qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kw...@apache.org
Subject [1/2] qpid-broker-j git commit: QPID-7904: [Java Broker] [ACL] Change the AMQP 1.0 layer so it no longer activates dynamically created queues
Date Tue, 03 Oct 2017 12:03:30 GMT
Repository: qpid-broker-j
Updated Branches:
  refs/heads/master 7fc0721fb -> 9f92eedde


QPID-7904: [Java Broker] [ACL] Change the AMQP 1.0 layer so it no longer activates dynamically
created queues

Added ACL temporary topic tests.


Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/2382c699
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/2382c699
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/2382c699

Branch: refs/heads/master
Commit: 2382c699eeca6afae34cb1b8e8a6fb5687ae79c7
Parents: 7fc0721
Author: Keith Wall <kwall@apache.org>
Authored: Tue Oct 3 12:33:23 2017 +0100
Committer: Keith Wall <kwall@apache.org>
Committed: Tue Oct 3 12:34:13 2017 +0100

----------------------------------------------------------------------
 .../config/LegacyAccessControlAdapter.java      | 11 ++-
 .../config/LegacyAccessControlAdapterTest.java  |  6 +-
 .../protocol/v1_0/SendingLinkEndpoint.java      |  7 --
 .../server/security/acl/MessagingACLTest.java   | 79 +++++++++++++++++++-
 test-profiles/JavaPre010Excludes                |  3 +
 5 files changed, 95 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/2382c699/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java
----------------------------------------------------------------------
diff --git a/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java
b/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java
index 57a7e19..9a072ab 100644
--- a/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java
+++ b/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java
@@ -312,9 +312,16 @@ class LegacyAccessControlAdapter
             if("publish".equals(actionName))
             {
 
-                final ObjectProperties _props =
+                final ObjectProperties props =
                         new ObjectProperties(exchange.getAddressSpace().getName(), exchange.getName(),
(String)arguments.get("routingKey"));
-                return _accessControl.authorise(PUBLISH, EXCHANGE, _props);
+                props.put(ObjectProperties.Property.DURABLE, exchange.isDurable());
+                if (exchange instanceof Exchange<?>)
+                {
+                    LifetimePolicy lifetimePolicy = ((Exchange) exchange).getLifetimePolicy();
+                    props.put(ObjectProperties.Property.AUTO_DELETE, lifetimePolicy != LifetimePolicy.PERMANENT);
+                    props.put(ObjectProperties.Property.TEMPORARY, lifetimePolicy != LifetimePolicy.PERMANENT);
+                }
+                return _accessControl.authorise(PUBLISH, EXCHANGE, props);
             }
         }
         else if(categoryClass == VirtualHost.class)

http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/2382c699/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapterTest.java
----------------------------------------------------------------------
diff --git a/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapterTest.java
b/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapterTest.java
index 0efedb7..3d21010 100644
--- a/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapterTest.java
+++ b/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapterTest.java
@@ -808,17 +808,21 @@ public class LegacyAccessControlAdapterTest extends QpidTestCase
         String routingKey = "routingKey";
         String exchangeName = "exchangeName";
         ObjectProperties properties = new ObjectProperties(TEST_VIRTUAL_HOST, exchangeName,
routingKey);
+        properties.put(ObjectProperties.Property.DURABLE, true);
+        properties.put(ObjectProperties.Property.AUTO_DELETE, false);
+        properties.put(ObjectProperties.Property.TEMPORARY, false);
 
         Exchange exchange = mock(Exchange.class);
         when(exchange.getCategoryClass()).thenReturn(Exchange.class);
         when(exchange.getAddressSpace()).thenReturn(_virtualHost);
         when(exchange.getName()).thenReturn(exchangeName);
+        when(exchange.getLifetimePolicy()).thenReturn(LifetimePolicy.PERMANENT);
+        when(exchange.isDurable()).thenReturn(true);
         Map<String,Object> args = new HashMap<>();
         args.put("routingKey",routingKey);
         _adapter.authoriseAction(exchange, "publish", args);
 
         verify(_accessControl).authorise(eq(LegacyOperation.PUBLISH), eq(ObjectType.EXCHANGE),
eq(properties));
-
     }
 
     public void testAuthoriseCreateConnection()

http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/2382c699/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SendingLinkEndpoint.java
----------------------------------------------------------------------
diff --git a/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SendingLinkEndpoint.java
b/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SendingLinkEndpoint.java
index 93f19cb..fe10015 100644
--- a/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SendingLinkEndpoint.java
+++ b/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SendingLinkEndpoint.java
@@ -634,13 +634,6 @@ public class SendingLinkEndpoint extends AbstractLinkEndpoint<Source,
Target>
             source.setCapabilities(attachSource.getCapabilities());
             final SendingDestination destination = getSession().getSendingDestination(getLink(),
source);
             source.setCapabilities(destination.getCapabilities());
-            if (destination instanceof ExchangeSendingDestination)
-            {
-                ExchangeSendingDestination exchangeDestination = (ExchangeSendingDestination)
destination;
-                exchangeDestination.getQueue()
-                                   .setAttributes(Collections.<String, Object>singletonMap(Queue.DESIRED_STATE,
-                                                                                        
  org.apache.qpid.server.model.State.ACTIVE));
-            }
             getLink().setSource(source);
             prepareConsumerOptionsAndFilters(destination);
         }

http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/2382c699/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java
b/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java
index cdf0b09..5b4bb2d 100644
--- a/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java
+++ b/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java
@@ -31,6 +31,7 @@ import javax.jms.MessageProducer;
 import javax.jms.Queue;
 import javax.jms.Session;
 import javax.jms.TemporaryQueue;
+import javax.jms.TemporaryTopic;
 import javax.jms.TextMessage;
 
 
@@ -155,6 +156,34 @@ public class MessagingACLTest extends AbstractACLTestCase
         }
     }
 
+    public void setUpConsumeFromTempTopicSuccess() throws Exception
+    {
+        List<String> rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client
ACCESS VIRTUALHOST",
+                                                           "ACL ALLOW-LOG client CREATE QUEUE
temporary=\"true\"",
+                                                           "ACL ALLOW-LOG client CONSUME
QUEUE temporary=\"true\""));
+
+        if (isBroker10())
+        {
+            rules.add("ACL ALLOW-LOG client BIND EXCHANGE temporary=\"true\"");
+        }
+        else
+        {
+            rules.add("ACL ALLOW-LOG client BIND EXCHANGE name=\"amq.topic\"");
+        }
+        writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
+    }
+
+    public void testConsumeFromTempTopicSuccess() throws Exception
+    {
+        Connection conn = getConnection("test", "client", "guest");
+
+        Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+        conn.start();
+
+        TemporaryTopic temporaryTopic = sess.createTemporaryTopic();
+        sess.createConsumer(temporaryTopic);
+    }
+
     public void setUpConsumeFromNamedQueueValid() throws Exception
     {
         List<String> rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client
ACCESS VIRTUALHOST",
@@ -222,7 +251,6 @@ public class MessagingACLTest extends AbstractACLTestCase
         }
     }
 
-
     public void setUpCreateTemporaryQueueSuccess() throws Exception
     {
         List<String> rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client
ACCESS VIRTUALHOST",
@@ -243,6 +271,26 @@ public class MessagingACLTest extends AbstractACLTestCase
         conn.close();
     }
 
+    public void setUpCreateTempTopicSuccess() throws Exception
+    {
+        List<String> rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client
ACCESS VIRTUALHOST"));
+        writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
+    }
+
+    /* For AMQP 1.0 the server causes a temporary instance of the fanout exchange to come
into being.  For early AMQP
+       version, there are no server side objects created as amq.topic is used.
+     */
+    public void testCreateTempTopicSuccess() throws Exception
+    {
+        Connection conn = getConnection("test", "client", "guest");
+
+        Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+        conn.start();
+
+        TemporaryTopic temporaryTopic = sess.createTemporaryTopic();
+        conn.close();
+    }
+
     public void setUpCreateTemporaryQueueFailed() throws Exception
     {
         writeACLFileWithAdminSuperUser("ACL ALLOW-LOG client ACCESS VIRTUALHOST",
@@ -408,6 +456,35 @@ public class MessagingACLTest extends AbstractACLTestCase
         assertEquals("Incorrect message received", "Response", ((TextMessage) clientResponseMsg).getText());
     }
 
+    public void setUpPublishToTempTopicSuccess() throws Exception
+    {
+        List<String> rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client
ACCESS VIRTUALHOST"));
+
+        if (isBroker10())
+        {
+            rules.add("ACL ALLOW-LOG client PUBLISH EXCHANGE temporary=\"true\"");
+        }
+        else
+        {
+            rules.add("ACL ALLOW-LOG client PUBLISH EXCHANGE name=\"amq.topic\"");
+        }
+        writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
+    }
+
+    public void testPublishToTempTopicSuccess() throws Exception
+    {
+        Connection conn = getConnection("test", "client", "guest");
+
+        Session sess = conn.createSession(true, Session.SESSION_TRANSACTED);
+        conn.start();
+
+        TemporaryTopic temporaryTopic = sess.createTemporaryTopic();
+        MessageProducer producer = sess.createProducer(temporaryTopic);
+        producer.send(sess.createMessage());
+        sess.commit();
+    }
+
+
     public void setUpFirewallAllow() throws Exception
     {
         writeACLFileWithAdminSuperUser("ACL ALLOW client ACCESS VIRTUALHOST from_network=\"127.0.0.1\"");

http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/2382c699/test-profiles/JavaPre010Excludes
----------------------------------------------------------------------
diff --git a/test-profiles/JavaPre010Excludes b/test-profiles/JavaPre010Excludes
index 5f0f8f9..f2624ed 100644
--- a/test-profiles/JavaPre010Excludes
+++ b/test-profiles/JavaPre010Excludes
@@ -80,3 +80,6 @@ org.apache.qpid.tests.protocol.v1_0.*
 
 // Tests AMQP 1.0 specific routing semantics
 org.apache.qpid.systest.MessageRoutingTest#*
+
+// QPID-7948: A publish confirms defect prevents this test passing.
+org.apache.qpid.server.security.acl.MessagingACLTest#testPublishToTempTopicSuccess


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message