activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From clebertsuco...@apache.org
Subject [1/2] activemq-artemis git commit: ARTEMIS-592 finer-grained security for queues
Date Thu, 11 Aug 2016 22:33:09 GMT
Repository: activemq-artemis
Updated Branches:
  refs/heads/master 952d372ce -> 97bb55940


ARTEMIS-592 finer-grained security for queues


Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/b54de460
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/b54de460
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/b54de460

Branch: refs/heads/master
Commit: b54de460c65cbb20b020ef662677a98de83c779d
Parents: 952d372
Author: jbertram <jbertram@apache.org>
Authored: Fri Jul 1 21:18:06 2016 -0500
Committer: Clebert Suconic <clebertsuconic@apache.org>
Committed: Thu Aug 11 18:32:54 2016 -0400

----------------------------------------------------------------------
 .../core/server/impl/ServerSessionImpl.java     | 14 ++++-
 .../integration/security/SecurityTest.java      | 59 ++++++++++++++++++++
 .../src/test/resources/roles.properties         |  2 +
 .../src/test/resources/users.properties         |  2 +
 4 files changed, 75 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/b54de460/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
index aeee1a8..c3d399a 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
@@ -420,10 +420,20 @@ public class ServerSessionImpl implements ServerSession, FailureListener
{
       }
 
       if (browseOnly) {
-         securityCheck(binding.getAddress(), CheckType.BROWSE, this);
+         try {
+            securityCheck(binding.getAddress(), CheckType.BROWSE, this);
+         }
+         catch (Exception e) {
+            securityCheck(binding.getAddress().concat(".").concat(queueName), CheckType.BROWSE,
this);
+         }
       }
       else {
-         securityCheck(binding.getAddress(), CheckType.CONSUME, this);
+         try {
+            securityCheck(binding.getAddress(), CheckType.CONSUME, this);
+         }
+         catch (Exception e) {
+            securityCheck(binding.getAddress().concat(".").concat(queueName), CheckType.CONSUME,
this);
+         }
       }
 
       Filter filter = FilterImpl.createFilter(filterString);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/b54de460/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
index 17b1126..5059fab 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
@@ -314,6 +314,65 @@ public class SecurityTest extends ActiveMQTestBase {
    }
 
    @Test
+   public void testJAASSecurityManagerAuthorizationSameAddressDifferentQueues() throws Exception
{
+      final SimpleString ADDRESS = new SimpleString("address");
+      final SimpleString QUEUE_A = new SimpleString("a");
+      final SimpleString QUEUE_B = new SimpleString("b");
+
+      ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
+      ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true),
ManagementFactory.getPlatformMBeanServer(), securityManager, false));
+      Set<Role> aRoles = new HashSet<>();
+      aRoles.add(new Role(QUEUE_A.toString(), false, true, false, false, false, false, false,
false));
+      server.getConfiguration().putSecurityRoles(ADDRESS.concat(".").concat(QUEUE_A).toString(),
aRoles);
+      Set<Role> bRoles = new HashSet<>();
+      bRoles.add(new Role(QUEUE_B.toString(), false, true, false, false, false, false, false,
false));
+      server.getConfiguration().putSecurityRoles(ADDRESS.concat(".").concat(QUEUE_B).toString(),
bRoles);
+      server.start();
+      server.createQueue(ADDRESS, QUEUE_A, null, true, false);
+      server.createQueue(ADDRESS, QUEUE_B, null, true, false);
+
+      ClientSessionFactory cf = createSessionFactory(locator);
+      ClientSession aSession = addClientSession(cf.createSession("a", "a", false, true, true,
false, 0));
+      ClientSession bSession = addClientSession(cf.createSession("b", "b", false, true, true,
false, 0));
+
+      // client A CONSUME from queue A
+      try {
+         ClientConsumer consumer = aSession.createConsumer(QUEUE_A);
+      }
+      catch (ActiveMQException e) {
+         e.printStackTrace();
+         Assert.fail("should not throw exception here");
+      }
+
+      // client B CONSUME from queue A
+      try {
+         ClientConsumer consumer = bSession.createConsumer(QUEUE_A);
+         Assert.fail("should throw exception here");
+      }
+      catch (ActiveMQException e) {
+         assertTrue(e instanceof ActiveMQSecurityException);
+      }
+
+      // client B CONSUME from queue B
+      try {
+         ClientConsumer consumer = bSession.createConsumer(QUEUE_B);
+      }
+      catch (ActiveMQException e) {
+         e.printStackTrace();
+         Assert.fail("should not throw exception here");
+      }
+
+      // client A CONSUME from queue B
+      try {
+         ClientConsumer consumer = aSession.createConsumer(QUEUE_B);
+         Assert.fail("should throw exception here");
+      }
+      catch (ActiveMQException e) {
+         assertTrue(e instanceof ActiveMQSecurityException);
+      }
+   }
+
+   @Test
    public void testJAASSecurityManagerAuthorizationNegativeWithCerts() throws Exception {
       final SimpleString ADDRESS = new SimpleString("address");
       final SimpleString DURABLE_QUEUE = new SimpleString("durableQueue");

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/b54de460/tests/integration-tests/src/test/resources/roles.properties
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/resources/roles.properties b/tests/integration-tests/src/test/resources/roles.properties
index de332d3..12649f0 100644
--- a/tests/integration-tests/src/test/resources/roles.properties
+++ b/tests/integration-tests/src/test/resources/roles.properties
@@ -18,3 +18,5 @@
 programmers=first
 accounting=second
 employees=first,second
+a=a
+b=b

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/b54de460/tests/integration-tests/src/test/resources/users.properties
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/resources/users.properties b/tests/integration-tests/src/test/resources/users.properties
index 1087b0b..de63386 100644
--- a/tests/integration-tests/src/test/resources/users.properties
+++ b/tests/integration-tests/src/test/resources/users.properties
@@ -17,3 +17,5 @@
 
 first=secret
 second=password
+a=a
+b=b


Mime
View raw message