activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From martyntay...@apache.org
Subject [2/5] activemq-artemis git commit: ARTEMIS-604 - Add checks for object messages in REST and AMQP - Rest interface fix - Doc fixes (Rest->REST) - JSON management and AMQP outbound
Date Tue, 09 Aug 2016 10:23:05 GMT
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2fb8341f/docs/user-manual/en/security.md
----------------------------------------------------------------------
diff --git a/docs/user-manual/en/security.md b/docs/user-manual/en/security.md
index 4b06f25..dfa9f46 100644
--- a/docs/user-manual/en/security.md
+++ b/docs/user-manual/en/security.md
@@ -257,21 +257,21 @@ For more information on configuring the SSL transport, please see [Configuring t
 ## User credentials
 
 Apache ActiveMQ Artemis ships with two security manager implementations:
- 
--   The legacy, deprecated `ActiveMQSecurityManager` that reads user credentials, i.e. user names, passwords and role 
+
+-   The legacy, deprecated `ActiveMQSecurityManager` that reads user credentials, i.e. user names, passwords and role
 information from properties files on the classpath called `artemis-users.properties` and `artemis-roles.properties`.
 
--   The flexible, pluggable `ActiveMQJAASSecurityManager` which supports any standard JAAS login module. Artemis ships 
+-   The flexible, pluggable `ActiveMQJAASSecurityManager` which supports any standard JAAS login module. Artemis ships
 with several login modules which will be discussed further down. This is the default security manager.
 
 ### JAAS Security Manager
 
 When using JAAS much of the configuration depends on which login module is used. However, there are a few commonalities
-for every case. The first place to look is in `bootstrap.xml`. Here is an example using the `PropertiesLogin` JAAS login 
+for every case. The first place to look is in `bootstrap.xml`. Here is an example using the `PropertiesLogin` JAAS login
 module which reads user, password, and role information from properties files:
 
     <jaas-security domain="PropertiesLogin"/>
-    
+
 No matter what login module you're using, you'll need to specify it here in `bootstrap.xml`. The `domain` attribute
 here refers to the relevant login module entry in `login.config`. For example:
 
@@ -282,7 +282,7 @@ here refers to the relevant login module entry in `login.config`. For example:
             org.apache.activemq.jaas.properties.role="artemis-roles.properties";
     };
 
-The `login.config` file is a standard JAAS configuration file. You can read more about this file on 
+The `login.config` file is a standard JAAS configuration file. You can read more about this file on
 [Oracle's website](https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html).
 In short, the file defines:
 
@@ -295,18 +295,18 @@ In short, the file defines:
 
 -   a list of configuration options specific to the login module implementation
 
-By default, the location and name of `login.config` is specified on the Artemis command-line which is set by 
+By default, the location and name of `login.config` is specified on the Artemis command-line which is set by
 `etc/artemis.profile` on linux and `etc\artemis.profile.cmd` on Windows.
 
 #### Dual Authentication
 
-The JAAS Security Manager also supports another configuration parameter - `certificate-domain`. This is useful when you 
+The JAAS Security Manager also supports another configuration parameter - `certificate-domain`. This is useful when you
 want to authenticate clients connecting with SSL connections based on their SSL certificates (e.g. using the `CertificateLoginModule`
 discussed below) but you still want to authenticate clients connecting with non-SSL connections with, e.g., username and
 password. Here's an example of what would go in `bootstrap.xml`:
 
     <jaas-security domain="PropertiesLogin" certificate-domain="CertLogin"/>
-    
+
 And here's the corresponding `login.config`:
 
     PropertiesLogin {
@@ -315,7 +315,7 @@ And here's the corresponding `login.config`:
            org.apache.activemq.jaas.properties.user="artemis-users.properties"
            org.apache.activemq.jaas.properties.role="artemis-roles.properties";
     };
-    
+
     CertLogin {
        org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule required
            debug=true
@@ -329,8 +329,8 @@ using `CertLogin` and any client connecting without SSL will be authenticated us
 ### JAAS Login Modules
 
 #### GuestLoginModule
-Allows users without credentials (and, depending on how it is configured, possibly also users with invalid credentials) 
-to access the broker. Normally, the guest login module is chained with another login module, such as a properties login 
+Allows users without credentials (and, depending on how it is configured, possibly also users with invalid credentials)
+to access the broker. Normally, the guest login module is chained with another login module, such as a properties login
 module. It is implemented by `org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule`.
 
 -   `org.apache.activemq.jaas.guest.user` - the user name to assign; default is "guest"
@@ -340,7 +340,7 @@ module. It is implemented by `org.apache.activemq.artemis.spi.core.security.jaas
 -   `credentialsInvalidate` - boolean flag; if `true`, reject login requests that include a password (i.e. guest login
 succeeds only when the user does not provide a password); default is `false`
 
--   `debug` - boolean flag; if `true`, enable debugging; this is used only for testing or debugging; normally, it 
+-   `debug` - boolean flag; if `true`, enable debugging; this is used only for testing or debugging; normally, it
 should be set to `false`, or omitted; default is `false`
 
 There are two basic use cases for the guest login module, as follows:
@@ -349,8 +349,8 @@ There are two basic use cases for the guest login module, as follows:
 
 -   Guests with no credentials only.
 
-The following snippet shows how to configure a JAAS login entry for the use case where users with no credentials or 
-invalid credentials are logged in as guests. In this example, the guest login module is used in combination with the 
+The following snippet shows how to configure a JAAS login entry for the use case where users with no credentials or
+invalid credentials are logged in as guests. In this example, the guest login module is used in combination with the
 properties login module.
 
     activemq-domain {
@@ -358,7 +358,7 @@ properties login module.
           debug=true
           org.apache.activemq.jaas.properties.user="artemis-users.properties"
           org.apache.activemq.jaas.properties.role="artemis-roles.properties";
-    
+
       org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule sufficient
           debug=true
           org.apache.activemq.jaas.guest.user="anyone"
@@ -367,18 +367,18 @@ properties login module.
 
 Depending on the user login data, authentication proceeds as follows:
 
--   User logs in with a valid password — the properties login module successfully authenticates the user and returns 
+-   User logs in with a valid password — the properties login module successfully authenticates the user and returns
     immediately. The guest login module is not invoked.
 
--   User logs in with an invalid password — the properties login module fails to authenticate the user, and authentication 
+-   User logs in with an invalid password — the properties login module fails to authenticate the user, and authentication
     proceeds to the guest login module. The guest login module successfully authenticates the user and returns the guest principal.
 
--   User logs in with a blank password — the properties login module fails to authenticate the user, and authentication 
+-   User logs in with a blank password — the properties login module fails to authenticate the user, and authentication
     proceeds to the guest login module. The guest login module successfully authenticates the user and returns the guest principal.
 
-The following snipped shows how to configure a JAAS login entry for the use case where only those users with no 
-credentials are logged in as guests. To support this use case, you must set the credentialsInvalidate option to true in 
-the configuration of the guest login module. You should also note that, compared with the preceding example, the order 
+The following snipped shows how to configure a JAAS login entry for the use case where only those users with no
+credentials are logged in as guests. To support this use case, you must set the credentialsInvalidate option to true in
+the configuration of the guest login module. You should also note that, compared with the preceding example, the order
 of the login modules is reversed and the flag attached to the properties login module is changed to requisite.
 
     activemq-guest-when-no-creds-only-domain {
@@ -387,7 +387,7 @@ of the login modules is reversed and the flag attached to the properties login m
            credentialsInvalidate=true
            org.apache.activemq.jaas.guest.user="guest"
            org.apache.activemq.jaas.guest.role="guests";
-    
+
         org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule requisite
             debug=true
             org.apache.activemq.jaas.properties.user="artemis-users.properties"
@@ -396,20 +396,20 @@ of the login modules is reversed and the flag attached to the properties login m
 
 Depending on the user login data, authentication proceeds as follows:
 
--   User logs in with a valid password — the guest login module fails to authenticate the user (because the user has 
-    presented a password while the credentialsInvalidate option is enabled) and authentication proceeds to the properties 
+-   User logs in with a valid password — the guest login module fails to authenticate the user (because the user has
+    presented a password while the credentialsInvalidate option is enabled) and authentication proceeds to the properties
     login module. The properties login module successfully authenticates the user and returns.
 
 -   User logs in with an invalid password — the guest login module fails to authenticate the user and authentication proceeds
-    to the properties login module. The properties login module also fails to authenticate the user. The nett result is 
+    to the properties login module. The properties login module also fails to authenticate the user. The nett result is
     authentication failure.
- 
+
 -   User logs in with a blank password — the guest login module successfully authenticates the user and returns immediately.
     The properties login module is not invoked.
-    
+
 #### PropertiesLoginModule
-The JAAS properties login module provides a simple store of authentication data, where the relevant user data is stored 
-in a pair of flat files. This is convenient for demonstrations and testing, but for an enterprise system, the integration 
+The JAAS properties login module provides a simple store of authentication data, where the relevant user data is stored
+in a pair of flat files. This is convenient for demonstrations and testing, but for an enterprise system, the integration
 with LDAP is preferable. It is implemented by `org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule`.
 
 -   `org.apache.activemq.jaas.properties.user` - the path to the file which contains user and password properties
@@ -418,148 +418,148 @@ with LDAP is preferable. It is implemented by `org.apache.activemq.artemis.spi.c
 
 -   `reload` - boolean flag; whether or not to reload the properties files when a modification occurs; default is `false`
 
--   `debug` - boolean flag; if `true`, enable debugging; this is used only for testing or debugging; normally, it 
+-   `debug` - boolean flag; if `true`, enable debugging; this is used only for testing or debugging; normally, it
 should be set to `false`, or omitted; default is `false`
 
-In the context of the properties login module, the `artemis-users.properties` file consists of a list of properties of the 
-form, `UserName=Password`. For example, to define the users `system`, `user`, and `guest`, you could create a file like 
+In the context of the properties login module, the `artemis-users.properties` file consists of a list of properties of the
+form, `UserName=Password`. For example, to define the users `system`, `user`, and `guest`, you could create a file like
 the following:
 
     system=manager
     user=password
     guest=password
 
-The `artemis-roles.properties` file consists of a list of properties of the form, `Role=UserList`, where UserList is a 
-comma-separated list of users. For example, to define the roles `admins`, `users`, and `guests`, you could create a file 
+The `artemis-roles.properties` file consists of a list of properties of the form, `Role=UserList`, where UserList is a
+comma-separated list of users. For example, to define the roles `admins`, `users`, and `guests`, you could create a file
 like the following:
 
     admins=system
     users=system,user
     guests=guest
-    
+
 #### LDAPLoginModule
-The LDAP login module enables you to perform authentication and authorization by checking the incoming credentials against 
-user data stored in a central X.500 directory server. For systems that already have an X.500 directory server in place, 
-this means that you can rapidly integrate ActiveMQ Artemis with the existing security database and user accounts can be 
+The LDAP login module enables you to perform authentication and authorization by checking the incoming credentials against
+user data stored in a central X.500 directory server. For systems that already have an X.500 directory server in place,
+this means that you can rapidly integrate ActiveMQ Artemis with the existing security database and user accounts can be
 managed using the X.500 system. It is implemented by `org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule`.
 
--   `initialContextFactory` - must always be set to `com.sun.jndi.ldap.LdapCtxFactory`    
+-   `initialContextFactory` - must always be set to `com.sun.jndi.ldap.LdapCtxFactory`
 
--   `connectionURL` - specify the location of the directory server using an ldap URL, ldap://Host:Port. You can 
+-   `connectionURL` - specify the location of the directory server using an ldap URL, ldap://Host:Port. You can
     optionally qualify this URL, by adding a forward slash, `/`, followed by the DN of a particular node in the directory
-    tree. For example, ldap://ldapserver:10389/ou=system.    
-        
--   `authentication` - specifies the authentication method used when binding to the LDAP server. Can take either of 
-    the values, `simple` (username and password) or `none` (anonymous). 
-            
--   `connectionUsername` - the DN of the user that opens the connection to the directory server. For example, 
+    tree. For example, ldap://ldapserver:10389/ou=system.
+
+-   `authentication` - specifies the authentication method used when binding to the LDAP server. Can take either of
+    the values, `simple` (username and password) or `none` (anonymous).
+
+-   `connectionUsername` - the DN of the user that opens the connection to the directory server. For example,
     `uid=admin,ou=system`. Directory servers generally require clients to present username/password credentials in order
-    to open a connection.      
-      
--   `connectionPassword` - the password that matches the DN from `connectionUsername`. In the directory server, 
-    in the DIT, the password is normally stored as a `userPassword` attribute in the corresponding directory entry.    
-         
--   `connectionProtocol` - currently, the only supported value is a blank string. In future, this option will allow 
-    you to select the Secure Socket Layer (SSL) for the connection to the directory server. This option must be set 
-    explicitly to an empty string, because it has no default value.        
-    
--   `userBase` - selects a particular subtree of the DIT to search for user entries. The subtree is specified by a 
+    to open a connection.
+
+-   `connectionPassword` - the password that matches the DN from `connectionUsername`. In the directory server,
+    in the DIT, the password is normally stored as a `userPassword` attribute in the corresponding directory entry.
+
+-   `connectionProtocol` - currently, the only supported value is a blank string. In future, this option will allow
+    you to select the Secure Socket Layer (SSL) for the connection to the directory server. This option must be set
+    explicitly to an empty string, because it has no default value.
+
+-   `userBase` - selects a particular subtree of the DIT to search for user entries. The subtree is specified by a
     DN, which specifes the base node of the subtree. For example, by setting this option to `ou=User,ou=ActiveMQ,ou=system`,
-    the search for user entries is restricted to the subtree beneath the `ou=User,ou=ActiveMQ,ou=system` node.   
-         
--   `userSearchMatching` - specifies an LDAP search filter, which is applied to the subtree selected by `userBase`. 
-    Before passing to the LDAP search operation, the string value you provide here is subjected to string substitution, 
-    as implemented by the `java.text.MessageFormat` class. Essentially, this means that the special string, `{0}`, is 
-    substituted by the username, as extracted from the incoming client credentials.  
-      
-    After substitution, the string is interpreted as an LDAP search filter, where the LDAP search filter syntax is 
-    defined by the IETF standard, RFC 2254. A short introduction to the search filter syntax is available from Oracle's 
-    JNDI tutorial, [Search Filters](http://download.oracle.com/javase/jndi/tutorial/basics/directory/filter.html). 
-       
+    the search for user entries is restricted to the subtree beneath the `ou=User,ou=ActiveMQ,ou=system` node.
+
+-   `userSearchMatching` - specifies an LDAP search filter, which is applied to the subtree selected by `userBase`.
+    Before passing to the LDAP search operation, the string value you provide here is subjected to string substitution,
+    as implemented by the `java.text.MessageFormat` class. Essentially, this means that the special string, `{0}`, is
+    substituted by the username, as extracted from the incoming client credentials.
+
+    After substitution, the string is interpreted as an LDAP search filter, where the LDAP search filter syntax is
+    defined by the IETF standard, RFC 2254. A short introduction to the search filter syntax is available from Oracle's
+    JNDI tutorial, [Search Filters](http://download.oracle.com/javase/jndi/tutorial/basics/directory/filter.html).
+
     For example, if this option is set to `(uid={0})` and the received username is `jdoe`, the search filter becomes
-    `(uid=jdoe)` after string substitution. If the resulting search filter is applied to the subtree selected by the 
+    `(uid=jdoe)` after string substitution. If the resulting search filter is applied to the subtree selected by the
     user base, `ou=User,ou=ActiveMQ,ou=system`, it would match the entry, `uid=jdoe,ou=User,ou=ActiveMQ,ou=system`
-    (and possibly more deeply nested entries, depending on the specified search depth—see the `userSearchSubtree` option). 
-           
--   `userSearchSubtree` - specify the search depth for user entries, relative to the node specified by `userBase`. 
-    This option is a boolean. `false` indicates it will try to match one of the child entries of the `userBase` node 
-    (maps to `javax.naming.directory.SearchControls.ONELEVEL_SCOPE`). `true` indicates it will try to match any entry 
-    belonging to the subtree of the `userBase` node (maps to `javax.naming.directory.SearchControls.SUBTREE_SCOPE`). 
-           
--   `userRoleName` - specifies the name of the multi-valued attribute of the user entry that contains a list of 
+    (and possibly more deeply nested entries, depending on the specified search depth—see the `userSearchSubtree` option).
+
+-   `userSearchSubtree` - specify the search depth for user entries, relative to the node specified by `userBase`.
+    This option is a boolean. `false` indicates it will try to match one of the child entries of the `userBase` node
+    (maps to `javax.naming.directory.SearchControls.ONELEVEL_SCOPE`). `true` indicates it will try to match any entry
+    belonging to the subtree of the `userBase` node (maps to `javax.naming.directory.SearchControls.SUBTREE_SCOPE`).
+
+-   `userRoleName` - specifies the name of the multi-valued attribute of the user entry that contains a list of
     role names for the user (where the role names are interpreted as group names by the broker's authorization plug-in).
-    If you omit this option, no role names are extracted from the user entry.         
-    
--   `roleBase` - if you want to store role data directly in the directory server, you can use a combination of role 
-    options (`roleBase`, `roleSearchMatching`, `roleSearchSubtree`, and `roleName`) as an alternative to (or in addition 
-    to) specifying the `userRoleName` option. This option selects a particular subtree of the DIT to search for role/group 
-    entries. The subtree is specified by a DN, which specifes the base node of the subtree. For example, by setting this 
-    option to `ou=Group,ou=ActiveMQ,ou=system`, the search for role/group entries is restricted to the subtree beneath 
-    the `ou=Group,ou=ActiveMQ,ou=system` node.        
-    
+    If you omit this option, no role names are extracted from the user entry.
+
+-   `roleBase` - if you want to store role data directly in the directory server, you can use a combination of role
+    options (`roleBase`, `roleSearchMatching`, `roleSearchSubtree`, and `roleName`) as an alternative to (or in addition
+    to) specifying the `userRoleName` option. This option selects a particular subtree of the DIT to search for role/group
+    entries. The subtree is specified by a DN, which specifes the base node of the subtree. For example, by setting this
+    option to `ou=Group,ou=ActiveMQ,ou=system`, the search for role/group entries is restricted to the subtree beneath
+    the `ou=Group,ou=ActiveMQ,ou=system` node.
+
 -   `roleName` - specifies the attribute type of the role entry that contains the name of the role/group (e.g. C, O,
-    OU, etc.). If you omit this option, the role search feature is effectively disabled.        
-    
--   `roleSearchMatching` - specifies an LDAP search filter, which is applied to the subtree selected by `roleBase`. 
+    OU, etc.). If you omit this option, the role search feature is effectively disabled.
+
+-   `roleSearchMatching` - specifies an LDAP search filter, which is applied to the subtree selected by `roleBase`.
     This works in a similar manner to the `userSearchMatching` option, except that it supports two substitution strings,
-    as follows:        
-    
-    -   `{0}` - substitutes the full DN of the matched user entry (that is, the result of the user search). For 
+    as follows:
+
+    -   `{0}` - substitutes the full DN of the matched user entry (that is, the result of the user search). For
         example, for the user, `jdoe`, the substituted string could be `uid=jdoe,ou=User,ou=ActiveMQ,ou=system`.
-        
-    -   `{1}` - substitutes the received username. For example, `jdoe`.    
-    
-    For example, if this option is set to `(member=uid={1})` and the received username is `jdoe`, the search filter 
-    becomes `(member=uid=jdoe)` after string substitution (assuming ApacheDS search filter syntax). If the resulting 
-    search filter is applied to the subtree selected by the role base, `ou=Group,ou=ActiveMQ,ou=system`, it matches all 
-    role entries that have a `member` attribute equal to `uid=jdoe` (the value of a `member` attribute is a DN).  
-      
-    This option must always be set, even if role searching is disabled, because it has no default value. 
-       
+
+    -   `{1}` - substitutes the received username. For example, `jdoe`.
+
+    For example, if this option is set to `(member=uid={1})` and the received username is `jdoe`, the search filter
+    becomes `(member=uid=jdoe)` after string substitution (assuming ApacheDS search filter syntax). If the resulting
+    search filter is applied to the subtree selected by the role base, `ou=Group,ou=ActiveMQ,ou=system`, it matches all
+    role entries that have a `member` attribute equal to `uid=jdoe` (the value of a `member` attribute is a DN).
+
+    This option must always be set, even if role searching is disabled, because it has no default value.
+
     If you use OpenLDAP, the syntax of the search filter is `(member:=uid=jdoe)`.
-    
--   `roleSearchSubtree` - specify the search depth for role entries, relative to the node specified by `roleBase`. 
+
+-   `roleSearchSubtree` - specify the search depth for role entries, relative to the node specified by `roleBase`.
     This option can take boolean values, as follows:
-    
-    -   `false` (default) - try to match one of the child entries of the roleBase node (maps to 
-        `javax.naming.directory.SearchControls.ONELEVEL_SCOPE`).    
-                                   
-    -   `true` — try to match any entry belonging to the subtree of the roleBase node (maps to 
+
+    -   `false` (default) - try to match one of the child entries of the roleBase node (maps to
+        `javax.naming.directory.SearchControls.ONELEVEL_SCOPE`).
+
+    -   `true` — try to match any entry belonging to the subtree of the roleBase node (maps to
         `javax.naming.directory.SearchControls.SUBTREE_SCOPE`).
 
--   `debug` - boolean flag; if `true`, enable debugging; this is used only for testing or debugging; normally, it 
+-   `debug` - boolean flag; if `true`, enable debugging; this is used only for testing or debugging; normally, it
     should be set to `false`, or omitted; default is `false`
 
-Add user entries under the node specified by the `userBase` option. When creating a new user entry in the directory, 
-choose an object class that supports the `userPassword` attribute (for example, the `person` or `inetOrgPerson` object 
-classes are typically suitable). After creating the user entry, add the `userPassword` attribute, to hold the user's 
+Add user entries under the node specified by the `userBase` option. When creating a new user entry in the directory,
+choose an object class that supports the `userPassword` attribute (for example, the `person` or `inetOrgPerson` object
+classes are typically suitable). After creating the user entry, add the `userPassword` attribute, to hold the user's
 password.
 
-If you want to store role data in dedicated role entries (where each node represents a particular role), create a role 
-entry as follows. Create a new child of the `roleBase` node, where the `objectClass` of the child is `groupOfNames`. Set 
-the `cn` (or whatever attribute type is specified by `roleName`) of the new child node equal to the name of the 
-role/group. Define a `member` attribute for each member of the role/group, setting the `member` value to the DN of the 
-corresponding user (where the DN is specified either fully, `uid=jdoe,ou=User,ou=ActiveMQ,ou=system`, or partially, 
+If you want to store role data in dedicated role entries (where each node represents a particular role), create a role
+entry as follows. Create a new child of the `roleBase` node, where the `objectClass` of the child is `groupOfNames`. Set
+the `cn` (or whatever attribute type is specified by `roleName`) of the new child node equal to the name of the
+role/group. Define a `member` attribute for each member of the role/group, setting the `member` value to the DN of the
+corresponding user (where the DN is specified either fully, `uid=jdoe,ou=User,ou=ActiveMQ,ou=system`, or partially,
 `uid=jdoe`).
 
-If you want to add roles to user entries, you would need to customize the directory schema, by adding a suitable 
+If you want to add roles to user entries, you would need to customize the directory schema, by adding a suitable
 attribute type to the user entry's object class. The chosen attribute type must be capable of handling multiple values.
 
 #### CertificateLoginModule
 
 The JAAS certificate authentication login module must be used in combination with SSL and the clients must be configured
-with their own certificate. In this scenario, authentication is actually performed during the SSL/TLS handshake, not 
+with their own certificate. In this scenario, authentication is actually performed during the SSL/TLS handshake, not
 directly by the JAAS certificate authentication plug-in. The role of the plug-in is as follows:
 
--   To further constrain the set of acceptable users, because only the user DNs explicitly listed in the relevant 
+-   To further constrain the set of acceptable users, because only the user DNs explicitly listed in the relevant
     properties file are eligible to be authenticated.
 
 -   To associate a list of groups with the received user identity, facilitating integration with the authorization feature.
 
--   To require the presence of an incoming certificate (by default, the SSL/TLS layer is configured to treat the 
+-   To require the presence of an incoming certificate (by default, the SSL/TLS layer is configured to treat the
     presence of a client certificate as optional).
 
-The JAAS certificate login module stores a collection of certificate DNs in a pair of flat files. The files associate a 
+The JAAS certificate login module stores a collection of certificate DNs in a pair of flat files. The files associate a
 username and a list of group IDs with each DN.
 
 The certificate login module is implemented by the following class:
@@ -578,13 +578,13 @@ The following `CertLogin` login entry shows how to configure certificate login m
 In the preceding example, the JAAS realm is configured to use a single `org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule`
 login module. The options supported by this login module are as follows:
 
--   `debug` - boolean flag; if true, enable debugging; this is used only for testing or debugging; normally, 
+-   `debug` - boolean flag; if true, enable debugging; this is used only for testing or debugging; normally,
     it should be set to `false`, or omitted; default is `false`
 
--   `org.apache.activemq.jaas.textfiledn.user` - specifies the location of the user properties file (relative to the 
+-   `org.apache.activemq.jaas.textfiledn.user` - specifies the location of the user properties file (relative to the
      directory containing the login configuration file).
 
--   `org.apache.activemq.jaas.textfiledn.role` - specifies the location of the role properties file (relative to the 
+-   `org.apache.activemq.jaas.textfiledn.role` - specifies the location of the role properties file (relative to the
     directory containing the login configuration file).
 
 -   `reload` - boolean flag; whether or not to reload the properties files when a modification occurs; default is `false`
@@ -597,29 +597,29 @@ the following:
     user=CN=humble user,O=Progress,C=US
     guest=CN=anon,O=Progress,C=DE
 
-Each username is mapped to a subject DN, encoded as a string (where the string encoding is specified by RFC 2253). For 
+Each username is mapped to a subject DN, encoded as a string (where the string encoding is specified by RFC 2253). For
 example, the system username is mapped to the `CN=system,O=Progress,C=US` subject DN. When performing authentication,
-the plug-in extracts the subject DN from the received certificate, converts it to the standard string format, and 
-compares it with the subject DNs in the `users.properties` file by testing for string equality. Consequently, you must 
+the plug-in extracts the subject DN from the received certificate, converts it to the standard string format, and
+compares it with the subject DNs in the `users.properties` file by testing for string equality. Consequently, you must
 be careful to ensure that the subject DNs appearing in the `users.properties` file are an exact match for the subject
 DNs extracted from the user certificates.
 
 Note: Technically, there is some residual ambiguity in the DN string format. For example, the `domainComponent` attribute
-could be represented in a string either as the string, `DC`, or as the OID, `0.9.2342.19200300.100.1.25`. Normally, you do 
-not need to worry about this ambiguity. But it could potentially be a problem, if you changed the underlying 
+could be represented in a string either as the string, `DC`, or as the OID, `0.9.2342.19200300.100.1.25`. Normally, you do
+not need to worry about this ambiguity. But it could potentially be a problem, if you changed the underlying
 implementation of the Java security layer.
 
-The easiest way to obtain the subject DNs from the user certificates is by invoking the `keytool` utility to print the 
+The easiest way to obtain the subject DNs from the user certificates is by invoking the `keytool` utility to print the
 certificate contents. To print the contents of a certificate in a keystore, perform the following steps:
 
-1.   Export the certificate from the keystore file into a temporary file. For example, to export the certificate with 
+1.   Export the certificate from the keystore file into a temporary file. For example, to export the certificate with
      alias `broker-localhost` from the `broker.ks` keystore file, enter the following command:
 
         keytool -export -file broker.export -alias broker-localhost -keystore broker.ks -storepass password
 
      After running this command, the exported certificate is in the file, `broker.export`.
 
-1.   Print out the contents of the exported certificate. For example, to print out the contents of `broker.export`, 
+1.   Print out the contents of the exported certificate. For example, to print out the contents of `broker.export`,
      enter the following command:
 
         keytool -printcert -file broker.export
@@ -634,11 +634,11 @@ certificate contents. To print the contents of a certificate in a keystore, perf
                  MD5:  3F:6C:0C:89:A8:80:29:CC:F5:2D:DA:5C:D7:3F:AB:37
                  SHA1: F0:79:0D:04:38:5A:46:CE:86:E1:8A:20:1F:7B:AB:3A:46:E4:34:5C
 
-     The string following `Owner:` gives the subject DN. The format used to enter the subject DN depends on your 
+     The string following `Owner:` gives the subject DN. The format used to enter the subject DN depends on your
      platform. The `Owner:` string above could be represented as either `CN=localhost,\ OU=broker,\ O=Unknown,\ L=Unknown,\ ST=Unknown,\ C=Unknown`
      or `CN=localhost,OU=broker,O=Unknown,L=Unknown,ST=Unknown,C=Unknown`.
 
-The `roles.properties` file consists of a list of properties of the form, `Role=UserList`, where `UserList` is a 
+The `roles.properties` file consists of a list of properties of the form, `Role=UserList`, where `UserList` is a
 comma-separated list of users. For example, to define the roles `admins`, `users`, and `guests`, you could create a file
 like the following:
 
@@ -646,7 +646,7 @@ like the following:
     users=system,user
     guests=guest
 
-The simplest way to make the login configuration available to JAAS is to add the directory containing the file, 
+The simplest way to make the login configuration available to JAAS is to add the directory containing the file,
 `login.config`, to your CLASSPATH.
 
 
@@ -699,12 +699,12 @@ can be deserialized without problem, whereas those from 'not trusted' packages w
 deserialization.
 
 Artemis keeps a `black list` to keep track of packages that are not trusted and a `white list`
-for trusted packages. By default both lists are empty, meaning any serializable object is 
+for trusted packages. By default both lists are empty, meaning any serializable object is
 allowed to be deserialized. If an object whose class matches one of the packages in black list,
 it is not allowed to be deserialized. If it matches one in the white list
-the object can be deserialized. If a package appears in both black list and white list, 
-the one in black list takes precedence. If a class neither matches with `black list` 
-nor with the `white list`, the class deserialization will be denied 
+the object can be deserialized. If a package appears in both black list and white list,
+the one in black list takes precedence. If a class neither matches with `black list`
+nor with the `white list`, the class deserialization will be denied
 unless the white list is empty (meaning the user doesn't specify the white list at all).
 
 A class is considered as a 'match' if
@@ -734,7 +734,7 @@ You can also set the values via ActiveMQConnectionFactory's API:
 
     public void setDeserializationBlackList(String blackList);
     public void setDeserializationWhiteList(String whiteList);
-   
+
 Again the parameters are comma separated list of package/class names.
 
 ### Specifying black list and white list via system properties
@@ -757,10 +757,24 @@ properties for their resource adapters. There are two properties that you can co
 
 These properties, once specified, are eventually set on the corresponding internal factories.
 
-
-
-
-
-
-
-
+### Specifying black list and white list for REST interface
+
+Apache Artemis REST interface ([Rest](rest.md)) allows interactions between jms client and rest clients.
+It uses JMS ObjectMessage to wrap the actual user data between the 2 types of clients and deserialization
+is needed during this process. If you want to control the deserialization for REST, you need to set the
+black/white lists for it separately as Apache Artemis REST Interface is deployed as a web application.
+You need to put the black/white lists in its web.xml, as context parameters, as follows
+
+    <web-app>
+        <context-param>
+            <param-name>org.apache.activemq.artemis.jms.deserialization.whitelist</param-name>
+            <param-value>some.allowed.class</param-value>
+        </context-param>
+        <context-param>
+            <param-name>org.apache.activemq.artemis.jms.deserialization.blacklist</param-name>
+            <param-value>some.forbidden.class</param-value>
+        </context-param>
+    ...
+    </web-app>
+
+The param-value for each list is a comma separated string value representing the list.

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2fb8341f/tests/integration-tests/pom.xml
----------------------------------------------------------------------
diff --git a/tests/integration-tests/pom.xml b/tests/integration-tests/pom.xml
index 78ab4d8..9b4a518 100644
--- a/tests/integration-tests/pom.xml
+++ b/tests/integration-tests/pom.xml
@@ -349,6 +349,26 @@
          <artifactId>artemis-test-support</artifactId>
          <version>${project.version}</version>
       </dependency>
+
+      <!-- rest test -->
+      <dependency>
+         <groupId>org.eclipse.jetty.aggregate</groupId>
+         <artifactId>jetty-all</artifactId>
+         <version>${jetty.version}</version>
+         <type>jar</type>
+         <classifier>uber</classifier>
+      </dependency>
+      <dependency>
+         <groupId>org.jboss.resteasy</groupId>
+         <artifactId>resteasy-jaxrs</artifactId>
+      </dependency>
+      <dependency>
+         <groupId>org.apache.activemq.rest</groupId>
+         <artifactId>artemis-rest</artifactId>
+         <version>1.4.0-SNAPSHOT</version>
+         <scope>compile</scope>
+      </dependency>
+
    </dependencies>
 
    <build>
@@ -356,11 +376,46 @@
          <testResource>
             <directory>src/test/resources</directory>
             <filtering>true</filtering>
+            <excludes>
+               <exclude>**/rest/*.xml</exclude>
+            </excludes>
          </testResource>
       </testResources>
       <plugins>
          <plugin>
             <groupId>org.apache.maven.plugins</groupId>
+               <artifactId>maven-assembly-plugin</artifactId>
+               <executions>
+                  <execution>
+                     <phase>process-test-classes</phase>
+                     <id>bwlist-rest-test-war</id>
+                     <goals>
+                        <goal>single</goal>
+                     </goals>
+                     <configuration>
+                        <descriptor>src/test/resources/rest/bwlist-rest-test-asm.xml</descriptor>
+                        <finalName>rest-test-bwlist</finalName>
+                        <appendAssemblyId>false</appendAssemblyId>
+                        <outputDirectory>target/test-classes/rest/</outputDirectory>
+                     </configuration>
+                  </execution>
+                  <execution>
+                     <phase>process-test-classes</phase>
+                     <id>rest-test-war</id>
+                     <goals>
+                        <goal>single</goal>
+                     </goals>
+                     <configuration>
+                        <descriptor>src/test/resources/rest/rest-test-asm.xml</descriptor>
+                           <finalName>rest-test</finalName>
+                           <appendAssemblyId>false</appendAssemblyId>
+                           <outputDirectory>target/test-classes/rest/</outputDirectory>
+                     </configuration>
+                  </execution>
+               </executions>
+            </plugin>
+         <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-jar-plugin</artifactId>
             <executions>
                <execution>

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2fb8341f/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/Order.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/Order.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/Order.java
new file mode 100644
index 0000000..6755e55
--- /dev/null
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/Order.java
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.tests.integration.rest;
+
+import javax.xml.bind.annotation.XmlRootElement;
+import java.io.Serializable;
+
+@XmlRootElement(name = "order")
+public class Order implements Serializable {
+   private static final long serialVersionUID = -3462346058107018735L;
+   private String name;
+   private String amount;
+   private String item;
+
+   public Order() {
+   }
+
+   public Order(String name, String amount, String item) {
+      assert (name != null);
+      assert (amount != null);
+      assert (item != null);
+
+      this.name = name;
+      this.amount = amount;
+      this.item = item;
+   }
+
+   public String getName() {
+      return name;
+   }
+
+   public void setName(String name) {
+      this.name = name;
+   }
+
+   public String getAmount() {
+      return amount;
+   }
+
+   public void setAmount(String amount) {
+      this.amount = amount;
+   }
+
+   public String getItem() {
+      return item;
+   }
+
+   public void setItem(String item) {
+      this.item = item;
+   }
+
+   @Override
+   public boolean equals(Object other) {
+      if (!(other instanceof Order)) {
+         return false;
+      }
+      Order order = (Order) other;
+      return name.equals(order.name) && amount.equals(order.amount) && item.equals(order.item);
+   }
+
+   @Override
+   public int hashCode() {
+      return name.hashCode() + amount.hashCode() + item.hashCode();
+   }
+}

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2fb8341f/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestDeserializationTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestDeserializationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestDeserializationTest.java
new file mode 100644
index 0000000..1f7f8f5
--- /dev/null
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestDeserializationTest.java
@@ -0,0 +1,192 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.tests.integration.rest;
+
+import javax.jms.Connection;
+import javax.jms.ConnectionFactory;
+import javax.jms.Destination;
+import javax.jms.JMSException;
+import javax.jms.MessageProducer;
+import javax.jms.ObjectMessage;
+import javax.jms.Session;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import java.io.File;
+import java.io.Serializable;
+import java.io.StringReader;
+
+import org.apache.activemq.artemis.jms.client.ActiveMQDestination;
+import org.apache.activemq.artemis.jms.client.ActiveMQJMSConnectionFactory;
+import org.apache.activemq.artemis.rest.HttpHeaderProperty;
+import org.apache.activemq.artemis.tests.integration.rest.util.RestAMQConnection;
+import org.apache.activemq.artemis.tests.integration.rest.util.RestMessageContext;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+public class RestDeserializationTest extends RestTestBase {
+
+   private RestAMQConnection restConnection;
+
+   @Before
+   public void setUp() throws Exception {
+      super.setUp();
+      createJettyServer("localhost", 12345);
+   }
+
+   @After
+   public void tearDown() throws Exception {
+      if (restConnection != null) {
+         restConnection.close();
+      }
+      super.tearDown();
+   }
+
+   @Test
+   public void testWithoutBlackWhiteListQueue() throws Exception {
+      deployAndconfigureRESTService("rest-test.war");
+
+      Order order = new Order();
+      order.setName("Bill");
+      order.setItem("iPhone4");
+      order.setAmount("$199.99");
+
+      jmsSendMessage(order, "orders", true);
+
+      String received = restReceiveQueueMessage("orders");
+
+      Object object = xmlToObject(received);
+
+      assertEquals(order, object);
+   }
+
+   @Test
+   public void testWithoutBlackWhiteListTopic() throws Exception {
+      deployAndconfigureRESTService("rest-test.war");
+
+      RestMessageContext topicContext = restConnection.createTopicContext("ordersTopic");
+      topicContext.initPullConsumers();
+
+      Order order = new Order();
+      order.setName("Bill");
+      order.setItem("iPhone4");
+      order.setAmount("$199.99");
+
+      jmsSendMessage(order, "ordersTopic", false);
+
+      String received = topicContext.pullMessage();
+
+      Object object = xmlToObject(received);
+
+      assertEquals(order, object);
+   }
+
+   @Test
+   public void testBlackWhiteListQueuePull() throws Exception {
+      deployAndconfigureRESTService("rest-test-bwlist.war");
+
+      Order order = new Order();
+      order.setName("Bill");
+      order.setItem("iPhone4");
+      order.setAmount("$199.99");
+
+      jmsSendMessage(order, "orders", true);
+
+      try {
+         String received = restReceiveQueueMessage("orders");
+         fail("Object should be rejected by blacklist, but " + received);
+      }
+      catch (IllegalStateException e) {
+         String error = e.getMessage();
+         assertTrue(error, error.contains("ClassNotFoundException"));
+      }
+   }
+
+   @Test
+   public void testBlackWhiteListTopicPull() throws Exception {
+      deployAndconfigureRESTService("rest-test-bwlist.war");
+
+      RestMessageContext topicContext = restConnection.createTopicContext("ordersTopic");
+      topicContext.initPullConsumers();
+
+      Order order = new Order();
+      order.setName("Bill");
+      order.setItem("iPhone4");
+      order.setAmount("$199.99");
+
+      jmsSendMessage(order, "ordersTopic", false);
+
+      try {
+         String received = topicContext.pullMessage();
+         fail("object should have been rejected but: " + received);
+      }
+      catch (IllegalStateException e) {
+         String error = e.getMessage();
+         assertTrue(error, error.contains("ClassNotFoundException"));
+      }
+   }
+
+   private void deployAndconfigureRESTService(String warFileName) throws Exception {
+      jmsServer.createTopic(false, "ordersTopic", (String[]) null);
+      File warFile = getResourceFile("/rest/" + warFileName, warFileName);
+      deployWebApp("/restapp", warFile);
+      server.start();
+      String uri = server.getURI().toASCIIString();
+      System.out.println("Sever started with uri: " + uri);
+
+      restConnection = new RestAMQConnection(uri);
+   }
+
+   private Object xmlToObject(String xmlString) throws JAXBException {
+      JAXBContext jc = JAXBContext.newInstance(Order.class);
+      Unmarshaller unmarshaller = jc.createUnmarshaller();
+      StringReader reader = new StringReader(xmlString);
+      return unmarshaller.unmarshal(reader);
+   }
+
+   private String restReceiveQueueMessage(String destName) throws Exception {
+      RestMessageContext restContext = restConnection.createQueueContext(destName);
+      String val = restContext.pullMessage();
+      return val;
+   }
+
+   private void jmsSendMessage(Serializable value, String destName, boolean isQueue) throws JMSException {
+      ConnectionFactory factory = new ActiveMQJMSConnectionFactory("tcp://localhost:61616");
+      String jmsDest;
+      if (isQueue) {
+         jmsDest = "jms.queue." + destName;
+      }
+      else {
+         jmsDest = "jms.topic." + destName;
+      }
+      Destination destination = ActiveMQDestination.fromAddress(jmsDest);
+
+      Connection conn = factory.createConnection();
+      try {
+         Session session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+         MessageProducer producer = session.createProducer(destination);
+         ObjectMessage message = session.createObjectMessage();
+         message.setStringProperty(HttpHeaderProperty.CONTENT_TYPE, "application/xml");
+         message.setObject(value);
+         producer.send(message);
+      }
+      finally {
+         conn.close();
+      }
+   }
+}

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2fb8341f/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestTestBase.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestTestBase.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestTestBase.java
new file mode 100644
index 0000000..177dfe9
--- /dev/null
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestTestBase.java
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.tests.integration.rest;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.activemq.artemis.tests.util.JMSTestBase;
+import org.eclipse.jetty.server.Connector;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.handler.HandlerList;
+import org.eclipse.jetty.webapp.WebAppContext;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.rules.TemporaryFolder;
+import shaded.org.apache.commons.io.FileUtils;
+
+public class RestTestBase extends JMSTestBase {
+
+   @Rule
+   public TemporaryFolder testFolder = new TemporaryFolder();
+
+   protected Server server;
+   protected File webAppDir;
+   protected HandlerList handlers;
+
+   @Before
+   public void setUp() throws Exception {
+      super.setUp();
+      webAppDir = testFolder.newFolder("test-apps");
+   }
+
+   @After
+   public void tearDown() throws Exception {
+      if (server != null) {
+         try {
+            server.stop();
+         }
+         catch (Throwable t) {
+            t.printStackTrace();
+         }
+      }
+      super.tearDown();
+   }
+
+   public Server createJettyServer(String host, int port) throws Exception {
+      server = new Server();
+      ServerConnector connector = new ServerConnector(server);
+      connector.setHost(host);
+      connector.setPort(port);
+      server.setConnectors(new Connector[]{connector});
+
+      handlers = new HandlerList();
+
+      server.setHandler(handlers);
+      return server;
+   }
+
+   public WebAppContext deployWebApp(String contextPath, File warFile) {
+      WebAppContext webapp = new WebAppContext();
+      if (contextPath.startsWith("/")) {
+         webapp.setContextPath(contextPath);
+      }
+      else {
+         webapp.setContextPath("/" + contextPath);
+      }
+      webapp.setWar(warFile.getAbsolutePath());
+
+      handlers.addHandler(webapp);
+      return webapp;
+   }
+
+   public File getResourceFile(String resPath, String warName) throws IOException {
+      InputStream input = RestTestBase.class.getResourceAsStream(resPath);
+      File result = new File(webAppDir, warName);
+      FileUtils.copyInputStreamToFile(input, result);
+      return result;
+   }
+
+}

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2fb8341f/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/QueueRestMessageContext.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/QueueRestMessageContext.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/QueueRestMessageContext.java
new file mode 100644
index 0000000..09cc9d6
--- /dev/null
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/QueueRestMessageContext.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.tests.integration.rest.util;
+
+import java.io.IOException;
+
+import org.apache.http.Header;
+import org.apache.http.client.methods.CloseableHttpResponse;
+
+public class QueueRestMessageContext extends RestMessageContext {
+   public static final String PREFIX_QUEUE = "/queues/jms.queue.";
+
+   public QueueRestMessageContext(RestAMQConnection restAMQConnection, String queue) throws IOException {
+      super(restAMQConnection, queue);
+   }
+
+   @Override
+   protected String getDestLink() {
+      return PREFIX_QUEUE + destination;
+   }
+
+   @Override
+   protected String getPullConsumerUri() {
+      return getDestLink() + "/pull-consumers";
+   }
+
+   @Override
+   public void initPullConsumers() throws IOException {
+      String pullUri = getPullConsumerUri();
+      CloseableHttpResponse response = null;
+      if (!this.autoAck) {
+         response = connection.post(pullUri, "application/x-www-form-urlencoded", "autoAck=false");
+      }
+      else {
+         response = connection.post(pullUri);
+      }
+
+      try {
+         int code = ResponseUtil.getHttpCode(response);
+         if (code == 201) {
+            Header header = response.getFirstHeader("Location");
+            contextMap.put(KEY_PULL_CONSUMERS_LOC, header.getValue());
+            header = response.getFirstHeader(KEY_MSG_CONSUME_NEXT);
+            contextMap.put(KEY_MSG_CONSUME_NEXT, header.getValue());
+            header = response.getFirstHeader(KEY_MSG_ACK_NEXT);
+            if (header != null) {
+               contextMap.put(KEY_MSG_ACK_NEXT, header.getValue());
+            }
+         }
+      }
+      finally {
+         response.close();
+      }
+
+   }
+
+   @Override
+   protected String getPushLink(String pushTarget) {
+      return PREFIX_QUEUE + pushTarget;
+   }
+
+}

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2fb8341f/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/ResponseUtil.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/ResponseUtil.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/ResponseUtil.java
new file mode 100644
index 0000000..7da8957
--- /dev/null
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/ResponseUtil.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.tests.integration.rest.util;
+
+import org.apache.http.HttpEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.util.EntityUtils;
+
+import java.io.IOException;
+
+public class ResponseUtil {
+   public static int getHttpCode(CloseableHttpResponse response) {
+      return response.getStatusLine().getStatusCode();
+   }
+
+   public static String getDetails(CloseableHttpResponse response) throws IOException {
+      HttpEntity entity = response.getEntity();
+      return EntityUtils.toString(entity);
+   }
+}

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2fb8341f/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestAMQConnection.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestAMQConnection.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestAMQConnection.java
new file mode 100644
index 0000000..4b3cdd4
--- /dev/null
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestAMQConnection.java
@@ -0,0 +1,104 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.tests.integration.rest.util;
+
+import java.io.Closeable;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpDelete;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.entity.ContentType;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+
+public class RestAMQConnection implements Closeable {
+   private CloseableHttpClient httpClient = HttpClients.createDefault();
+
+   private String targetUri;
+   private List<RestMessageContext> contexts = new ArrayList<>();
+
+   public RestAMQConnection(String targetUri) {
+      this.targetUri = targetUri;
+   }
+
+   public QueueRestMessageContext createQueueContext(String queue) throws Exception {
+      QueueRestMessageContext ctx = new QueueRestMessageContext(this, queue);
+      contexts.add(ctx);
+      return ctx;
+   }
+
+   public TopicRestMessageContext createTopicContext(String topic) throws Exception {
+      TopicRestMessageContext ctx = new TopicRestMessageContext(this, topic, false);
+      contexts.add(ctx);
+      return ctx;
+   }
+
+   @Override
+   public void close() throws IOException {
+      for (RestMessageContext ctx : contexts) {
+         ctx.close();
+      }
+      httpClient.close();
+   }
+
+   private String getFullLink(String link) {
+      if (link.startsWith("http:")) {
+         return link;
+      }
+      return targetUri + link;
+   }
+
+   public CloseableHttpResponse request(String destLink) throws IOException {
+      String fullLink = getFullLink(destLink);
+      HttpGet request = new HttpGet(fullLink);
+      CloseableHttpResponse resp = httpClient.execute(request);
+      return resp;
+   }
+
+   public CloseableHttpResponse post(String uri, String contentType, String body) throws IOException {
+      String fullLink = getFullLink(uri);
+      HttpPost post = new HttpPost(fullLink);
+      StringEntity entity = new StringEntity(body,
+              ContentType.create(contentType));
+      post.setEntity(entity);
+      CloseableHttpResponse resp = httpClient.execute(post);
+      return resp;
+   }
+
+   public CloseableHttpResponse post(String uri) throws IOException {
+      String fullLink = getFullLink(uri);
+      HttpPost post = new HttpPost(fullLink);
+      CloseableHttpResponse resp = httpClient.execute(post);
+      return resp;
+   }
+
+   public void delete(String uri) throws IOException {
+      String consumerUri = getFullLink(uri);
+      HttpDelete delete = new HttpDelete(consumerUri);
+      CloseableHttpResponse resp = httpClient.execute(delete);
+   }
+
+   public String getTargetUri() {
+      return this.targetUri;
+   }
+
+}

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2fb8341f/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestMessageContext.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestMessageContext.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestMessageContext.java
new file mode 100644
index 0000000..a4dfa30
--- /dev/null
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestMessageContext.java
@@ -0,0 +1,271 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.tests.integration.rest.util;
+
+import java.io.Closeable;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.http.Header;
+import org.apache.http.HttpEntity;
+import org.apache.http.client.ClientProtocolException;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.util.EntityUtils;
+
+public abstract class RestMessageContext implements Closeable {
+   public static final String KEY_MSG_CREATE = "msg-create";
+   public static final String KEY_MSG_CREATE_ID = "msg-create-with-id";
+   public static final String KEY_MSG_PULL = "msg-pull-consumers";
+   public static final String KEY_MSG_PUSH = "msg-push-consumers";
+
+   public static final String KEY_MSG_PULL_SUB = "msg-pull-subscriptions";
+   public static final String KEY_MSG_PUSH_SUB = "msg-push-subscriptions";
+
+   public static final String KEY_MSG_CREATE_NEXT = "msg-create-next";
+
+   public static final String KEY_PULL_CONSUMERS_LOC = "pull-consumers-location";
+   public static final String KEY_MSG_CONSUME_NEXT = "msg-consume-next";
+
+   public static final String KEY_MSG_CONSUMER = "msg-consumer";
+   public static final String KEY_MSG_ACK_NEXT = "msg-acknowledge-next";
+   public static final String KEY_MSG_ACK = "msg-acknowledgement";
+
+   protected RestAMQConnection connection;
+   protected String destination;
+   protected Map<String, String> contextMap = new HashMap<>();
+
+   // consumer options
+   protected boolean autoAck;
+   protected boolean pushConsumer;
+
+   public RestMessageContext(RestAMQConnection restAMQConnection, String dest) throws IOException {
+      this(restAMQConnection, dest, true, false);
+   }
+
+   public RestMessageContext(RestAMQConnection restAMQConnection, String dest, boolean isAutoAck, boolean isPush) throws IOException {
+      this.connection = restAMQConnection;
+      this.destination = dest;
+      this.autoAck = isAutoAck;
+      this.pushConsumer = isPush;
+      prepareSelf();
+   }
+
+   private void prepareSelf() throws IOException {
+      String destLink = getDestLink();
+      CloseableHttpResponse response = connection.request(destLink);
+      int code = ResponseUtil.getHttpCode(response);
+      if (code != 200) {
+         System.out.println("failed to init " + destLink);
+         System.out.println("reason: " + ResponseUtil.getDetails(response));
+      }
+      try {
+         Header header = response.getFirstHeader(KEY_MSG_CREATE);
+         contextMap.put(KEY_MSG_CREATE, header.getValue());
+         header = response.getFirstHeader(KEY_MSG_CREATE_ID);
+         contextMap.put(KEY_MSG_CREATE_ID, header.getValue());
+
+         header = response.getFirstHeader(KEY_MSG_PULL);
+         if (header != null) {
+            contextMap.put(KEY_MSG_PULL, header.getValue());
+         }
+         header = response.getFirstHeader(KEY_MSG_PUSH);
+         if (header != null) {
+            contextMap.put(KEY_MSG_PUSH, header.getValue());
+         }
+         header = response.getFirstHeader(KEY_MSG_PULL_SUB);
+         if (header != null) {
+            contextMap.put(KEY_MSG_PULL_SUB, header.getValue());
+         }
+         header = response.getFirstHeader(KEY_MSG_PUSH_SUB);
+         if (header != null) {
+            contextMap.put(KEY_MSG_PUSH_SUB, header.getValue());
+         }
+      }
+      finally {
+         response.close();
+      }
+   }
+
+   protected abstract String getDestLink();
+
+   protected abstract String getPullConsumerUri();
+
+   protected abstract String getPushLink(String pushTarget);
+
+   public int postMessage(String content, String type) throws IOException {
+      String postUri;
+      String nextMsgUri = contextMap.get(KEY_MSG_CREATE_NEXT);
+      if (nextMsgUri == null) {
+         postUri = contextMap.get(KEY_MSG_CREATE);
+      }
+      else {
+         postUri = nextMsgUri;
+      }
+      CloseableHttpResponse response = connection.post(postUri, type, content);
+      int code = -1;
+      try {
+         code = ResponseUtil.getHttpCode(response);
+         // check redirection
+         if (code == 307) {
+            Header redirLoc = response.getFirstHeader("Location");
+            contextMap.put(KEY_MSG_CREATE_NEXT, redirLoc.getValue());
+            code = postMessage(content, type);// do it again.
+         }
+         else if (code == 201) {
+            Header header = response.getFirstHeader(KEY_MSG_CREATE_NEXT);
+            contextMap.put(KEY_MSG_CREATE_NEXT, header.getValue());
+         }
+      }
+      finally {
+         response.close();
+      }
+      return code;
+   }
+
+   public abstract void initPullConsumers() throws IOException;
+
+   public boolean acknowledgement(boolean ackValue) throws IOException {
+      String ackUri = contextMap.get(KEY_MSG_ACK);
+      if (ackUri != null) {
+         CloseableHttpResponse response = connection.post(ackUri, "application/x-www-form-urlencoded",
+                 "acknowledge=" + ackValue);
+         int code = ResponseUtil.getHttpCode(response);
+         if (code == 200) {
+            contextMap.put(KEY_MSG_ACK_NEXT, response.getFirstHeader(KEY_MSG_ACK_NEXT).getValue());
+         }
+         return true;
+      }
+      return false;
+   }
+
+   public String pullMessage() throws IOException {
+      String message = null;
+      String msgPullUri = null;
+      if (autoAck) {
+         msgPullUri = contextMap.get(KEY_MSG_CONSUME_NEXT);
+         if (msgPullUri == null) {
+            initPullConsumers();
+            msgPullUri = contextMap.get(KEY_MSG_CONSUME_NEXT);
+         }
+      }
+      else {
+         msgPullUri = contextMap.get(KEY_MSG_ACK_NEXT);
+         if (msgPullUri == null) {
+            initPullConsumers();
+            msgPullUri = contextMap.get(KEY_MSG_ACK_NEXT);
+         }
+      }
+
+      CloseableHttpResponse response = connection.post(msgPullUri);
+      int code = ResponseUtil.getHttpCode(response);
+      try {
+         if (code == 200) {
+            // success
+            HttpEntity entity = response.getEntity();
+            long len = entity.getContentLength();
+
+            if (len != -1 && len < 1024000) {
+               message = EntityUtils.toString(entity);
+            }
+            else {
+               // drop message
+               System.err.println("Mesage too large, drop it " + len);
+            }
+
+            Header header = response.getFirstHeader(KEY_MSG_CONSUMER);
+            contextMap.put(KEY_MSG_CONSUMER, header.getValue());
+
+            if (!autoAck) {
+               header = response.getFirstHeader(KEY_MSG_ACK);
+               contextMap.put(KEY_MSG_ACK, header.getValue());
+            }
+            else {
+               header = response.getFirstHeader(KEY_MSG_CONSUME_NEXT);
+               contextMap.put(KEY_MSG_CONSUME_NEXT, header.getValue());
+            }
+         }
+         else if (code == 503) {
+            if (autoAck) {
+               contextMap.put(KEY_MSG_CONSUME_NEXT, response.getFirstHeader(KEY_MSG_CONSUME_NEXT).getValue());
+            }
+            else {
+               contextMap.put(KEY_MSG_ACK_NEXT, response.getFirstHeader(KEY_MSG_ACK_NEXT).getValue());
+            }
+
+            Header header = response.getFirstHeader("Retry-After");
+            if (header != null) {
+               long retryDelay = Long.valueOf(response.getFirstHeader("Retry-After").getValue());
+               try {
+                  Thread.sleep(retryDelay);
+               }
+               catch (InterruptedException e) {
+                  e.printStackTrace();
+               }
+               message = pullMessage();
+            }
+         }
+         else {
+            throw new IllegalStateException("error: " + ResponseUtil.getDetails(response));
+         }
+      }
+      finally {
+         response.close();
+      }
+
+      return message;
+   }
+
+   @Override
+   public void close() {
+      String consumerUri = contextMap.get(KEY_MSG_CONSUMER);
+      if (consumerUri != null) {
+         try {
+            connection.delete(consumerUri);
+            contextMap.remove(KEY_MSG_CONSUMER);
+         }
+         catch (ClientProtocolException e) {
+            e.printStackTrace();
+         }
+         catch (IOException e) {
+            e.printStackTrace();
+         }
+      }
+   }
+
+   public void setUpPush(String pushTarget) throws Exception {
+      String pushLink = this.contextMap.get(KEY_MSG_PUSH);
+      String pushRegXml = "<push-registration>" +
+              "<link rel=\"destination\" href=\"" +
+              this.connection.getTargetUri() +
+              this.getPushLink(pushTarget) + "\"/>" +
+              "</push-registration>";
+
+      CloseableHttpResponse response = connection.post(pushLink, "application/xml", pushRegXml);
+      int code = ResponseUtil.getHttpCode(response);
+      try {
+         if (code != 201) {
+            System.out.println("Failed to push " + pushRegXml);
+            System.out.println("Location: " + pushLink);
+            throw new Exception("Failed to register push " + ResponseUtil.getDetails(response));
+         }
+      }
+      finally {
+         response.close();
+      }
+   }
+}

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2fb8341f/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/TopicRestMessageContext.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/TopicRestMessageContext.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/TopicRestMessageContext.java
new file mode 100644
index 0000000..44bff85
--- /dev/null
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/TopicRestMessageContext.java
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.tests.integration.rest.util;
+
+import java.io.IOException;
+
+import org.apache.http.Header;
+import org.apache.http.client.methods.CloseableHttpResponse;
+
+public class TopicRestMessageContext extends RestMessageContext {
+   public static final String PREFIX_TOPIC = "/topics/jms.topic.";
+
+   private boolean durableSub;
+
+   public TopicRestMessageContext(RestAMQConnection restAMQConnection, String topic, boolean durable) throws IOException {
+      super(restAMQConnection, topic);
+      this.durableSub = durable;
+   }
+
+   @Override
+   protected String getDestLink() {
+      return PREFIX_TOPIC + destination;
+   }
+
+   @Override
+   protected String getPullConsumerUri() {
+      return getDestLink() + "/pull-subscriptions";
+   }
+
+   @Override
+   public void initPullConsumers() throws IOException {
+      String pullUri = getPullConsumerUri();
+      CloseableHttpResponse response = null;
+      if (this.durableSub || !this.autoAck) {
+         String extraOpt = "durable=" + this.durableSub + "&autoAck=" + this.autoAck;
+         response = connection.post(pullUri, "application/x-www-form-urlencoded", extraOpt);
+      }
+      else {
+         response = connection.post(pullUri);
+      }
+
+      int code = ResponseUtil.getHttpCode(response);
+
+      try {
+         if (code == 201) {
+            Header header = response.getFirstHeader("Location");
+            contextMap.put(KEY_PULL_CONSUMERS_LOC, header.getValue());
+            header = response.getFirstHeader(KEY_MSG_CONSUME_NEXT);
+            contextMap.put(KEY_MSG_CONSUME_NEXT, header.getValue());
+            header = response.getFirstHeader(KEY_MSG_ACK_NEXT);
+            if (header != null) {
+               contextMap.put(KEY_MSG_ACK_NEXT, header.getValue());
+            }
+         }
+         else {
+            throw new IllegalStateException("Failed to init pull consumer " + ResponseUtil.getDetails(response));
+         }
+      }
+      finally {
+         response.close();
+      }
+   }
+
+   @Override
+   protected String getPushLink(String pushTarget) {
+      return PREFIX_TOPIC + pushTarget;
+   }
+
+}

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2fb8341f/tests/integration-tests/src/test/resources/rest/bwlist-rest-test-asm.xml
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/resources/rest/bwlist-rest-test-asm.xml b/tests/integration-tests/src/test/resources/rest/bwlist-rest-test-asm.xml
new file mode 100644
index 0000000..af952fe
--- /dev/null
+++ b/tests/integration-tests/src/test/resources/rest/bwlist-rest-test-asm.xml
@@ -0,0 +1,37 @@
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements. See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License. You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
+
+   <id>rest-test-bwlist</id>
+   <formats>
+      <format>war</format>
+   </formats>
+   <includeBaseDirectory>false</includeBaseDirectory>
+   <fileSets>
+      <fileSet>
+         <directory>../../artemis-rest/target/classes/</directory>
+         <outputDirectory>/WEB-INF/classes</outputDirectory>
+      </fileSet>
+      <fileSet>
+         <directory>src/test/resources/rest/rest-test-bwlist/webapp/</directory>
+         <outputDirectory>/</outputDirectory>
+      </fileSet>
+   </fileSets>
+</assembly>
+

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2fb8341f/tests/integration-tests/src/test/resources/rest/rest-test-asm.xml
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/resources/rest/rest-test-asm.xml b/tests/integration-tests/src/test/resources/rest/rest-test-asm.xml
new file mode 100644
index 0000000..ac1d4f2
--- /dev/null
+++ b/tests/integration-tests/src/test/resources/rest/rest-test-asm.xml
@@ -0,0 +1,37 @@
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements. See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License. You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
+
+   <id>rest-test</id>
+   <formats>
+      <format>war</format>
+   </formats>
+   <includeBaseDirectory>false</includeBaseDirectory>
+   <fileSets>
+      <fileSet>
+         <directory>../../artemis-rest/target/classes/</directory>
+         <outputDirectory>/WEB-INF/classes</outputDirectory>
+      </fileSet>
+      <fileSet>
+         <directory>src/test/resources/rest/rest-test/webapp/</directory>
+         <outputDirectory>/</outputDirectory>
+      </fileSet>
+   </fileSets>
+</assembly>
+

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2fb8341f/tests/integration-tests/src/test/resources/rest/rest-test-bwlist/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/resources/rest/rest-test-bwlist/webapp/WEB-INF/web.xml b/tests/integration-tests/src/test/resources/rest/rest-test-bwlist/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..a0582c0
--- /dev/null
+++ b/tests/integration-tests/src/test/resources/rest/rest-test-bwlist/webapp/WEB-INF/web.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+        "http://java.sun.com/dtd/web-app_2_3.dtd">
+
+<web-app>
+
+    <context-param>
+        <param-name>org.apache.activemq.artemis.jms.deserialization.whitelist</param-name>
+        <param-value>some.other.package</param-value>
+    </context-param>
+    <context-param>
+        <param-name>org.apache.activemq.artemis.jms.deserialization.blacklist</param-name>
+        <param-value>org.apache.activemq.artemis.example.rest.Order</param-value>
+    </context-param>
+
+    <filter>
+        <filter-name>Rest-Messaging</filter-name>
+        <filter-class>
+            org.jboss.resteasy.plugins.server.servlet.FilterDispatcher
+        </filter-class>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>Rest-Messaging</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <listener>
+        <listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
+    </listener>
+
+    <listener>
+        <listener-class>org.apache.activemq.artemis.rest.integration.RestMessagingBootstrapListener</listener-class>
+    </listener>
+
+</web-app>

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2fb8341f/tests/integration-tests/src/test/resources/rest/rest-test/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/resources/rest/rest-test/webapp/WEB-INF/web.xml b/tests/integration-tests/src/test/resources/rest/rest-test/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..3e5ecb9
--- /dev/null
+++ b/tests/integration-tests/src/test/resources/rest/rest-test/webapp/WEB-INF/web.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+        "http://java.sun.com/dtd/web-app_2_3.dtd">
+
+<web-app>
+
+<!--
+    <context-param>
+        <param-name>org.apache.activemq.artemis.jms.deserialization.whitelist</param-name>
+        <param-value>some.other.package</param-value>
+    </context-param>
+    <context-param>
+        <param-name>org.apache.activemq.artemis.jms.deserialization.blacklist</param-name>
+        <param-value>org.apache.activemq.artemis.example.rest.Order</param-value>
+    </context-param>
+-->
+
+    <filter>
+        <filter-name>Rest-Messaging</filter-name>
+        <filter-class>
+            org.jboss.resteasy.plugins.server.servlet.FilterDispatcher
+        </filter-class>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>Rest-Messaging</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <listener>
+        <listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
+    </listener>
+
+    <listener>
+        <listener-class>org.apache.activemq.artemis.rest.integration.RestMessagingBootstrapListener</listener-class>
+    </listener>
+
+</web-app>


Mime
View raw message