This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch activemq-5.16.x
in repository https://gitbox.apache.org/repos/asf/activemq.git
The following commit(s) were added to refs/heads/activemq-5.16.x by this push:
new c9f68f4 AMQ-8035 - ensure propagated credentials are visible for bind and removed
for subsequent mapping operations
c9f68f4 is described below
commit c9f68f4c64b2687eee283b95538753665d2b229b
Author: gtully <gary.tully@gmail.com>
AuthorDate: Mon Sep 7 17:02:23 2020 +0100
AMQ-8035 - ensure propagated credentials are visible for bind and removed for subsequent
mapping operations
(cherry picked from commit 73e291693d59a96c0054fc7e7e09c2c67b192911)
---
.../org/apache/activemq/jaas/LDAPLoginModule.java | 3 +-
.../apache/activemq/jaas/LDAPLoginModuleTest.java | 48 ++++++++++++++++++++--
activemq-jaas/src/test/resources/login.config | 19 +++++++++
3 files changed, 66 insertions(+), 4 deletions(-)
diff --git a/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java b/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java
index aad8f50..e1dc703 100644
--- a/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java
+++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java
@@ -440,6 +440,7 @@ public class LDAPLoginModule implements LoginModule {
if (log.isDebugEnabled()) {
log.debug("Binding the user.");
}
+ context.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
context.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
try {
@@ -465,7 +466,7 @@ public class LDAPLoginModule implements LoginModule {
} else {
context.removeFromEnvironment(Context.SECURITY_CREDENTIALS);
}
-
+ context.addToEnvironment(Context.SECURITY_AUTHENTICATION, getLDAPPropertyValue(AUTHENTICATION));
return isValid;
}
diff --git a/activemq-jaas/src/test/java/org/apache/activemq/jaas/LDAPLoginModuleTest.java
b/activemq-jaas/src/test/java/org/apache/activemq/jaas/LDAPLoginModuleTest.java
index ea2fb57..208dba2 100644
--- a/activemq-jaas/src/test/java/org/apache/activemq/jaas/LDAPLoginModuleTest.java
+++ b/activemq-jaas/src/test/java/org/apache/activemq/jaas/LDAPLoginModuleTest.java
@@ -18,7 +18,6 @@ package org.apache.activemq.jaas;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.integ.ServerIntegrationUtils;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
@@ -34,11 +33,11 @@ import javax.naming.NamingEnumeration;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.security.auth.callback.*;
+import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import java.io.IOException;
-import java.net.URL;
import java.util.HashSet;
import java.util.Hashtable;
@@ -47,7 +46,7 @@ import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@RunWith ( FrameworkRunner.class )
-@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port=1024)})
+@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port=1024)}, allowAnonymousAccess
= true)
@ApplyLdifFiles(
"test.ldif"
)
@@ -172,4 +171,47 @@ public class LDAPLoginModuleTest extends AbstractLdapTestUnit {
}
+ @Test
+ public void testAuthenticatedViaBindOnAnonConnection() throws Exception {
+ LoginContext context = new LoginContext("AnonBindCheckUserLDAPLogin", new CallbackHandler()
{
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof NameCallback) {
+ ((NameCallback) callbacks[i]).setName("first");
+ } else if (callbacks[i] instanceof PasswordCallback) {
+ ((PasswordCallback) callbacks[i]).setPassword("wrongSecret".toCharArray());
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i]);
+ }
+ }
+ }
+ });
+ try {
+ context.login();
+ fail("Should have failed authenticating");
+ } catch (FailedLoginException expected) {
+ }
+ }
+
+ @Test
+ public void testAuthenticatedOkViaBindOnAnonConnection() throws Exception {
+ LoginContext context = new LoginContext("AnonBindCheckUserLDAPLogin", new CallbackHandler()
{
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof NameCallback) {
+ ((NameCallback) callbacks[i]).setName("first");
+ } else if (callbacks[i] instanceof PasswordCallback) {
+ ((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i]);
+ }
+ }
+ }
+ });
+ context.login();
+ context.logout();
+ }
+
}
diff --git a/activemq-jaas/src/test/resources/login.config b/activemq-jaas/src/test/resources/login.config
index aad35cf..b5e8cf8 100644
--- a/activemq-jaas/src/test/resources/login.config
+++ b/activemq-jaas/src/test/resources/login.config
@@ -105,6 +105,25 @@ UnAuthenticatedLDAPLogin {
;
};
+AnonBindCheckUserLDAPLogin {
+ org.apache.activemq.jaas.LDAPLoginModule required
+ debug=true
+ initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+ connectionURL="ldap://localhost:1024"
+ connectionUsername=none
+ connectionPassword=none
+ connectionProtocol=s
+ authentication=none
+ userBase="ou=system"
+ userSearchMatching="(uid={0})"
+ userSearchSubtree=false
+ roleBase="ou=system"
+ roleName=cn
+ roleSearchMatching="(member=uid={1},ou=system)"
+ roleSearchSubtree=false
+ ;
+};
+
ExpandedLDAPLogin {
org.apache.activemq.jaas.LDAPLoginModule required
debug=true
|