Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 78FE8200D14 for ; Tue, 3 Oct 2017 14:03:32 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 77AC21609DD; Tue, 3 Oct 2017 12:03:32 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 6C3221609D2 for ; Tue, 3 Oct 2017 14:03:31 +0200 (CEST) Received: (qmail 30939 invoked by uid 500); 3 Oct 2017 12:03:30 -0000 Mailing-List: contact commits-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@qpid.apache.org Delivered-To: mailing list commits@qpid.apache.org Received: (qmail 30928 invoked by uid 99); 3 Oct 2017 12:03:30 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Oct 2017 12:03:30 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 7F4BFF54DD; Tue, 3 Oct 2017 12:03:30 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: kwall@apache.org To: commits@qpid.apache.org Date: Tue, 03 Oct 2017 12:03:30 -0000 Message-Id: <79719d6eb1cd400bb7a654fe9593010b@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/2] qpid-broker-j git commit: QPID-7904: [Java Broker] [ACL] Change the AMQP 1.0 layer so it no longer activates dynamically created queues archived-at: Tue, 03 Oct 2017 12:03:32 -0000 Repository: qpid-broker-j Updated Branches: refs/heads/master 7fc0721fb -> 9f92eedde QPID-7904: [Java Broker] [ACL] Change the AMQP 1.0 layer so it no longer activates dynamically created queues Added ACL temporary topic tests. Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/2382c699 Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/2382c699 Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/2382c699 Branch: refs/heads/master Commit: 2382c699eeca6afae34cb1b8e8a6fb5687ae79c7 Parents: 7fc0721 Author: Keith Wall Authored: Tue Oct 3 12:33:23 2017 +0100 Committer: Keith Wall Committed: Tue Oct 3 12:34:13 2017 +0100 ---------------------------------------------------------------------- .../config/LegacyAccessControlAdapter.java | 11 ++- .../config/LegacyAccessControlAdapterTest.java | 6 +- .../protocol/v1_0/SendingLinkEndpoint.java | 7 -- .../server/security/acl/MessagingACLTest.java | 79 +++++++++++++++++++- test-profiles/JavaPre010Excludes | 3 + 5 files changed, 95 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/2382c699/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java ---------------------------------------------------------------------- diff --git a/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java b/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java index 57a7e19..9a072ab 100644 --- a/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java +++ b/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java @@ -312,9 +312,16 @@ class LegacyAccessControlAdapter if("publish".equals(actionName)) { - final ObjectProperties _props = + final ObjectProperties props = new ObjectProperties(exchange.getAddressSpace().getName(), exchange.getName(), (String)arguments.get("routingKey")); - return _accessControl.authorise(PUBLISH, EXCHANGE, _props); + props.put(ObjectProperties.Property.DURABLE, exchange.isDurable()); + if (exchange instanceof Exchange) + { + LifetimePolicy lifetimePolicy = ((Exchange) exchange).getLifetimePolicy(); + props.put(ObjectProperties.Property.AUTO_DELETE, lifetimePolicy != LifetimePolicy.PERMANENT); + props.put(ObjectProperties.Property.TEMPORARY, lifetimePolicy != LifetimePolicy.PERMANENT); + } + return _accessControl.authorise(PUBLISH, EXCHANGE, props); } } else if(categoryClass == VirtualHost.class) http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/2382c699/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapterTest.java ---------------------------------------------------------------------- diff --git a/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapterTest.java b/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapterTest.java index 0efedb7..3d21010 100644 --- a/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapterTest.java +++ b/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapterTest.java @@ -808,17 +808,21 @@ public class LegacyAccessControlAdapterTest extends QpidTestCase String routingKey = "routingKey"; String exchangeName = "exchangeName"; ObjectProperties properties = new ObjectProperties(TEST_VIRTUAL_HOST, exchangeName, routingKey); + properties.put(ObjectProperties.Property.DURABLE, true); + properties.put(ObjectProperties.Property.AUTO_DELETE, false); + properties.put(ObjectProperties.Property.TEMPORARY, false); Exchange exchange = mock(Exchange.class); when(exchange.getCategoryClass()).thenReturn(Exchange.class); when(exchange.getAddressSpace()).thenReturn(_virtualHost); when(exchange.getName()).thenReturn(exchangeName); + when(exchange.getLifetimePolicy()).thenReturn(LifetimePolicy.PERMANENT); + when(exchange.isDurable()).thenReturn(true); Map args = new HashMap<>(); args.put("routingKey",routingKey); _adapter.authoriseAction(exchange, "publish", args); verify(_accessControl).authorise(eq(LegacyOperation.PUBLISH), eq(ObjectType.EXCHANGE), eq(properties)); - } public void testAuthoriseCreateConnection() http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/2382c699/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SendingLinkEndpoint.java ---------------------------------------------------------------------- diff --git a/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SendingLinkEndpoint.java b/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SendingLinkEndpoint.java index 93f19cb..fe10015 100644 --- a/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SendingLinkEndpoint.java +++ b/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SendingLinkEndpoint.java @@ -634,13 +634,6 @@ public class SendingLinkEndpoint extends AbstractLinkEndpoint source.setCapabilities(attachSource.getCapabilities()); final SendingDestination destination = getSession().getSendingDestination(getLink(), source); source.setCapabilities(destination.getCapabilities()); - if (destination instanceof ExchangeSendingDestination) - { - ExchangeSendingDestination exchangeDestination = (ExchangeSendingDestination) destination; - exchangeDestination.getQueue() - .setAttributes(Collections.singletonMap(Queue.DESIRED_STATE, - org.apache.qpid.server.model.State.ACTIVE)); - } getLink().setSource(source); prepareConsumerOptionsAndFilters(destination); } http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/2382c699/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java ---------------------------------------------------------------------- diff --git a/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java b/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java index cdf0b09..5b4bb2d 100644 --- a/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java +++ b/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java @@ -31,6 +31,7 @@ import javax.jms.MessageProducer; import javax.jms.Queue; import javax.jms.Session; import javax.jms.TemporaryQueue; +import javax.jms.TemporaryTopic; import javax.jms.TextMessage; @@ -155,6 +156,34 @@ public class MessagingACLTest extends AbstractACLTestCase } } + public void setUpConsumeFromTempTopicSuccess() throws Exception + { + List rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client ACCESS VIRTUALHOST", + "ACL ALLOW-LOG client CREATE QUEUE temporary=\"true\"", + "ACL ALLOW-LOG client CONSUME QUEUE temporary=\"true\"")); + + if (isBroker10()) + { + rules.add("ACL ALLOW-LOG client BIND EXCHANGE temporary=\"true\""); + } + else + { + rules.add("ACL ALLOW-LOG client BIND EXCHANGE name=\"amq.topic\""); + } + writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()])); + } + + public void testConsumeFromTempTopicSuccess() throws Exception + { + Connection conn = getConnection("test", "client", "guest"); + + Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE); + conn.start(); + + TemporaryTopic temporaryTopic = sess.createTemporaryTopic(); + sess.createConsumer(temporaryTopic); + } + public void setUpConsumeFromNamedQueueValid() throws Exception { List rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client ACCESS VIRTUALHOST", @@ -222,7 +251,6 @@ public class MessagingACLTest extends AbstractACLTestCase } } - public void setUpCreateTemporaryQueueSuccess() throws Exception { List rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client ACCESS VIRTUALHOST", @@ -243,6 +271,26 @@ public class MessagingACLTest extends AbstractACLTestCase conn.close(); } + public void setUpCreateTempTopicSuccess() throws Exception + { + List rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client ACCESS VIRTUALHOST")); + writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()])); + } + + /* For AMQP 1.0 the server causes a temporary instance of the fanout exchange to come into being. For early AMQP + version, there are no server side objects created as amq.topic is used. + */ + public void testCreateTempTopicSuccess() throws Exception + { + Connection conn = getConnection("test", "client", "guest"); + + Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE); + conn.start(); + + TemporaryTopic temporaryTopic = sess.createTemporaryTopic(); + conn.close(); + } + public void setUpCreateTemporaryQueueFailed() throws Exception { writeACLFileWithAdminSuperUser("ACL ALLOW-LOG client ACCESS VIRTUALHOST", @@ -408,6 +456,35 @@ public class MessagingACLTest extends AbstractACLTestCase assertEquals("Incorrect message received", "Response", ((TextMessage) clientResponseMsg).getText()); } + public void setUpPublishToTempTopicSuccess() throws Exception + { + List rules = new ArrayList<>(Arrays.asList("ACL ALLOW-LOG client ACCESS VIRTUALHOST")); + + if (isBroker10()) + { + rules.add("ACL ALLOW-LOG client PUBLISH EXCHANGE temporary=\"true\""); + } + else + { + rules.add("ACL ALLOW-LOG client PUBLISH EXCHANGE name=\"amq.topic\""); + } + writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()])); + } + + public void testPublishToTempTopicSuccess() throws Exception + { + Connection conn = getConnection("test", "client", "guest"); + + Session sess = conn.createSession(true, Session.SESSION_TRANSACTED); + conn.start(); + + TemporaryTopic temporaryTopic = sess.createTemporaryTopic(); + MessageProducer producer = sess.createProducer(temporaryTopic); + producer.send(sess.createMessage()); + sess.commit(); + } + + public void setUpFirewallAllow() throws Exception { writeACLFileWithAdminSuperUser("ACL ALLOW client ACCESS VIRTUALHOST from_network=\"127.0.0.1\""); http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/2382c699/test-profiles/JavaPre010Excludes ---------------------------------------------------------------------- diff --git a/test-profiles/JavaPre010Excludes b/test-profiles/JavaPre010Excludes index 5f0f8f9..f2624ed 100644 --- a/test-profiles/JavaPre010Excludes +++ b/test-profiles/JavaPre010Excludes @@ -80,3 +80,6 @@ org.apache.qpid.tests.protocol.v1_0.* // Tests AMQP 1.0 specific routing semantics org.apache.qpid.systest.MessageRoutingTest#* + +// QPID-7948: A publish confirms defect prevents this test passing. +org.apache.qpid.server.security.acl.MessagingACLTest#testPublishToTempTopicSuccess --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org For additional commands, e-mail: commits-help@qpid.apache.org