From 073a280629e8a29a19f2774e1c55fe58d111c883 Mon Sep 17 00:00:00 2001 From: Justin Bertram Date: Fri, 31 Mar 2017 10:24:20 -0500 Subject: [PATCH] ARTEMIS-1092 Validated user + AMQP fix When populate-validated-user = true AMQP messages can cause exceptions. This feature isn't particularly applicable to AMQP so this commit eliminates the exception and leaves the AMQP messages untouched even if populate-validated-user = true. In other words, populate-validated-user + AMQP is not supported. --- .../activemq/artemis/api/core/Message.java | 8 +++++ .../core/message/impl/CoreMessage.java | 11 +++++++ .../artemis/jms/client/ActiveMQMessage.java | 2 +- .../core/protocol/stomp/StompUtils.java | 4 +-- .../core/server/impl/ServerSessionImpl.java | 2 +- .../integration/security/SecurityTest.java | 33 ++++++++++++++++++- 6 files changed, 55 insertions(+), 5 deletions(-) diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/Message.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/Message.java index 856e8653ba..e9c4fecd85 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/Message.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/Message.java @@ -314,6 +314,14 @@ public interface Message { Message setUserID(Object userID); + default String getValidatedUserID() { + return null; + } + + default Message setValidatedUserID(String validatedUserID) { + return this; + } + /** * Returns whether this message is durable or not. */ diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/message/impl/CoreMessage.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/message/impl/CoreMessage.java index 8f24cc05bc..215c268268 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/message/impl/CoreMessage.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/message/impl/CoreMessage.java @@ -383,6 +383,17 @@ public class CoreMessage extends RefCountMessage implements ICoreMessage { return this; } + @Override + public String getValidatedUserID() { + return getStringProperty(Message.HDR_VALIDATED_USER); + } + + @Override + public CoreMessage setValidatedUserID(String validatedUserID) { + putStringProperty(Message.HDR_VALIDATED_USER, SimpleString.toSimpleString(validatedUserID)); + return this; + } + @Override public CoreMessage setMessageID(long messageID) { this.messageID = messageID; diff --git a/artemis-jms-client/src/main/java/org/apache/activemq/artemis/jms/client/ActiveMQMessage.java b/artemis-jms-client/src/main/java/org/apache/activemq/artemis/jms/client/ActiveMQMessage.java index 64c8f16fc7..f13f602ef4 100644 --- a/artemis-jms-client/src/main/java/org/apache/activemq/artemis/jms/client/ActiveMQMessage.java +++ b/artemis-jms-client/src/main/java/org/apache/activemq/artemis/jms/client/ActiveMQMessage.java @@ -588,7 +588,7 @@ public class ActiveMQMessage implements javax.jms.Message { if (MessageUtil.JMSXGROUPID.equals(name)) { return message.getStringProperty(org.apache.activemq.artemis.api.core.Message.HDR_GROUP_ID); } else if (MessageUtil.JMSXUSERID.equals(name)) { - return message.getStringProperty(org.apache.activemq.artemis.api.core.Message.HDR_VALIDATED_USER); + return message.getValidatedUserID(); } else { return message.getStringProperty(new SimpleString(name)); } diff --git a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompUtils.java b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompUtils.java index 7db9d82f04..b05058bf49 100644 --- a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompUtils.java +++ b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompUtils.java @@ -101,8 +101,8 @@ public class StompUtils { if (message.getStringProperty(Message.HDR_CONTENT_TYPE.toString()) != null) { command.addHeader(Stomp.Headers.CONTENT_TYPE, message.getStringProperty(Message.HDR_CONTENT_TYPE.toString())); } - if (message.getStringProperty(Message.HDR_VALIDATED_USER.toString()) != null) { - command.addHeader(Stomp.Headers.Message.VALIDATED_USER, message.getStringProperty(Message.HDR_VALIDATED_USER.toString())); + if (message.getValidatedUserID() != null) { + command.addHeader(Stomp.Headers.Message.VALIDATED_USER, message.getValidatedUserID()); } // now let's add all the rest of the message headers diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java index ae4c16ed7a..edd7afc875 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java @@ -1307,7 +1307,7 @@ public class ServerSessionImpl implements ServerSession, FailureListener { } if (server.getConfiguration().isPopulateValidatedUser() && validatedUser != null) { - message.putStringProperty(Message.HDR_VALIDATED_USER, SimpleString.toSimpleString(validatedUser)); + message.setValidatedUserID(validatedUser); } SimpleString address = message.getAddressSimpleString(); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java index 9f71e91ee9..30b2dbc3c3 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java @@ -29,6 +29,7 @@ import java.util.Set; import org.apache.activemq.artemis.api.core.ActiveMQException; import org.apache.activemq.artemis.api.core.ActiveMQExceptionType; import org.apache.activemq.artemis.api.core.ActiveMQSecurityException; +import org.apache.activemq.artemis.api.core.RoutingType; import org.apache.activemq.artemis.api.core.SimpleString; import org.apache.activemq.artemis.api.core.TransportConfiguration; import org.apache.activemq.artemis.api.core.client.ActiveMQClient; @@ -46,7 +47,6 @@ import org.apache.activemq.artemis.core.security.Role; import org.apache.activemq.artemis.core.server.ActiveMQServer; import org.apache.activemq.artemis.core.server.ActiveMQServers; import org.apache.activemq.artemis.core.server.Queue; -import org.apache.activemq.artemis.api.core.RoutingType; import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl; import org.apache.activemq.artemis.core.server.impl.AddressInfo; import org.apache.activemq.artemis.core.settings.HierarchicalRepository; @@ -109,6 +109,37 @@ public class SecurityTest extends ActiveMQTestBase { } } + @Test + public void testJAASSecurityManagerAuthenticationWithValidateUser() throws Exception { + ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin"); + ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false)); + server.getConfiguration().setPopulateValidatedUser(true); + server.start(); + Role role = new Role("programmers", true, true, true, true, true, true, true, true, true, true); + Set roles = new HashSet<>(); + roles.add(role); + server.getSecurityRepository().addMatch("#", roles); + ClientSessionFactory cf = createSessionFactory(locator); + + try { + ClientSession session = cf.createSession("first", "secret", false, true, true, false, 0); + server.createQueue(SimpleString.toSimpleString("address"), RoutingType.ANYCAST, SimpleString.toSimpleString("queue"), null, true, false); + ClientProducer producer = session.createProducer("address"); + producer.send(session.createMessage(true)); + session.commit(); + producer.close(); + ClientConsumer consumer = session.createConsumer("queue"); + session.start(); + ClientMessage message = consumer.receive(1000); + assertNotNull(message); + assertEquals("first", message.getValidatedUserID()); + session.close(); + } catch (ActiveMQException e) { + e.printStackTrace(); + Assert.fail("should not throw exception"); + } + } + @Test public void testJAASSecurityManagerAuthenticationWithCerts() throws Exception { ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin");