activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gtu...@apache.org
Subject activemq git commit: NO-JIRA - remove info logging of config mods, add sanity test of mod to write acl for authorization plugin
Date Wed, 05 Oct 2016 16:09:24 GMT
Repository: activemq
Updated Branches:
  refs/heads/master a27f4f2ea -> c1e94c615


NO-JIRA - remove info logging of config mods, add sanity test of mod to write acl for authorization
plugin


Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/c1e94c61
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/c1e94c61
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/c1e94c61

Branch: refs/heads/master
Commit: c1e94c615859ee9f61c3c16d00cf87369ea40317
Parents: a27f4f2
Author: gtully <gary.tully@gmail.com>
Authored: Wed Oct 5 17:07:20 2016 +0100
Committer: gtully <gary.tully@gmail.com>
Committed: Wed Oct 5 17:08:46 2016 +0100

----------------------------------------------------------------------
 .../plugin/DefaultConfigurationProcessor.java   |  2 +-
 .../activemq/AbstractAuthorizationTest.java     | 21 ++++++++
 .../org/apache/activemq/AuthorizationTest.java  | 17 ++++++
 .../authorizationTest-users-add-write-guest.xml | 55 ++++++++++++++++++++
 4 files changed, 94 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq/blob/c1e94c61/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java
----------------------------------------------------------------------
diff --git a/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java
b/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java
index fddfe48..1e539ed 100644
--- a/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java
+++ b/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java
@@ -96,7 +96,7 @@ public class DefaultConfigurationProcessor implements ConfigurationProcessor
{
             Object existing = current.get(currentIndex);
             Object candidate = modification.get(modIndex);
             if (!existing.equals(candidate)) {
-                plugin.info("modification to:" + existing + " , with: " + candidate);
+                plugin.debug("modification to:" + existing + " , with: " + candidate);
                 ConfigurationProcessor processor = findProcessor(existing);
                 if (processor != null) {
                     processor.modify(existing, candidate);

http://git-wip-us.apache.org/repos/asf/activemq/blob/c1e94c61/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java
----------------------------------------------------------------------
diff --git a/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java
b/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java
index 286d7c1..a394073 100644
--- a/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java
+++ b/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java
@@ -64,4 +64,25 @@ public abstract class AbstractAuthorizationTest extends RuntimeConfigTestSupport
         }
     }
 
+    protected void assertAllowedWrite(String userPass, String dest) throws JMSException {
+        ActiveMQConnection connection = new ActiveMQConnectionFactory("vm://localhost").createActiveMQConnection(userPass,
userPass);
+        connection.start();
+        try {
+            Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+            session.createProducer(session.createQueue(dest)).send(session.createTextMessage());
+        } finally {
+            connection.close();
+        }
+    }
+
+    protected void assertDeniedWrite(String userPass, String destination) {
+        try {
+            assertAllowedWrite(userPass, destination);
+            fail("Expected not allowed exception");
+        } catch (JMSException expected) {
+            LOG.debug("got:" + expected, expected);
+        }
+    }
+
+
 }

http://git-wip-us.apache.org/repos/asf/activemq/blob/c1e94c61/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
----------------------------------------------------------------------
diff --git a/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
b/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
index 0b933e9..3a8b7c6 100644
--- a/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
+++ b/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
@@ -34,6 +34,7 @@ public class AuthorizationTest extends AbstractAuthorizationTest {
 
         assertAllowed("user", "USERS.A");
         assertDenied("user", "GUESTS.A");
+        assertDenied("guest", "GUESTS.A");
 
         assertDeniedTemp("guest");
 
@@ -66,6 +67,22 @@ public class AuthorizationTest extends AbstractAuthorizationTest {
     }
 
     @Test
+    public void testModAddWrite() throws Exception {
+        final String brokerConfig = configurationSeed + "-auth-rm-broker";
+        applyNewConfig(brokerConfig, configurationSeed + "-users");
+        startBroker(brokerConfig);
+        assertTrue("broker alive", brokerService.isStarted());
+
+        assertAllowedWrite("user", "USERS.A");
+        assertDeniedWrite("guest", "USERS.A");
+
+        applyNewConfig(brokerConfig, configurationSeed + "-users-add-write-guest", SLEEP);
+
+        assertAllowedWrite("user", "USERS.A");
+        assertAllowedWrite("guest", "USERS.A");
+    }
+
+    @Test
     public void testWildcard() throws Exception {
         final String brokerConfig = configurationSeed + "-auth-broker";
         applyNewConfig(brokerConfig, configurationSeed + "-wildcard-users-guests");

http://git-wip-us.apache.org/repos/asf/activemq/blob/c1e94c61/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml
----------------------------------------------------------------------
diff --git a/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml
b/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml
new file mode 100644
index 0000000..646f158
--- /dev/null
+++ b/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<beans
+        xmlns="http://www.springframework.org/schema/beans"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+  http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+
+  <broker xmlns="http://activemq.apache.org/schema/core" start="false" persistent="false">
+    <plugins>
+      <runtimeConfigurationPlugin checkPeriod="1000"/>
+
+      <!--  use JAAS to authenticate using the login.config file on the classpath to configure
JAAS -->
+      <jaasAuthenticationPlugin configuration="activemq-domain"/>
+
+      <!--  lets configure a destination based authorization mechanism -->
+      <authorizationPlugin>
+        <map>
+          <authorizationMap>
+            <authorizationEntries>
+              <authorizationEntry queue=">" read="admins" write="admins" admin="admins"/>
+              <authorizationEntry queue="USERS.>" read="users" write="users,guests"
admin="users"/>
+
+              <authorizationEntry topic=">" read="admins" write="admins" admin="admins"/>
+              <authorizationEntry topic="USERS.>" read="users" write="users" admin="users"/>
+
+              <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users"
+                                  admin="guests,users"/>
+            </authorizationEntries>
+
+            <tempDestinationAuthorizationEntry>
+              <tempDestinationAuthorizationEntry read="tempDestinationAdmins" write="tempDestinationAdmins"
+                                                 admin="tempDestinationAdmins"/>
+            </tempDestinationAuthorizationEntry>
+          </authorizationMap>
+        </map>
+      </authorizationPlugin>
+    </plugins>
+  </broker>
+</beans>


Mime
View raw message