activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From clebertsuco...@apache.org
Subject [activemq-artemis] branch master updated: ARTEMIS-2886 put address/FQQN into new security manager interface
Date Mon, 14 Sep 2020 19:35:32 GMT
This is an automated email from the ASF dual-hosted git repository.

clebertsuconic pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git


The following commit(s) were added to refs/heads/master by this push:
     new cf92c16  ARTEMIS-2886 put address/FQQN into new security manager interface
     new 3fc2fed  This closes #3254
cf92c16 is described below

commit cf92c163394069fdbcd48055920866a22103a29c
Author: Justin Bertram <jbertram@apache.org>
AuthorDate: Thu Sep 3 21:29:25 2020 -0500

    ARTEMIS-2886 put address/FQQN into new security manager interface
    
    The default JAAS security manager doesn't need the address/FQQN for
    authorization, but I'm putting it back into the interface because there
    are other use cases which *do* need it.
---
 .../activemq/artemis/core/security/impl/SecurityStoreImpl.java   | 2 +-
 .../artemis/spi/core/security/ActiveMQJAASSecurityManager.java   | 3 ++-
 .../artemis/spi/core/security/ActiveMQSecurityManager5.java      | 5 +++--
 .../artemis/core/security/jaas/JAASSecurityManagerTest.java      | 2 +-
 .../activemq/artemis/jms/example/JAASSecurityManagerWrapper.java | 9 +++++----
 5 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
index c670791..7382142 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
@@ -270,7 +270,7 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC
          final Boolean validated;
          if (securityManager instanceof ActiveMQSecurityManager5) {
             Subject subject = getSubjectForAuthorization(session, ((ActiveMQSecurityManager5)
securityManager));
-            validated = ((ActiveMQSecurityManager5) securityManager).authorize(subject, roles,
checkType);
+            validated = ((ActiveMQSecurityManager5) securityManager).authorize(subject, roles,
checkType, isFullyQualified ? fqqn.toString() : bareAddress.toString());
          } else if (securityManager instanceof ActiveMQSecurityManager4) {
             validated = ((ActiveMQSecurityManager4) securityManager).validateUserAndRole(user,
session.getPassword(), roles, checkType, bareAddress.toString(), session.getRemotingConnection(),
session.getSecurityDomain()) != null;
          } else if (securityManager instanceof ActiveMQSecurityManager3) {
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java
index f90451d..18fada5 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java
@@ -113,7 +113,8 @@ public class ActiveMQJAASSecurityManager implements ActiveMQSecurityManager5
{
    @Override
    public boolean authorize(final Subject subject,
                             final Set<Role> roles,
-                            final CheckType checkType) {
+                            final CheckType checkType,
+                            final String address) {
       boolean authorized = false;
 
       if (subject != null) {
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager5.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager5.java
index e043866..f3871d0 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager5.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager5.java
@@ -42,7 +42,7 @@ public interface ActiveMQSecurityManager5 extends ActiveMQSecurityManager
{
     * @param password the user's password
     * @param remotingConnection the user's connection which contains any corresponding SSL
certs
     * @param securityDomain the name of the JAAS security domain to use (can be null)
-    * @return the Subject of the authenticated user or null if the user isn't authenticated
+    * @return the Subject of the authenticated user, else null
     */
    Subject authenticate(String user, String password, RemotingConnection remotingConnection,
String securityDomain);
 
@@ -55,7 +55,8 @@ public interface ActiveMQSecurityManager5 extends ActiveMQSecurityManager
{
     * @param subject    the Subject to authorize
     * @param roles      the roles configured in the security-settings
     * @param checkType  which permission to validate
+    * @param address    the address (or FQQN) to grant access to
     * @return true if the user is authorized, else false
     */
-   boolean authorize(Subject subject, Set<Role> roles, CheckType checkType);
+   boolean authorize(Subject subject, Set<Role> roles, CheckType checkType, String
address);
 }
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/JAASSecurityManagerTest.java
b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/JAASSecurityManagerTest.java
index b2f73b1..83519f4 100644
--- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/JAASSecurityManagerTest.java
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/JAASSecurityManagerTest.java
@@ -92,7 +92,7 @@ public class JAASSecurityManagerTest {
          Role role = new Role("programmers", true, true, true, true, true, true, true, true,
true, true);
          Set<Role> roles = new HashSet<>();
          roles.add(role);
-         boolean authorizationResult = securityManager.authorize(result, roles, CheckType.SEND);
+         boolean authorizationResult = securityManager.authorize(result, roles, CheckType.SEND,
"someaddress");
 
          assertTrue(authorizationResult);
 
diff --git a/examples/features/standard/security-manager/src/main/java/org/apache/activemq/artemis/jms/example/JAASSecurityManagerWrapper.java
b/examples/features/standard/security-manager/src/main/java/org/apache/activemq/artemis/jms/example/JAASSecurityManagerWrapper.java
index 251e467..79da06c 100644
--- a/examples/features/standard/security-manager/src/main/java/org/apache/activemq/artemis/jms/example/JAASSecurityManagerWrapper.java
+++ b/examples/features/standard/security-manager/src/main/java/org/apache/activemq/artemis/jms/example/JAASSecurityManagerWrapper.java
@@ -33,16 +33,17 @@ public class JAASSecurityManagerWrapper implements ActiveMQSecurityManager5
{
 
    @Override
    public Subject authenticate(String user, String password, RemotingConnection remotingConnection,
String securityDomain) {
-      System.out.println("authenticate(" + user + ", " + password + ", " + remotingConnection.getRemoteAddress()
+ ")");
+      System.out.println("authenticate(" + user + ", " + password + ", " + remotingConnection.getRemoteAddress()
+ ", " + securityDomain + ")");
       return activeMQJAASSecurityManager.authenticate(user, password, remotingConnection,
securityDomain);
    }
 
    @Override
    public boolean authorize(Subject subject,
                             Set<Role> roles,
-                            CheckType checkType) {
-      System.out.println("authorize(" + subject + ", " + roles + ", " + checkType + ")");
-      return activeMQJAASSecurityManager.authorize(subject, roles, checkType);
+                            CheckType checkType,
+                            String address) {
+      System.out.println("authorize(" + subject + ", " + roles + ", " + checkType + ", "
+ address + ")");
+      return activeMQJAASSecurityManager.authorize(subject, roles, checkType, address);
    }
 
    @Override


Mime
View raw message