activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From andytay...@apache.org
Subject [2/3] activemq-artemis git commit: ARTEMIS-628 add BROWSE role
Date Wed, 13 Jul 2016 09:01:01 GMT
ARTEMIS-628 add BROWSE role


Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/e9db9c28
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/e9db9c28
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/e9db9c28

Branch: refs/heads/master
Commit: e9db9c286d88efa0da14527cb0ca1bdb6a6ac885
Parents: 08ab1f7
Author: jbertram <jbertram@apache.org>
Authored: Tue Jul 12 14:13:32 2016 -0500
Committer: jbertram <jbertram@apache.org>
Committed: Tue Jul 12 16:21:57 2016 -0500

----------------------------------------------------------------------
 .../artemis/cli/commands/etc/broker.xml         |   1 +
 .../core/management/ActiveMQServerControl.java  |  11 ++
 .../artemis/api/core/management/RoleInfo.java   |  15 ++-
 .../activemq/artemis/core/security/Role.java    |  24 +++-
 .../artemis/utils/SecurityFormatter.java        |   7 +-
 .../deployers/impl/FileConfigurationParser.java |   8 +-
 .../impl/ActiveMQServerControlImpl.java         |  17 ++-
 .../core/persistence/config/PersistedRoles.java |  28 +++-
 .../artemis/core/security/CheckType.java        |   6 +
 .../core/server/impl/ActiveMQServerImpl.java    |   2 +-
 .../impl/LegacyLDAPSecuritySettingPlugin.java   |   3 +-
 .../core/server/impl/ServerSessionImpl.java     |   7 +-
 .../artemis/core/security/RoleTest.java         |  43 ++++--
 .../artemis/core/settings/RepositoryTest.java   |  14 +-
 docs/user-manual/en/security.md                 |   9 +-
 .../client/AutoCreateJmsDestinationTest.java    |   4 +-
 .../cluster/failover/SecurityFailoverTest.java  |   2 +-
 .../management/ActiveMQServerControlTest.java   |   4 +-
 .../ActiveMQServerControlUsingCoreTest.java     |  13 ++
 .../management/AddressControlTest.java          |   4 +-
 .../management/AddressControlUsingCoreTest.java |   2 +-
 ...tyManagementWithConfiguredAdminUserTest.java |   4 +-
 .../management/SecurityNotificationTest.java    |   4 +-
 .../integration/openwire/OpenWireTestBase.java  |   9 +-
 .../RolesConfigurationStorageTest.java          |   8 +-
 .../ra/ActiveMQMessageHandlerSecurityTest.java  |   2 +-
 .../tests/integration/ra/JMSContextTest.java    |   2 +-
 .../integration/ra/OutgoingConnectionTest.java  |   2 +-
 .../ra/OutgoingConnectionTestJTA.java           |   2 +-
 .../integration/security/LDAPSecurityTest.java  |  21 ++-
 .../integration/security/SecurityTest.java      | 132 ++++++++++++-------
 .../integration/server/ResourceLimitTest.java   |   2 +-
 .../integration/ssl/DualAuthenticationTest.java |   4 +-
 .../tests/integration/stomp/StompTestBase.java  |   2 +-
 tests/jms-tests/src/test/resources/broker.xml   |   1 +
 .../impl/ActiveMQSecurityManagerImplTest.java   |  28 ++--
 36 files changed, 320 insertions(+), 127 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml
index a298221..520a231 100644
--- a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml
+++ b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml
@@ -65,6 +65,7 @@ ${cluster-security.settings}${cluster.settings}${replicated.settings}${shared-st
             <permission type="createDurableQueue" roles="${role}"/>
             <permission type="deleteDurableQueue" roles="${role}"/>
             <permission type="consume" roles="${role}"/>
+            <permission type="browse" roles="${role}"/>
             <permission type="send" roles="${role}"/>
             <!-- we need this otherwise ./artemis data imp wouldn't work -->
             <permission type="manage" roles="${role}"/>

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java
----------------------------------------------------------------------
diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java
index 8ec70e4..b2318ff 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java
@@ -624,6 +624,17 @@ public interface ActiveMQServerControl {
                             @Parameter(desc = "a comma-separated list of roles allowed to delete non durable queues", name = "deleteNonDurableQueueRoles") String deleteNonDurableQueueRoles,
                             @Parameter(desc = "a comma-separated list of roles allowed to send management messages messages", name = "manage") String manageRoles) throws Exception;
 
+   @Operation(desc = "Add security settings for addresses matching the addressMatch", impact = MBeanOperationInfo.ACTION)
+   void addSecuritySettings(@Parameter(desc = "an address match", name = "addressMatch") String addressMatch,
+                            @Parameter(desc = "a comma-separated list of roles allowed to send messages", name = "send") String sendRoles,
+                            @Parameter(desc = "a comma-separated list of roles allowed to consume messages", name = "consume") String consumeRoles,
+                            @Parameter(desc = "a comma-separated list of roles allowed to create durable queues", name = "createDurableQueueRoles") String createDurableQueueRoles,
+                            @Parameter(desc = "a comma-separated list of roles allowed to delete durable queues", name = "deleteDurableQueueRoles") String deleteDurableQueueRoles,
+                            @Parameter(desc = "a comma-separated list of roles allowed to create non durable queues", name = "createNonDurableQueueRoles") String createNonDurableQueueRoles,
+                            @Parameter(desc = "a comma-separated list of roles allowed to delete non durable queues", name = "deleteNonDurableQueueRoles") String deleteNonDurableQueueRoles,
+                            @Parameter(desc = "a comma-separated list of roles allowed to send management messages messages", name = "manage") String manageRoles,
+                            @Parameter(desc = "a comma-separated list of roles allowed to browse queues", name = "browse") String browseRoles) throws Exception;
+
    @Operation(desc = "Remove security settings for an address", impact = MBeanOperationInfo.ACTION)
    void removeSecuritySettings(@Parameter(desc = "an address match", name = "addressMatch") String addressMatch) throws Exception;
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/RoleInfo.java
----------------------------------------------------------------------
diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/RoleInfo.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/RoleInfo.java
index a1e82a4..d8c78ea 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/RoleInfo.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/RoleInfo.java
@@ -41,6 +41,8 @@ public final class RoleInfo {
 
    private final boolean manage;
 
+   private final boolean browse;
+
    /**
     * Returns an array of RoleInfo corresponding to the JSON serialization returned
     * by {@link AddressControl#getRolesAsJSON()}.
@@ -50,7 +52,7 @@ public final class RoleInfo {
       RoleInfo[] roles = new RoleInfo[array.length()];
       for (int i = 0; i < array.length(); i++) {
          JSONObject r = array.getJSONObject(i);
-         RoleInfo role = new RoleInfo(r.getString("name"), r.getBoolean("send"), r.getBoolean("consume"), r.getBoolean("createDurableQueue"), r.getBoolean("deleteDurableQueue"), r.getBoolean("createNonDurableQueue"), r.getBoolean("deleteNonDurableQueue"), r.getBoolean("manage"));
+         RoleInfo role = new RoleInfo(r.getString("name"), r.getBoolean("send"), r.getBoolean("consume"), r.getBoolean("createDurableQueue"), r.getBoolean("deleteDurableQueue"), r.getBoolean("createNonDurableQueue"), r.getBoolean("deleteNonDurableQueue"), r.getBoolean("manage"), r.getBoolean("browse"));
          roles[i] = role;
       }
       return roles;
@@ -63,7 +65,8 @@ public final class RoleInfo {
                     final boolean deleteDurableQueue,
                     final boolean createNonDurableQueue,
                     final boolean deleteNonDurableQueue,
-                    final boolean manage) {
+                    final boolean manage,
+                    final boolean browse) {
       this.name = name;
       this.send = send;
       this.consume = consume;
@@ -72,6 +75,7 @@ public final class RoleInfo {
       this.createNonDurableQueue = createNonDurableQueue;
       this.deleteNonDurableQueue = deleteNonDurableQueue;
       this.manage = manage;
+      this.browse = browse;
    }
 
    /**
@@ -129,4 +133,11 @@ public final class RoleInfo {
    public boolean isManage() {
       return manage;
    }
+
+   /**
+    * Returns whether this role can browse queues bound to the address.
+    */
+   public boolean isBrowse() {
+      return browse;
+   }
 }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java
----------------------------------------------------------------------
diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java
index 9f98472..983b392 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java
@@ -41,6 +41,8 @@ public class Role implements Serializable {
 
    private final boolean manage;
 
+   private final boolean browse;
+
    public Role(final String name,
                final boolean send,
                final boolean consume,
@@ -48,7 +50,8 @@ public class Role implements Serializable {
                final boolean deleteDurableQueue,
                final boolean createNonDurableQueue,
                final boolean deleteNonDurableQueue,
-               final boolean manage) {
+               final boolean manage,
+               final boolean browse) {
       if (name == null) {
          throw new NullPointerException("name is null");
       }
@@ -60,6 +63,7 @@ public class Role implements Serializable {
       this.createNonDurableQueue = createNonDurableQueue;
       this.deleteNonDurableQueue = deleteNonDurableQueue;
       this.manage = manage;
+      this.browse = browse;
    }
 
    public String getName() {
@@ -112,6 +116,12 @@ public class Role implements Serializable {
       if (deleteNonDurableQueue) {
          stringReturn.append(" deleteNonDurableQueue ");
       }
+      if (manage) {
+         stringReturn.append(" manage ");
+      }
+      if (browse) {
+         stringReturn.append(" browse ");
+      }
 
       stringReturn.append("]}");
 
@@ -147,6 +157,12 @@ public class Role implements Serializable {
       if (send != role.send) {
          return false;
       }
+      if (manage != role.manage) {
+         return false;
+      }
+      if (browse != role.browse) {
+         return false;
+      }
       if (!name.equals(role.name)) {
          return false;
       }
@@ -164,10 +180,16 @@ public class Role implements Serializable {
       result = 31 * result + (deleteDurableQueue ? 1 : 0);
       result = 31 * result + (createNonDurableQueue ? 1 : 0);
       result = 31 * result + (deleteNonDurableQueue ? 1 : 0);
+      result = 31 * result + (manage ? 1 : 0);
+      result = 31 * result + (browse ? 1 : 0);
       return result;
    }
 
    public boolean isManage() {
       return manage;
    }
+
+   public boolean isBrowse() {
+      return browse;
+   }
 }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/SecurityFormatter.java
----------------------------------------------------------------------
diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/SecurityFormatter.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/SecurityFormatter.java
index 1df12b1..b64cc77 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/SecurityFormatter.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/SecurityFormatter.java
@@ -31,7 +31,8 @@ public class SecurityFormatter {
                                           String deleteDurableQueueRoles,
                                           String createNonDurableQueueRoles,
                                           String deleteNonDurableQueueRoles,
-                                          String manageRoles) {
+                                          String manageRoles,
+                                          String browseRoles) {
       List<String> createDurableQueue = toList(createDurableQueueRoles);
       List<String> deleteDurableQueue = toList(deleteDurableQueueRoles);
       List<String> createNonDurableQueue = toList(createNonDurableQueueRoles);
@@ -39,6 +40,7 @@ public class SecurityFormatter {
       List<String> send = toList(sendRoles);
       List<String> consume = toList(consumeRoles);
       List<String> manage = toList(manageRoles);
+      List<String> browse = toList(browseRoles);
 
       Set<String> allRoles = new HashSet<>();
       allRoles.addAll(createDurableQueue);
@@ -48,10 +50,11 @@ public class SecurityFormatter {
       allRoles.addAll(send);
       allRoles.addAll(consume);
       allRoles.addAll(manage);
+      allRoles.addAll(browse);
 
       Set<Role> roles = new HashSet<>(allRoles.size());
       for (String role : allRoles) {
-         roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role)));
+         roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browse.contains(role)));
       }
       return roles;
    }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
index 0a47f9f..deda1ad 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
@@ -121,6 +121,8 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
 
    private static final String MANAGE_NAME = "manage";
 
+   private static final String BROWSE_NAME = "browse";
+
    // Address parsing
 
    private static final String DEAD_LETTER_ADDRESS_NODE_NAME = "dead-letter-address";
@@ -633,6 +635,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
       ArrayList<String> createNonDurableQueue = new ArrayList<>();
       ArrayList<String> deleteNonDurableQueue = new ArrayList<>();
       ArrayList<String> manageRoles = new ArrayList<>();
+      ArrayList<String> browseRoles = new ArrayList<>();
       ArrayList<String> allRoles = new ArrayList<>();
       NodeList children = node.getChildNodes();
       for (int i = 0; i < children.getLength(); i++) {
@@ -670,6 +673,9 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
                else if (MANAGE_NAME.equals(type)) {
                   manageRoles.add(role.trim());
                }
+               else if (BROWSE_NAME.equals(type)) {
+                  browseRoles.add(role.trim());
+               }
                else {
                   ActiveMQServerLogger.LOGGER.rolePermissionConfigurationError(type);
                }
@@ -682,7 +688,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
       }
 
       for (String role : allRoles) {
-         securityRoles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role)));
+         securityRoles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browseRoles.contains(role)));
       }
 
       return securityMatch;

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java
index 710bb0e..9b5ec20 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java
@@ -1415,15 +1415,28 @@ public class ActiveMQServerControlImpl extends AbstractControl implements Active
                                    final String createNonDurableQueueRoles,
                                    final String deleteNonDurableQueueRoles,
                                    final String manageRoles) throws Exception {
+      addSecuritySettings(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, "");
+   }
+
+   @Override
+   public void addSecuritySettings(final String addressMatch,
+                                   final String sendRoles,
+                                   final String consumeRoles,
+                                   final String createDurableQueueRoles,
+                                   final String deleteDurableQueueRoles,
+                                   final String createNonDurableQueueRoles,
+                                   final String deleteNonDurableQueueRoles,
+                                   final String manageRoles,
+                                   final String browseRoles) throws Exception {
       checkStarted();
 
       clearIO();
       try {
-         Set<Role> roles = SecurityFormatter.createSecurity(sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles);
+         Set<Role> roles = SecurityFormatter.createSecurity(sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles);
 
          server.getSecurityRepository().addMatch(addressMatch, roles);
 
-         PersistedRoles persistedRoles = new PersistedRoles(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles);
+         PersistedRoles persistedRoles = new PersistedRoles(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles);
 
          storageManager.storeSecurityRoles(persistedRoles);
       }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/main/java/org/apache/activemq/artemis/core/persistence/config/PersistedRoles.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/persistence/config/PersistedRoles.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/persistence/config/PersistedRoles.java
index 5b3c422..256a0a6 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/persistence/config/PersistedRoles.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/persistence/config/PersistedRoles.java
@@ -44,6 +44,8 @@ public class PersistedRoles implements EncodingSupport {
 
    private SimpleString manageRoles;
 
+   private SimpleString browseRoles;
+
    // Static --------------------------------------------------------
 
    // Constructors --------------------------------------------------
@@ -60,6 +62,7 @@ public class PersistedRoles implements EncodingSupport {
     * @param createNonDurableQueueRoles
     * @param deleteNonDurableQueueRoles
     * @param manageRoles
+    * @param browseRoles
     */
    public PersistedRoles(final String addressMatch,
                          final String sendRoles,
@@ -68,7 +71,8 @@ public class PersistedRoles implements EncodingSupport {
                          final String deleteDurableQueueRoles,
                          final String createNonDurableQueueRoles,
                          final String deleteNonDurableQueueRoles,
-                         final String manageRoles) {
+                         final String manageRoles,
+                         final String browseRoles) {
       super();
       this.addressMatch = SimpleString.toSimpleString(addressMatch);
       this.sendRoles = SimpleString.toSimpleString(sendRoles);
@@ -78,6 +82,7 @@ public class PersistedRoles implements EncodingSupport {
       this.createNonDurableQueueRoles = SimpleString.toSimpleString(createNonDurableQueueRoles);
       this.deleteNonDurableQueueRoles = SimpleString.toSimpleString(deleteNonDurableQueueRoles);
       this.manageRoles = SimpleString.toSimpleString(manageRoles);
+      this.browseRoles = SimpleString.toSimpleString(browseRoles);
    }
 
    // Public --------------------------------------------------------
@@ -146,6 +151,13 @@ public class PersistedRoles implements EncodingSupport {
       return manageRoles.toString();
    }
 
+   /**
+    * @return the browseRoles
+    */
+   public String getBrowseRoles() {
+      return browseRoles.toString();
+   }
+
    @Override
    public void encode(final ActiveMQBuffer buffer) {
       buffer.writeSimpleString(addressMatch);
@@ -156,6 +168,7 @@ public class PersistedRoles implements EncodingSupport {
       buffer.writeNullableSimpleString(createNonDurableQueueRoles);
       buffer.writeNullableSimpleString(deleteNonDurableQueueRoles);
       buffer.writeNullableSimpleString(manageRoles);
+      buffer.writeNullableSimpleString(browseRoles);
    }
 
    @Override
@@ -166,7 +179,8 @@ public class PersistedRoles implements EncodingSupport {
          SimpleString.sizeofNullableString(deleteDurableQueueRoles) +
          SimpleString.sizeofNullableString(createNonDurableQueueRoles) +
          SimpleString.sizeofNullableString(deleteNonDurableQueueRoles) +
-         SimpleString.sizeofNullableString(manageRoles);
+         SimpleString.sizeofNullableString(manageRoles) +
+         SimpleString.sizeofNullableString(browseRoles);
 
    }
 
@@ -180,6 +194,7 @@ public class PersistedRoles implements EncodingSupport {
       createNonDurableQueueRoles = buffer.readNullableSimpleString();
       deleteNonDurableQueueRoles = buffer.readNullableSimpleString();
       manageRoles = buffer.readNullableSimpleString();
+      browseRoles = buffer.readNullableSimpleString();
    }
 
    /* (non-Javadoc)
@@ -196,6 +211,7 @@ public class PersistedRoles implements EncodingSupport {
       result = prime * result + ((deleteDurableQueueRoles == null) ? 0 : deleteDurableQueueRoles.hashCode());
       result = prime * result + ((deleteNonDurableQueueRoles == null) ? 0 : deleteNonDurableQueueRoles.hashCode());
       result = prime * result + ((manageRoles == null) ? 0 : manageRoles.hashCode());
+      result = prime * result + ((browseRoles == null) ? 0 : browseRoles.hashCode());
       result = prime * result + ((sendRoles == null) ? 0 : sendRoles.hashCode());
       result = prime * result + (int) (storeId ^ (storeId >>> 32));
       return result;
@@ -255,6 +271,12 @@ public class PersistedRoles implements EncodingSupport {
       }
       else if (!manageRoles.equals(other.manageRoles))
          return false;
+      if (browseRoles == null) {
+         if (other.browseRoles != null)
+            return false;
+      }
+      else if (!browseRoles.equals(other.browseRoles))
+         return false;
       if (sendRoles == null) {
          if (other.sendRoles != null)
             return false;
@@ -288,6 +310,8 @@ public class PersistedRoles implements EncodingSupport {
          deleteNonDurableQueueRoles +
          ", manageRoles=" +
          manageRoles +
+         ", browseRoles=" +
+         browseRoles +
          "]";
    }
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/CheckType.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/CheckType.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/CheckType.java
index 6a8f01c..7d4cc00 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/CheckType.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/CheckType.java
@@ -58,6 +58,12 @@ public enum CheckType {
       public boolean hasRole(final Role role) {
          return role.isManage();
       }
+   },
+   BROWSE {
+      @Override
+      public boolean hasRole(final Role role) {
+         return role.isBrowse();
+      }
    };
 
    public abstract boolean hasRole(final Role role);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java
index fa9983f..3fa336a 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java
@@ -2116,7 +2116,7 @@ public class ActiveMQServerImpl implements ActiveMQServer {
       List<PersistedRoles> roles = storageManager.recoverPersistedRoles();
 
       for (PersistedRoles roleItem : roles) {
-         Set<Role> setRoles = SecurityFormatter.createSecurity(roleItem.getSendRoles(), roleItem.getConsumeRoles(), roleItem.getCreateDurableQueueRoles(), roleItem.getDeleteDurableQueueRoles(), roleItem.getCreateNonDurableQueueRoles(), roleItem.getDeleteNonDurableQueueRoles(), roleItem.getManageRoles());
+         Set<Role> setRoles = SecurityFormatter.createSecurity(roleItem.getSendRoles(), roleItem.getConsumeRoles(), roleItem.getCreateDurableQueueRoles(), roleItem.getDeleteDurableQueueRoles(), roleItem.getCreateNonDurableQueueRoles(), roleItem.getDeleteNonDurableQueueRoles(), roleItem.getManageRoles(), roleItem.getBrowseRoles());
 
          securityRepository.addMatch(roleItem.getAddressMatch().toString(), setRoles);
       }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java
index 6a0710a..4397eb4 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java
@@ -379,7 +379,8 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
                               permissionType.equalsIgnoreCase(adminPermissionValue),
                               permissionType.equalsIgnoreCase(adminPermissionValue),
                               permissionType.equalsIgnoreCase(adminPermissionValue),
-                              false); // there is no permission from ActiveMQ 5.x that corresponds to the "manage" permission in ActiveMQ Artemis
+                              false, // there is no permission from ActiveMQ 5.x that corresponds to the "manage" permission in ActiveMQ Artemis
+                              permissionType.equalsIgnoreCase(readPermissionValue)); // the "browse" permission matches "read" from ActiveMQ 5.x
          roles.add(role);
       }
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
index 883f499..e4ad9b4 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
@@ -416,7 +416,12 @@ public class ServerSessionImpl implements ServerSession, FailureListener {
          throw ActiveMQMessageBundle.BUNDLE.noSuchQueue(queueName);
       }
 
-      securityCheck(binding.getAddress(), CheckType.CONSUME, this);
+      if (browseOnly) {
+         securityCheck(binding.getAddress(), CheckType.BROWSE, this);
+      }
+      else {
+         securityCheck(binding.getAddress(), CheckType.CONSUME, this);
+      }
 
       Filter filter = FilterImpl.createFilter(filterString);
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/RoleTest.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/RoleTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/RoleTest.java
index f069e68..3a1729a 100644
--- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/RoleTest.java
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/RoleTest.java
@@ -19,11 +19,13 @@ package org.apache.activemq.artemis.core.security;
 import org.junit.Assert;
 import org.junit.Test;
 
+import static org.apache.activemq.artemis.core.security.CheckType.BROWSE;
 import static org.apache.activemq.artemis.core.security.CheckType.CONSUME;
 import static org.apache.activemq.artemis.core.security.CheckType.CREATE_DURABLE_QUEUE;
 import static org.apache.activemq.artemis.core.security.CheckType.CREATE_NON_DURABLE_QUEUE;
 import static org.apache.activemq.artemis.core.security.CheckType.DELETE_DURABLE_QUEUE;
 import static org.apache.activemq.artemis.core.security.CheckType.DELETE_NON_DURABLE_QUEUE;
+import static org.apache.activemq.artemis.core.security.CheckType.MANAGE;
 import static org.apache.activemq.artemis.core.security.CheckType.SEND;
 
 public class RoleTest extends Assert {
@@ -38,46 +40,65 @@ public class RoleTest extends Assert {
    // Public --------------------------------------------------------
 
    @Test
-   public void testReadRole() throws Exception {
-      Role role = new Role("testReadRole", true, false, false, false, false, false, false);
+   public void testWriteRole() throws Exception {
+      Role role = new Role("testWriteRole", true, false, false, false, false, false, false, false);
       Assert.assertTrue(SEND.hasRole(role));
       Assert.assertFalse(CONSUME.hasRole(role));
       Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role));
       Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
       Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
       Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
+      Assert.assertFalse(MANAGE.hasRole(role));
+      Assert.assertFalse(BROWSE.hasRole(role));
    }
 
    @Test
-   public void testWriteRole() throws Exception {
-      Role role = new Role("testWriteRole", false, true, false, false, false, false, false);
+   public void testReadRole() throws Exception {
+      Role role = new Role("testReadRole", false, true, false, false, false, false, false, true);
       Assert.assertFalse(SEND.hasRole(role));
       Assert.assertTrue(CONSUME.hasRole(role));
       Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role));
       Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
       Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
       Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
+      Assert.assertFalse(MANAGE.hasRole(role));
+      Assert.assertTrue(BROWSE.hasRole(role));
    }
 
    @Test
    public void testCreateRole() throws Exception {
-      Role role = new Role("testWriteRole", false, false, true, false, false, false, false);
+      Role role = new Role("testCreateRole", false, false, true, false, false, false, false, false);
       Assert.assertFalse(SEND.hasRole(role));
       Assert.assertFalse(CONSUME.hasRole(role));
       Assert.assertTrue(CREATE_DURABLE_QUEUE.hasRole(role));
       Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
       Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
       Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
+      Assert.assertFalse(MANAGE.hasRole(role));
+      Assert.assertFalse(BROWSE.hasRole(role));
+   }
+
+   @Test
+   public void testManageRole() throws Exception {
+      Role role = new Role("testManageRole", false, false, false, false, false, false, true, false);
+      Assert.assertFalse(SEND.hasRole(role));
+      Assert.assertFalse(CONSUME.hasRole(role));
+      Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role));
+      Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
+      Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
+      Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
+      Assert.assertTrue(MANAGE.hasRole(role));
+      Assert.assertFalse(BROWSE.hasRole(role));
    }
 
    @Test
    public void testEqualsAndHashcode() throws Exception {
-      Role role = new Role("testEquals", true, true, true, false, false, false, false);
-      Role sameRole = new Role("testEquals", true, true, true, false, false, false, false);
-      Role roleWithDifferentName = new Role("notEquals", true, true, true, false, false, false, false);
-      Role roleWithDifferentRead = new Role("testEquals", false, true, true, false, false, false, false);
-      Role roleWithDifferentWrite = new Role("testEquals", true, false, true, false, false, false, false);
-      Role roleWithDifferentCreate = new Role("testEquals", true, true, false, false, false, false, false);
+      Role role = new Role("testEquals", true, true, true, false, false, false, false, false);
+      Role sameRole = new Role("testEquals", true, true, true, false, false, false, false, false);
+      Role roleWithDifferentName = new Role("notEquals", true, true, true, false, false, false, false, false);
+      Role roleWithDifferentRead = new Role("testEquals", false, true, true, false, false, false, false, false);
+      Role roleWithDifferentWrite = new Role("testEquals", true, false, true, false, false, false, false, false);
+      Role roleWithDifferentCreate = new Role("testEquals", true, true, false, false, false, false, false, false);
 
       Assert.assertTrue(role.equals(role));
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/artemis-server/src/test/java/org/apache/activemq/artemis/core/settings/RepositoryTest.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/settings/RepositoryTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/settings/RepositoryTest.java
index b7563e1..ca01857 100644
--- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/settings/RepositoryTest.java
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/settings/RepositoryTest.java
@@ -72,13 +72,13 @@ public class RepositoryTest extends ActiveMQTestBase {
    public void testSingletwo() {
       securityRepository.addMatch("queues.another.aq.*", new HashSet<Role>());
       HashSet<Role> roles = new HashSet<>(2);
-      roles.add(new Role("test1", true, true, true, true, true, true, true));
-      roles.add(new Role("test2", true, true, true, true, true, true, true));
+      roles.add(new Role("test1", true, true, true, true, true, true, true, true));
+      roles.add(new Role("test2", true, true, true, true, true, true, true, true));
       securityRepository.addMatch("queues.aq", roles);
       HashSet<Role> roles2 = new HashSet<>(2);
-      roles2.add(new Role("test1", true, true, true, true, true, true, true));
-      roles2.add(new Role("test2", true, true, true, true, true, true, true));
-      roles2.add(new Role("test3", true, true, true, true, true, true, true));
+      roles2.add(new Role("test1", true, true, true, true, true, true, true, true));
+      roles2.add(new Role("test2", true, true, true, true, true, true, true, true));
+      roles2.add(new Role("test3", true, true, true, true, true, true, true, true));
       securityRepository.addMatch("queues.another.andanother", roles2);
 
       HashSet<Role> hashSet = securityRepository.getMatch("queues.another.andanother");
@@ -89,8 +89,8 @@ public class RepositoryTest extends ActiveMQTestBase {
    public void testWithoutWildcard() {
       securityRepository.addMatch("queues.1.*", new HashSet<Role>());
       HashSet<Role> roles = new HashSet<>(2);
-      roles.add(new Role("test1", true, true, true, true, true, true, true));
-      roles.add(new Role("test2", true, true, true, true, true, true, true));
+      roles.add(new Role("test1", true, true, true, true, true, true, true, true));
+      roles.add(new Role("test2", true, true, true, true, true, true, true, true));
       securityRepository.addMatch("queues.2.aq", roles);
       HashSet<Role> hashSet = securityRepository.getMatch("queues.2.aq");
       Assert.assertEquals(hashSet.size(), 2);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/docs/user-manual/en/security.md
----------------------------------------------------------------------
diff --git a/docs/user-manual/en/security.md b/docs/user-manual/en/security.md
index 32c9a35..0f6517a 100644
--- a/docs/user-manual/en/security.md
+++ b/docs/user-manual/en/security.md
@@ -53,6 +53,9 @@ match the address. Those permissions are:
 -   `consume`. This permission allows the user to consume a message from
     a queue bound to matching addresses.
 
+-   `browse`. This permission allows the user to browse a queue bound to
+    the matching address.
+
 -   `manage`. This permission allows the user to invoke management
     operations by sending management messages to the management address.
 
@@ -225,11 +228,11 @@ may not be applied as expected to JMS destinations since Artemis always prefixes
 "jms.topic." as necessary.
 
 ActiveMQ 5.x only has 3 permission types - `read`, `write`, and `admin`. These permission types are described on their
-[website](http://activemq.apache.org/security.html). However, as described previously, ActiveMQ Artemis has 6 permission
+[website](http://activemq.apache.org/security.html). However, as described previously, ActiveMQ Artemis has 7 permission
 types - `createDurableQueue`, `deleteDurableQueue`, `createNonDurableQueue`, `deleteNonDurableQueue`, `send`, `consume`,
-and `manage`. Here's how the old types are mapped to the new types:
+`browse`, and `manage`. Here's how the old types are mapped to the new types:
 
--   `read` - `consume`
+-   `read` - `consume`, `browse`
 -   `write` - `send`
 -   `admin` - `createDurableQueue`, `deleteDurableQueue`, `createNonDurableQueue`, `deleteNonDurableQueue`
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/AutoCreateJmsDestinationTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/AutoCreateJmsDestinationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/AutoCreateJmsDestinationTest.java
index fcc05a3..dcae248 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/AutoCreateJmsDestinationTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/AutoCreateJmsDestinationTest.java
@@ -107,7 +107,7 @@ public class AutoCreateJmsDestinationTest extends JMSTestBase {
       ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest");
       ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
       ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "rejectAll");
-      Role role = new Role("rejectAll", false, false, false, false, false, false, false);
+      Role role = new Role("rejectAll", false, false, false, false, false, false, false, false);
       Set<Role> roles = new HashSet<>();
       roles.add(role);
       server.getSecurityRepository().addMatch("#", roles);
@@ -245,7 +245,7 @@ public class AutoCreateJmsDestinationTest extends JMSTestBase {
       ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest");
       ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
       ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "allowAll");
-      Role role = new Role("allowAll", true, true, true, true, true, true, true);
+      Role role = new Role("allowAll", true, true, true, true, true, true, true, true);
       Set<Role> roles = new HashSet<>();
       roles.add(role);
       server.getSecurityRepository().addMatch("#", roles);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/cluster/failover/SecurityFailoverTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/cluster/failover/SecurityFailoverTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/cluster/failover/SecurityFailoverTest.java
index 121a650..f6a8e5b 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/cluster/failover/SecurityFailoverTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/cluster/failover/SecurityFailoverTest.java
@@ -103,7 +103,7 @@ public class SecurityFailoverTest extends FailoverTest {
    protected ActiveMQJAASSecurityManager installSecurity(TestableServer server) {
       ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getServer().getSecurityManager();
       securityManager.getConfiguration().addUser("a", "b");
-      Role role = new Role("arole", true, true, true, true, true, true, true);
+      Role role = new Role("arole", true, true, true, true, true, true, true, true);
       Set<Role> roles = new HashSet<>();
       roles.add(role);
       server.getServer().getSecurityRepository().addMatch("#", roles);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java
index 0e44bae..2d4d983 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java
@@ -402,7 +402,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase {
       String exactAddress = "test.whatever";
 
       assertEquals(0, serverControl.getRoles(addressMatch).length);
-      serverControl.addSecuritySettings(addressMatch, "foo", "foo, bar", "foo", "bar", "foo, bar", "", "");
+      serverControl.addSecuritySettings(addressMatch, "foo", "foo, bar", "foo", "bar", "foo, bar", "", "", "bar");
 
       // Restart the server. Those settings should be persisted
 
@@ -430,6 +430,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase {
       assertTrue(fooRole.isCreateNonDurableQueue());
       assertFalse(fooRole.isDeleteNonDurableQueue());
       assertFalse(fooRole.isManage());
+      assertFalse(fooRole.isBrowse());
 
       assertFalse(barRole.isSend());
       assertTrue(barRole.isConsume());
@@ -438,6 +439,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase {
       assertTrue(barRole.isCreateNonDurableQueue());
       assertFalse(barRole.isDeleteNonDurableQueue());
       assertFalse(barRole.isManage());
+      assertTrue(barRole.isBrowse());
 
       serverControl.removeSecuritySettings(addressMatch);
       assertEquals(0, serverControl.getRoles(exactAddress).length);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java
index 2f979cc..05ad2bd 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java
@@ -553,6 +553,19 @@ public class ActiveMQServerControlUsingCoreTest extends ActiveMQServerControlTes
          }
 
          @Override
+         public void addSecuritySettings(String addressMatch,
+                                         String sendRoles,
+                                         String consumeRoles,
+                                         String createDurableQueueRoles,
+                                         String deleteDurableQueueRoles,
+                                         String createNonDurableQueueRoles,
+                                         String deleteNonDurableQueueRoles,
+                                         String manageRoles,
+                                         String browseRoles) throws Exception {
+            proxy.invokeOperation("addSecuritySettings", addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles);
+         }
+
+         @Override
          public void removeSecuritySettings(String addressMatch) throws Exception {
             proxy.invokeOperation("removeSecuritySettings", addressMatch);
          }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlTest.java
index 88264f3..d34468b 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlTest.java
@@ -117,7 +117,7 @@ public class AddressControlTest extends ManagementTestBase {
    public void testGetRoles() throws Exception {
       SimpleString address = RandomUtil.randomSimpleString();
       SimpleString queue = RandomUtil.randomSimpleString();
-      Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
+      Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
 
       session.createQueue(address, queue, true);
 
@@ -148,7 +148,7 @@ public class AddressControlTest extends ManagementTestBase {
    public void testGetRolesAsJSON() throws Exception {
       SimpleString address = RandomUtil.randomSimpleString();
       SimpleString queue = RandomUtil.randomSimpleString();
-      Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
+      Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
 
       session.createQueue(address, queue, true);
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlUsingCoreTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlUsingCoreTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlUsingCoreTest.java
index 53ee96a..83aeb1c 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlUsingCoreTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlUsingCoreTest.java
@@ -121,7 +121,7 @@ public class AddressControlUsingCoreTest extends ManagementTestBase {
    public void testGetRoles() throws Exception {
       SimpleString address = RandomUtil.randomSimpleString();
       SimpleString queue = RandomUtil.randomSimpleString();
-      Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
+      Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
 
       session.createQueue(address, queue, true);
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityManagementWithConfiguredAdminUserTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityManagementWithConfiguredAdminUserTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityManagementWithConfiguredAdminUserTest.java
index 10cc376..7f3ec69 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityManagementWithConfiguredAdminUserTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityManagementWithConfiguredAdminUserTest.java
@@ -90,10 +90,10 @@ public class SecurityManagementWithConfiguredAdminUserTest extends SecurityManag
       securityManager.getConfiguration().addRole(invalidAdminUser, "guest");
 
       Set<Role> adminRole = securityRepository.getMatch(ActiveMQDefaultConfiguration.getDefaultManagementAddress().toString());
-      adminRole.add(new Role("admin", true, true, true, true, true, true, true));
+      adminRole.add(new Role("admin", true, true, true, true, true, true, true, true));
       securityRepository.addMatch(ActiveMQDefaultConfiguration.getDefaultManagementAddress().toString(), adminRole);
       Set<Role> guestRole = securityRepository.getMatch("*");
-      guestRole.add(new Role("guest", true, true, true, true, true, true, false));
+      guestRole.add(new Role("guest", true, true, true, true, true, true, false, true));
       securityRepository.addMatch("*", guestRole);
 
       return server;

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java
index 8cf33f8..3e8dca4 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java
@@ -89,7 +89,7 @@ public class SecurityNotificationTest extends ActiveMQTestBase {
       SimpleString address = RandomUtil.randomSimpleString();
 
       // guest can not create queue
-      Role role = new Role("roleCanNotCreateQueue", true, true, false, true, false, true, true);
+      Role role = new Role("roleCanNotCreateQueue", true, true, false, true, false, true, true, true);
       Set<Role> roles = new HashSet<>();
       roles.add(role);
       server.getSecurityRepository().addMatch(address.toString(), roles);
@@ -138,7 +138,7 @@ public class SecurityNotificationTest extends ActiveMQTestBase {
       securityManager.getConfiguration().addUser("guest", "guest");
       securityManager.getConfiguration().setDefaultUser("guest");
 
-      Role role = new Role("notif", true, true, true, true, true, true, true);
+      Role role = new Role("notif", true, true, true, true, true, true, true, true);
       Set<Role> roles = new HashSet<>();
       roles.add(role);
       server.getSecurityRepository().addMatch(ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress().toString(), roles);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/openwire/OpenWireTestBase.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/openwire/OpenWireTestBase.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/openwire/OpenWireTestBase.java
index 6a95bfc..73c8695 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/openwire/OpenWireTestBase.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/openwire/OpenWireTestBase.java
@@ -77,24 +77,23 @@ public class OpenWireTestBase extends ActiveMQTestBase {
          securityManager.getConfiguration().addRole("openwireSender", "sender");
          securityManager.getConfiguration().addUser("openwireSender", "SeNdEr");
          //sender cannot receive
-         Role senderRole = new Role("sender", true, false, false, false, true, true, false);
+         Role senderRole = new Role("sender", true, false, false, false, true, true, false, false);
 
          securityManager.getConfiguration().addRole("openwireReceiver", "receiver");
          securityManager.getConfiguration().addUser("openwireReceiver", "ReCeIvEr");
          //receiver cannot send
-         Role receiverRole = new Role("receiver", false, true, false, false, true, true, false);
+         Role receiverRole = new Role("receiver", false, true, false, false, true, true, false, true);
 
          securityManager.getConfiguration().addRole("openwireGuest", "guest");
          securityManager.getConfiguration().addUser("openwireGuest", "GuEsT");
 
          //guest cannot do anything
-         Role guestRole = new Role("guest", false, false, false, false, false, false, false);
+         Role guestRole = new Role("guest", false, false, false, false, false, false, false, false);
 
          securityManager.getConfiguration().addRole("openwireDestinationManager", "manager");
          securityManager.getConfiguration().addUser("openwireDestinationManager", "DeStInAtIoN");
 
-         //guest cannot do anything
-         Role destRole = new Role("manager", false, false, false, false, true, true, false);
+         Role destRole = new Role("manager", false, false, false, false, true, true, false, false);
 
          Set<Role> roles =  new HashSet<>();
          roles.add(senderRole);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/persistence/RolesConfigurationStorageTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/persistence/RolesConfigurationStorageTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/persistence/RolesConfigurationStorageTest.java
index 4f4c5de..7499109 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/persistence/RolesConfigurationStorageTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/persistence/RolesConfigurationStorageTest.java
@@ -52,9 +52,9 @@ public class RolesConfigurationStorageTest extends StorageManagerTestBase {
    public void testStoreSecuritySettings() throws Exception {
       createStorage();
 
-      addSetting(new PersistedRoles("a#", "a1", "a1", "a1", "a1", "a1", "a1", "a1"));
+      addSetting(new PersistedRoles("a#", "a1", "a1", "a1", "a1", "a1", "a1", "a1", "a1"));
 
-      addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1"));
+      addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1"));
 
       journal.stop();
 
@@ -64,9 +64,9 @@ public class RolesConfigurationStorageTest extends StorageManagerTestBase {
 
       checkSettings();
 
-      addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1"));
+      addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1"));
 
-      addSetting(new PersistedRoles("a3", "a1", null, "a1", "a1", "a1", "a1", "a1"));
+      addSetting(new PersistedRoles("a3", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1"));
 
       checkSettings();
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/ActiveMQMessageHandlerSecurityTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/ActiveMQMessageHandlerSecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/ActiveMQMessageHandlerSecurityTest.java
index 544ebea..b0669f1 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/ActiveMQMessageHandlerSecurityTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/ActiveMQMessageHandlerSecurityTest.java
@@ -67,7 +67,7 @@ public class ActiveMQMessageHandlerSecurityTest extends ActiveMQRATestBase {
       ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
       securityManager.getConfiguration().addUser("testuser", "testpassword");
       securityManager.getConfiguration().addRole("testuser", "arole");
-      Role role = new Role("arole", false, true, false, false, false, false, false);
+      Role role = new Role("arole", false, true, false, false, false, false, false, false);
       Set<Role> roles = new HashSet<>();
       roles.add(role);
       server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/JMSContextTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/JMSContextTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/JMSContextTest.java
index 756127f..6ee6045 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/JMSContextTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/JMSContextTest.java
@@ -57,7 +57,7 @@ public class JMSContextTest extends ActiveMQRATestBase {
       securityManager.getConfiguration().setDefaultUser("guest");
       securityManager.getConfiguration().addRole("testuser", "arole");
       securityManager.getConfiguration().addRole("guest", "arole");
-      Role role = new Role("arole", true, true, true, true, true, true, true);
+      Role role = new Role("arole", true, true, true, true, true, true, true, true);
       Set<Role> roles = new HashSet<>();
       roles.add(role);
       server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTest.java
index e9fbff3..190240c 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTest.java
@@ -82,7 +82,7 @@ public class OutgoingConnectionTest extends ActiveMQRATestBase {
       securityManager.getConfiguration().setDefaultUser("guest");
       securityManager.getConfiguration().addRole("testuser", "arole");
       securityManager.getConfiguration().addRole("guest", "arole");
-      Role role = new Role("arole", true, true, true, true, true, true, true);
+      Role role = new Role("arole", true, true, true, true, true, true, true, true);
       Set<Role> roles = new HashSet<>();
       roles.add(role);
       server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTestJTA.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTestJTA.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTestJTA.java
index 1b32d2c..d51e0da 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTestJTA.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTestJTA.java
@@ -71,7 +71,7 @@ public class OutgoingConnectionTestJTA extends ActiveMQRATestBase {
       ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
       ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("testuser", "arole");
       ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "arole");
-      Role role = new Role("arole", true, true, true, true, true, true, true);
+      Role role = new Role("arole", true, true, true, true, true, true, true, true);
       Set<Role> roles = new HashSet<>();
       roles.add(role);
       server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/e9db9c28/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LDAPSecurityTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LDAPSecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LDAPSecurityTest.java
index 90dff05..89c144e 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LDAPSecurityTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LDAPSecurityTest.java
@@ -183,7 +183,7 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
       final SimpleString NON_DURABLE_QUEUE = new SimpleString("nonDurableQueue");
 
       Set<Role> roles = new HashSet<>();
-      roles.add(new Role("programmers", false, false, false, false, false, false, false));
+      roles.add(new Role("programmers", false, false, false, false, false, false, false, false));
       server.getConfiguration().putSecurityRoles("#", roles);
       server.start();
       server.createQueue(ADDRESS, DURABLE_QUEUE, null, true, false);
@@ -257,6 +257,15 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
          // ignore
       }
 
+      // BROWSE
+      try {
+         ClientConsumer browser = session.createConsumer(DURABLE_QUEUE, true);
+         Assert.fail("should throw exception here");
+      }
+      catch (ActiveMQException e) {
+         // ignore
+      }
+
       session.close();
       cf.close();
    }
@@ -268,7 +277,7 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
       final SimpleString NON_DURABLE_QUEUE = new SimpleString("nonDurableQueue");
 
       Set<Role> roles = new HashSet<>();
-      roles.add(new Role("admins", true, true, true, true, true, true, true));
+      roles.add(new Role("admins", true, true, true, true, true, true, true, true));
       server.getConfiguration().putSecurityRoles("#", roles);
       server.start();
 
@@ -337,6 +346,14 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
          Assert.fail("should not throw exception here");
       }
 
+      // CONSUME
+      try {
+         session.createConsumer(DURABLE_QUEUE, true);
+      }
+      catch (ActiveMQException e) {
+         Assert.fail("should not throw exception here");
+      }
+
       session.close();
       cf.close();
    }


Mime
View raw message