activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbono...@apache.org
Subject [activemq] branch activemq-5.16.x updated: AMQ-8035 - ensure propagated credentials are visible for bind and removed for subsequent mapping operations
Date Wed, 16 Sep 2020 15:54:25 GMT
This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch activemq-5.16.x
in repository https://gitbox.apache.org/repos/asf/activemq.git


The following commit(s) were added to refs/heads/activemq-5.16.x by this push:
     new c9f68f4  AMQ-8035 - ensure propagated credentials are visible for bind and removed
for subsequent mapping operations
c9f68f4 is described below

commit c9f68f4c64b2687eee283b95538753665d2b229b
Author: gtully <gary.tully@gmail.com>
AuthorDate: Mon Sep 7 17:02:23 2020 +0100

    AMQ-8035 - ensure propagated credentials are visible for bind and removed for subsequent
mapping operations
    
    (cherry picked from commit 73e291693d59a96c0054fc7e7e09c2c67b192911)
---
 .../org/apache/activemq/jaas/LDAPLoginModule.java  |  3 +-
 .../apache/activemq/jaas/LDAPLoginModuleTest.java  | 48 ++++++++++++++++++++--
 activemq-jaas/src/test/resources/login.config      | 19 +++++++++
 3 files changed, 66 insertions(+), 4 deletions(-)

diff --git a/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java b/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java
index aad8f50..e1dc703 100644
--- a/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java
+++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java
@@ -440,6 +440,7 @@ public class LDAPLoginModule implements LoginModule {
         if (log.isDebugEnabled()) {
             log.debug("Binding the user.");
         }
+        context.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
         context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
         context.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
         try {
@@ -465,7 +466,7 @@ public class LDAPLoginModule implements LoginModule {
         } else {
             context.removeFromEnvironment(Context.SECURITY_CREDENTIALS);
         }
-
+        context.addToEnvironment(Context.SECURITY_AUTHENTICATION, getLDAPPropertyValue(AUTHENTICATION));
         return isValid;
     }
 
diff --git a/activemq-jaas/src/test/java/org/apache/activemq/jaas/LDAPLoginModuleTest.java
b/activemq-jaas/src/test/java/org/apache/activemq/jaas/LDAPLoginModuleTest.java
index ea2fb57..208dba2 100644
--- a/activemq-jaas/src/test/java/org/apache/activemq/jaas/LDAPLoginModuleTest.java
+++ b/activemq-jaas/src/test/java/org/apache/activemq/jaas/LDAPLoginModuleTest.java
@@ -18,7 +18,6 @@ package org.apache.activemq.jaas;
 
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.integ.ServerIntegrationUtils;
 import org.apache.directory.server.ldap.LdapServer;
 import org.apache.directory.server.annotations.CreateLdapServer;
 import org.apache.directory.server.annotations.CreateTransport;
@@ -34,11 +33,11 @@ import javax.naming.NamingEnumeration;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
 import javax.security.auth.callback.*;
+import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
 import java.io.IOException;
-import java.net.URL;
 import java.util.HashSet;
 import java.util.Hashtable;
 
@@ -47,7 +46,7 @@ import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 @RunWith ( FrameworkRunner.class )
-@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port=1024)})
+@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port=1024)}, allowAnonymousAccess
= true)
 @ApplyLdifFiles(
    "test.ldif"
 )
@@ -172,4 +171,47 @@ public class LDAPLoginModuleTest extends AbstractLdapTestUnit {
     }
 
 
+    @Test
+    public void testAuthenticatedViaBindOnAnonConnection() throws Exception {
+        LoginContext context = new LoginContext("AnonBindCheckUserLDAPLogin", new CallbackHandler()
{
+            @Override
+            public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+                for (int i = 0; i < callbacks.length; i++) {
+                    if (callbacks[i] instanceof NameCallback) {
+                        ((NameCallback) callbacks[i]).setName("first");
+                    } else if (callbacks[i] instanceof PasswordCallback) {
+                        ((PasswordCallback) callbacks[i]).setPassword("wrongSecret".toCharArray());
+                    } else {
+                        throw new UnsupportedCallbackException(callbacks[i]);
+                    }
+                }
+            }
+        });
+        try {
+            context.login();
+            fail("Should have failed authenticating");
+        } catch (FailedLoginException expected) {
+        }
+    }
+
+    @Test
+    public void testAuthenticatedOkViaBindOnAnonConnection() throws Exception {
+        LoginContext context = new LoginContext("AnonBindCheckUserLDAPLogin", new CallbackHandler()
{
+            @Override
+            public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+                for (int i = 0; i < callbacks.length; i++) {
+                    if (callbacks[i] instanceof NameCallback) {
+                        ((NameCallback) callbacks[i]).setName("first");
+                    } else if (callbacks[i] instanceof PasswordCallback) {
+                        ((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
+                    } else {
+                        throw new UnsupportedCallbackException(callbacks[i]);
+                    }
+                }
+            }
+        });
+        context.login();
+        context.logout();
+    }
+
 }
diff --git a/activemq-jaas/src/test/resources/login.config b/activemq-jaas/src/test/resources/login.config
index aad35cf..b5e8cf8 100644
--- a/activemq-jaas/src/test/resources/login.config
+++ b/activemq-jaas/src/test/resources/login.config
@@ -105,6 +105,25 @@ UnAuthenticatedLDAPLogin {
         ;
 };
 
+AnonBindCheckUserLDAPLogin {
+    org.apache.activemq.jaas.LDAPLoginModule required
+        debug=true
+        initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+        connectionURL="ldap://localhost:1024"
+        connectionUsername=none
+        connectionPassword=none
+        connectionProtocol=s
+        authentication=none
+        userBase="ou=system"
+        userSearchMatching="(uid={0})"
+        userSearchSubtree=false
+        roleBase="ou=system"
+        roleName=cn
+        roleSearchMatching="(member=uid={1},ou=system)"
+        roleSearchSubtree=false
+        ;
+};
+
 ExpandedLDAPLogin {
     org.apache.activemq.jaas.LDAPLoginModule required
         debug=true


Mime
View raw message