activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From clebertsuco...@apache.org
Subject [1/2] activemq-artemis git commit: ARTEMIS-578 cert authn/z for STOMP
Date Wed, 06 Jul 2016 16:05:55 GMT
Repository: activemq-artemis
Updated Branches:
  refs/heads/master b3ffac30e -> 4476b9d79


ARTEMIS-578 cert authn/z for STOMP


Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/6881c1dd
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/6881c1dd
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/6881c1dd

Branch: refs/heads/master
Commit: 6881c1ddc32493b9f269be2638035a27b4d06eab
Parents: b3ffac3
Author: jbertram <jbertram@apache.org>
Authored: Tue Jun 21 12:03:16 2016 -0500
Committer: jbertram <jbertram@apache.org>
Committed: Wed Jul 6 10:54:19 2016 -0500

----------------------------------------------------------------------
 .../core/protocol/stomp/StompConnection.java    |   9 +-
 .../protocol/stomp/StompProtocolManager.java    |   9 +-
 .../stomp/v10/StompFrameHandlerV10.java         |  10 +-
 .../stomp/v11/StompFrameHandlerV11.java         |  10 +-
 .../stomp/stomp-dual-authentication/pom.xml     | 116 +++++++++++++++
 .../stomp/stomp-dual-authentication/readme.html |  51 +++++++
 .../example/StompDualAuthenticationExample.java | 141 +++++++++++++++++++
 .../activemq/server0/artemis-roles.properties   |  17 +++
 .../activemq/server0/artemis-users.properties   |  17 +++
 .../resources/activemq/server0/bootstrap.xml    |  26 ++++
 .../main/resources/activemq/server0/broker.xml  |  57 ++++++++
 .../activemq/server0/cert-roles.properties      |  18 +++
 .../activemq/server0/cert-users.properties      |  18 +++
 .../activemq/server0/client-side-keystore.jks   | Bin 0 -> 1303 bytes
 .../activemq/server0/client-side-truststore.jks | Bin 0 -> 963 bytes
 .../resources/activemq/server0/login.config     |  30 ++++
 .../activemq/server0/server-side-keystore.jks   | Bin 0 -> 2253 bytes
 .../activemq/server0/server-side-truststore.jks | Bin 0 -> 1732 bytes
 .../src/main/resources/jndi.properties          |  20 +++
 19 files changed, 541 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompConnection.java
----------------------------------------------------------------------
diff --git a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompConnection.java
b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompConnection.java
index 0812867..1cfd0a5 100644
--- a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompConnection.java
+++ b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompConnection.java
@@ -16,6 +16,7 @@
  */
 package org.apache.activemq.artemis.core.protocol.stomp;
 
+import javax.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
@@ -504,11 +505,11 @@ public final class StompConnection implements RemotingConnection {
       manager.sendReply(this, frame);
    }
 
-   public boolean validateUser(final String login1, final String passcode1) {
-      this.valid = manager.validateUser(login1, passcode1);
+   public boolean validateUser(final String login, final String pass, final X509Certificate[]
certificates) {
+      this.valid = manager.validateUser(login, pass, certificates);
       if (valid) {
-         this.login = login1;
-         this.passcode = passcode1;
+         this.login = login;
+         this.passcode = pass;
       }
       return valid;
    }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompProtocolManager.java
----------------------------------------------------------------------
diff --git a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompProtocolManager.java
b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompProtocolManager.java
index d572cd0..7642e69 100644
--- a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompProtocolManager.java
+++ b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompProtocolManager.java
@@ -16,6 +16,7 @@
  */
 package org.apache.activemq.artemis.core.protocol.stomp;
 
+import javax.security.cert.X509Certificate;
 import java.nio.charset.StandardCharsets;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -45,6 +46,7 @@ import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
 import org.apache.activemq.artemis.spi.core.remoting.Acceptor;
 import org.apache.activemq.artemis.spi.core.remoting.Connection;
 import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
+import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2;
 import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager3;
 import org.apache.activemq.artemis.utils.UUIDGenerator;
 
@@ -326,14 +328,17 @@ class StompProtocolManager extends AbstractProtocolManager<StompFrame,StompFrame
       return "activemq";
    }
 
-   public boolean validateUser(String login, String passcode) {
+   public boolean validateUser(String login, String passcode, X509Certificate[] certificates)
{
       boolean validated = true;
 
       ActiveMQSecurityManager sm = server.getSecurityManager();
 
       if (sm != null && server.getConfiguration().isSecurityEnabled()) {
          if (sm instanceof ActiveMQSecurityManager3) {
-            validated = ((ActiveMQSecurityManager3) sm).validateUser(login, passcode, null)
!= null;
+            validated = ((ActiveMQSecurityManager3) sm).validateUser(login, passcode, certificates)
!= null;
+         }
+         else if (sm instanceof ActiveMQSecurityManager2) {
+            validated = ((ActiveMQSecurityManager2) sm).validateUser(login, passcode, certificates);
          }
          else {
             validated = sm.validateUser(login, passcode);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v10/StompFrameHandlerV10.java
----------------------------------------------------------------------
diff --git a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v10/StompFrameHandlerV10.java
b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v10/StompFrameHandlerV10.java
index 1f4fea7..8c76f6f 100644
--- a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v10/StompFrameHandlerV10.java
+++ b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v10/StompFrameHandlerV10.java
@@ -16,6 +16,7 @@
  */
 package org.apache.activemq.artemis.core.protocol.stomp.v10;
 
+import javax.security.cert.X509Certificate;
 import java.util.Map;
 
 import org.apache.activemq.artemis.core.protocol.stomp.FrameEventListener;
@@ -26,7 +27,9 @@ import org.apache.activemq.artemis.core.protocol.stomp.StompDecoder;
 import org.apache.activemq.artemis.core.protocol.stomp.StompFrame;
 import org.apache.activemq.artemis.core.protocol.stomp.StompVersions;
 import org.apache.activemq.artemis.core.protocol.stomp.VersionedStompFrameHandler;
+import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnection;
 import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
+import org.apache.activemq.artemis.utils.CertificateUtil;
 
 import static org.apache.activemq.artemis.core.protocol.stomp.ActiveMQStompProtocolMessageBundle.BUNDLE;
 
@@ -48,7 +51,12 @@ public class StompFrameHandlerV10 extends VersionedStompFrameHandler implements
       String clientID = headers.get(Stomp.Headers.Connect.CLIENT_ID);
       String requestID = headers.get(Stomp.Headers.Connect.REQUEST_ID);
 
-      if (connection.validateUser(login, passcode)) {
+      X509Certificate[] certificates = null;
+      if (connection.getTransportConnection() instanceof NettyConnection) {
+         certificates = CertificateUtil.getCertsFromChannel(((NettyConnection) connection.getTransportConnection()).getChannel());
+      }
+
+      if (connection.validateUser(login, passcode, certificates)) {
          connection.setClientID(clientID);
          connection.setValid(true);
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v11/StompFrameHandlerV11.java
----------------------------------------------------------------------
diff --git a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v11/StompFrameHandlerV11.java
b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v11/StompFrameHandlerV11.java
index 3d30ea1..7f284dd 100644
--- a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v11/StompFrameHandlerV11.java
+++ b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v11/StompFrameHandlerV11.java
@@ -16,6 +16,7 @@
  */
 package org.apache.activemq.artemis.core.protocol.stomp.v11;
 
+import javax.security.cert.X509Certificate;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicLong;
 
@@ -27,7 +28,9 @@ import org.apache.activemq.artemis.core.protocol.stomp.StompConnection;
 import org.apache.activemq.artemis.core.protocol.stomp.StompDecoder;
 import org.apache.activemq.artemis.core.protocol.stomp.StompFrame;
 import org.apache.activemq.artemis.core.protocol.stomp.VersionedStompFrameHandler;
+import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnection;
 import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
+import org.apache.activemq.artemis.utils.CertificateUtil;
 
 import static org.apache.activemq.artemis.core.protocol.stomp.ActiveMQStompProtocolMessageBundle.BUNDLE;
 
@@ -53,8 +56,13 @@ public class StompFrameHandlerV11 extends VersionedStompFrameHandler implements
       String clientID = headers.get(Stomp.Headers.Connect.CLIENT_ID);
       String requestID = headers.get(Stomp.Headers.Connect.REQUEST_ID);
 
+      X509Certificate[] certificates = null;
+      if (connection.getTransportConnection() instanceof NettyConnection) {
+         certificates = CertificateUtil.getCertsFromChannel(((NettyConnection) connection.getTransportConnection()).getChannel());
+      }
+
       try {
-         if (connection.validateUser(login, passcode)) {
+         if (connection.validateUser(login, passcode, certificates)) {
             connection.setClientID(clientID);
             connection.setValid(true);
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/pom.xml
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/pom.xml b/examples/protocols/stomp/stomp-dual-authentication/pom.xml
new file mode 100644
index 0000000..70ae9ff
--- /dev/null
+++ b/examples/protocols/stomp/stomp-dual-authentication/pom.xml
@@ -0,0 +1,116 @@
+<?xml version='1.0'?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+   <modelVersion>4.0.0</modelVersion>
+
+   <parent>
+      <groupId>org.apache.activemq.examples.stomp</groupId>
+      <artifactId>stomp-examples</artifactId>
+      <version>1.4.0-SNAPSHOT</version>
+   </parent>
+
+   <artifactId>stomp-dual-authentication</artifactId>
+   <packaging>jar</packaging>
+   <name>ActiveMQ Artemis JMS Stomp Dual Authentication Example</name>
+
+   <properties>
+      <activemq.basedir>${project.basedir}/../../../..</activemq.basedir>
+   </properties>
+
+   <dependencies>
+      <dependency>
+         <groupId>org.apache.activemq</groupId>
+         <artifactId>artemis-jms-client</artifactId>
+         <version>${project.version}</version>
+      </dependency>
+   </dependencies>
+
+   <build>
+      <plugins>
+         <plugin>
+            <groupId>org.apache.activemq</groupId>
+            <artifactId>artemis-maven-plugin</artifactId>
+            <executions>
+               <execution>
+                  <id>create</id>
+                  <goals>
+                     <goal>create</goal>
+                  </goals>
+                  <configuration>
+                     <ignore>${noServer}</ignore>
+                  </configuration>
+               </execution>
+               <execution>
+                  <id>start</id>
+                  <goals>
+                     <goal>cli</goal>
+                  </goals>
+                  <configuration>
+                     <ignore>${noServer}</ignore>
+                     <spawn>true</spawn>
+                     <testURI>tcp://localhost:61616</testURI>
+                     <testUser>consumer</testUser>
+                     <testPassword>activemq</testPassword>
+                     <args>
+                        <param>run</param>
+                     </args>
+                  </configuration>
+               </execution>
+               <execution>
+                  <id>runClient</id>
+                  <goals>
+                     <goal>runClient</goal>
+                  </goals>
+                  <configuration>
+                     <clientClass>org.apache.activemq.artemis.jms.example.StompDualAuthenticationExample</clientClass>
+                     <args>
+                        <arg>${project.basedir}/target/server0/etc/client-side-keystore.jks</arg>
+                        <arg>secureexample</arg>
+                        <arg>${project.basedir}/target/server0/etc/client-side-truststore.jks</arg>
+                        <arg>secureexample</arg>
+                        </args>
+                  </configuration>
+               </execution>
+               <execution>
+                  <id>stop</id>
+                  <goals>
+                     <goal>cli</goal>
+                  </goals>
+                  <configuration>
+                     <ignore>${noServer}</ignore>
+                     <args>
+                        <param>stop</param>
+                     </args>
+                  </configuration>
+               </execution>
+            </executions>
+            <dependencies>
+               <dependency>
+                  <groupId>org.apache.activemq.examples.stomp</groupId>
+                  <artifactId>stomp-dual-authentication</artifactId>
+                  <version>${project.version}</version>
+               </dependency>
+            </dependencies>
+         </plugin>
+      </plugins>
+   </build>
+
+</project>

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/readme.html
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/readme.html b/examples/protocols/stomp/stomp-dual-authentication/readme.html
new file mode 100644
index 0000000..5ed4a2f
--- /dev/null
+++ b/examples/protocols/stomp/stomp-dual-authentication/readme.html
@@ -0,0 +1,51 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<html>
+  <head>
+    <title>ActiveMQ Artemis Stomp Example</title>
+    <link rel="stylesheet" type="text/css" href="../../../common/common.css" />
+    <link rel="stylesheet" type="text/css" href="../../../common/prettify.css" />
+    <script type="text/javascript" src="../../../common/prettify.js"></script>
+  </head>
+  <body onload="prettyPrint()">
+     <h1>Stomp Dual Authentication Example</h1>
+
+     <pre>To run the example, simply type <b>mvn verify</b> from this directory,
<br>or <b>mvn -PnoServer verify</b> if you want to start and create the
server manually.</pre>
+
+     <p>This example shows you how to configure 2-way SSL along with 2 different authentications
mechanisms so that SSL and non-SSL clients can send and consume messages to/from ActiveMQ
Artemis.
+         The non-SSL authentication mechanism simply uses username and password. The SSL
authentication mechanism uses the client's certificate. The Stomp client uses SSL socket directly
to send
+         a message. Then a JMS client will use a non-SSL connection to consume it.</p>
+
+     <p>The various keystore files are generated using the following commands:</p>
+
+     <p>
+        <pre class="prettyprint">
+           <code>
+keytool -genkey -keystore server-side-keystore.jks -storepass secureexample -keypass secureexample
-dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
+keytool -export -keystore server-side-keystore.jks -file server-side-cert.cer -storepass
secureexample
+keytool -import -keystore client-side-truststore.jks -file server-side-cert.cer -storepass
secureexample -keypass secureexample -noprompt
+keytool -genkey -keystore client-side-keystore.jks -storepass secureexample -keypass secureexample
-dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
+keytool -export -keystore client-side-keystore.jks -file client-side-cert.cer -storepass
secureexample
+keytool -import -keystore server-side-truststore.jks -file client-side-cert.cer -storepass
secureexample -keypass secureexample -noprompt
+           </code>
+        </pre>
+     </p>
+  </body>
+</html>

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/java/org/apache/activemq/artemis/jms/example/StompDualAuthenticationExample.java
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/java/org/apache/activemq/artemis/jms/example/StompDualAuthenticationExample.java
b/examples/protocols/stomp/stomp-dual-authentication/src/main/java/org/apache/activemq/artemis/jms/example/StompDualAuthenticationExample.java
new file mode 100644
index 0000000..1694cf1
--- /dev/null
+++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/java/org/apache/activemq/artemis/jms/example/StompDualAuthenticationExample.java
@@ -0,0 +1,141 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.jms.example;
+
+import javax.jms.Connection;
+import javax.jms.ConnectionFactory;
+import javax.jms.MessageConsumer;
+import javax.jms.Queue;
+import javax.jms.Session;
+import javax.jms.TextMessage;
+import javax.naming.InitialContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.Socket;
+import java.nio.charset.StandardCharsets;
+import java.security.Security;
+
+import com.sun.net.ssl.internal.ssl.Provider;
+
+/**
+ * An example where a client will send a Stomp message on a TCP socket
+ * and consume it from a JMS MessageConsumer.
+ */
+public class StompDualAuthenticationExample {
+
+   private static final String END_OF_FRAME = "\u0000";
+
+   public static void main(final String[] args) throws Exception {
+      // set up SSL keystores for Stomp connection
+      System.setProperty("javax.net.ssl.keyStore", args[0]);
+      System.setProperty("javax.net.ssl.keyStorePassword", args[1]);
+      System.setProperty("javax.net.ssl.trustStore", args[2]);
+      System.setProperty("javax.net.ssl.trustStorePassword", args[3]);
+
+      Connection connection = null;
+      InitialContext initialContext = null;
+      Security.addProvider(new Provider());
+
+      try {
+         // Step 1. Create an SSL socket to connect to the broker
+         SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+         SSLSocket socket = (SSLSocket) sslsocketfactory.createSocket("localhost", 5500);
+
+         // Step 2. Send a CONNECT frame to connect to the server
+         String connectFrame = "CONNECT\n" +
+            "request-id: 1\n" +
+            "\n" +
+            END_OF_FRAME;
+         sendFrame(socket, connectFrame);
+
+         readFrame(socket);
+
+         // Step 3. Send a SEND frame (a Stomp message) to the
+         // jms.queue.exampleQueue address with a text body
+         String text = "Hello, world from Stomp!";
+         String message = "SEND\n" +
+            "destination: jms.queue.exampleQueue\n" +
+            "\n" +
+            text +
+            END_OF_FRAME;
+         sendFrame(socket, message);
+         System.out.println("Sent Stomp message: " + text);
+
+         // Step 4. Send a DISCONNECT frame to disconnect from the server
+         String disconnectFrame = "DISCONNECT\n" +
+            "\n" +
+            END_OF_FRAME;
+         sendFrame(socket, disconnectFrame);
+
+         // Step 5. Slose the TCP socket
+         socket.close();
+
+         // We will now consume from JMS the message sent with Stomp.
+
+         // Step 6. Create an initial context to perform the JNDI lookup.
+         initialContext = new InitialContext();
+
+         // Step 7. Perform a lookup on the queue and the connection factory
+         Queue queue = (Queue) initialContext.lookup("queue/exampleQueue");
+         ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("ConnectionFactory");
+
+         // Step 8.Create a JMS Connection, Session and a MessageConsumer on the queue
+         connection = cf.createConnection("consumer", "activemq");
+         Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+         MessageConsumer consumer = session.createConsumer(queue);
+
+         // Step 9. Start the Connection
+         connection.start();
+
+         // Step 10. Receive the message
+         TextMessage messageReceived = (TextMessage) consumer.receive(5000);
+         System.out.println("Received JMS message: " + messageReceived.getText());
+      }
+      finally {
+         // Step 11. Be sure to close our JMS resources!
+         if (initialContext != null) {
+            initialContext.close();
+         }
+         if (connection != null) {
+            connection.close();
+         }
+      }
+   }
+
+   private static void sendFrame(Socket socket, String data) throws Exception {
+      byte[] bytes = data.getBytes(StandardCharsets.UTF_8);
+      OutputStream outputStream = socket.getOutputStream();
+      for (int i = 0; i < bytes.length; i++) {
+         outputStream.write(bytes[i]);
+      }
+      outputStream.flush();
+   }
+
+   private static String readFrame(Socket socket) throws Exception {
+      byte[] bytes = new byte[2048];
+      InputStream inputStream = socket.getInputStream();
+      int nbytes = inputStream.read(bytes);
+      byte[] data = new byte[nbytes];
+      System.arraycopy(bytes, 0, data, 0, data.length);
+      String resp = new String(data, StandardCharsets.UTF_8);
+      System.out.println("Got response from server: " + resp);
+      return resp;
+   }
+
+}

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-roles.properties
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-roles.properties
b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-roles.properties
new file mode 100644
index 0000000..643dfc3
--- /dev/null
+++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-roles.properties
@@ -0,0 +1,17 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements.  See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License.  You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+consumers=consumer
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-users.properties
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-users.properties
b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-users.properties
new file mode 100644
index 0000000..1c68f50
--- /dev/null
+++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-users.properties
@@ -0,0 +1,17 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements.  See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License.  You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+consumer=activemq
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/bootstrap.xml
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/bootstrap.xml
b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/bootstrap.xml
new file mode 100644
index 0000000..2eabc51
--- /dev/null
+++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/bootstrap.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements. See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License. You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<broker xmlns="http://activemq.org/schema">
+
+   <jaas-security domain="activemq" certificate-domain="activemq-cert"/>
+
+   <server configuration="file:${artemis.instance}/etc/broker.xml"/>
+
+</broker>
+

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/broker.xml
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/broker.xml
b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/broker.xml
new file mode 100644
index 0000000..14fa849
--- /dev/null
+++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/broker.xml
@@ -0,0 +1,57 @@
+<?xml version='1.0'?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xmlns="urn:activemq"
+               xsi:schemaLocation="urn:activemq /schema/artemis-server.xsd">
+
+   <jms xmlns="urn:activemq:jms">
+      <!--the queue used by the example-->
+      <queue name="exampleQueue"/>
+   </jms>
+
+   <core xmlns="urn:activemq:core">
+
+      <bindings-directory>./data/messaging/bindings</bindings-directory>
+
+      <journal-directory>./data/messaging/journal</journal-directory>
+
+      <large-messages-directory>./data/messaging/largemessages</large-messages-directory>
+
+      <paging-directory>./data/messaging/paging</paging-directory>
+
+      <!-- Acceptors -->
+      <acceptors>
+         <acceptor name="netty-acceptor">tcp://localhost:61616</acceptor>
+         <acceptor name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;needClientAuth=true;keyStorePath=${data.dir}/../etc/server-side-keystore.jks;keyStorePassword=secureexample;trustStorePath=${data.dir}/../etc/server-side-truststore.jks;trustStorePassword=secureexample</acceptor>
+      </acceptors>
+
+      <!-- Other config -->
+
+      <security-settings>
+         <!--security for example queue-->
+         <security-setting match="jms.queue.exampleQueue">
+            <permission type="consume" roles="consumers"/>
+            <permission type="send" roles="producers"/>
+         </security-setting>
+      </security-settings>
+
+   </core>
+</configuration>

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-roles.properties
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-roles.properties
b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-roles.properties
new file mode 100644
index 0000000..f52fa21
--- /dev/null
+++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-roles.properties
@@ -0,0 +1,18 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+producers=producer

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-users.properties
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-users.properties
b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-users.properties
new file mode 100644
index 0000000..06874dc
--- /dev/null
+++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-users.properties
@@ -0,0 +1,18 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+producer=CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-keystore.jks
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-keystore.jks
b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-keystore.jks
new file mode 100644
index 0000000..cb65a44
Binary files /dev/null and b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-keystore.jks
differ

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-truststore.jks
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-truststore.jks
b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-truststore.jks
new file mode 100644
index 0000000..7eb1d56
Binary files /dev/null and b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-truststore.jks
differ

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/login.config
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/login.config
b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/login.config
new file mode 100644
index 0000000..9bd479d
--- /dev/null
+++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/login.config
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+activemq {
+   org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule required
+       debug=false
+       org.apache.activemq.jaas.properties.user="artemis-users.properties"
+       org.apache.activemq.jaas.properties.role="artemis-roles.properties";
+};
+
+activemq-cert {
+   org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule required
+       debug=true
+       org.apache.activemq.jaas.textfiledn.user="cert-users.properties"
+       org.apache.activemq.jaas.textfiledn.role="cert-roles.properties";
+};
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-keystore.jks
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-keystore.jks
b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-keystore.jks
new file mode 100644
index 0000000..6089c6e
Binary files /dev/null and b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-keystore.jks
differ

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-truststore.jks
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-truststore.jks
b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-truststore.jks
new file mode 100644
index 0000000..0b7e224
Binary files /dev/null and b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-truststore.jks
differ

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/jndi.properties
----------------------------------------------------------------------
diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/jndi.properties
b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/jndi.properties
new file mode 100644
index 0000000..93537c4
--- /dev/null
+++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/jndi.properties
@@ -0,0 +1,20 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+java.naming.factory.initial=org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory
+connectionFactory.ConnectionFactory=tcp://localhost:61616
+queue.queue/exampleQueue=exampleQueue


Mime
View raw message