Return-Path: Delivered-To: apmail-qpid-commits-archive@www.apache.org Received: (qmail 12370 invoked from network); 31 May 2010 16:04:16 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 31 May 2010 16:04:16 -0000 Received: (qmail 1588 invoked by uid 500); 31 May 2010 16:04:16 -0000 Delivered-To: apmail-qpid-commits-archive@qpid.apache.org Received: (qmail 1572 invoked by uid 500); 31 May 2010 16:04:16 -0000 Mailing-List: contact commits-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@qpid.apache.org Delivered-To: mailing list commits@qpid.apache.org Received: (qmail 1565 invoked by uid 99); 31 May 2010 16:04:16 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 31 May 2010 16:04:16 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 31 May 2010 16:04:08 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 513952388A2C; Mon, 31 May 2010 16:03:46 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r949781 [4/5] - in /qpid/trunk/qpid/java: broker/etc/ broker/src/main/java/org/apache/qpid/qmf/ broker/src/main/java/org/apache/qpid/server/ broker/src/main/java/org/apache/qpid/server/binding/ broker/src/main/java/org/apache/qpid/server/co... Date: Mon, 31 May 2010 16:03:44 -0000 To: commits@qpid.apache.org From: robbie@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20100531160346.513952388A2C@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Added: qpid/trunk/qpid/java/systests/etc/test-default.txt URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/test-default.txt?rev=949781&view=auto ============================================================================== --- qpid/trunk/qpid/java/systests/etc/test-default.txt (added) +++ qpid/trunk/qpid/java/systests/etc/test-default.txt Mon May 31 16:03:41 2010 @@ -0,0 +1,73 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# This section grants virtualhost access rights +ACL ALLOW client ACCESS VIRTUALHOST +ACL ALLOW server ACCESS VIRTUALHOST + +# This section grants publish rights to an exchange + routing key pair + +# Allow clients to publish requests +ACL ALLOW client PUBLISH EXCHANGE name="amq.direct" routingKey="example.RequestQueue" + +# Allow the processor to respond to a client on their Temporary Topic +ACL ALLOW server PUBLISH EXCHANGE name="amq.direct" routingKey="tmp_*" +ACL ALLOW server PUBLISH EXCHANGE name="amq.direct" routingKey="TempQueue*" + +# This section grants users the ability to consume from the broker + +# Allow client to consume from temporary queues +ACL ALLOW client CONSUME QUEUE temporary=true + +# Only allow the server to consume from the Request Queue +ACL ALLOW server CONSUME QUEUE name="example.RequestQueue" + +# Allow client and server to consume from kipper queues +ACL ALLOW client CONSUME QUEUE name="clientid:kipper" +ACL ALLOW server CONSUME QUEUE name="clientid:kipper" + +# This section grants users the ability to create/delete queues and exchanges + +# Allow clients to create and delete temporary and kipper queue on this exchange +ACL ALLOW client CREATE QUEUE temporary=true +ACL ALLOW client DELETE QUEUE temporary=true +ACL ALLOW client CREATE QUEUE durable="true" +ACL ALLOW client DELETE QUEUE durable="true" + +# Allow the server to create the Request Queue and kipper queue +ACL ALLOW server CREATE QUEUE name="example.RequestQueue" +ACL ALLOW server CREATE QUEUE name="clientid:kipper" + +## Allow client and server exchange access for the relevant queues +ACL ALLOW client BIND EXCHANGE name="amq.direct" temporary=true +ACL ALLOW client UNBIND EXCHANGE name="amq.direct" temporary=true +ACL ALLOW client BIND EXCHANGE name="amq.direct" durable=true +ACL ALLOW client UNBIND EXCHANGE name="amq.direct" durable=true +ACL ALLOW server BIND EXCHANGE name="amq.direct" queueName="example.RequestQueue" + +## Allow client and server exchange access for the relevant topics +ACL ALLOW client BIND EXCHANGE name="amq.topic" durable=true routingKey=kipper +ACL ALLOW client UNBIND EXCHANGE name="amq.topic" durable=true routingKey=kipper +ACL ALLOW server BIND EXCHANGE name="amq.topic" durable=true routingKey=kipper + +# Action[operation=BIND,objectType=EXCHANGE,properties={OWNER=client, DURABLE=true, QUEUE_NAME=IllegalQueue, AUTO_DELETE=false, ROUTING_KEY=IllegalQueue, NAME=amq.direct, TEMPORARY=false, EXCLUSIVE=false}] + + +ACL ALLOW client CREATE EXCHANGE +ACL ALLOW server CREATE EXCHANGE Added: qpid/trunk/qpid/java/systests/etc/test-externalacljmx-deleteexchangefailure.txt URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/test-externalacljmx-deleteexchangefailure.txt?rev=949781&view=auto ============================================================================== --- qpid/trunk/qpid/java/systests/etc/test-externalacljmx-deleteexchangefailure.txt (added) +++ qpid/trunk/qpid/java/systests/etc/test-externalacljmx-deleteexchangefailure.txt Mon May 31 16:03:41 2010 @@ -0,0 +1,26 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# This section grants virtualhost management rights +ACL ALLOW admin ALL METHOD + +# testDeleteExchangeFailure() +ACL ALLOW admin CREATE EXCHANGE name="amq.kipper.delete" +ACL DENY admin DELETE EXCHANGE name="amq.kipper.delete" + Added: qpid/trunk/qpid/java/systests/etc/test-externalacljmx.txt URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/test-externalacljmx.txt?rev=949781&view=auto ============================================================================== --- qpid/trunk/qpid/java/systests/etc/test-externalacljmx.txt (added) +++ qpid/trunk/qpid/java/systests/etc/test-externalacljmx.txt Mon May 31 16:03:41 2010 @@ -0,0 +1,35 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# This section grants management access to the virtualhost +ACL ALLOW admin ALL METHOD +ACL ALLOW client ALL METHOD +ACL ALLOW server ALL METHOD + +# Allow create kipper queue +ACL ALLOW admin CREATE QUEUE name="kipper" owner = client # kipper +ACL ALLOW admin BIND EXCHANGE name="amq.direct" + +# testCreateExchangeSuccess(), testDeleteExchangeSuccess() +ACL ALLOW admin CREATE EXCHANGE name="amq.kipper.success" +ACL ALLOW admin DELETE EXCHANGE name="amq.kipper.success" + +# testCreateExchangeFailure() +ACL DENY admin CREATE EXCHANGE name="amq.kipper.failure" + Added: qpid/trunk/qpid/java/systests/etc/test2-default.txt URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/test2-default.txt?rev=949781&view=auto ============================================================================== --- qpid/trunk/qpid/java/systests/etc/test2-default.txt (added) +++ qpid/trunk/qpid/java/systests/etc/test2-default.txt Mon May 31 16:03:41 2010 @@ -0,0 +1,21 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# This section grants all access rights +ACL ALLOW guest ALL ALL \ No newline at end of file Modified: qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-acl-settings.xml URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-acl-settings.xml?rev=949781&r1=949780&r2=949781&view=diff ============================================================================== --- qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-acl-settings.xml (original) +++ qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-acl-settings.xml Mon May 31 16:03:41 2010 @@ -35,9 +35,6 @@ - - org.apache.qpid.server.security.access.plugins.SimpleXML - @@ -45,7 +42,6 @@ amq.direct - example.RequestQueue @@ -68,7 +64,6 @@ - @@ -90,7 +85,14 @@ - + + + clientid:kipper + + client + server + + @@ -110,10 +112,28 @@ amq.direct client + server + + + + amq.topic + + client + server + + + + clientid:kipper + + client + server + + + example.RequestQueue @@ -121,13 +141,21 @@ server - - + + + + + clientid:kipper + + client + + + + - @@ -136,10 +164,6 @@ test2 - - org.apache.qpid.server.security.access.plugins.SimpleXML - - Copied: qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-aclv2-settings.xml (from r949780, qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-2.xml) URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-aclv2-settings.xml?p2=qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-aclv2-settings.xml&p1=qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-2.xml&r1=949780&r2=949781&rev=949781&view=diff ============================================================================== --- qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-2.xml (original) +++ qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-aclv2-settings.xml Mon May 31 16:03:41 2010 @@ -20,28 +20,29 @@ - --> - test - test - - org.apache.qpid.server.store.MemoryMessageStore - - + + amq.direct + + 4235264 + + 2117632 + + 600000 + + - + ${QPID_HOME}/etc/test-default.txt test2 - - - org.apache.qpid.server.store.MemoryMessageStore - - - + - \ No newline at end of file + + + Copied: qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-aclv2.xml (from r949780, qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-3.xml) URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-aclv2.xml?p2=qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-aclv2.xml&p1=qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-3.xml&r1=949780&r2=949781&rev=949781&view=diff ============================================================================== --- qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-3.xml (original) +++ qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-aclv2.xml Mon May 31 16:03:41 2010 @@ -19,31 +19,11 @@ - under the License. - --> - - test - - - test - - - org.apache.qpid.server.store.MemoryMessageStore - - - - - - - test2 - - - org.apache.qpid.server.store.MemoryMessageStore - - - - - - - - - - + + + + + + + + Modified: qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-2.xml URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-2.xml?rev=949781&r1=949780&r2=949781&view=diff ============================================================================== --- qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-2.xml (original) +++ qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-2.xml Mon May 31 16:03:41 2010 @@ -26,8 +26,7 @@ test - org.apache.qpid.server.store.MemoryMessageStore - + org.apache.qpid.server.store.MemoryMessageStore @@ -39,8 +38,7 @@ test2 - org.apache.qpid.server.store.MemoryMessageStore - + org.apache.qpid.server.store.MemoryMessageStore Modified: qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-3.xml URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-3.xml?rev=949781&r1=949780&r2=949781&view=diff ============================================================================== --- qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-3.xml (original) +++ qpid/trunk/qpid/java/systests/etc/virtualhosts-systests-firewall-3.xml Mon May 31 16:03:41 2010 @@ -26,8 +26,7 @@ test - org.apache.qpid.server.store.MemoryMessageStore - + org.apache.qpid.server.store.MemoryMessageStore @@ -36,8 +35,7 @@ test2 - org.apache.qpid.server.store.MemoryMessageStore - + org.apache.qpid.server.store.MemoryMessageStore Modified: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/failover/MessageDisappearWithIOExceptionTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/failover/MessageDisappearWithIOExceptionTest.java?rev=949781&r1=949780&r2=949781&view=diff ============================================================================== --- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/failover/MessageDisappearWithIOExceptionTest.java (original) +++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/failover/MessageDisappearWithIOExceptionTest.java Mon May 31 16:03:41 2010 @@ -263,7 +263,7 @@ public class MessageDisappearWithIOExcep throws Exception { //Create Connection using the default connection URL. i.e. not the Failover URL that would be used by default - _connection = (AMQConnection) getConnection(getConnectionFactory("default").getConnectionURL()); + _connection = (AMQConnection) getConnectionFactory("default").createConnection("guest", "guest"); // The default connection does not have any retries configured so // Allow this connection to retry so that we can block on the failover. // The alternative would be to use the getConnection() default. However, Added: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java?rev=949781&view=auto ============================================================================== --- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java (added) +++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java Mon May 31 16:03:41 2010 @@ -0,0 +1,285 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the +* "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.qpid.server.security.acl; + +import java.io.File; +import java.io.FileWriter; +import java.io.IOException; +import java.io.PrintWriter; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.Collections; +import java.util.List; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.TimeUnit; + +import javax.jms.Connection; +import javax.jms.ExceptionListener; +import javax.jms.JMSException; +import javax.naming.NamingException; + +import org.apache.commons.configuration.ConfigurationException; +import org.apache.commons.lang.StringUtils; +import org.apache.qpid.AMQException; +import org.apache.qpid.client.AMQConnection; +import org.apache.qpid.client.AMQConnectionURL; +import org.apache.qpid.jms.ConnectionListener; +import org.apache.qpid.protocol.AMQConstant; +import org.apache.qpid.test.utils.QpidTestCase; +import org.apache.qpid.url.URLSyntaxException; + +/** + * Abstract test case for ACLs. + * + * This base class contains convenience methods to mange ACL files and implements a mechanism that allows each + * test method to run its own setup code before the broker starts. + * + * TODO move the pre broker-startup setup method invocation code to {@link QpidTestCase} + * + * @see SimpleACLTest + * @see ExternalACLTest + * @see ExternalACLFileTest + * @see ExternalACLJMXTest + * @see ExternalAdminACLTest + * @see ExhaustiveACLTest + */ +public abstract class AbstractACLTestCase extends QpidTestCase implements ConnectionListener +{ + /** Used to synchronise {@link #tearDown()} when exceptions are thrown */ + protected CountDownLatch _exceptionReceived; + + /** Override this to return the name of the configuration XML file. */ + public String getConfig() + { + return "config-systests-acl.xml"; + } + + /** Override this to setup external ACL files for virtual hosts. */ + public List getHostList() + { + return Collections.emptyList(); + } + + /** + * This setup method checks {@link #getConfig()} and {@link #getHostList()} to initialise the broker with specific + * ACL configurations and then runs an optional per-test setup method, which is simply a method with the same name + * as the test, but starting with {@code setUp} rather than {@code test}. + * + * @see #setUpACLFile(String) + * @see org.apache.qpid.test.utils.QpidTestCase#setUp() + */ + @Override + public void setUp() throws Exception + { + if (QpidHome == null) + { + fail("QPID_HOME not set"); + } + + // Initialise ACLs. + _configFile = new File(QpidHome, "etc" + File.separator + getConfig()); + + // Initialise ACL files + for (String virtualHost : getHostList()) + { + setUpACLFile(virtualHost); + } + + // run test specific setup + String testSetup = StringUtils.replace(getName(), "test", "setUp"); + try + { + Method setup = getClass().getDeclaredMethod(testSetup); + setup.invoke(this); + } + catch (NoSuchMethodException e) + { + // Ignore + } + catch (InvocationTargetException e) + { + throw (Exception) e.getTargetException(); + } + + super.setUp(); + } + + @Override + public void tearDown() throws Exception + { + try + { + super.tearDown(); + } + catch (JMSException e) + { + //we're throwing this away as it can happen in this test as the state manager remembers exceptions + //that we provoked with authentication failures, where the test passes - we can ignore on con close + } + } + + /** + * Configures specific ACL files for a virtual host. + * + * This method checks for ACL files that exist on the filesystem. If dynamically generatyed ACL files are required in a test, + * then it is easier to use the {@code setUp} prefix on a method to generate the ACL file. In order, this method looks + * for three files: + *
    + *
  1. virtualhost-class-test.txt + *
  2. virtualhost-class.txt + *
  3. virtualhost-default.txt + *
+ * The class and test parts are the test class and method names respectively, with the word {@code test} + * removed and the rest of the text converted to lowercase. For example, the test class and method named + * {@code org.apache.qpid.test.AccessExampleTest#testExampleMethod} on the {@code testhost} virtualhost would use + * one of the following files: + *
    + *
  1. testhost-accessexample-examplemethod.txt + *
  2. testhost-accessexample.txt + *
  3. testhost-default.txt + *
+ * These files should be copied to the ${QPID_HOME}/etc directory when the test is run. + * + * @see #writeACLFile(String, String...) + */ + public void setUpACLFile(String virtualHost) throws IOException, ConfigurationException + { + String path = QpidHome + File.separator + "etc"; + String className = StringUtils.substringBeforeLast(getClass().getSimpleName().toLowerCase(), "test"); + String testName = StringUtils.substringAfter(getName(), "test").toLowerCase(); + + File aclFile = new File(path, virtualHost + "-" + className + "-" + testName + ".txt"); + if (!aclFile.exists()) + { + aclFile = new File(path, virtualHost + "-" + className + ".txt"); + if (!aclFile.exists()) + { + aclFile = new File(path, virtualHost + "-" + "default.txt"); + } + } + + // Set the ACL file configuration property + if (virtualHost.equals("global")) + { + setConfigurationProperty("security.aclv2", aclFile.getAbsolutePath()); + } + else + { + setConfigurationProperty("virtualhosts.virtualhost." + virtualHost + ".security.aclv2", aclFile.getAbsolutePath()); + } + } + + public void writeACLFile(String vhost, String...rules) throws ConfigurationException, IOException + { + File aclFile = File.createTempFile(getClass().getSimpleName(), getName()); + aclFile.deleteOnExit(); + + if ("global".equals(vhost)) + { + setConfigurationProperty("security.aclv2", aclFile.getAbsolutePath()); + } + else + { + setConfigurationProperty("virtualhosts.virtualhost." + vhost + ".security.aclv2", aclFile.getAbsolutePath()); + } + + PrintWriter out = new PrintWriter(new FileWriter(aclFile)); + out.println(String.format("# %s", _testName)); + for (String line : rules) + { + out.println(line); + } + out.close(); + } + + /** + * Creates a connection to the broker, and sets a connection listener to prevent failover and an exception listener + * with a {@link CountDownLatch} to synchronise in the {@link #check403Exception(Throwable)} method and allow the + * {@link #tearDown()} method to complete properly. + */ + public Connection getConnection(String vhost, String username, String password) throws NamingException, JMSException, URLSyntaxException + { + AMQConnection connection = (AMQConnection) getConnection(createConnectionURL(vhost, username, password)); + + //Prevent Failover + connection.setConnectionListener(this); + + //QPID-2081: use a latch to sync on exception causing connection close, to work + //around the connection close race during tearDown() causing sporadic failures + _exceptionReceived = new CountDownLatch(1); + + connection.setExceptionListener(new ExceptionListener() + { + public void onException(JMSException e) + { + _exceptionReceived.countDown(); + } + }); + + return (Connection) connection; + } + + // Connection Listener Interface - Used here to block failover + + public void bytesSent(long count) + { + } + + public void bytesReceived(long count) + { + } + + public boolean preFailover(boolean redirect) + { + //Prevent failover. + return false; + } + + public boolean preResubscribe() + { + return false; + } + + public void failoverComplete() + { + } + + /** + * Convenience method to build an {@link AMQConnectionURL} with the right parameters. + */ + public AMQConnectionURL createConnectionURL(String vhost, String username, String password) throws URLSyntaxException + { + String url = "amqp://" + username + ":" + password + "@clientid/" + vhost + "?brokerlist='" + getBroker() + "?retries='0''"; + return new AMQConnectionURL(url); + } + + /** + * Convenience method to validate a JMS exception with a linked {@link AMQConstant#ACCESS_REFUSED} 403 error code exception. + */ + public void check403Exception(Throwable t) throws Exception + { + assertNotNull("There was no linked exception", t); + assertTrue("Wrong linked exception type", t instanceof AMQException); + assertEquals("Incorrect error code received", 403, ((AMQException) t).getErrorCode().getCode()); + + //use the latch to ensure the control thread waits long enough for the exception thread + //to have done enough to mark the connection closed before teardown commences + assertTrue("Timed out waiting for conneciton to report close", _exceptionReceived.await(2, TimeUnit.SECONDS)); + } +} Added: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExhaustiveACLTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExhaustiveACLTest.java?rev=949781&view=auto ============================================================================== --- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExhaustiveACLTest.java (added) +++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExhaustiveACLTest.java Mon May 31 16:03:41 2010 @@ -0,0 +1,195 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.qpid.server.security.acl; + +import java.util.Arrays; +import java.util.List; + +import javax.jms.Connection; +import javax.jms.Session; + +import org.apache.qpid.AMQException; +import org.apache.qpid.client.AMQSession; +import org.apache.qpid.framing.AMQShortString; +import org.apache.qpid.protocol.AMQConstant; + +/** + * ACL version 2/3 file testing to verify that ACL entries control queue creation with specific properties. + * + * Tests have their own ACL files that setup specific permissions, and then try to create queues with every possible combination + * of properties to show that rule matching works correctly. For example, a rule that specified {@code autodelete="true"} for + * queues with {@link name="temp.true.*"} as well should not affect queues that have names that do not match, or queues that + * are not autodelete, or both. Also checks that ACL entries only affect the specified users and virtual hosts. + */ +public class ExhaustiveACLTest extends AbstractACLTestCase +{ + @Override + public String getConfig() + { + return "config-systests-aclv2.xml"; + } + + @Override + public List getHostList() + { + return Arrays.asList("test", "test2"); + } + + /** + * Creates a queue. + * + * Connects to the broker as a particular user and create the named queue on a virtual host, with the provided + * parameters. Uses a new {@link Connection} and {@link Session} and closes them afterwards. + */ + private void createQueue(String vhost, String user, String name, boolean autoDelete, boolean durable) throws Exception + { + Connection conn = getConnection(vhost, user, "guest"); + Session sess = conn.createSession(true, Session.SESSION_TRANSACTED); + conn.start(); + ((AMQSession) sess).createQueue(new AMQShortString(name), autoDelete, durable, false); + sess.commit(); + conn.close(); + } + + /** + * Calls {@link #createQueue(String, String, String, boolean, boolean)} with the provided parameters and checks that + * no exceptions were thrown. + */ + private void createQueueSuccess(String vhost, String user, String name, boolean autoDelete, boolean durable) throws Exception + { + try + { + createQueue(vhost, user, name, autoDelete, durable); + } + catch (AMQException e) + { + fail(String.format("Create queue should have worked for \"%s\" for user %s@%s, autoDelete=%s, durable=%s", + name, user, vhost, Boolean.toString(autoDelete), Boolean.toString(durable))); + } + } + + /** + * Calls {@link #createQueue(String, String, String, boolean, boolean)} with the provided parameters and checks that + * the exception thrown was an {@link AMQConstant#ACCESS_REFUSED} or 403 error code. + */ + private void createQueueFailure(String vhost, String user, String name, boolean autoDelete, boolean durable) throws Exception + { + try + { + createQueue(vhost, user, name, autoDelete, durable); + fail(String.format("Create queue should have failed for \"%s\" for user %s@%s, autoDelete=%s, durable=%s", + name, user, vhost, Boolean.toString(autoDelete), Boolean.toString(durable))); + } + catch (AMQException e) + { + assertEquals("Should be an ACCESS_REFUSED error", 403, e.getErrorCode().getCode()); + } + } + + public void setUpAuthoriseCreateQueueAutodelete() throws Exception + { + writeACLFile("test", + "acl allow client access virtualhost", + "acl allow server access virtualhost", + "acl allow client create queue name=\"temp.true.*\" autodelete=true", + "acl allow client create queue name=\"temp.false.*\" autodelete=false", + "acl deny client create queue", + "acl allow client delete queue", + "acl deny all create queue" + ); + } + + /** + * Test creation of temporary queues, with the autodelete property set to true. + */ + public void testAuthoriseCreateQueueAutodelete() throws Exception + { + createQueueSuccess("test", "client", "temp.true.00", true, false); + createQueueSuccess("test", "client", "temp.true.01", true, false); + createQueueSuccess("test", "client", "temp.true.02", true, true); + createQueueSuccess("test", "client", "temp.false.03", false, false); + createQueueSuccess("test", "client", "temp.false.04", false, false); + createQueueSuccess("test", "client", "temp.false.05", false, true); + createQueueFailure("test", "client", "temp.true.06", false, false); + createQueueFailure("test", "client", "temp.false.07", true, false); + createQueueFailure("test", "server", "temp.true.08", true, false); + createQueueFailure("test", "client", "temp.other.09", false, false); + createQueueSuccess("test2", "guest", "temp.true.01", false, false); + createQueueSuccess("test2", "guest", "temp.false.02", true, false); + createQueueSuccess("test2", "guest", "temp.true.03", true, false); + createQueueSuccess("test2", "guest", "temp.false.04", false, false); + createQueueSuccess("test2", "guest", "temp.other.05", false, false); + } + + public void setUpAuthoriseCreateQueue() throws Exception + { + writeACLFile("test", + "acl allow client access virtualhost", + "acl allow server access virtualhost", + "acl allow client create queue name=\"create.*\"" + ); + } + + /** + * Tests creation of named queues. + * + * If a named queue is specified + */ + public void testAuthoriseCreateQueue() throws Exception + { + createQueueSuccess("test", "client", "create.00", true, true); + createQueueSuccess("test", "client", "create.01", true, false); + createQueueSuccess("test", "client", "create.02", false, true); + createQueueSuccess("test", "client", "create.03", true, false); + createQueueFailure("test", "server", "create.04", true, true); + createQueueFailure("test", "server", "create.05", true, false); + createQueueFailure("test", "server", "create.06", false, true); + createQueueFailure("test", "server", "create.07", true, false); + createQueueSuccess("test2", "guest", "create.00", true, true); + createQueueSuccess("test2", "guest", "create.01", true, false); + createQueueSuccess("test2", "guest", "create.02", false, true); + createQueueSuccess("test2", "guest", "create.03", true, false); + } + + public void setUpAuthoriseCreateQueueBoth() throws Exception + { + writeACLFile("test", + "acl allow all access virtualhost", + "acl allow client create queue name=\"create.*\"", + "acl allow all create queue temporary=true" + ); + } + + /** + * Tests creation of named queues. + * + * If a named queue is specified + */ + public void testAuthoriseCreateQueueBoth() throws Exception + { + createQueueSuccess("test", "client", "create.00", true, false); + createQueueSuccess("test", "client", "create.01", false, false); + createQueueFailure("test", "server", "create.02", false, false); + createQueueFailure("test", "guest", "create.03", false, false); + createQueueSuccess("test", "client", "tmp.00", true, false); + createQueueSuccess("test", "server", "tmp.01", true, false); + createQueueSuccess("test", "guest", "tmp.02", true, false); + createQueueSuccess("test2", "guest", "create.02", false, false); + } +} Added: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLFileTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLFileTest.java?rev=949781&view=auto ============================================================================== --- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLFileTest.java (added) +++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLFileTest.java Mon May 31 16:03:41 2010 @@ -0,0 +1,184 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.qpid.server.security.acl; + +import java.util.Arrays; +import java.util.List; + +import javax.jms.Connection; +import javax.jms.Session; + +import org.apache.qpid.client.AMQSession; +import org.apache.qpid.framing.AMQShortString; + +/** + * Tests that ACL version 2/3 files following the specification work correctly. + * + * ACL lines that are identical in meaning apart from differences allowed by the specification, such as whitespace or case + * of tokens are set up for numbered queues and the queues are then created to show that the meaning is correctly parsed by + * the plugin. + * + * TODO move this to the access-control plugin unit tests instead + */ +public class ExternalACLFileTest extends AbstractACLTestCase +{ + @Override + public String getConfig() + { + return "config-systests-aclv2.xml"; + } + + @Override + public List getHostList() + { + return Arrays.asList("test"); + } + + private void createQueuePrefixList(String prefix, int count) + { + try + { + Connection conn = getConnection("test", "client", "guest"); + Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE); + conn.start(); + + //Create n queues + for (int n = 0; n < count; n++) + { + AMQShortString queueName = new AMQShortString(String.format("%s.%03d", prefix, n)); + ((AMQSession) sess).createQueue(queueName, false, false, false); + } + + conn.close(); + } + catch (Exception e) + { + fail("Test failed due to:" + e.getMessage()); + } + } + + private void createQueueNameList(String...queueNames) + { + try + { + Connection conn = getConnection("test", "client", "guest"); + Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE); + conn.start(); + + //Create all queues + for (String queueName : queueNames) + { + ((AMQSession) sess).createQueue(new AMQShortString(queueName), false, false, false); + } + + conn.close(); + } + catch (Exception e) + { + fail("Test failed due to:" + e.getMessage()); + } + } + + public void setUpCreateQueueMixedCase() throws Exception + { + writeACLFile( + "test", + "acl allow client create queue name=mixed.000", + "ACL ALLOW client CREATE QUEUE NAME=mixed.001", + "Acl Allow client Create Queue Name=mixed.002", + "aCL aLLOW client cREATE qUEUE nAME=mixed.003", + "aCl AlLoW client cReAtE qUeUe NaMe=mixed.004" + ); + } + + public void testCreateQueueMixedCase() + { + createQueuePrefixList("mixed", 5); + } + + public void setUpCreateQueueContinuation() throws Exception + { + writeACLFile( + "test", + "acl allow client create queue name=continuation.000", + "acl allow client create queue \\", + " name=continuation.001", + "acl allow client \\", + " create queue \\", + " name=continuation.002", + "acl allow \\", + " client \\", + " create queue \\", + " name=continuation.003", + "acl \\", + " allow \\", + " client \\", + " create queue \\", + " name=continuation.004" + ); + } + + public void testCreateQueueContinuation() + { + createQueuePrefixList("continuation", 5); + } + + public void setUpCreateQueueWhitespace() throws Exception + { + writeACLFile( + "test", + "acl allow client create queue name=whitespace.000", + "acl\tallow\tclient\tcreate\tqueue\tname=whitespace.001", + "acl allow client create queue name = whitespace.002", + "acl\tallow\tclient\tcreate\tqueue\tname\t=\twhitespace.003", + "acl allow\t\tclient\t \tcreate\t\t queue\t \t name \t =\t \twhitespace.004" + ); + } + + public void testCreateQueueWhitespace() + { + createQueuePrefixList("whitespace", 5); + } + + public void setUpCreateQueueQuoting() throws Exception + { + writeACLFile( + "test", + "acl allow client create queue name='quoting.ABC.000'", + "acl allow client create queue name='quoting.*.000'", + "acl allow client create queue name='quoting.#.000'", + "acl allow client create queue name='quoting. .000'", + "acl allow client create queue name='quoting.!@$%.000'" + ); + } + + public void testCreateQueueQuoting() + { + createQueueNameList( + "quoting.ABC.000", + "quoting.*.000", + "quoting.#.000", + "quoting. .000", + "quoting.!@$%.000" + ); + } +} + + + Added: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLJMXTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLJMXTest.java?rev=949781&view=auto ============================================================================== --- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLJMXTest.java (added) +++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLJMXTest.java Mon May 31 16:03:41 2010 @@ -0,0 +1,244 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the +* "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.qpid.server.security.acl; + +import java.util.Arrays; +import java.util.List; + +import org.apache.qpid.AMQConnectionClosedException; +import org.apache.qpid.AMQException; +import org.apache.qpid.AMQSecurityException; +import org.apache.qpid.protocol.AMQConstant; +import org.apache.qpid.test.utils.JMXTestUtils; + +/** + * Tests that ACL entries that apply to AMQP objects also apply when those objects are accessed via JMX. + */ +public class ExternalACLJMXTest extends AbstractACLTestCase +{ + private JMXTestUtils _jmx; + + private static final String QUEUE_NAME = "kipper"; + private static final String EXCHANGE_NAME = "amq.kipper"; + + @Override + public String getConfig() + { + return "config-systests-aclv2.xml"; + } + + @Override + public List getHostList() + { + return Arrays.asList("test"); + } + + @Override + public void setUp() throws Exception + { + _jmx = new JMXTestUtils(this, "admin", "admin"); + _jmx.setUp(); + super.setUp(); + _jmx.open(); + } + + @Override + public void tearDown() throws Exception + { + _jmx.close(); + super.tearDown(); + } + + // test-externalacljmx.txt + // create queue owner=client # success + public void testCreateClientQueueSuccess() throws Exception + { + //Queue Parameters + String queueOwner = "client"; + + _jmx.createQueue("test", QUEUE_NAME, queueOwner, true); + } + + // test-externalacljmx.txt + // create queue owner=client # failure + public void testCreateServerQueueFailure() throws Exception + { + //Queue Parameters + String queueOwner = "server"; + + try + { + _jmx.createQueue("test", QUEUE_NAME, queueOwner, true); + + fail("Queue create should fail"); + } + catch (Exception e) + { + assertNotNull("Cause is not set", e.getCause()); + assertEquals("Cause message incorrect", + "org.apache.qpid.AMQSecurityException: Permission denied: queue-name 'kipper' [error code 403: access refused]", e.getCause().getMessage()); + } + } + + // no create queue acl in file # failure + public void testCreateQueueFailure() throws Exception + { + //Queue Parameters + String queueOwner = "guest"; + + try + { + _jmx.createQueue("test", QUEUE_NAME, queueOwner, true); + + fail("Queue create should fail"); + } + catch (Exception e) + { + assertNotNull("Cause is not set", e.getCause()); + assertEquals("Cause message incorrect", + "org.apache.qpid.AMQSecurityException: Permission denied: queue-name 'kipper' [error code 403: access refused]", e.getCause().getMessage()); + } + } + + // test-externalacljmx.txt + // allow create exchange name=amq.kipper.success + public void testCreateExchangeSuccess() throws Exception + { + _jmx.createExchange("test", EXCHANGE_NAME + ".success", "direct", true); + } + + // test-externalacljmx.txt + // deny create exchange name=amq.kipper.failure + public void testCreateExchangeFailure() throws Exception + { + try + { + _jmx.createExchange("test", EXCHANGE_NAME + ".failure", "direct", true); + + fail("Exchange create should fail"); + } + catch (Exception e) + { + assertNotNull("Cause is not set", e.getCause()); + assertEquals("Cause message incorrect", + "org.apache.qpid.AMQSecurityException: Permission denied: exchange-name 'amq.kipper.failure' [error code 403: access refused]", e.getCause().getMessage()); + } + } + + // test-externalacljmx.txt + // allow create exchange name=amq.kipper.success + // allow delete exchange name=amq.kipper.success + public void testDeleteExchangeSuccess() throws Exception + { + _jmx.createExchange("test", EXCHANGE_NAME + ".success", "direct", true); + _jmx.unregisterExchange("test", EXCHANGE_NAME + ".success"); + } + + // test-externalacljmx-deleteexchangefailure.txt + // allow create exchange name=amq.kipper.delete + // deny delete exchange name=amq.kipper.delete + public void testDeleteExchangeFailure() throws Exception + { + _jmx.createExchange("test", EXCHANGE_NAME + ".delete", "direct", true); + try + { + _jmx.unregisterExchange("test", EXCHANGE_NAME + ".delete"); + + fail("Exchange delete should fail"); + } + catch (Exception e) + { + assertNotNull("Cause is not set", e.getCause()); + assertEquals("Cause message incorrect", + "org.apache.qpid.AMQSecurityException: Permission denied [error code 403: access refused]", e.getCause().getMessage()); + } + } + + /** + * admin user has JMX right but not AMQP + */ + public void setUpCreateQueueJMXRights() throws Exception + { + writeACLFile("test", + "ACL ALLOW admin EXECUTE METHOD component=\"VirtualHost.VirtualHostManager\" name=\"createNewQueue\"", + "ACL DENY admin CREATE QUEUE"); + } + + public void testCreateQueueJMXRights() throws Exception + { + try + { + _jmx.createQueue("test", QUEUE_NAME, "admin", true); + + fail("Queue create should fail"); + } + catch (Exception e) + { + assertNotNull("Cause is not set", e.getCause()); + assertEquals("Cause message incorrect", + "org.apache.qpid.AMQSecurityException: Permission denied: queue-name 'kipper' [error code 403: access refused]", e.getCause().getMessage()); + } + } + + /** + * admin user has AMQP right but not JMX + */ + public void setUpCreateQueueAMQPRights() throws Exception + { + writeACLFile("test", + "ACL DENY admin EXECUTE METHOD component=\"VirtualHost.VirtualHostManager\" name=\"createNewQueue\"", + "ACL ALLOW admin CREATE QUEUE"); + } + + public void testCreateQueueAMQPRights() throws Exception + { + try + { + _jmx.createQueue("test", QUEUE_NAME, "admin", true); + + fail("Queue create should fail"); + } + catch (Exception e) + { + assertEquals("Cause message incorrect", "Permission denied: Execute createNewQueue", e.getMessage()); + } + } + + /** + * admin has both JMX and AMQP rights + */ + public void setUpCreateQueueJMXAMQPRights() throws Exception + { + writeACLFile("test", + "ACL ALLOW admin EXECUTE METHOD component=\"VirtualHost.VirtualHostManager\" name=\"createNewQueue\"", + "ACL ALLOW admin CREATE QUEUE"); + } + + public void testCreateQueueJMXAMQPRights() throws Exception + { + try + { + _jmx.createQueue("test", QUEUE_NAME, "admin", true); + } + catch (Exception e) + { + fail("Queue create should succeed: " + e.getCause().getMessage()); + } + } +} Copied: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLTest.java (from r949780, qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/Accessable.java) URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLTest.java?p2=qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLTest.java&p1=qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/Accessable.java&r1=949780&r2=949781&rev=949781&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/Accessable.java (original) +++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLTest.java Mon May 31 16:03:41 2010 @@ -4,7 +4,7 @@ * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance +* "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 @@ -14,14 +14,24 @@ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations - * under the License. - * - * + * under the License. */ -package org.apache.qpid.server.security.access; +package org.apache.qpid.server.security.acl; + +import java.util.Arrays; +import java.util.List; -public interface Accessable +public class ExternalACLTest extends SimpleACLTest { - void setAccessableName(String name); - String getAccessableName(); + @Override + public String getConfig() + { + return "config-systests-aclv2.xml"; + } + + @Override + public List getHostList() + { + return Arrays.asList("test", "test2"); + } } Added: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalAdminACLTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalAdminACLTest.java?rev=949781&view=auto ============================================================================== --- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalAdminACLTest.java (added) +++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalAdminACLTest.java Mon May 31 16:03:41 2010 @@ -0,0 +1,186 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ +package org.apache.qpid.server.security.acl; + +import java.io.BufferedWriter; +import java.io.File; +import java.io.FileWriter; +import java.io.IOException; +import java.util.Arrays; +import java.util.List; + +import org.apache.qpid.server.logging.management.LoggingManagementMBean; +import org.apache.qpid.test.utils.JMXTestUtils; + +/** + * Tests that ACLs can be applied to mangement operations that do not correspond to a specific AMQP object. + * + * Theses tests use the logging component, exposed as the {@link LoggingManagementMBean}, to get and set properties. + */ +public class ExternalAdminACLTest extends AbstractACLTestCase +{ + private static final String CATEGORY_PRIORITY = "LogManMBeanTest.category.priority"; + private static final String CATEGORY_LEVEL = "LogManMBeanTest.category.level"; + private static final String LOGGER_LEVEL = "LogManMBeanTest.logger.level"; + + private static final String NEWLINE = System.getProperty("line.separator"); + + private JMXTestUtils _jmx; + private File _testConfigFile; + + @Override + public String getConfig() + { + return "config-systests-aclv2.xml"; + } + + @Override + public List getHostList() + { + return Arrays.asList("global"); + } + + @Override + public void setUp() throws Exception + { + _testConfigFile = createTempTestLog4JConfig(); + + _jmx = new JMXTestUtils(this, "admin", "admin"); + _jmx.setUp(); + super.setUp(); + _jmx.open(); + } + + @Override + public void tearDown() throws Exception + { + _jmx.close(); + super.tearDown(); + } + + private File createTempTestLog4JConfig() + { + File tmpFile = null; + try + { + tmpFile = File.createTempFile("LogManMBeanTestLog4jConfig", ".tmp"); + tmpFile.deleteOnExit(); + + FileWriter fstream = new FileWriter(tmpFile); + BufferedWriter writer = new BufferedWriter(fstream); + + writer.write(""+NEWLINE); + writer.write(""+NEWLINE); + + writer.write(""+NEWLINE); + + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + + //Example of a 'category' with a 'priority' + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + + //Example of a 'category' with a 'level' + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + + //Example of a 'logger' with a 'level' + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + + //'root' logger + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + writer.write(" "+NEWLINE); + + writer.write(""+NEWLINE); + + writer.flush(); + writer.close(); + } + catch (IOException e) + { + fail("Unable to create temporary test log4j configuration"); + } + + return tmpFile; + } + + public void testGetAllLoggerLevels() throws Exception + { + String[] levels = _jmx.getAvailableLoggerLevels(); + for (int i = 0; i < levels.length; i++) + { + System.out.println(levels[i]); + } + assertEquals("Got incorrect number of log levels", 9, levels.length); + } + + public void testGetAllLoggerLevelsDenied() throws Exception + { + try + { + _jmx.getAvailableLoggerLevels(); + fail("Got list of log levels"); + } + catch (Exception e) + { + // Exception throws + e.printStackTrace(); + assertEquals("Permission denied: Access getAvailableLoggerLevels", e.getMessage()); + } + } + + public void testChangeLoggerLevel() throws Exception + { + String oldLevel = _jmx.getRuntimeRootLoggerLevel(); + System.out.println("old level = " + oldLevel); + _jmx.setRuntimeRootLoggerLevel("DEBUG"); + String newLevel = _jmx.getRuntimeRootLoggerLevel(); + System.out.println("new level = " + newLevel); + assertEquals("Logging level was not changed", "DEBUG", newLevel); + } + + public void testChangeLoggerLevelDenied() throws Exception + { + try + { + _jmx.setRuntimeRootLoggerLevel("DEBUG"); + fail("Logging level was changed"); + } + catch (Exception e) + { + assertEquals("Permission denied: Update setRuntimeRootLoggerLevel", e.getMessage()); + } + } +} --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:commits-subscribe@qpid.apache.org