicates which permissions
+ * are required to perform any action on a particular destination.  Those familiar with Shiro's
+ * {@link org.apache.shiro.authz.permission.WildcardPermission WildcardPermission} syntax will find the
+ * {@code DestinationActionPermissionResolver}'s
+ * {@link org.apache.activemq.shiro.authz.DestinationActionPermissionResolver#createPermissionString createPermissionString} method
+ * documentation valuable for understanding how destination actions are represented as permissions.
+ *
+ * @see org.apache.activemq.shiro.authz.ActionPermissionResolver
+ * @see org.apache.activemq.shiro.authz.DestinationActionPermissionResolver
+ * @since 5.10.0
+ */
+public class AuthorizationFilter extends EnvironmentFilter {
+
+    private ActionPermissionResolver actionPermissionResolver;
+
+    public AuthorizationFilter() {
+        this.actionPermissionResolver = new DestinationActionPermissionResolver();
+    }
+
+    /**
+     * Returns the {@code ActionPermissionResolver} used to indicate which permissions are required to be granted to
+     * a {@link Subject} to perform a particular destination {@link org.apache.activemq.shiro.authz.Action}, (such as creating a
+     * destination, or reading from a queue, etc).  The default instance is a
+     * {@link DestinationActionPermissionResolver}.
+     *
+     * @return the {@code ActionPermissionResolver} used to indicate which permissions are required to be granted to
+     *         a {@link Subject} to perform a particular destination {@link org.apache.activemq.shiro.authz.Action}, (such as creating a
+     *         destination, or reading from a queue, etc).
+     */
+    public ActionPermissionResolver getActionPermissionResolver() {
+        return actionPermissionResolver;
+    }
+
+    /**
+     * Sets the {@code ActionPermissionResolver} used to indicate which permissions are required to be granted to
+     * a {@link Subject} to perform a particular destination {@link org.apache.activemq.shiro.authz.Action}, (such as creating a
+     * destination, or reading from a queue, etc).  Unless overridden by this method, the default instance is a
+     * {@link DestinationActionPermissionResolver}.
+     *
+     * @param actionPermissionResolver the {@code ActionPermissionResolver} used to indicate which permissions are
+     *                                 required to be granted to a {@link Subject} to perform a particular destination
+     *                                 {@link org.apache.activemq.shiro.authz.Action}, (such as creating a destination, or reading from a queue, etc).
+     */
+    public void setActionPermissionResolver(ActionPermissionResolver actionPermissionResolver) {
+        this.actionPermissionResolver = actionPermissionResolver;
+    }
+
+    /**
+     * Returns the {@code Subject} associated with the specified connection using a
+     * {@link org.apache.activemq.shiro.subject.ConnectionSubjectResolver}.
+     *
+     * @param ctx the connection context
+     * @return the {@code Subject} associated with the specified connection.
+     */
+    protected Subject getSubject(ConnectionContext ctx) {
+        return new ConnectionSubjectResolver(ctx).getSubject();
+    }
+
+    protected String toString(Subject subject) {
+        PrincipalCollection pc = subject.getPrincipals();
+        if (pc != null && !pc.isEmpty()) {
+            return "[" + pc.toString() + "] ";
+        }
+        return "";
+    }
+
+    protected void assertAuthorized(DestinationAction action) {
+        assertAuthorized(action, action.getVerb());
+    }
+
+    //ActiveMQ internals will create a ConnectionContext with a SecurityContext that is not
+    //Shiro specific.  We need to allow actions for internal system operations:
+    protected boolean isSystemBroker(DestinationAction action) {
+        ConnectionContext context = action.getConnectionContext();
+        SecurityContext securityContext = context.getSecurityContext();
+        return securityContext != null && securityContext.isBrokerContext();
+    }
+
+    protected void assertAuthorized(DestinationAction action, String verbText) {
+        if (!isEnabled() || isSystemBroker(action)) {
+            return;
+        }
+
+        final Subject subject = getSubject(action.getConnectionContext());
+
+        Collection<Permission> perms = this.actionPermissionResolver.getPermissions(action);
+
+        if (!subject.isPermittedAll(perms)) {
+            String msg = createUnauthorizedMessage(subject, action, verbText);
+            throw new UnauthorizedException(msg);
+        }
+    }
+
+    protected String createUnauthorizedMessage(Subject subject, DestinationAction action, String verbDisplayText) {
+        return "Subject " + toString(subject) + "is not authorized to " + verbDisplayText + " destination: " + action.getDestination();
+    }
+
+    @Override
+    public void addDestinationInfo(ConnectionContext context, DestinationInfo info) throws Exception {
+
+        DestinationAction action = new DestinationAction(context, info.getDestination(), "create");
+        assertAuthorized(action);
+
+        super.addDestinationInfo(context, info);
+    }
+
+    @Override
+    public Destination addDestination(ConnectionContext context, ActiveMQDestination destination, boolean create) throws Exception {
+
+        DestinationAction action = new DestinationAction(context, destination, "create");
+        assertAuthorized(action);
+
+        return super.addDestination(context, destination, create);
+    }
+
+    @Override
+    public void removeDestination(ConnectionContext context, ActiveMQDestination destination, long timeout) throws Exception {
+
+        DestinationAction action = new DestinationAction(context, destination, "remove");
+        assertAuthorized(action);
+
+        super.removeDestination(context, destination, timeout);
+    }
+
+    @Override
+    public void removeDestinationInfo(ConnectionContext context, DestinationInfo info) throws Exception {
+
+        DestinationAction action = new DestinationAction(context, info.getDestination(), "remove");
+        assertAuthorized(action);
+
+        super.removeDestinationInfo(context, info);
+    }
+
+    @Override
+    public Subscription addConsumer(ConnectionContext context, ConsumerInfo info) throws Exception {
+
+        //Unlike when adding a producer, consumers must specify the destination at creation time, so we can rely on
+        //a destination being available to perform the authz check:
+        DestinationAction action = new DestinationAction(context, info.getDestination(), "read");
+        assertAuthorized(action, "read from");
+
+        return super.addConsumer(context, info);
+    }
+
+    @Override
+    public void addProducer(ConnectionContext context, ProducerInfo info) throws Exception {
+
+        // JMS allows producers to be created without first specifying a destination.  In these cases, every send
+        // operation must specify a destination.  Because of this, we only authorize 'addProducer' if a destination is
+        // specified. If not specified, the authz check in the 'send' method below will ensure authorization.
+        if (info.getDestination() != null) {
+            DestinationAction action = new DestinationAction(context, info.getDestination(), "write");
+            assertAuthorized(action, "write to");
+        }
+
+        super.addProducer(context, info);
+    }
+
+    @Override
+    public void send(ProducerBrokerExchange exchange, Message message) throws Exception {
+
+        DestinationAction action = new DestinationAction(exchange.getConnectionContext(), message.getDestination(), "write");
+        assertAuthorized(action, "write to");
+
+        super.send(exchange, message);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/DestinationAction.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/DestinationAction.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/DestinationAction.java
new file mode 100644
index 0000000..07b6b48
--- /dev/null
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/DestinationAction.java
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authz;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ActiveMQDestination;
+
+/**
+ * A {@code DestinationAction} represents behavior being taken on a particular {@link ActiveMQDestination}, such as
+ * creation, removal, and reading messages from it or writing messages to it.  The exact behavior being taken on the
+ * specific {@link #getDestination() destination} is represented as a {@link #getVerb() verb} property, which is one of
+ * the following string tokens:
+ * <table>
+ * <tr>
+ * <th>Verb</th>
+ * <th>Description</th>
+ * </tr>
+ * <tr>
+ * <td>{@code create}</td>
+ * <td>Create a specific destination.</td>
+ * </tr>
+ * <tr>
+ * <td>{@code remove}</td>
+ * <td>Remove a specific destination.</td>
+ * </tr>
+ * <tr>
+ * <td>{@code read}</td>
+ * <td>Read (consume) messages from a specific destination.</td>
+ * </tr>
+ * <tr>
+ * <td>{@code write}</td>
+ * <td>Write messages to a specific destination.</td>
+ * </tr>
+ * </table>
+ *
+ * @since 5.10.0
+ */
+public class DestinationAction implements Action {
+
+    private final ConnectionContext connectionContext;
+    private final ActiveMQDestination destination;
+    private final String verb;
+
+    public DestinationAction(ConnectionContext connectionContext, ActiveMQDestination destination, String verb) {
+        if (connectionContext == null) {
+            throw new IllegalArgumentException("ConnectionContext argument cannot be null.");
+        }
+        if (destination == null) {
+            throw new IllegalArgumentException("ActiveMQDestination argument cannot be null.");
+        }
+        if (verb == null) {
+            throw new IllegalArgumentException("verb argument cannot be null.");
+        }
+
+        this.connectionContext = connectionContext;
+        this.destination = destination;
+        this.verb = verb;
+    }
+
+    public ConnectionContext getConnectionContext() {
+        return connectionContext;
+    }
+
+    public ActiveMQDestination getDestination() {
+        return destination;
+    }
+
+    public String getVerb() {
+        return verb;
+    }
+
+    @Override
+    public String toString() {
+        return this.verb + " destination: " + destination;
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/DestinationActionPermissionResolver.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/DestinationActionPermissionResolver.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/DestinationActionPermissionResolver.java
new file mode 100644
index 0000000..0947529
--- /dev/null
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/DestinationActionPermissionResolver.java
@@ -0,0 +1,272 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authz;
+
+import org.apache.activemq.command.ActiveMQDestination;
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.permission.WildcardPermission;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+/**
+ * A {@code DestinationActionPermissionResolver} inspects {@link DestinationAction}s and returns one or more
+ * {@link WildcardPermission}s that must be granted to a {@code Subject} in order for that {@code Subject} to
+ * perform the action being taken on an {@link ActiveMQDestination}.
+ * <p/>
+ * See the {@link #createPermissionString createPermissionString documentation} to see what the
+ * resulting {@link WildcardPermission} instances would look like.
+ *
+ * @see #createPermissionString(org.apache.activemq.command.ActiveMQDestination, String) )
+ * @see #setPermissionStringPrefix(String)
+ * @since 5.10.0
+ */
+public class DestinationActionPermissionResolver implements ActionPermissionResolver {
+
+    private String permissionStringPrefix;
+    private boolean permissionStringCaseSensitive = true;
+
+    /**
+     * Returns the String prefix that should be automatically prepended to a permission String before the
+     * String is converted to a {@link WildcardPermission} instance.  This is convenient if you want to provide a
+     * 'scope' or 'namespace' for ActiveMQ Destinations to clearly distinguish ActiveMQ-specific permissions from any
+     * others you might assign to user accounts.  The default value is {@code null}, indicating no prefix will be
+     * set by default.
+     * <p/>
+     * For example, the default settings might result in permissions Strings that look like this:
+     * <pre>
+     * topic:TEST:create
+     * temp-queue:MyQueue:remove
+     * topic:ActiveMQ.Advisory.*:read
+     * </pre>
+     * <p/>
+     * However, if your application has any application-specific permissions that start with the tokens {@code topic},
+     * {@code temp-topic}, {@code queue}, or {@code temp-queue}, you wouldn't be able to distinguish between
+     * application-specific permissions and those specific to ActiveMQ.  In this case you might set the
+     * {@code permissionStringPrefix}. For example, if you set:
+     * {@code resolver.setPermissionStringPrefix(&quot;jms&quot;);}, the above permission strings would look like this:
+     * <pre>
+     * jms:topic:TEST:create
+     * jms:temp-queue:MyQueue:remove
+     * jms:topic:ActiveMQ.Advisory.*:read
+     * </pre>
+     * <p/>
+     * Similarly, if the {@code permissionStringPrefix} was equal to {@code activeMQ}:
+     * <pre>
+     * activeMQ:topic:TEST:create
+     * activeMQ:temp-queue:MyQueue:remove
+     * activeMQ:topic:ActiveMQ.Advisory.*:read
+     * </pre>
+     *
+     * @return any String prefix that should be automatically prepended to a permission String before the
+     *         String is converted to a {@link WildcardPermission} instance.  Useful for namespacing permissions.
+     */
+    public String getPermissionStringPrefix() {
+        return permissionStringPrefix;
+    }
+
+    /**
+     * Sets the String prefix that should be automatically prepended to a permission String before the
+     * String is converted to a {@link WildcardPermission} instance.  This is convenient if you want to provide a
+     * 'scope' or 'namespace' for ActiveMQ Destinations to clearly distinguish ActiveMQ-specific permissions from any
+     * others you might assign to user accounts. The default value is {@code null}, indicating no prefix will be
+     * set by default.
+     * <p/>
+     * For example, the default settings might result in permissions Strings that look like this:
+     * <pre>
+     * topic:TEST:create
+     * temp-queue:MyQueue:remove
+     * topic:ActiveMQ.Advisory.*:read
+     * </pre>
+     * <p/>
+     * However, if your application has any application-specific permissions that start with the tokens {@code topic},
+     * {@code temp-topic}, {@code queue}, or {@code temp-queue}, you wouldn't be able to distinguish between
+     * application-specific permissions and those specific to ActiveMQ.  In this case you might set the
+     * {@code permissionStringPrefix}. For example, if you set:
+     * {@code resolver.setPermissionStringPrefix(&quot;jms&quot;);}, the above permission strings would look like this:
+     * <pre>
+     * jms:topic:TEST:create
+     * jms:temp-queue:MyQueue:remove
+     * jms:topic:ActiveMQ.Advisory.*:read
+     * </pre>
+     * <p/>
+     * Similarly, if the {@code permissionStringPrefix} was equal to {@code activeMQ}:
+     * <pre>
+     * activeMQ:topic:TEST:create
+     * activeMQ:temp-queue:MyQueue:remove
+     * activeMQ:topic:ActiveMQ.Advisory.*:read
+     * </pre>
+     *
+     * @param permissionStringPrefix any String prefix that should be automatically prepended to a permission String
+     *                               before the String is converted to a {@link WildcardPermission} instance.  Useful
+     *                               for namespacing permissions.
+     */
+    public void setPermissionStringPrefix(String permissionStringPrefix) {
+        this.permissionStringPrefix = permissionStringPrefix;
+    }
+
+    /**
+     * Returns {@code true} if returned {@link WildcardPermission} instances should be considered case-sensitive,
+     * {@code false} otherwise.  The default value is {@code true}, which is <em>not</em> the normal
+     * {@link WildcardPermission} default setting.  This default was chosen to reflect ActiveMQ's
+     * <a href="http://activemq.apache.org/are-destinations-case-sensitive.html">case-sensitive destination names</a>.
+     *
+     * @return {@code true} if returned {@link WildcardPermission} instances should be considered case-sensitive,
+     *         {@code false} otherwise.
+     */
+    public boolean isPermissionStringCaseSensitive() {
+        return permissionStringCaseSensitive;
+    }
+
+    /**
+     * Sets whether returned {@link WildcardPermission} instances should be considered case-sensitive.
+     * The default value is {@code true}, which is <em>not</em> the normal
+     * {@link WildcardPermission} default setting.  This default was chosen to accurately reflect ActiveMQ's
+     * <a href="http://activemq.apache.org/are-destinations-case-sensitive.html">case-sensitive destination names</a>.
+     *
+     * @param permissionStringCaseSensitive whether returned {@link WildcardPermission} instances should be considered
+     *                                      case-sensitive.
+     */
+    public void setPermissionStringCaseSensitive(boolean permissionStringCaseSensitive) {
+        this.permissionStringCaseSensitive = permissionStringCaseSensitive;
+    }
+
+    @Override
+    public Collection<Permission> getPermissions(Action action) {
+        if (!(action instanceof DestinationAction)) {
+            throw new IllegalArgumentException("Action argument must be a " + DestinationAction.class.getName() + " instance.");
+        }
+        DestinationAction da = (DestinationAction) action;
+        return getPermissions(da);
+    }
+
+    protected Collection<Permission> getPermissions(DestinationAction da) {
+        ActiveMQDestination dest = da.getDestination();
+        String verb = da.getVerb();
+        return createPermissions(dest, verb);
+    }
+
+    protected Collection<Permission> createPermissions(ActiveMQDestination dest, String verb) {
+
+        Set<Permission> set;
+
+        if (dest.isComposite()) {
+            ActiveMQDestination[] composites = dest.getCompositeDestinations();
+            set = new LinkedHashSet<Permission>(composites.length);
+            for(ActiveMQDestination d : composites) {
+                Collection<Permission> perms = createPermissions(d, verb);
+                set.addAll(perms);
+            }
+        } else {
+            set = new HashSet<Permission>(1);
+            String permString = createPermissionString(dest, verb);
+            Permission perm = createPermission(permString);
+            set.add(perm);
+        }
+
+        return set;
+    }
+
+    /**
+     * Inspects the specified {@code destination} and {@code verb} and returns a {@link WildcardPermission}-compatible
+     * String the represents the action.
+     * <h3>Format</h3>
+     * This implementation returns WildcardPermission strings with the following format:
+     * <pre>
+     * optionalPermissionStringPrefix + destinationType + ':' + destinationPhysicalName + ':' + actionVerb
+     * </pre>
+     * where:
+     * <ol>
+     * <li>{@code optionalPermissionStringPrefix} is the {@link #getPermissionStringPrefix() permissionStringPrefix}
+     * followed by a colon delimiter (':').  This is only present if the {@code permissionStringPrefix} has been
+     * specified and is non-null</li>
+     * <li>{@code destinationType} is one of the following four string tokens:
+     * <ul>
+     * <li>{@code topic}</li>
+     * <li>{@code temp-topic}</li>
+     * <li>{@code queue}</li>
+     * <li>{@code temp-queue}</li>
+     * </ul>
+     * based on whether the {@link DestinationAction#getDestination() destination} is
+     * a topic, temporary topic, queue, or temporary queue (respectively).
+     * </li>
+     * <li>
+     * {@code destinationPhysicalName} is
+     * {@link org.apache.activemq.command.ActiveMQDestination#getPhysicalName() destination.getPhysicalName()}
+     * </li>
+     * <li>
+     * {@code actionVerb} is {@link DestinationAction#getVerb() action.getVerb()}
+     * </li>
+     * </ol>
+     * <h3>Examples</h3>
+     * With the default settings (no {@link #getPermissionStringPrefix() permissionStringPrefix}), this might produce
+     * strings that look like the following:
+     * <pre>
+     * topic:TEST:create
+     * temp-queue:MyTempQueue:remove
+     * queue:ActiveMQ.Advisory.*:read
+     * </pre>
+     * If {@link #getPermissionStringPrefix() permissionStringPrefix} was set to {@code jms}, the above examples would
+     * look like this:
+     * <pre>
+     * jms:topic:TEST:create
+     * jms:temp-queue:MyTempQueue:remove
+     * jms:queue:ActiveMQ.Advisory.*:read
+     * </pre>
+     *
+     * @param dest the destination to inspect and convert to a {@link WildcardPermission} string.
+     * @param verb the behavior taken on the destination
+     * @return a {@link WildcardPermission} string that represents the specified {@code action}.
+     * @see #getPermissionStringPrefix() getPermissionStringPrefix() for more on why you might want to set this value
+     */
+    protected String createPermissionString(ActiveMQDestination dest, String verb) {
+        if (dest.isComposite()) {
+            throw new IllegalArgumentException("Use createPermissionStrings for composite destinations.");
+        }
+
+        StringBuilder sb = new StringBuilder();
+
+        if (permissionStringPrefix != null) {
+            sb.append(permissionStringPrefix);
+            if (!permissionStringPrefix.endsWith(":")) {
+                sb.append(":");
+            }
+        }
+
+        if (dest.isTemporary()) {
+            sb.append("temp-");
+        }
+        if (dest.isTopic()) {
+            sb.append("topic:");
+        } else {
+            sb.append("queue:");
+        }
+
+        sb.append(dest.getPhysicalName());
+        sb.append(':');
+        sb.append(verb);
+
+        return sb.toString();
+
+    }
+
+    protected Permission createPermission(String permissionString) {
+        return new ActiveMQWildcardPermission(permissionString, isPermissionStringCaseSensitive());
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/main/java/org/apache/activemq/shiro/env/EnvironmentFilter.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/env/EnvironmentFilter.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/env/EnvironmentFilter.java
new file mode 100644
index 0000000..085f376
--- /dev/null
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/env/EnvironmentFilter.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.env;
+
+import org.apache.activemq.shiro.SecurityFilter;
+import org.apache.shiro.env.Environment;
+
+/**
+ * An abstract {@code BrokerFilter} that makes the Shiro {@link Environment} available to subclasses.
+ *
+ * @since 5.10.0
+ */
+public abstract class EnvironmentFilter extends SecurityFilter {
+
+    private Environment environment;
+
+    public EnvironmentFilter() {
+    }
+
+    public Environment getEnvironment() {
+        if (this.environment == null) {
+            String msg = "Environment has not yet been set.  This should be done before this broker filter is used.";
+            throw new IllegalStateException(msg);
+        }
+        return environment;
+    }
+
+    public void setEnvironment(Environment environment) {
+        this.environment = environment;
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/main/java/org/apache/activemq/shiro/env/IniEnvironment.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/env/IniEnvironment.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/env/IniEnvironment.java
new file mode 100644
index 0000000..9ca1980
--- /dev/null
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/env/IniEnvironment.java
@@ -0,0 +1,136 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.env;
+
+import org.apache.activemq.shiro.authz.ActiveMQPermissionResolver;
+import org.apache.activemq.shiro.mgt.DefaultActiveMqSecurityManager;
+import org.apache.shiro.ShiroException;
+import org.apache.shiro.config.ConfigurationException;
+import org.apache.shiro.config.Ini;
+import org.apache.shiro.config.IniSecurityManagerFactory;
+import org.apache.shiro.env.DefaultEnvironment;
+import org.apache.shiro.io.ResourceUtils;
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.realm.Realm;
+import org.apache.shiro.realm.text.IniRealm;
+import org.apache.shiro.util.Initializable;
+import org.apache.shiro.util.LifecycleUtils;
+
+import java.util.Map;
+
+/**
+ * @since 5.10.0
+ */
+public class IniEnvironment extends DefaultEnvironment implements Initializable {
+
+    private Ini ini;
+    private String iniConfig;
+    private String iniResourePath;
+
+    public IniEnvironment() {
+    }
+
+    public IniEnvironment(Ini ini) {
+        this.ini = ini;
+        init();
+    }
+
+    public IniEnvironment(String iniConfig) {
+        Ini ini = new Ini();
+        ini.load(iniConfig);
+        this.ini = ini;
+        init();
+    }
+
+    public void setIni(Ini ini) {
+        this.ini = ini;
+    }
+
+    public void setIniConfig(String config) {
+        this.iniConfig = config;
+    }
+
+    public void setIniResourcePath(String iniResourcePath) {
+        this.iniResourePath = iniResourcePath;
+    }
+
+    @Override
+    public void init() throws ShiroException {
+        //this.environment and this.securityManager are null.  Try Ini config:
+        Ini ini = this.ini;
+        if (ini != null) {
+            apply(ini);
+        }
+
+        if (this.objects.isEmpty() && this.iniConfig != null) {
+            ini = new Ini();
+            ini.load(this.iniConfig);
+            apply(ini);
+        }
+
+        if (this.objects.isEmpty() && this.iniResourePath != null) {
+            ini = new Ini();
+            ini.loadFromPath(this.iniResourePath);
+            apply(ini);
+        }
+
+        if (this.objects.isEmpty()) {
+            if (ResourceUtils.resourceExists("classpath:shiro.ini")) {
+                ini = new Ini();
+                ini.loadFromPath("classpath:shiro.ini");
+                apply(ini);
+            }
+        }
+
+        if (this.objects.isEmpty()) {
+            String msg = "Configuration error.  All heuristics for acquiring Shiro INI config " +
+                    "have been exhausted.  Ensure you configure one of the following properties: " +
+                    "1) ini 2) iniConfig 3) iniResourcePath and the Ini sections are not empty.";
+            throw new ConfigurationException(msg);
+        }
+
+        LifecycleUtils.init(this.objects.values());
+    }
+
+    protected void apply(Ini ini) {
+        if (ini != null && !ini.isEmpty()) {
+            Map<String, ?> objects = createObjects(ini);
+            this.ini = ini;
+            this.objects.clear();
+            this.objects.putAll(objects);
+        }
+    }
+
+    private Map<String, ?> createObjects(Ini ini) {
+        IniSecurityManagerFactory factory = new IniSecurityManagerFactory(ini) {
+
+            @Override
+            protected SecurityManager createDefaultInstance() {
+                return new DefaultActiveMqSecurityManager();
+            }
+
+            @Override
+            protected Realm createRealm(Ini ini) {
+                IniRealm realm = (IniRealm)super.createRealm(ini);
+                realm.setPermissionResolver(new ActiveMQPermissionResolver());
+                return realm;
+            }
+        };
+        factory.getInstance(); //trigger beans creation
+        return factory.getBeans();
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/main/java/org/apache/activemq/shiro/mgt/DefaultActiveMqSecurityManager.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/mgt/DefaultActiveMqSecurityManager.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/mgt/DefaultActiveMqSecurityManager.java
new file mode 100644
index 0000000..e3d8e61
--- /dev/null
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/mgt/DefaultActiveMqSecurityManager.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.mgt;
+
+import org.apache.activemq.shiro.session.mgt.DisabledSessionManager;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
+import org.apache.shiro.mgt.DefaultSubjectDAO;
+
+/**
+ * @since 5.10.0
+ */
+public class DefaultActiveMqSecurityManager extends DefaultSecurityManager {
+
+    public DefaultActiveMqSecurityManager() {
+        super();
+
+        //disable sessions entirely:
+        setSessionManager(new DisabledSessionManager());
+
+        //also prevent the SecurityManager impl from using the Session as a storage medium (i.e. after authc):
+        DefaultSubjectDAO subjectDao = (DefaultSubjectDAO)getSubjectDAO();
+        DefaultSessionStorageEvaluator sessionStorageEvaluator =
+                (DefaultSessionStorageEvaluator)subjectDao.getSessionStorageEvaluator();
+        sessionStorageEvaluator.setSessionStorageEnabled(false);
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/main/java/org/apache/activemq/shiro/session/mgt/DisabledSessionManager.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/session/mgt/DisabledSessionManager.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/session/mgt/DisabledSessionManager.java
new file mode 100644
index 0000000..5234b1b
--- /dev/null
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/session/mgt/DisabledSessionManager.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.session.mgt;
+
+import org.apache.shiro.session.Session;
+import org.apache.shiro.session.SessionException;
+import org.apache.shiro.session.mgt.SessionContext;
+import org.apache.shiro.session.mgt.SessionKey;
+import org.apache.shiro.session.mgt.SessionManager;
+
+/**
+ * @since 5.10.0
+ */
+public class DisabledSessionManager implements SessionManager {
+
+    @Override
+    public Session start(SessionContext context) {
+        throw new UnsupportedOperationException("Sessions are disabled.");
+    }
+
+    @Override
+    public Session getSession(SessionKey key) throws SessionException {
+        return null;
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/ConnectionSubjectFactory.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/ConnectionSubjectFactory.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/ConnectionSubjectFactory.java
new file mode 100644
index 0000000..322f616
--- /dev/null
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/ConnectionSubjectFactory.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.shiro.ConnectionReference;
+import org.apache.shiro.subject.Subject;
+
+/**
+ * A {@code ConnectionSubjectFactory} creates a {@code Subject} instance that represents the connection client's identity.
+ * <p/>
+ * Most implementations will simply use the {@link Subject.Builder Subject.Builder} to create an anonymous
+ * {@code Subject} instance and let a downstream {@link org.apache.activemq.shiro.authc.AuthenticationFilter} authenticate the {@code Subject} based on
+ * any credentials associated with the connection.  After authentication, the {@code Subject} will have an identity, and
+ * this is the expected flow for most connection clients.
+ * <p/>
+ * However, if there is some other data associated with the connection that can be inspected to create a
+ * {@code Subject} instance beyond what the {@link DefaultConnectionSubjectFactory} provides, this interface allows that
+ * logic to be plugged in as necessary.
+ *
+ * @see DefaultConnectionSubjectFactory
+ * @since 5.10.0
+ */
+public interface ConnectionSubjectFactory {
+
+    /**
+     * Creates a {@code Subject} instance representing the connection client.  It is common for {@code Subject} instances
+     * returned from this method to be anonymous until a downstream {@link org.apache.activemq.shiro.authc.AuthenticationFilter} authenticates the
+     * subject to associate an identity.
+     *
+     * @param ref a reference to the client's connection metadata
+     * @return a {@code Subject} instance representing the connection client.
+     */
+    Subject createSubject(ConnectionReference ref);
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/ConnectionSubjectResolver.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/ConnectionSubjectResolver.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/ConnectionSubjectResolver.java
new file mode 100644
index 0000000..f71fb05
--- /dev/null
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/ConnectionSubjectResolver.java
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.security.SecurityContext;
+import org.apache.activemq.shiro.ConnectionReference;
+import org.apache.shiro.subject.Subject;
+
+/**
+ * A {@code SubjectResolver} that acquires the current Subject from a {@link org.apache.activemq.shiro.ConnectionReference}.
+ *
+ * @since 5.10.0
+ */
+public class ConnectionSubjectResolver implements SubjectResolver {
+
+    private final SubjectSecurityContext securityContext;
+
+    public ConnectionSubjectResolver(ConnectionContext connCtx) {
+        if (connCtx == null) {
+            throw new IllegalArgumentException("ConnectionContext argument cannot be null.");
+        }
+        SecurityContext secCtx = connCtx.getSecurityContext();
+        if (secCtx == null) {
+            String msg = "There is no SecurityContext available on the ConnectionContext.  It " +
+                    "is expected that a previous broker in the chain will create the SecurityContext prior to this " +
+                    "resolver being invoked.  Ensure you have configured the SubjectPlugin and that it is " +
+                    "configured before all other Shiro-dependent broker filters.";
+            throw new IllegalArgumentException(msg);
+        }
+        if (!(secCtx instanceof SubjectSecurityContext)) {
+            String msg = "The specified SecurityContext is expected to be a " + SubjectSecurityContext.class.getName() +
+                    " instance.  The current instance's class: " + secCtx.getClass().getName();
+            throw new IllegalArgumentException(msg);
+        }
+        this.securityContext = (SubjectSecurityContext) secCtx;
+    }
+
+    public ConnectionSubjectResolver(ConnectionReference conn) {
+        this(conn.getConnectionContext());
+    }
+
+    @Override
+    public Subject getSubject() {
+        Subject subject = securityContext.getSubject();
+        if (subject != null) {
+            return subject;
+        }
+        String msg = "There is no Subject available in the SecurityContext.  Ensure " +
+                "that the SubjectPlugin is configured before all other Shiro-dependent broker filters.";
+        throw new IllegalStateException(msg);
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/DefaultConnectionSubjectFactory.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/DefaultConnectionSubjectFactory.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/DefaultConnectionSubjectFactory.java
new file mode 100644
index 0000000..853f701
--- /dev/null
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/DefaultConnectionSubjectFactory.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.shiro.ConnectionReference;
+import org.apache.activemq.shiro.authc.AuthenticationPolicy;
+import org.apache.activemq.shiro.authc.DefaultAuthenticationPolicy;
+import org.apache.shiro.subject.Subject;
+
+/**
+ * @since 5.10.0
+ */
+public class DefaultConnectionSubjectFactory implements ConnectionSubjectFactory {
+
+    private AuthenticationPolicy authenticationPolicy;
+
+    public DefaultConnectionSubjectFactory() {
+        this.authenticationPolicy = new DefaultAuthenticationPolicy();
+    }
+
+    public AuthenticationPolicy getAuthenticationPolicy() {
+        return authenticationPolicy;
+    }
+
+    public void setAuthenticationPolicy(AuthenticationPolicy authenticationPolicy) {
+        this.authenticationPolicy = authenticationPolicy;
+    }
+
+    @Override
+    public Subject createSubject(ConnectionReference conn) {
+
+        Subject.Builder builder = new Subject.Builder(conn.getEnvironment().getSecurityManager());
+
+        authenticationPolicy.customizeSubject(builder, conn);
+
+        return builder.buildSubject();
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectConnectionReference.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectConnectionReference.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectConnectionReference.java
new file mode 100644
index 0000000..dd415cb
--- /dev/null
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectConnectionReference.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ConnectionInfo;
+import org.apache.activemq.shiro.ConnectionReference;
+import org.apache.shiro.env.Environment;
+import org.apache.shiro.subject.Subject;
+
+/**
+ * {@link org.apache.activemq.shiro.ConnectionReference} that further provides access to the connection's Subject instance.
+ *
+ * @since 5.10.0
+ */
+public class SubjectConnectionReference extends ConnectionReference {
+
+    private final Subject subject;
+
+    public SubjectConnectionReference(ConnectionContext connCtx, ConnectionInfo connInfo,
+                                      Environment environment, Subject subject) {
+        super(connCtx, connInfo, environment);
+        if (subject == null) {
+            throw new IllegalArgumentException("Subject argument cannot be null.");
+        }
+        this.subject = subject;
+    }
+
+    public Subject getSubject() {
+        return subject;
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectFilter.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectFilter.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectFilter.java
new file mode 100644
index 0000000..962cd8e
--- /dev/null
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectFilter.java
@@ -0,0 +1,119 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ConnectionInfo;
+import org.apache.activemq.security.SecurityContext;
+import org.apache.activemq.shiro.ConnectionReference;
+import org.apache.activemq.shiro.DefaultSecurityContextFactory;
+import org.apache.activemq.shiro.SecurityContextFactory;
+import org.apache.activemq.shiro.env.EnvironmentFilter;
+import org.apache.shiro.subject.Subject;
+
+/**
+ * The {@code SubjectFilter} ensures a Shiro {@link Subject} representing the client's identity is associated with
+ * every connection to the ActiveMQ Broker.  The {@code Subject} is made available to downstream broker filters so
+ * they may perform security checks as necessary.
+ * <p/>
+ * This implementation does not perform any security checks/assertions itself.  It is expected that other broker filters
+ * will be configured after this one and those will perform any security behavior or checks as necessary.
+ *
+ * @since 5.10.0
+ */
+public class SubjectFilter extends EnvironmentFilter {
+
+    private ConnectionSubjectFactory connectionSubjectFactory;
+    private SecurityContextFactory securityContextFactory;
+
+    public SubjectFilter() {
+        this.connectionSubjectFactory = new DefaultConnectionSubjectFactory();
+        this.securityContextFactory = new DefaultSecurityContextFactory();
+    }
+
+    public ConnectionSubjectFactory getConnectionSubjectFactory() {
+        return connectionSubjectFactory;
+    }
+
+    public void setConnectionSubjectFactory(ConnectionSubjectFactory connectionSubjectFactory) {
+        if (connectionSubjectFactory == null) {
+            throw new IllegalArgumentException("ConnectionSubjectFactory argument cannot be null.");
+        }
+        this.connectionSubjectFactory = connectionSubjectFactory;
+    }
+
+    public SecurityContextFactory getSecurityContextFactory() {
+        return this.securityContextFactory;
+    }
+
+    public void setSecurityContextFactory(SecurityContextFactory securityContextFactory) {
+        if (securityContextFactory == null) {
+            throw new IllegalArgumentException("SecurityContextFactory argument cannot be null.");
+        }
+        this.securityContextFactory = securityContextFactory;
+    }
+
+    protected Subject createSubject(ConnectionReference conn) {
+        return this.connectionSubjectFactory.createSubject(conn);
+    }
+
+    protected SecurityContext createSecurityContext(SubjectConnectionReference conn) {
+        return this.securityContextFactory.createSecurityContext(conn);
+    }
+
+    /**
+     * Creates a {@link Subject} instance reflecting the specified Connection.  The {@code Subject} is then stored in
+     * a {@link SecurityContext} instance which is set as the Connection's
+     * {@link ConnectionContext#setSecurityContext(org.apache.activemq.security.SecurityContext) securityContext}.
+     *
+     * @param context state associated with the client's connection
+     * @param info    info about the client's connection
+     * @throws Exception if there is a problem creating a Subject or {@code SecurityContext} instance.
+     */
+    @Override
+    public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception {
+
+        if (isEnabled()) {
+
+            SecurityContext secCtx = context.getSecurityContext();
+
+            if (secCtx == null) {
+                ConnectionReference conn = new ConnectionReference(context, info, getEnvironment());
+                Subject subject = createSubject(conn);
+                SubjectConnectionReference subjectConn = new SubjectConnectionReference(context, info, getEnvironment(), subject);
+                secCtx = createSecurityContext(subjectConn);
+                context.setSecurityContext(secCtx);
+            }
+        }
+
+        try {
+            super.addConnection(context, info);
+        } catch (Exception e) {
+            context.setSecurityContext(null);
+            throw e;
+        }
+    }
+
+    @Override
+    public void removeConnection(ConnectionContext context, ConnectionInfo info, Throwable error) throws Exception {
+        try {
+            super.removeConnection(context, info, error);
+        } finally {
+            context.setSecurityContext(null);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectResolver.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectResolver.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectResolver.java
new file mode 100644
index 0000000..7273ff3
--- /dev/null
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectResolver.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.shiro.subject.Subject;
+
+/**
+ * @since 5.10.0
+ */
+public interface SubjectResolver {
+
+    /**
+     * Resolves and returns a {@link Subject} instance.  If one cannot be found, a runtime {@code Exception} is thrown.
+     *
+     * @return a resolved {@code Subject} instance.
+     */
+    Subject getSubject() throws RuntimeException;
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java
new file mode 100644
index 0000000..1d752e2
--- /dev/null
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.command.ActiveMQDestination;
+import org.apache.activemq.security.SecurityContext;
+import org.apache.shiro.subject.Subject;
+
+import java.security.Principal;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * ActiveMQ {@code SecurityContext} implementation that retains a Shiro {@code Subject} instance for use during
+ * security checks and other security-related operations.
+ *
+ * @since 5.10.0
+ */
+public class SubjectSecurityContext extends SecurityContext {
+
+    private final Subject subject;
+
+    public SubjectSecurityContext(SubjectConnectionReference conn) {
+        //The username might not be available at the time this object is instantiated (the Subject might be
+        //anonymous).  Instead we override the getUserName() method below and that will always delegate to the
+        //Subject to return the most accurate/freshest username available.
+        super(null);
+        this.subject = conn.getSubject();
+    }
+
+    public Subject getSubject() {
+        return subject;
+    }
+
+    private static String getUsername(Subject subject) {
+        if (subject != null) {
+            Object principal = subject.getPrincipal();
+            if (principal != null) {
+                return String.valueOf(principal);
+            }
+        }
+        return null;
+    }
+
+    @Override
+    public String getUserName() {
+        return getUsername(this.subject);
+    }
+
+    private static UnsupportedOperationException notAllowed(String methodName) {
+        String msg = "Do not invoke the '" + methodName + "' method or use a broker filter that invokes it.  Use one " +
+                "of the Shiro-based security filters instead.";
+        return new UnsupportedOperationException(msg);
+    }
+
+    @Override
+    public boolean isInOneOf(Set<?> allowedPrincipals) {
+        throw notAllowed("isInOneOf");
+    }
+
+    @Override
+    public ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedReadDests() {
+        throw notAllowed("getAuthorizedReadDests");
+    }
+
+    @Override
+    public ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedWriteDests() {
+        throw notAllowed("getAuthorizedWriteDests");
+    }
+
+    @Override
+    public Set<Principal> getPrincipals() {
+        throw notAllowed("getPrincipals");
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/ConnectionReferenceTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/ConnectionReferenceTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/ConnectionReferenceTest.java
new file mode 100644
index 0000000..9290afd
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/ConnectionReferenceTest.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ConnectionInfo;
+import org.apache.shiro.env.DefaultEnvironment;
+import org.junit.Test;
+
+/**
+ * @since 5.10.0
+ */
+public class ConnectionReferenceTest {
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testNoConnectionContext() {
+        new ConnectionReference(null, new ConnectionInfo(), new DefaultEnvironment());
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testNoConnectionInfo() {
+        new ConnectionReference(new ConnectionContext(), null, new DefaultEnvironment());
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testNoEnvironment() {
+        new ConnectionReference(new ConnectionContext(), new ConnectionInfo(), null);
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/SecurityFilterTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/SecurityFilterTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/SecurityFilterTest.java
new file mode 100644
index 0000000..ca64205
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/SecurityFilterTest.java
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro;
+
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class SecurityFilterTest {
+
+    @Test
+    public void testEnabled() {
+
+        SecurityFilter filter = new SecurityFilter() {};
+        assertTrue(filter.isEnabled()); //enabled by default
+
+        filter.setEnabled(false);
+        assertFalse(filter.isEnabled());
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/ShiroPluginTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/ShiroPluginTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/ShiroPluginTest.java
new file mode 100644
index 0000000..67e9d61
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/ShiroPluginTest.java
@@ -0,0 +1,403 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro;
+
+import org.apache.activemq.broker.BrokerPlugin;
+import org.apache.activemq.broker.BrokerService;
+import org.apache.activemq.broker.MutableBrokerFilter;
+import org.apache.activemq.shiro.authc.AuthenticationFilter;
+import org.apache.activemq.shiro.authc.DefaultAuthenticationPolicy;
+import org.apache.activemq.shiro.authz.AuthorizationFilter;
+import org.apache.activemq.shiro.env.IniEnvironment;
+import org.apache.activemq.shiro.subject.DefaultConnectionSubjectFactory;
+import org.apache.activemq.shiro.subject.SubjectFilter;
+import org.apache.activemq.test.JmsResourceProvider;
+import org.apache.activemq.test.TestSupport;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.config.Ini;
+import org.apache.shiro.env.DefaultEnvironment;
+import org.apache.shiro.env.Environment;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.realm.text.IniRealm;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jms.Connection;
+import javax.jms.ConnectionFactory;
+import javax.jms.Destination;
+import javax.jms.JMSException;
+import javax.jms.MessageConsumer;
+import javax.jms.MessageProducer;
+import javax.jms.Session;
+
+/**
+ * @since 5.10.0
+ */
+public class ShiroPluginTest extends TestSupport {
+
+    private static final Logger LOG = LoggerFactory.getLogger(ShiroPluginTest.class);
+
+    protected BrokerService broker;
+    protected SecureJmsResourceProvider resourceProvider;
+    protected ConnectionFactory connectionFactory;
+    protected Connection connection;
+    protected Session session;
+    protected Destination destination;
+    protected MessageConsumer consumer;
+    protected MessageProducer producer;
+
+    @Override
+    protected void setUp() throws Exception {
+        resourceProvider = new SecureJmsResourceProvider();
+    }
+
+    @Override
+    protected void tearDown() throws Exception {
+        LOG.info("Shutting down broker...");
+
+        if (session != null) {
+            session.close();
+        }
+        session = null;
+
+        if (connection != null) {
+            connection.close();
+        }
+        connection = null;
+
+        if (broker != null) {
+            broker.stop();
+            broker.waitUntilStopped();
+        }
+        broker = null;
+
+        LOG.info("Broker shut down.");
+    }
+
+    protected void reconnect() throws Exception {
+        reconnect(null, null);
+    }
+
+    protected void reconnect(String username, String password) throws Exception {
+        if (connection != null) {
+            // Close the prev connection.
+            connection.close();
+        }
+        session = null;
+        if (username == null && password == null) {
+            connection = resourceProvider.createConnection(connectionFactory);
+        } else {
+            connection = resourceProvider.createConnection(connectionFactory, username, password);
+        }
+        reconnectSession();
+        connection.start();
+    }
+
+    protected void reconnectSession() throws JMSException {
+        if (session != null) {
+            session.close();
+        }
+        session = resourceProvider.createSession(connection);
+        destination = resourceProvider.createDestination(session, getSubject());
+        producer = resourceProvider.createProducer(session, destination);
+        consumer = resourceProvider.createConsumer(session, destination);
+    }
+
+    protected ConnectionFactory newConnectionFactory() throws Exception {
+        return resourceProvider.createConnectionFactory();
+    }
+
+    protected void start() throws Exception {
+        startBroker();
+        topic = resourceProvider.isTopic();
+        connectionFactory = newConnectionFactory();
+    }
+
+    protected void startBroker() throws Exception {
+        broker.start();
+        broker.waitUntilStarted();
+    }
+
+    protected BrokerService createBroker(BrokerPlugin... plugins) throws Exception {
+        return createBroker(plugins, resourceProvider.getServerUri());
+    }
+
+    protected BrokerService createBroker(BrokerPlugin[] plugins, String... connectorUris) throws Exception {
+        BrokerService brokerService = new BrokerService();
+        if (plugins != null && plugins.length > 0) {
+            brokerService.setPlugins(plugins);
+        }
+        if (connectorUris != null) {
+            for (String uri : connectorUris) {
+                brokerService.addConnector(uri);
+            }
+        }
+        return brokerService;
+    }
+
+    protected ShiroPlugin createPlugin(String iniPath) {
+        Ini ini = Ini.fromResourcePath(iniPath);
+        Environment env = new IniEnvironment(ini);
+        ShiroPlugin plugin = new ShiroPlugin();
+        plugin.setEnvironment(env);
+        return plugin;
+    }
+
+    public void testNoEnvironmentOrSecurityManager() throws Exception {
+        //should build IniEnvironment from shiro.ini in the classpath at the least:
+        ShiroPlugin plugin = new ShiroPlugin();
+        plugin.installPlugin(new MutableBrokerFilter(null));
+
+        Ini ini = Ini.fromResourcePath("classpath:shiro.ini");
+        IniRealm realm = (IniRealm) ((DefaultSecurityManager) plugin.getEnvironment().getSecurityManager()).getRealms().iterator().next();
+        assertEquals(ini, realm.getIni());
+    }
+
+    public void testSetIni() throws Exception {
+        ShiroPlugin plugin = new ShiroPlugin();
+        Ini ini = Ini.fromResourcePath("classpath:minimal.shiro.ini");
+        plugin.setIni(ini);
+        plugin.installPlugin(new MutableBrokerFilter(null));
+
+        IniRealm realm = (IniRealm) ((DefaultSecurityManager) plugin.getEnvironment().getSecurityManager()).getRealms().iterator().next();
+        assertSame(ini, realm.getIni());
+    }
+
+    public void testSetIniString() throws Exception {
+        ShiroPlugin plugin = new ShiroPlugin();
+        plugin.setIniConfig(
+                "[users]\n" +
+                "system = manager, system\n" +
+                "[roles]\n" +
+                "system = *");
+        plugin.installPlugin(new MutableBrokerFilter(null));
+
+        IniRealm realm = (IniRealm) ((DefaultSecurityManager) plugin.getEnvironment().getSecurityManager()).getRealms().iterator().next();
+        Ini ini = realm.getIni();
+        assertEquals(1, ini.getSection("users").size());
+        assertEquals("manager, system", ini.getSection("users").get("system"));
+        assertEquals(1, ini.getSection("roles").size());
+        assertEquals("*", ini.getSection("roles").get("system"));
+    }
+
+    public void testSetIniResourcePath() throws Exception {
+        ShiroPlugin plugin = new ShiroPlugin();
+
+        String path = "classpath:minimal.shiro.ini";
+
+        plugin.setIniResourcePath(path);
+        plugin.installPlugin(new MutableBrokerFilter(null));
+
+        Ini ini = Ini.fromResourcePath(path);
+
+        IniRealm realm = (IniRealm) ((DefaultSecurityManager) plugin.getEnvironment().getSecurityManager()).getRealms().iterator().next();
+        assertEquals(ini, realm.getIni());
+    }
+
+    public void testSetSubjectFilter() {
+        ShiroPlugin plugin = new ShiroPlugin();
+        SubjectFilter filter = new SubjectFilter();
+        plugin.setSubjectFilter(filter);
+        assertSame(filter, plugin.getSubjectFilter());
+        //assert that the AuthenticationFilter is always the next filter in the chain after the SubjectFilter:
+        assertSame(plugin.getAuthenticationFilter(), filter.getNext());
+    }
+
+    public void testSetAuthenticationFilter() {
+        ShiroPlugin plugin = new ShiroPlugin();
+        AuthenticationFilter filter = new AuthenticationFilter();
+        plugin.setAuthenticationFilter(filter);
+        assertSame(filter, plugin.getAuthenticationFilter());
+        //assert that the AuthenticationFilter is always the next filter in the chain after the SubjectFilter:
+        assertSame(plugin.getSubjectFilter().getNext(), filter);
+    }
+
+    public void testSetAuthorizationFilter() {
+        ShiroPlugin plugin = new ShiroPlugin();
+        AuthorizationFilter filter = new AuthorizationFilter();
+        plugin.setAuthorizationFilter(filter);
+        assertSame(filter, plugin.getAuthorizationFilter());
+        //assert that the AuthenticationFilter is always the next filter in the chain after the AuthenticationFilter:
+        assertSame(plugin.getAuthenticationFilter().getNext(), filter);
+    }
+
+    public void testSetEnvironment() {
+        ShiroPlugin plugin = new ShiroPlugin();
+        Environment env = new DefaultEnvironment();
+        plugin.setEnvironment(env);
+        assertSame(env, plugin.getEnvironment());
+    }
+
+    public void testSetSecurityManager() {
+        ShiroPlugin plugin = new ShiroPlugin();
+        org.apache.shiro.mgt.SecurityManager securityManager = new DefaultSecurityManager();
+        plugin.setSecurityManager(securityManager);
+        assertSame(securityManager, plugin.getSecurityManager());
+    }
+
+    public void testSecurityManagerWhenInstalled() throws Exception {
+        ShiroPlugin plugin = new ShiroPlugin();
+        org.apache.shiro.mgt.SecurityManager securityManager = new DefaultSecurityManager();
+        plugin.setSecurityManager(securityManager);
+
+        assertNull(plugin.getEnvironment()); //we will auto-create one when only a sm is provided
+
+        plugin.installPlugin(new MutableBrokerFilter(null));
+
+        assertSame(securityManager, plugin.getSecurityManager());
+        assertNotNull(plugin.getEnvironment());
+        assertSame(securityManager, plugin.getEnvironment().getSecurityManager());
+    }
+
+    public void testEnabledWhenNotInstalled() {
+        ShiroPlugin plugin = new ShiroPlugin();
+        assertTrue(plugin.isEnabled()); //enabled by default
+
+        plugin.setEnabled(false);
+        assertFalse(plugin.isEnabled());
+
+        plugin.setEnabled(true);
+        assertTrue(plugin.isEnabled());
+    }
+
+    public void testEnabledWhenInstalled() throws Exception {
+        ShiroPlugin plugin = createPlugin("classpath:minimal.shiro.ini");
+        this.broker = createBroker(plugin);
+        start();
+        assertTrue(plugin.isEnabled());
+
+        plugin.setEnabled(false);
+        assertFalse(plugin.isEnabled());
+
+        plugin.setEnabled(true);
+        assertTrue(plugin.isEnabled());
+    }
+
+    public void testAuthenticationEnabledWhenNotInstalled() {
+        ShiroPlugin plugin = new ShiroPlugin();
+        assertTrue(plugin.isAuthenticationEnabled());
+
+        plugin.setAuthenticationEnabled(false);
+        assertFalse(plugin.isAuthenticationEnabled());
+
+        plugin.setAuthenticationEnabled(true);
+        assertTrue(plugin.isAuthenticationEnabled());
+    }
+
+    public void testAuthenticationEnabledWhenInstalled() throws Exception {
+        ShiroPlugin plugin = new ShiroPlugin();
+        plugin.setEnvironment(new DefaultEnvironment());
+        plugin.installPlugin(new MutableBrokerFilter(null));
+
+        assertTrue(plugin.isAuthenticationEnabled());
+
+        plugin.setAuthenticationEnabled(false);
+        assertFalse(plugin.isAuthenticationEnabled());
+
+        plugin.setAuthenticationEnabled(true);
+        assertTrue(plugin.isAuthenticationEnabled());
+    }
+
+    public void testSetAuthenticationPolicy() {
+        ShiroPlugin plugin = new ShiroPlugin();
+        DefaultAuthenticationPolicy policy = new DefaultAuthenticationPolicy();
+        plugin.setAuthenticationPolicy(policy);
+        assertSame(policy, plugin.getAuthenticationPolicy());
+        assertSame(policy, plugin.getAuthenticationFilter().getAuthenticationPolicy());
+        assertSame(policy, ((DefaultConnectionSubjectFactory) plugin.getSubjectFilter().getConnectionSubjectFactory()).getAuthenticationPolicy());
+    }
+
+    public void testAuthorizationEnabledWhenNotInstalled() {
+        ShiroPlugin plugin = new ShiroPlugin();
+        assertTrue(plugin.isAuthorizationEnabled());
+
+        plugin.setAuthorizationEnabled(false);
+        assertFalse(plugin.isAuthorizationEnabled());
+
+        plugin.setAuthorizationEnabled(true);
+        assertTrue(plugin.isAuthorizationEnabled());
+    }
+
+    public void testAuthorizationEnabledWhenInstalled() throws Exception {
+        ShiroPlugin plugin = new ShiroPlugin();
+        plugin.setEnvironment(new DefaultEnvironment());
+        plugin.installPlugin(new MutableBrokerFilter(null));
+
+        assertTrue(plugin.isAuthorizationEnabled());
+
+        plugin.setAuthorizationEnabled(false);
+        assertFalse(plugin.isAuthorizationEnabled());
+
+        plugin.setAuthorizationEnabled(true);
+        assertTrue(plugin.isAuthorizationEnabled());
+    }
+
+
+    public void testSimple() throws Exception {
+        ShiroPlugin plugin = createPlugin("classpath:minimal.shiro.ini");
+        this.broker = createBroker(plugin);
+        start();
+        reconnect();
+    }
+
+    public void testDisabled() throws Exception {
+        ShiroPlugin plugin = createPlugin("classpath:nosystem.shiro.ini");
+        plugin.setEnabled(false);
+        this.broker = createBroker(plugin);
+        start();
+    }
+
+    public void testRuntimeDisableEnableChanges() throws Exception {
+        ShiroPlugin plugin = createPlugin("classpath:nosystem.shiro.ini");
+        ((DefaultAuthenticationPolicy) plugin.getAuthenticationPolicy()).setVmConnectionAuthenticationRequired(true);
+        plugin.setEnabled(false);
+        this.broker = createBroker(plugin);
+        start();
+
+        //connection has no credentials.  When disabled, this should succeed:
+        reconnect();
+
+        //now enable the plugin and assert that credentials are required:
+        plugin.setEnabled(true);
+
+        try {
+            reconnect();
+            fail("Connections without passwords in this configuration should fail.");
+        } catch (JMSException expected) {
+            assertTrue(expected.getCause() instanceof AuthenticationException);
+        }
+
+        //this should work now that we're authenticating:
+        reconnect("foo", "bar");
+    }
+
+    static class SecureJmsResourceProvider extends JmsResourceProvider {
+
+        /**
+         * Creates a connection, authenticating with the specified username and password.
+         *
+         * @see org.apache.activemq.test.JmsResourceProvider#createConnection(javax.jms.ConnectionFactory)
+         */
+        public Connection createConnection(ConnectionFactory cf, String username, String password) throws JMSException {
+            Connection connection = cf.createConnection(username, password);
+            if (getClientID() != null) {
+                connection.setClientID(getClientID());
+            }
+            return connection;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/authc/AuthenticationFilterTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authc/AuthenticationFilterTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authc/AuthenticationFilterTest.java
new file mode 100644
index 0000000..f2ded62
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authc/AuthenticationFilterTest.java
@@ -0,0 +1,86 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authc;
+
+import org.apache.activemq.broker.Broker;
+import org.apache.activemq.broker.BrokerPluginSupport;
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ConnectionInfo;
+import org.apache.activemq.shiro.subject.SubjectAdapter;
+import org.apache.activemq.shiro.subject.SubjectConnectionReference;
+import org.apache.activemq.shiro.subject.SubjectSecurityContext;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.env.DefaultEnvironment;
+import org.apache.shiro.subject.Subject;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class AuthenticationFilterTest {
+
+    AuthenticationFilter filter = new AuthenticationFilter();
+
+    @Test
+    public void testSetAuthenticationTokenFactory() {
+        AuthenticationTokenFactory factory = new AuthenticationTokenFactory() {
+            @Override
+            public AuthenticationToken getAuthenticationToken(SubjectConnectionReference ref) throws Exception {
+                return null;
+            }
+        };
+        filter.setAuthenticationTokenFactory(factory);
+        assertSame(factory, filter.getAuthenticationTokenFactory());
+    }
+
+    @Test
+    public void testRemoveAuthenticationWithLogoutThrowable() throws Exception {
+
+        final boolean[] invoked = new boolean[1];
+
+        Broker broker = new BrokerPluginSupport() {
+            @Override
+            public void removeConnection(ConnectionContext context, ConnectionInfo info, Throwable error) throws Exception {
+                invoked[0] = true;
+            }
+        };
+
+        DefaultEnvironment env = new DefaultEnvironment();
+
+        filter.setNext(broker);
+        filter.setEnvironment(env);
+
+        Subject subject = new SubjectAdapter() {
+            @Override
+            public void logout() {
+                throw new RuntimeException("Simulated failure.");
+            }
+        };
+
+        ConnectionContext ctx = new ConnectionContext();
+        ConnectionInfo info = new ConnectionInfo();
+        SubjectConnectionReference conn = new SubjectConnectionReference(ctx, info, env, subject);
+        SubjectSecurityContext ssc = new SubjectSecurityContext(conn);
+        ctx.setSecurityContext(ssc);
+
+        filter.removeConnection(ctx, info, null);
+
+        assertTrue(invoked[0]);
+    }
+}


Mime
View raw message