Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ARTEMIS-1872 Fixing Security test

This commit is contained in:
Michael André Pearce 2018-05-23 21:01:22 -04:00 committed by Clebert Suconic
parent e28a8a5635
commit 0746ea8aca
3 changed files with 133 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
artemis-jms-client/src/main/java/org/apache/activemq/artemis/jms/client/ActiveMQSession.java
View File

@ -387,7 +387,7 @@ public class ActiveMQSession implements QueueSession, TopicSession {
queue = queueCache.get(queueName);
}
if (queue == null) {
queue = internalCreateQueue(queueName, false);
queue = internalCreateQueue(queueName);
}
if (cacheDestination) {
queueCache.put(queueName, queue);
@ -397,8 +397,7 @@ public class ActiveMQSession implements QueueSession, TopicSession {
throw JMSExceptionHelper.convertFromActiveMQException(e);
}
}
protected Queue internalCreateQueue(String queueName, final boolean retry) throws ActiveMQException, JMSException {
protected Queue internalCreateQueue(String queueName) throws ActiveMQException, JMSException {
ActiveMQQueue queue = lookupQueue(queueName, false);
if (queue == null) {
@ -406,15 +405,25 @@ public class ActiveMQSession implements QueueSession, TopicSession {
}
if (queue == null) {
if (!retry) {
return internalCreateQueue("jms.queue." + queueName, true);
}
queue = internalCreateQueueCompatibility("jms.queue." + queueName);
}
if (queue == null) {
throw new JMSException("There is no queue with name " + queueName);
} else {
return queue;
}
}
protected ActiveMQQueue internalCreateQueueCompatibility(String queueName) throws ActiveMQException, JMSException {
ActiveMQQueue queue = lookupQueue(queueName, false);
if (queue == null) {
queue = lookupQueue(queueName, true);
}
return queue;
}
@Override
public Topic createTopic(final String topicName) throws JMSException {
// As per spec. section 4.11

157
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/SecureConfigurationTest.java
View File

@ -16,6 +16,20 @@
*/
package org.apache.activemq.artemis.tests.integration.server;
import java.lang.IllegalStateException;
import java.util.Arrays;
import java.util.Collection;
import javax.jms.Connection;
import javax.jms.ConnectionFactory;
import javax.jms.Destination;
import javax.jms.JMSException;
import javax.jms.JMSRuntimeException;
import javax.jms.JMSSecurityException;
import javax.jms.MessageConsumer;
import javax.jms.Queue;
import javax.jms.Session;
import javax.jms.TextMessage;
import javax.jms.Topic;
import org.apache.activemq.artemis.core.config.FileDeploymentManager;
import org.apache.activemq.artemis.core.config.impl.FileConfiguration;
import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration;
@ -25,35 +39,24 @@ import org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory;
import org.apache.activemq.artemis.jms.server.config.impl.FileJMSConfiguration;
import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
import org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule;
import org.apache.activemq.artemis.tests.integration.IntegrationTestLogger;
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
import org.apache.qpid.jms.JmsConnectionFactory;
import org.junit.After;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import javax.jms.Connection;
import javax.jms.ConnectionFactory;
import javax.jms.JMSException;
import javax.jms.JMSSecurityException;
import javax.jms.MessageConsumer;
import javax.jms.Session;
import javax.jms.TextMessage;
import javax.jms.Topic;
import java.util.Arrays;
import java.util.Collection;
@RunWith(Parameterized.class)
public class SecureConfigurationTest extends ActiveMQTestBase {
@Parameterized.Parameters(name = "{index}: protocol={0}")
public static Collection<Object[]> parameters() {
return Arrays.asList(new Object[][] {
{"CORE"}, {"AMQP"}, {"OPENWIRE"}
{"CORE"}, {"AMQP"}, {"OPENWIRE"}
});
}
@ -88,18 +91,18 @@ public class SecureConfigurationTest extends ActiveMQTestBase {
String message = "blah";
//Expect to be able to create subscriber on pre-defined/existing queue.
String messageRecieved = sendAndReceiveText(connectionFactory, null, message, "secured_topic_shared_durable", (t, s) -> s.createSharedDurableConsumer(t, "secured_topic_shared_durable/queue"));
String messageRecieved = sendAndReceiveTextUsingTopic(connectionFactory, null, message, "secured_topic_shared_durable", (t, s) -> s.createSharedDurableConsumer(t, "secured_topic_shared_durable/queue"));
Assert.assertEquals(message, messageRecieved);
try {
sendAndReceiveText(connectionFactory, null, message, "secured_topic_shared_durable", (t, s) -> s.createSharedDurableConsumer(t, "secured_topic_shared_durable/non-existant-queue"));
sendAndReceiveTextUsingTopic(connectionFactory, null, message, "secured_topic_shared_durable", (t, s) -> s.createSharedDurableConsumer(t, "secured_topic_shared_durable/non-existant-queue"));
Assert.fail("Security exception expected, but did not occur, excepetion expected as not permissioned to dynamically create queue");
} catch (JMSSecurityException j) {
//Expected exception
}
try {
sendAndReceiveText(connectionFactory, null, message, "secured_topic_shared_durable", (t, s) -> s.createSharedDurableConsumer(t, "secured_topic_shared_durable/queue", "age < 10"));
sendAndReceiveTextUsingTopic(connectionFactory, null, message, "secured_topic_shared_durable", (t, s) -> s.createSharedDurableConsumer(t, "secured_topic_shared_durable/queue", "age < 10"));
Assert.fail("Security exception expected, but did not occur, excepetion expected as not permissioned to dynamically create queue");
} catch (JMSSecurityException j) {
//Expected exception
@ -114,18 +117,18 @@ public class SecureConfigurationTest extends ActiveMQTestBase {
String message = "blah";
//Expect to be able to create subscriber on pre-defined/existing queue.
String messageRecieved = sendAndReceiveText(connectionFactory, null, message, "secured_topic_shared", (t, s) -> s.createSharedConsumer(t, "secured_topic_shared/queue"));
String messageRecieved = sendAndReceiveTextUsingTopic(connectionFactory, null, message, "secured_topic_shared", (t, s) -> s.createSharedConsumer(t, "secured_topic_shared/queue"));
Assert.assertEquals(message, messageRecieved);
try {
sendAndReceiveText(connectionFactory, null, message, "secured_topic_shared", (t, s) -> s.createSharedConsumer(t, "secured_topic_shared/non-existant-queue"));
sendAndReceiveTextUsingTopic(connectionFactory, null, message, "secured_topic_shared", (t, s) -> s.createSharedConsumer(t, "secured_topic_shared/non-existant-queue"));
Assert.fail("Security exception expected, but did not occur, excepetion expected as not permissioned to dynamically create queue");
} catch (JMSSecurityException j) {
//Expected exception
}
try {
sendAndReceiveText(connectionFactory, null, message, "secured_topic_shared", (t, s) -> s.createSharedConsumer(t, "secured_topic_shared/queue", "age < 10"));
sendAndReceiveTextUsingTopic(connectionFactory, null, message, "secured_topic_shared", (t, s) -> s.createSharedConsumer(t, "secured_topic_shared/queue", "age < 10"));
Assert.fail("Security exception expected, but did not occur, excepetion expected as not permissioned to dynamically create queue");
} catch (JMSSecurityException j) {
//Expected exception
@ -138,60 +141,91 @@ public class SecureConfigurationTest extends ActiveMQTestBase {
String message = "blah";
//Expect to be able to create subscriber on pre-defined/existing queue.
String messageRecieved = sendAndReceiveText(connectionFactory, "clientId", message, "secured_topic_durable", (t, s) -> s.createDurableSubscriber(t, "secured_topic_durable/queue"));
String messageRecieved = sendAndReceiveTextUsingTopic(connectionFactory, "clientId", message, "secured_topic_durable", (t, s) -> s.createDurableSubscriber(t, "secured_topic_durable/queue"));
Assert.assertEquals(message, messageRecieved);
try {
sendAndReceiveText(connectionFactory, "clientId", message, "secured_topic_durable", (t, s) -> s.createDurableSubscriber(t, "secured_topic_durable/non-existant-queue"));
sendAndReceiveTextUsingTopic(connectionFactory, "clientId", message, "secured_topic_durable", (t, s) -> s.createDurableSubscriber(t, "secured_topic_durable/non-existant-queue"));
Assert.fail("Security exception expected, but did not occur, excepetion expected as not permissioned to dynamically create queue");
} catch (JMSSecurityException j) {
//Expected exception
}
try {
sendAndReceiveText(connectionFactory, "clientId", message, "secured_topic_durable", (t, s) -> s.createDurableSubscriber(t, "secured_topic_durable/queue", "age < 10", false));
sendAndReceiveTextUsingTopic(connectionFactory, "clientId", message, "secured_topic_durable", (t, s) -> s.createDurableSubscriber(t, "secured_topic_durable/queue", "age < 10", false));
Assert.fail("Security exception expected, but did not occur, excepetion expected as not permissioned to dynamically create queue");
} catch (JMSSecurityException j) {
//Expected exception
}
try {
sendAndReceiveText(connectionFactory, "clientId", message, "secured_topic_durable", (t, s) -> s.createDurableSubscriber(t, "secured_topic_durable/queue", "age < 10", true));
sendAndReceiveTextUsingTopic(connectionFactory, "clientId", message, "secured_topic_durable", (t, s) -> s.createDurableSubscriber(t, "secured_topic_durable/queue", "age < 10", true));
Assert.fail("Security exception expected, but did not occur, excepetion expected as not permissioned to dynamically create queue");
} catch (JMSSecurityException j) {
//Expected exception
}
}
Connection connection = null;
@Test
public void testTemporaryQueue() throws Exception {
ConnectionFactory connectionFactory = getConnectionFactory("c", "c");
String message = "blah";
try {
connection = connectionFactory.createConnection();
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
sendAndReceiveText(connectionFactory, "clientId", message, s -> s.createTemporaryQueue(), (d, s) -> s.createConsumer(d));
Assert.fail("Security exception expected, but did not occur, excepetion expected as not permissioned to create a temporary queue");
} catch (JMSSecurityException jmsse) {
} catch (JMSException e) {
e.printStackTrace();
Assert.fail("thrown a JMSEXception instead of a JMSSEcurityException");
}
}
try {
session.createTemporaryQueue();
Assert.fail("Security exception expected, but did not occur, excepetion expected as not permissioned to create a temporary queue");
} catch (JMSSecurityException jmsse) {
IntegrationTestLogger.LOGGER.info("Client should have thrown a JMSSecurityException but only threw JMSException");
} catch (JMSException e) {
e.printStackTrace();
Assert.fail("thrown a JMSEXception instead of a JMSSEcurityException");
}
@Test
public void testTemporaryTopic() throws Exception {
ConnectionFactory connectionFactory = getConnectionFactory("c", "c");
String message = "blah";
// Should not be fatal
assertNotNull(connection.createSession(false, Session.AUTO_ACKNOWLEDGE));
} finally {
connection.close();
try {
sendAndReceiveText(connectionFactory, "clientId", message, s -> s.createTemporaryTopic(), (d, s) -> s.createConsumer(d));
Assert.fail("Security exception expected, but did not occur, excepetion expected as not permissioned to create a temporary queue");
} catch (JMSSecurityException jmsse) {
} catch (JMSException e) {
e.printStackTrace();
Assert.fail("thrown a JMSEXception instead of a JMSSEcurityException");
}
}
@Test
public void testSecureQueue() throws Exception {
// Core & OpenWire are not creating the queue as the test expects.. just querying
Assume.assumeTrue(protocol.equals("AMQP"));
ConnectionFactory connectionFactory = getConnectionFactory("b", "b");
String message = "blah";
//Expect to be able to create subscriber on pre-defined/existing queue.
String messageRecieved = sendAndReceiveTextUsingQueue(connectionFactory, "clientId", message, "secured_queue", (q, s) -> s.createConsumer(q));
Assert.assertEquals(message, messageRecieved);
try {
sendAndReceiveTextUsingQueue(connectionFactory, "clientId", message, "non-existent-queue", (q, s) -> s.createConsumer(q));
Assert.fail("Security exception expected, but did not occur, excepetion expected as not permissioned to dynamically create queue");
} catch (JMSSecurityException j) {
//Expected exception
}
}
private ConnectionFactory getConnectionFactory(String user, String password) {
switch (protocol) {
case "CORE": return getActiveMQConnectionFactory(user, password);
case "AMQP" : return getAMQPConnectionFactory(user, password);
case "OPENWIRE": return getOpenWireConnectionFactory(user, password);
default: throw new IllegalStateException("Unsupported Protocol");
case "CORE":
return getActiveMQConnectionFactory(user, password);
case "AMQP":
return getAMQPConnectionFactory(user, password);
case "OPENWIRE":
return getOpenWireConnectionFactory(user, password);
default:
throw new IllegalStateException("Unsupported Protocol");
}
}
@ -216,24 +250,40 @@ public class SecureConfigurationTest extends ActiveMQTestBase {
return activeMQConnectionFactory;
}
private String sendAndReceiveText(ConnectionFactory connectionFactory, String clientId, String message, String topicName, ConsumerSupplier consumerSupplier) throws JMSException {
private String sendAndReceiveTextUsingTopic(ConnectionFactory connectionFactory, String clientId, String message, String topicName, ConsumerSupplier<Topic> consumerSupplier) throws JMSException {
return sendAndReceiveText(connectionFactory, clientId, message, s -> s.createTopic(topicName), consumerSupplier);
}
private String sendAndReceiveTextUsingQueue(ConnectionFactory connectionFactory, String clientId, String message, String queueName, ConsumerSupplier<Queue> consumerSupplier) throws JMSException {
return sendAndReceiveText(connectionFactory, clientId, message, s -> s.createQueue(queueName), consumerSupplier);
}
private <D extends Destination> String sendAndReceiveText(ConnectionFactory connectionFactory, String clientId, String message, DestinationSupplier<D> destinationSupplier, ConsumerSupplier<D> consumerSupplier) throws JMSException {
String messageRecieved;
try (Connection connection = connectionFactory.createConnection()) {
Connection connection = null;
try {
connection = connectionFactory.createConnection();
if (clientId != null && !clientId.isEmpty()) {
connection.setClientID(clientId);
}
connection.start();
try (Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE)) {
Topic topic = session.createTopic(topicName);
MessageConsumer messageConsumer = consumerSupplier.create(topic, session);
D destination = destinationSupplier.create(session);
MessageConsumer messageConsumer = consumerSupplier.create(destination, session);
messageConsumer.receive(1000);
TextMessage messageToSend = session.createTextMessage(message);
session.createProducer(topic).send(messageToSend);
session.createProducer(destination).send(messageToSend);
TextMessage received = (TextMessage) messageConsumer.receive(1000);
messageRecieved = received != null ? received.getText() : null;
}
} catch (JMSException | JMSRuntimeException e) {
// Exception Should not be fatal
assertNotNull(connection.createSession(false, Session.AUTO_ACKNOWLEDGE));
throw e;
} finally {
connection.close();
}
return messageRecieved;
}
@ -246,7 +296,6 @@ public class SecureConfigurationTest extends ActiveMQTestBase {
deploymentManager.addDeployable(fileConfiguration);
deploymentManager.readConfiguration();
SecurityConfiguration securityConfiguration = new SecurityConfiguration();
securityConfiguration.addUser("a", "a");
securityConfiguration.addRole("a", "a");
@ -254,14 +303,20 @@ public class SecureConfigurationTest extends ActiveMQTestBase {
securityConfiguration.addUser("b", "b");
securityConfiguration.addRole("b", "b");
securityConfiguration.addUser("c", "c");
securityConfiguration.addRole("c", "c");
ActiveMQJAASSecurityManager sm = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName(), securityConfiguration);
return addServer(new ActiveMQServerImpl(fc, sm));
}
private interface ConsumerSupplier {
MessageConsumer create(Topic topic, Session session) throws JMSException;
private interface ConsumerSupplier<D extends Destination> {
MessageConsumer create(D destination, Session session) throws JMSException;
}
private interface DestinationSupplier<D extends Destination> {
D create(Session session) throws JMSException;
}
}

18
tests/integration-tests/src/test/resources/multicast_topic.xml
View File

@ -77,6 +77,12 @@ under the License.
<queue name="clientId.secured_topic_durable/queue" />
</multicast>
</address>
<address name="secured_queue">
<anycast>
<queue name="secured_queue" />
</anycast>
</address>
</addresses>
<acceptors>
@ -85,13 +91,13 @@ under the License.
<security-settings>
<security-setting match="#">
<permission type="createNonDurableQueue" roles="a"/>
<permission type="deleteNonDurableQueue" roles="a"/>
<permission type="createDurableQueue" roles="a"/>
<permission type="deleteDurableQueue" roles="a"/>
<permission type="createNonDurableQueue" roles="a,b"/>
<permission type="deleteNonDurableQueue" roles="a,b"/>
<permission type="createDurableQueue" roles="a,b"/>
<permission type="deleteDurableQueue" roles="a,b"/>
<permission type="browse" roles="a"/>
<permission type="send" roles="a"/>
<permission type="consume" roles="a" />
<permission type="send" roles="a,b"/>
<permission type="consume" roles="a,b" />
<!-- we need this otherwise ./artemis data imp wouldn't work -->
<permission type="manage" roles="a"/>
</security-setting>