ARTEMIS-1092 Validated user + AMQP fix

When populate-validated-user = true AMQP messages can cause exceptions.
This feature isn't particularly applicable to AMQP so this commit
eliminates the exception and leaves the AMQP messages untouched
even if populate-validated-user = true. In other words,
populate-validated-user + AMQP is not supported.
This commit is contained in:
Justin Bertram 2017-03-31 10:24:20 -05:00
parent 5adce230a3
commit 073a280629
6 changed files with 55 additions and 5 deletions

View File

@ -314,6 +314,14 @@ public interface Message {
Message setUserID(Object userID);
default String getValidatedUserID() {
return null;
}
default Message setValidatedUserID(String validatedUserID) {
return this;
}
/**
* Returns whether this message is durable or not.
*/

View File

@ -383,6 +383,17 @@ public class CoreMessage extends RefCountMessage implements ICoreMessage {
return this;
}
@Override
public String getValidatedUserID() {
return getStringProperty(Message.HDR_VALIDATED_USER);
}
@Override
public CoreMessage setValidatedUserID(String validatedUserID) {
putStringProperty(Message.HDR_VALIDATED_USER, SimpleString.toSimpleString(validatedUserID));
return this;
}
@Override
public CoreMessage setMessageID(long messageID) {
this.messageID = messageID;

View File

@ -588,7 +588,7 @@ public class ActiveMQMessage implements javax.jms.Message {
if (MessageUtil.JMSXGROUPID.equals(name)) {
return message.getStringProperty(org.apache.activemq.artemis.api.core.Message.HDR_GROUP_ID);
} else if (MessageUtil.JMSXUSERID.equals(name)) {
return message.getStringProperty(org.apache.activemq.artemis.api.core.Message.HDR_VALIDATED_USER);
return message.getValidatedUserID();
} else {
return message.getStringProperty(new SimpleString(name));
}

View File

@ -101,8 +101,8 @@ public class StompUtils {
if (message.getStringProperty(Message.HDR_CONTENT_TYPE.toString()) != null) {
command.addHeader(Stomp.Headers.CONTENT_TYPE, message.getStringProperty(Message.HDR_CONTENT_TYPE.toString()));
}
if (message.getStringProperty(Message.HDR_VALIDATED_USER.toString()) != null) {
command.addHeader(Stomp.Headers.Message.VALIDATED_USER, message.getStringProperty(Message.HDR_VALIDATED_USER.toString()));
if (message.getValidatedUserID() != null) {
command.addHeader(Stomp.Headers.Message.VALIDATED_USER, message.getValidatedUserID());
}
// now let's add all the rest of the message headers

View File

@ -1307,7 +1307,7 @@ public class ServerSessionImpl implements ServerSession, FailureListener {
}
if (server.getConfiguration().isPopulateValidatedUser() && validatedUser != null) {
message.putStringProperty(Message.HDR_VALIDATED_USER, SimpleString.toSimpleString(validatedUser));
message.setValidatedUserID(validatedUser);
}
SimpleString address = message.getAddressSimpleString();

View File

@ -29,6 +29,7 @@ import java.util.Set;
import org.apache.activemq.artemis.api.core.ActiveMQException;
import org.apache.activemq.artemis.api.core.ActiveMQExceptionType;
import org.apache.activemq.artemis.api.core.ActiveMQSecurityException;
import org.apache.activemq.artemis.api.core.RoutingType;
import org.apache.activemq.artemis.api.core.SimpleString;
import org.apache.activemq.artemis.api.core.TransportConfiguration;
import org.apache.activemq.artemis.api.core.client.ActiveMQClient;
@ -46,7 +47,6 @@ import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.core.server.ActiveMQServers;
import org.apache.activemq.artemis.core.server.Queue;
import org.apache.activemq.artemis.api.core.RoutingType;
import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl;
import org.apache.activemq.artemis.core.server.impl.AddressInfo;
import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
@ -109,6 +109,37 @@ public class SecurityTest extends ActiveMQTestBase {
}
}
@Test
public void testJAASSecurityManagerAuthenticationWithValidateUser() throws Exception {
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
server.getConfiguration().setPopulateValidatedUser(true);
server.start();
Role role = new Role("programmers", true, true, true, true, true, true, true, true, true, true);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getSecurityRepository().addMatch("#", roles);
ClientSessionFactory cf = createSessionFactory(locator);
try {
ClientSession session = cf.createSession("first", "secret", false, true, true, false, 0);
server.createQueue(SimpleString.toSimpleString("address"), RoutingType.ANYCAST, SimpleString.toSimpleString("queue"), null, true, false);
ClientProducer producer = session.createProducer("address");
producer.send(session.createMessage(true));
session.commit();
producer.close();
ClientConsumer consumer = session.createConsumer("queue");
session.start();
ClientMessage message = consumer.receive(1000);
assertNotNull(message);
assertEquals("first", message.getValidatedUserID());
session.close();
} catch (ActiveMQException e) {
e.printStackTrace();
Assert.fail("should not throw exception");
}
}
@Test
public void testJAASSecurityManagerAuthenticationWithCerts() throws Exception {
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin");