From e9db9c286d88efa0da14527cb0ca1bdb6a6ac885 Mon Sep 17 00:00:00 2001 From: jbertram Date: Tue, 12 Jul 2016 14:13:32 -0500 Subject: [PATCH] ARTEMIS-628 add BROWSE role --- .../artemis/cli/commands/etc/broker.xml | 1 + .../management/ActiveMQServerControl.java | 11 ++ .../artemis/api/core/management/RoleInfo.java | 15 +- .../activemq/artemis/core/security/Role.java | 24 +++- .../artemis/utils/SecurityFormatter.java | 7 +- .../impl/FileConfigurationParser.java | 8 +- .../impl/ActiveMQServerControlImpl.java | 17 ++- .../persistence/config/PersistedRoles.java | 28 +++- .../artemis/core/security/CheckType.java | 6 + .../core/server/impl/ActiveMQServerImpl.java | 2 +- .../impl/LegacyLDAPSecuritySettingPlugin.java | 3 +- .../core/server/impl/ServerSessionImpl.java | 7 +- .../artemis/core/security/RoleTest.java | 43 ++++-- .../artemis/core/settings/RepositoryTest.java | 14 +- docs/user-manual/en/security.md | 9 +- .../client/AutoCreateJmsDestinationTest.java | 4 +- .../failover/SecurityFailoverTest.java | 2 +- .../management/ActiveMQServerControlTest.java | 4 +- .../ActiveMQServerControlUsingCoreTest.java | 13 ++ .../management/AddressControlTest.java | 4 +- .../AddressControlUsingCoreTest.java | 2 +- ...ManagementWithConfiguredAdminUserTest.java | 4 +- .../management/SecurityNotificationTest.java | 4 +- .../openwire/OpenWireTestBase.java | 9 +- .../RolesConfigurationStorageTest.java | 8 +- .../ActiveMQMessageHandlerSecurityTest.java | 2 +- .../tests/integration/ra/JMSContextTest.java | 2 +- .../ra/OutgoingConnectionTest.java | 2 +- .../ra/OutgoingConnectionTestJTA.java | 2 +- .../security/LDAPSecurityTest.java | 21 ++- .../integration/security/SecurityTest.java | 132 +++++++++++------- .../integration/server/ResourceLimitTest.java | 2 +- .../ssl/DualAuthenticationTest.java | 4 +- .../integration/stomp/StompTestBase.java | 2 +- tests/jms-tests/src/test/resources/broker.xml | 1 + .../impl/ActiveMQSecurityManagerImplTest.java | 28 ++-- 36 files changed, 320 insertions(+), 127 deletions(-) diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml index a2982215d2..520a23135d 100644 --- a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml +++ b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml @@ -65,6 +65,7 @@ ${cluster-security.settings}${cluster.settings}${replicated.settings}${shared-st + diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java index 8ec70e47d9..b2318ffb15 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java @@ -624,6 +624,17 @@ public interface ActiveMQServerControl { @Parameter(desc = "a comma-separated list of roles allowed to delete non durable queues", name = "deleteNonDurableQueueRoles") String deleteNonDurableQueueRoles, @Parameter(desc = "a comma-separated list of roles allowed to send management messages messages", name = "manage") String manageRoles) throws Exception; + @Operation(desc = "Add security settings for addresses matching the addressMatch", impact = MBeanOperationInfo.ACTION) + void addSecuritySettings(@Parameter(desc = "an address match", name = "addressMatch") String addressMatch, + @Parameter(desc = "a comma-separated list of roles allowed to send messages", name = "send") String sendRoles, + @Parameter(desc = "a comma-separated list of roles allowed to consume messages", name = "consume") String consumeRoles, + @Parameter(desc = "a comma-separated list of roles allowed to create durable queues", name = "createDurableQueueRoles") String createDurableQueueRoles, + @Parameter(desc = "a comma-separated list of roles allowed to delete durable queues", name = "deleteDurableQueueRoles") String deleteDurableQueueRoles, + @Parameter(desc = "a comma-separated list of roles allowed to create non durable queues", name = "createNonDurableQueueRoles") String createNonDurableQueueRoles, + @Parameter(desc = "a comma-separated list of roles allowed to delete non durable queues", name = "deleteNonDurableQueueRoles") String deleteNonDurableQueueRoles, + @Parameter(desc = "a comma-separated list of roles allowed to send management messages messages", name = "manage") String manageRoles, + @Parameter(desc = "a comma-separated list of roles allowed to browse queues", name = "browse") String browseRoles) throws Exception; + @Operation(desc = "Remove security settings for an address", impact = MBeanOperationInfo.ACTION) void removeSecuritySettings(@Parameter(desc = "an address match", name = "addressMatch") String addressMatch) throws Exception; diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/RoleInfo.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/RoleInfo.java index a1e82a4645..d8c78ea18c 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/RoleInfo.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/RoleInfo.java @@ -41,6 +41,8 @@ public final class RoleInfo { private final boolean manage; + private final boolean browse; + /** * Returns an array of RoleInfo corresponding to the JSON serialization returned * by {@link AddressControl#getRolesAsJSON()}. @@ -50,7 +52,7 @@ public final class RoleInfo { RoleInfo[] roles = new RoleInfo[array.length()]; for (int i = 0; i < array.length(); i++) { JSONObject r = array.getJSONObject(i); - RoleInfo role = new RoleInfo(r.getString("name"), r.getBoolean("send"), r.getBoolean("consume"), r.getBoolean("createDurableQueue"), r.getBoolean("deleteDurableQueue"), r.getBoolean("createNonDurableQueue"), r.getBoolean("deleteNonDurableQueue"), r.getBoolean("manage")); + RoleInfo role = new RoleInfo(r.getString("name"), r.getBoolean("send"), r.getBoolean("consume"), r.getBoolean("createDurableQueue"), r.getBoolean("deleteDurableQueue"), r.getBoolean("createNonDurableQueue"), r.getBoolean("deleteNonDurableQueue"), r.getBoolean("manage"), r.getBoolean("browse")); roles[i] = role; } return roles; @@ -63,7 +65,8 @@ public final class RoleInfo { final boolean deleteDurableQueue, final boolean createNonDurableQueue, final boolean deleteNonDurableQueue, - final boolean manage) { + final boolean manage, + final boolean browse) { this.name = name; this.send = send; this.consume = consume; @@ -72,6 +75,7 @@ public final class RoleInfo { this.createNonDurableQueue = createNonDurableQueue; this.deleteNonDurableQueue = deleteNonDurableQueue; this.manage = manage; + this.browse = browse; } /** @@ -129,4 +133,11 @@ public final class RoleInfo { public boolean isManage() { return manage; } + + /** + * Returns whether this role can browse queues bound to the address. + */ + public boolean isBrowse() { + return browse; + } } diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java index 9f98472761..983b392ec1 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java @@ -41,6 +41,8 @@ public class Role implements Serializable { private final boolean manage; + private final boolean browse; + public Role(final String name, final boolean send, final boolean consume, @@ -48,7 +50,8 @@ public class Role implements Serializable { final boolean deleteDurableQueue, final boolean createNonDurableQueue, final boolean deleteNonDurableQueue, - final boolean manage) { + final boolean manage, + final boolean browse) { if (name == null) { throw new NullPointerException("name is null"); } @@ -60,6 +63,7 @@ public class Role implements Serializable { this.createNonDurableQueue = createNonDurableQueue; this.deleteNonDurableQueue = deleteNonDurableQueue; this.manage = manage; + this.browse = browse; } public String getName() { @@ -112,6 +116,12 @@ public class Role implements Serializable { if (deleteNonDurableQueue) { stringReturn.append(" deleteNonDurableQueue "); } + if (manage) { + stringReturn.append(" manage "); + } + if (browse) { + stringReturn.append(" browse "); + } stringReturn.append("]}"); @@ -147,6 +157,12 @@ public class Role implements Serializable { if (send != role.send) { return false; } + if (manage != role.manage) { + return false; + } + if (browse != role.browse) { + return false; + } if (!name.equals(role.name)) { return false; } @@ -164,10 +180,16 @@ public class Role implements Serializable { result = 31 * result + (deleteDurableQueue ? 1 : 0); result = 31 * result + (createNonDurableQueue ? 1 : 0); result = 31 * result + (deleteNonDurableQueue ? 1 : 0); + result = 31 * result + (manage ? 1 : 0); + result = 31 * result + (browse ? 1 : 0); return result; } public boolean isManage() { return manage; } + + public boolean isBrowse() { + return browse; + } } diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/SecurityFormatter.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/SecurityFormatter.java index 1df12b1b82..b64cc77ef9 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/SecurityFormatter.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/SecurityFormatter.java @@ -31,7 +31,8 @@ public class SecurityFormatter { String deleteDurableQueueRoles, String createNonDurableQueueRoles, String deleteNonDurableQueueRoles, - String manageRoles) { + String manageRoles, + String browseRoles) { List createDurableQueue = toList(createDurableQueueRoles); List deleteDurableQueue = toList(deleteDurableQueueRoles); List createNonDurableQueue = toList(createNonDurableQueueRoles); @@ -39,6 +40,7 @@ public class SecurityFormatter { List send = toList(sendRoles); List consume = toList(consumeRoles); List manage = toList(manageRoles); + List browse = toList(browseRoles); Set allRoles = new HashSet<>(); allRoles.addAll(createDurableQueue); @@ -48,10 +50,11 @@ public class SecurityFormatter { allRoles.addAll(send); allRoles.addAll(consume); allRoles.addAll(manage); + allRoles.addAll(browse); Set roles = new HashSet<>(allRoles.size()); for (String role : allRoles) { - roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role))); + roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browse.contains(role))); } return roles; } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java index 0a47f9f1ed..deda1ad7d7 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java @@ -121,6 +121,8 @@ public final class FileConfigurationParser extends XMLConfigurationUtil { private static final String MANAGE_NAME = "manage"; + private static final String BROWSE_NAME = "browse"; + // Address parsing private static final String DEAD_LETTER_ADDRESS_NODE_NAME = "dead-letter-address"; @@ -633,6 +635,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil { ArrayList createNonDurableQueue = new ArrayList<>(); ArrayList deleteNonDurableQueue = new ArrayList<>(); ArrayList manageRoles = new ArrayList<>(); + ArrayList browseRoles = new ArrayList<>(); ArrayList allRoles = new ArrayList<>(); NodeList children = node.getChildNodes(); for (int i = 0; i < children.getLength(); i++) { @@ -670,6 +673,9 @@ public final class FileConfigurationParser extends XMLConfigurationUtil { else if (MANAGE_NAME.equals(type)) { manageRoles.add(role.trim()); } + else if (BROWSE_NAME.equals(type)) { + browseRoles.add(role.trim()); + } else { ActiveMQServerLogger.LOGGER.rolePermissionConfigurationError(type); } @@ -682,7 +688,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil { } for (String role : allRoles) { - securityRoles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role))); + securityRoles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browseRoles.contains(role))); } return securityMatch; diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java index 710bb0ed7d..9b5ec203ab 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java @@ -1415,15 +1415,28 @@ public class ActiveMQServerControlImpl extends AbstractControl implements Active final String createNonDurableQueueRoles, final String deleteNonDurableQueueRoles, final String manageRoles) throws Exception { + addSecuritySettings(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, ""); + } + + @Override + public void addSecuritySettings(final String addressMatch, + final String sendRoles, + final String consumeRoles, + final String createDurableQueueRoles, + final String deleteDurableQueueRoles, + final String createNonDurableQueueRoles, + final String deleteNonDurableQueueRoles, + final String manageRoles, + final String browseRoles) throws Exception { checkStarted(); clearIO(); try { - Set roles = SecurityFormatter.createSecurity(sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles); + Set roles = SecurityFormatter.createSecurity(sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles); server.getSecurityRepository().addMatch(addressMatch, roles); - PersistedRoles persistedRoles = new PersistedRoles(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles); + PersistedRoles persistedRoles = new PersistedRoles(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles); storageManager.storeSecurityRoles(persistedRoles); } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/persistence/config/PersistedRoles.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/persistence/config/PersistedRoles.java index 5b3c4223cc..256a0a6594 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/persistence/config/PersistedRoles.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/persistence/config/PersistedRoles.java @@ -44,6 +44,8 @@ public class PersistedRoles implements EncodingSupport { private SimpleString manageRoles; + private SimpleString browseRoles; + // Static -------------------------------------------------------- // Constructors -------------------------------------------------- @@ -60,6 +62,7 @@ public class PersistedRoles implements EncodingSupport { * @param createNonDurableQueueRoles * @param deleteNonDurableQueueRoles * @param manageRoles + * @param browseRoles */ public PersistedRoles(final String addressMatch, final String sendRoles, @@ -68,7 +71,8 @@ public class PersistedRoles implements EncodingSupport { final String deleteDurableQueueRoles, final String createNonDurableQueueRoles, final String deleteNonDurableQueueRoles, - final String manageRoles) { + final String manageRoles, + final String browseRoles) { super(); this.addressMatch = SimpleString.toSimpleString(addressMatch); this.sendRoles = SimpleString.toSimpleString(sendRoles); @@ -78,6 +82,7 @@ public class PersistedRoles implements EncodingSupport { this.createNonDurableQueueRoles = SimpleString.toSimpleString(createNonDurableQueueRoles); this.deleteNonDurableQueueRoles = SimpleString.toSimpleString(deleteNonDurableQueueRoles); this.manageRoles = SimpleString.toSimpleString(manageRoles); + this.browseRoles = SimpleString.toSimpleString(browseRoles); } // Public -------------------------------------------------------- @@ -146,6 +151,13 @@ public class PersistedRoles implements EncodingSupport { return manageRoles.toString(); } + /** + * @return the browseRoles + */ + public String getBrowseRoles() { + return browseRoles.toString(); + } + @Override public void encode(final ActiveMQBuffer buffer) { buffer.writeSimpleString(addressMatch); @@ -156,6 +168,7 @@ public class PersistedRoles implements EncodingSupport { buffer.writeNullableSimpleString(createNonDurableQueueRoles); buffer.writeNullableSimpleString(deleteNonDurableQueueRoles); buffer.writeNullableSimpleString(manageRoles); + buffer.writeNullableSimpleString(browseRoles); } @Override @@ -166,7 +179,8 @@ public class PersistedRoles implements EncodingSupport { SimpleString.sizeofNullableString(deleteDurableQueueRoles) + SimpleString.sizeofNullableString(createNonDurableQueueRoles) + SimpleString.sizeofNullableString(deleteNonDurableQueueRoles) + - SimpleString.sizeofNullableString(manageRoles); + SimpleString.sizeofNullableString(manageRoles) + + SimpleString.sizeofNullableString(browseRoles); } @@ -180,6 +194,7 @@ public class PersistedRoles implements EncodingSupport { createNonDurableQueueRoles = buffer.readNullableSimpleString(); deleteNonDurableQueueRoles = buffer.readNullableSimpleString(); manageRoles = buffer.readNullableSimpleString(); + browseRoles = buffer.readNullableSimpleString(); } /* (non-Javadoc) @@ -196,6 +211,7 @@ public class PersistedRoles implements EncodingSupport { result = prime * result + ((deleteDurableQueueRoles == null) ? 0 : deleteDurableQueueRoles.hashCode()); result = prime * result + ((deleteNonDurableQueueRoles == null) ? 0 : deleteNonDurableQueueRoles.hashCode()); result = prime * result + ((manageRoles == null) ? 0 : manageRoles.hashCode()); + result = prime * result + ((browseRoles == null) ? 0 : browseRoles.hashCode()); result = prime * result + ((sendRoles == null) ? 0 : sendRoles.hashCode()); result = prime * result + (int) (storeId ^ (storeId >>> 32)); return result; @@ -255,6 +271,12 @@ public class PersistedRoles implements EncodingSupport { } else if (!manageRoles.equals(other.manageRoles)) return false; + if (browseRoles == null) { + if (other.browseRoles != null) + return false; + } + else if (!browseRoles.equals(other.browseRoles)) + return false; if (sendRoles == null) { if (other.sendRoles != null) return false; @@ -288,6 +310,8 @@ public class PersistedRoles implements EncodingSupport { deleteNonDurableQueueRoles + ", manageRoles=" + manageRoles + + ", browseRoles=" + + browseRoles + "]"; } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/CheckType.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/CheckType.java index 6a8f01c7fe..7d4cc00bec 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/CheckType.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/CheckType.java @@ -58,6 +58,12 @@ public enum CheckType { public boolean hasRole(final Role role) { return role.isManage(); } + }, + BROWSE { + @Override + public boolean hasRole(final Role role) { + return role.isBrowse(); + } }; public abstract boolean hasRole(final Role role); diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java index fa9983fc4e..3fa336ab83 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java @@ -2116,7 +2116,7 @@ public class ActiveMQServerImpl implements ActiveMQServer { List roles = storageManager.recoverPersistedRoles(); for (PersistedRoles roleItem : roles) { - Set setRoles = SecurityFormatter.createSecurity(roleItem.getSendRoles(), roleItem.getConsumeRoles(), roleItem.getCreateDurableQueueRoles(), roleItem.getDeleteDurableQueueRoles(), roleItem.getCreateNonDurableQueueRoles(), roleItem.getDeleteNonDurableQueueRoles(), roleItem.getManageRoles()); + Set setRoles = SecurityFormatter.createSecurity(roleItem.getSendRoles(), roleItem.getConsumeRoles(), roleItem.getCreateDurableQueueRoles(), roleItem.getDeleteDurableQueueRoles(), roleItem.getCreateNonDurableQueueRoles(), roleItem.getDeleteNonDurableQueueRoles(), roleItem.getManageRoles(), roleItem.getBrowseRoles()); securityRepository.addMatch(roleItem.getAddressMatch().toString(), setRoles); } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java index 6a0710aa09..4397eb48b1 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java @@ -379,7 +379,8 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin { permissionType.equalsIgnoreCase(adminPermissionValue), permissionType.equalsIgnoreCase(adminPermissionValue), permissionType.equalsIgnoreCase(adminPermissionValue), - false); // there is no permission from ActiveMQ 5.x that corresponds to the "manage" permission in ActiveMQ Artemis + false, // there is no permission from ActiveMQ 5.x that corresponds to the "manage" permission in ActiveMQ Artemis + permissionType.equalsIgnoreCase(readPermissionValue)); // the "browse" permission matches "read" from ActiveMQ 5.x roles.add(role); } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java index 883f4992f3..e4ad9b4453 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java @@ -416,7 +416,12 @@ public class ServerSessionImpl implements ServerSession, FailureListener { throw ActiveMQMessageBundle.BUNDLE.noSuchQueue(queueName); } - securityCheck(binding.getAddress(), CheckType.CONSUME, this); + if (browseOnly) { + securityCheck(binding.getAddress(), CheckType.BROWSE, this); + } + else { + securityCheck(binding.getAddress(), CheckType.CONSUME, this); + } Filter filter = FilterImpl.createFilter(filterString); diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/RoleTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/RoleTest.java index f069e68ba3..3a1729a180 100644 --- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/RoleTest.java +++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/RoleTest.java @@ -19,11 +19,13 @@ package org.apache.activemq.artemis.core.security; import org.junit.Assert; import org.junit.Test; +import static org.apache.activemq.artemis.core.security.CheckType.BROWSE; import static org.apache.activemq.artemis.core.security.CheckType.CONSUME; import static org.apache.activemq.artemis.core.security.CheckType.CREATE_DURABLE_QUEUE; import static org.apache.activemq.artemis.core.security.CheckType.CREATE_NON_DURABLE_QUEUE; import static org.apache.activemq.artemis.core.security.CheckType.DELETE_DURABLE_QUEUE; import static org.apache.activemq.artemis.core.security.CheckType.DELETE_NON_DURABLE_QUEUE; +import static org.apache.activemq.artemis.core.security.CheckType.MANAGE; import static org.apache.activemq.artemis.core.security.CheckType.SEND; public class RoleTest extends Assert { @@ -38,46 +40,65 @@ public class RoleTest extends Assert { // Public -------------------------------------------------------- @Test - public void testReadRole() throws Exception { - Role role = new Role("testReadRole", true, false, false, false, false, false, false); + public void testWriteRole() throws Exception { + Role role = new Role("testWriteRole", true, false, false, false, false, false, false, false); Assert.assertTrue(SEND.hasRole(role)); Assert.assertFalse(CONSUME.hasRole(role)); Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role)); + Assert.assertFalse(MANAGE.hasRole(role)); + Assert.assertFalse(BROWSE.hasRole(role)); } @Test - public void testWriteRole() throws Exception { - Role role = new Role("testWriteRole", false, true, false, false, false, false, false); + public void testReadRole() throws Exception { + Role role = new Role("testReadRole", false, true, false, false, false, false, false, true); Assert.assertFalse(SEND.hasRole(role)); Assert.assertTrue(CONSUME.hasRole(role)); Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role)); + Assert.assertFalse(MANAGE.hasRole(role)); + Assert.assertTrue(BROWSE.hasRole(role)); } @Test public void testCreateRole() throws Exception { - Role role = new Role("testWriteRole", false, false, true, false, false, false, false); + Role role = new Role("testCreateRole", false, false, true, false, false, false, false, false); Assert.assertFalse(SEND.hasRole(role)); Assert.assertFalse(CONSUME.hasRole(role)); Assert.assertTrue(CREATE_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role)); + Assert.assertFalse(MANAGE.hasRole(role)); + Assert.assertFalse(BROWSE.hasRole(role)); + } + + @Test + public void testManageRole() throws Exception { + Role role = new Role("testManageRole", false, false, false, false, false, false, true, false); + Assert.assertFalse(SEND.hasRole(role)); + Assert.assertFalse(CONSUME.hasRole(role)); + Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role)); + Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role)); + Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role)); + Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role)); + Assert.assertTrue(MANAGE.hasRole(role)); + Assert.assertFalse(BROWSE.hasRole(role)); } @Test public void testEqualsAndHashcode() throws Exception { - Role role = new Role("testEquals", true, true, true, false, false, false, false); - Role sameRole = new Role("testEquals", true, true, true, false, false, false, false); - Role roleWithDifferentName = new Role("notEquals", true, true, true, false, false, false, false); - Role roleWithDifferentRead = new Role("testEquals", false, true, true, false, false, false, false); - Role roleWithDifferentWrite = new Role("testEquals", true, false, true, false, false, false, false); - Role roleWithDifferentCreate = new Role("testEquals", true, true, false, false, false, false, false); + Role role = new Role("testEquals", true, true, true, false, false, false, false, false); + Role sameRole = new Role("testEquals", true, true, true, false, false, false, false, false); + Role roleWithDifferentName = new Role("notEquals", true, true, true, false, false, false, false, false); + Role roleWithDifferentRead = new Role("testEquals", false, true, true, false, false, false, false, false); + Role roleWithDifferentWrite = new Role("testEquals", true, false, true, false, false, false, false, false); + Role roleWithDifferentCreate = new Role("testEquals", true, true, false, false, false, false, false, false); Assert.assertTrue(role.equals(role)); diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/settings/RepositoryTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/settings/RepositoryTest.java index b7563e1738..ca01857c48 100644 --- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/settings/RepositoryTest.java +++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/settings/RepositoryTest.java @@ -72,13 +72,13 @@ public class RepositoryTest extends ActiveMQTestBase { public void testSingletwo() { securityRepository.addMatch("queues.another.aq.*", new HashSet()); HashSet roles = new HashSet<>(2); - roles.add(new Role("test1", true, true, true, true, true, true, true)); - roles.add(new Role("test2", true, true, true, true, true, true, true)); + roles.add(new Role("test1", true, true, true, true, true, true, true, true)); + roles.add(new Role("test2", true, true, true, true, true, true, true, true)); securityRepository.addMatch("queues.aq", roles); HashSet roles2 = new HashSet<>(2); - roles2.add(new Role("test1", true, true, true, true, true, true, true)); - roles2.add(new Role("test2", true, true, true, true, true, true, true)); - roles2.add(new Role("test3", true, true, true, true, true, true, true)); + roles2.add(new Role("test1", true, true, true, true, true, true, true, true)); + roles2.add(new Role("test2", true, true, true, true, true, true, true, true)); + roles2.add(new Role("test3", true, true, true, true, true, true, true, true)); securityRepository.addMatch("queues.another.andanother", roles2); HashSet hashSet = securityRepository.getMatch("queues.another.andanother"); @@ -89,8 +89,8 @@ public class RepositoryTest extends ActiveMQTestBase { public void testWithoutWildcard() { securityRepository.addMatch("queues.1.*", new HashSet()); HashSet roles = new HashSet<>(2); - roles.add(new Role("test1", true, true, true, true, true, true, true)); - roles.add(new Role("test2", true, true, true, true, true, true, true)); + roles.add(new Role("test1", true, true, true, true, true, true, true, true)); + roles.add(new Role("test2", true, true, true, true, true, true, true, true)); securityRepository.addMatch("queues.2.aq", roles); HashSet hashSet = securityRepository.getMatch("queues.2.aq"); Assert.assertEquals(hashSet.size(), 2); diff --git a/docs/user-manual/en/security.md b/docs/user-manual/en/security.md index 32c9a35901..0f6517a262 100644 --- a/docs/user-manual/en/security.md +++ b/docs/user-manual/en/security.md @@ -53,6 +53,9 @@ match the address. Those permissions are: - `consume`. This permission allows the user to consume a message from a queue bound to matching addresses. +- `browse`. This permission allows the user to browse a queue bound to + the matching address. + - `manage`. This permission allows the user to invoke management operations by sending management messages to the management address. @@ -225,11 +228,11 @@ may not be applied as expected to JMS destinations since Artemis always prefixes "jms.topic." as necessary. ActiveMQ 5.x only has 3 permission types - `read`, `write`, and `admin`. These permission types are described on their -[website](http://activemq.apache.org/security.html). However, as described previously, ActiveMQ Artemis has 6 permission +[website](http://activemq.apache.org/security.html). However, as described previously, ActiveMQ Artemis has 7 permission types - `createDurableQueue`, `deleteDurableQueue`, `createNonDurableQueue`, `deleteNonDurableQueue`, `send`, `consume`, -and `manage`. Here's how the old types are mapped to the new types: +`browse`, and `manage`. Here's how the old types are mapped to the new types: -- `read` - `consume` +- `read` - `consume`, `browse` - `write` - `send` - `admin` - `createDurableQueue`, `deleteDurableQueue`, `createNonDurableQueue`, `deleteNonDurableQueue` diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/AutoCreateJmsDestinationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/AutoCreateJmsDestinationTest.java index fcc05a3243..dcae248cc4 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/AutoCreateJmsDestinationTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/AutoCreateJmsDestinationTest.java @@ -107,7 +107,7 @@ public class AutoCreateJmsDestinationTest extends JMSTestBase { ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest"); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest"); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "rejectAll"); - Role role = new Role("rejectAll", false, false, false, false, false, false, false); + Role role = new Role("rejectAll", false, false, false, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch("#", roles); @@ -245,7 +245,7 @@ public class AutoCreateJmsDestinationTest extends JMSTestBase { ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest"); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest"); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "allowAll"); - Role role = new Role("allowAll", true, true, true, true, true, true, true); + Role role = new Role("allowAll", true, true, true, true, true, true, true, true); Set roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch("#", roles); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/cluster/failover/SecurityFailoverTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/cluster/failover/SecurityFailoverTest.java index 121a650a72..f6a8e5b1ae 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/cluster/failover/SecurityFailoverTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/cluster/failover/SecurityFailoverTest.java @@ -103,7 +103,7 @@ public class SecurityFailoverTest extends FailoverTest { protected ActiveMQJAASSecurityManager installSecurity(TestableServer server) { ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getServer().getSecurityManager(); securityManager.getConfiguration().addUser("a", "b"); - Role role = new Role("arole", true, true, true, true, true, true, true); + Role role = new Role("arole", true, true, true, true, true, true, true, true); Set roles = new HashSet<>(); roles.add(role); server.getServer().getSecurityRepository().addMatch("#", roles); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java index 0e44bae87a..2d4d98361d 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java @@ -402,7 +402,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase { String exactAddress = "test.whatever"; assertEquals(0, serverControl.getRoles(addressMatch).length); - serverControl.addSecuritySettings(addressMatch, "foo", "foo, bar", "foo", "bar", "foo, bar", "", ""); + serverControl.addSecuritySettings(addressMatch, "foo", "foo, bar", "foo", "bar", "foo, bar", "", "", "bar"); // Restart the server. Those settings should be persisted @@ -430,6 +430,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase { assertTrue(fooRole.isCreateNonDurableQueue()); assertFalse(fooRole.isDeleteNonDurableQueue()); assertFalse(fooRole.isManage()); + assertFalse(fooRole.isBrowse()); assertFalse(barRole.isSend()); assertTrue(barRole.isConsume()); @@ -438,6 +439,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase { assertTrue(barRole.isCreateNonDurableQueue()); assertFalse(barRole.isDeleteNonDurableQueue()); assertFalse(barRole.isManage()); + assertTrue(barRole.isBrowse()); serverControl.removeSecuritySettings(addressMatch); assertEquals(0, serverControl.getRoles(exactAddress).length); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java index 2f979cc111..05ad2bdda0 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java @@ -552,6 +552,19 @@ public class ActiveMQServerControlUsingCoreTest extends ActiveMQServerControlTes proxy.invokeOperation("addSecuritySettings", addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles); } + @Override + public void addSecuritySettings(String addressMatch, + String sendRoles, + String consumeRoles, + String createDurableQueueRoles, + String deleteDurableQueueRoles, + String createNonDurableQueueRoles, + String deleteNonDurableQueueRoles, + String manageRoles, + String browseRoles) throws Exception { + proxy.invokeOperation("addSecuritySettings", addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles); + } + @Override public void removeSecuritySettings(String addressMatch) throws Exception { proxy.invokeOperation("removeSecuritySettings", addressMatch); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlTest.java index 88264f3aac..d34468b697 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlTest.java @@ -117,7 +117,7 @@ public class AddressControlTest extends ManagementTestBase { public void testGetRoles() throws Exception { SimpleString address = RandomUtil.randomSimpleString(); SimpleString queue = RandomUtil.randomSimpleString(); - Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean()); + Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean()); session.createQueue(address, queue, true); @@ -148,7 +148,7 @@ public class AddressControlTest extends ManagementTestBase { public void testGetRolesAsJSON() throws Exception { SimpleString address = RandomUtil.randomSimpleString(); SimpleString queue = RandomUtil.randomSimpleString(); - Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean()); + Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean()); session.createQueue(address, queue, true); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlUsingCoreTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlUsingCoreTest.java index 53ee96a094..83aeb1c9f9 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlUsingCoreTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/AddressControlUsingCoreTest.java @@ -121,7 +121,7 @@ public class AddressControlUsingCoreTest extends ManagementTestBase { public void testGetRoles() throws Exception { SimpleString address = RandomUtil.randomSimpleString(); SimpleString queue = RandomUtil.randomSimpleString(); - Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean()); + Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean()); session.createQueue(address, queue, true); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityManagementWithConfiguredAdminUserTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityManagementWithConfiguredAdminUserTest.java index 10cc3760d8..7f3ec69d27 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityManagementWithConfiguredAdminUserTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityManagementWithConfiguredAdminUserTest.java @@ -90,10 +90,10 @@ public class SecurityManagementWithConfiguredAdminUserTest extends SecurityManag securityManager.getConfiguration().addRole(invalidAdminUser, "guest"); Set adminRole = securityRepository.getMatch(ActiveMQDefaultConfiguration.getDefaultManagementAddress().toString()); - adminRole.add(new Role("admin", true, true, true, true, true, true, true)); + adminRole.add(new Role("admin", true, true, true, true, true, true, true, true)); securityRepository.addMatch(ActiveMQDefaultConfiguration.getDefaultManagementAddress().toString(), adminRole); Set guestRole = securityRepository.getMatch("*"); - guestRole.add(new Role("guest", true, true, true, true, true, true, false)); + guestRole.add(new Role("guest", true, true, true, true, true, true, false, true)); securityRepository.addMatch("*", guestRole); return server; diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java index 8cf33f843b..3e8dca4543 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java @@ -89,7 +89,7 @@ public class SecurityNotificationTest extends ActiveMQTestBase { SimpleString address = RandomUtil.randomSimpleString(); // guest can not create queue - Role role = new Role("roleCanNotCreateQueue", true, true, false, true, false, true, true); + Role role = new Role("roleCanNotCreateQueue", true, true, false, true, false, true, true, true); Set roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch(address.toString(), roles); @@ -138,7 +138,7 @@ public class SecurityNotificationTest extends ActiveMQTestBase { securityManager.getConfiguration().addUser("guest", "guest"); securityManager.getConfiguration().setDefaultUser("guest"); - Role role = new Role("notif", true, true, true, true, true, true, true); + Role role = new Role("notif", true, true, true, true, true, true, true, true); Set roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch(ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress().toString(), roles); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/openwire/OpenWireTestBase.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/openwire/OpenWireTestBase.java index 6a95bfc378..73c86950b1 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/openwire/OpenWireTestBase.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/openwire/OpenWireTestBase.java @@ -77,24 +77,23 @@ public class OpenWireTestBase extends ActiveMQTestBase { securityManager.getConfiguration().addRole("openwireSender", "sender"); securityManager.getConfiguration().addUser("openwireSender", "SeNdEr"); //sender cannot receive - Role senderRole = new Role("sender", true, false, false, false, true, true, false); + Role senderRole = new Role("sender", true, false, false, false, true, true, false, false); securityManager.getConfiguration().addRole("openwireReceiver", "receiver"); securityManager.getConfiguration().addUser("openwireReceiver", "ReCeIvEr"); //receiver cannot send - Role receiverRole = new Role("receiver", false, true, false, false, true, true, false); + Role receiverRole = new Role("receiver", false, true, false, false, true, true, false, true); securityManager.getConfiguration().addRole("openwireGuest", "guest"); securityManager.getConfiguration().addUser("openwireGuest", "GuEsT"); //guest cannot do anything - Role guestRole = new Role("guest", false, false, false, false, false, false, false); + Role guestRole = new Role("guest", false, false, false, false, false, false, false, false); securityManager.getConfiguration().addRole("openwireDestinationManager", "manager"); securityManager.getConfiguration().addUser("openwireDestinationManager", "DeStInAtIoN"); - //guest cannot do anything - Role destRole = new Role("manager", false, false, false, false, true, true, false); + Role destRole = new Role("manager", false, false, false, false, true, true, false, false); Set roles = new HashSet<>(); roles.add(senderRole); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/persistence/RolesConfigurationStorageTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/persistence/RolesConfigurationStorageTest.java index 4f4c5de53b..74991093cd 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/persistence/RolesConfigurationStorageTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/persistence/RolesConfigurationStorageTest.java @@ -52,9 +52,9 @@ public class RolesConfigurationStorageTest extends StorageManagerTestBase { public void testStoreSecuritySettings() throws Exception { createStorage(); - addSetting(new PersistedRoles("a#", "a1", "a1", "a1", "a1", "a1", "a1", "a1")); + addSetting(new PersistedRoles("a#", "a1", "a1", "a1", "a1", "a1", "a1", "a1", "a1")); - addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1")); + addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1")); journal.stop(); @@ -64,9 +64,9 @@ public class RolesConfigurationStorageTest extends StorageManagerTestBase { checkSettings(); - addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1")); + addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1")); - addSetting(new PersistedRoles("a3", "a1", null, "a1", "a1", "a1", "a1", "a1")); + addSetting(new PersistedRoles("a3", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1")); checkSettings(); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/ActiveMQMessageHandlerSecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/ActiveMQMessageHandlerSecurityTest.java index 544ebeab38..b0669f14fa 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/ActiveMQMessageHandlerSecurityTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/ActiveMQMessageHandlerSecurityTest.java @@ -67,7 +67,7 @@ public class ActiveMQMessageHandlerSecurityTest extends ActiveMQRATestBase { ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("testuser", "testpassword"); securityManager.getConfiguration().addRole("testuser", "arole"); - Role role = new Role("arole", false, true, false, false, false, false, false); + Role role = new Role("arole", false, true, false, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/JMSContextTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/JMSContextTest.java index 756127f0aa..6ee604584b 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/JMSContextTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/JMSContextTest.java @@ -57,7 +57,7 @@ public class JMSContextTest extends ActiveMQRATestBase { securityManager.getConfiguration().setDefaultUser("guest"); securityManager.getConfiguration().addRole("testuser", "arole"); securityManager.getConfiguration().addRole("guest", "arole"); - Role role = new Role("arole", true, true, true, true, true, true, true); + Role role = new Role("arole", true, true, true, true, true, true, true, true); Set roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTest.java index e9fbff3ba3..190240c30a 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTest.java @@ -82,7 +82,7 @@ public class OutgoingConnectionTest extends ActiveMQRATestBase { securityManager.getConfiguration().setDefaultUser("guest"); securityManager.getConfiguration().addRole("testuser", "arole"); securityManager.getConfiguration().addRole("guest", "arole"); - Role role = new Role("arole", true, true, true, true, true, true, true); + Role role = new Role("arole", true, true, true, true, true, true, true, true); Set roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTestJTA.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTestJTA.java index 1b32d2c07b..d51e0da5a6 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTestJTA.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ra/OutgoingConnectionTestJTA.java @@ -71,7 +71,7 @@ public class OutgoingConnectionTestJTA extends ActiveMQRATestBase { ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest"); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("testuser", "arole"); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "arole"); - Role role = new Role("arole", true, true, true, true, true, true, true); + Role role = new Role("arole", true, true, true, true, true, true, true, true); Set roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LDAPSecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LDAPSecurityTest.java index 90dff0586a..89c144e66d 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LDAPSecurityTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LDAPSecurityTest.java @@ -183,7 +183,7 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit { final SimpleString NON_DURABLE_QUEUE = new SimpleString("nonDurableQueue"); Set roles = new HashSet<>(); - roles.add(new Role("programmers", false, false, false, false, false, false, false)); + roles.add(new Role("programmers", false, false, false, false, false, false, false, false)); server.getConfiguration().putSecurityRoles("#", roles); server.start(); server.createQueue(ADDRESS, DURABLE_QUEUE, null, true, false); @@ -257,6 +257,15 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit { // ignore } + // BROWSE + try { + ClientConsumer browser = session.createConsumer(DURABLE_QUEUE, true); + Assert.fail("should throw exception here"); + } + catch (ActiveMQException e) { + // ignore + } + session.close(); cf.close(); } @@ -268,7 +277,7 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit { final SimpleString NON_DURABLE_QUEUE = new SimpleString("nonDurableQueue"); Set roles = new HashSet<>(); - roles.add(new Role("admins", true, true, true, true, true, true, true)); + roles.add(new Role("admins", true, true, true, true, true, true, true, true)); server.getConfiguration().putSecurityRoles("#", roles); server.start(); @@ -337,6 +346,14 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit { Assert.fail("should not throw exception here"); } + // CONSUME + try { + session.createConsumer(DURABLE_QUEUE, true); + } + catch (ActiveMQException e) { + Assert.fail("should not throw exception here"); + } + session.close(); cf.close(); } diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java index fd61c00d84..17b1126482 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java @@ -229,7 +229,7 @@ public class SecurityTest extends ActiveMQTestBase { ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin"); ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false)); Set roles = new HashSet<>(); - roles.add(new Role("programmers", false, false, false, false, false, false, false)); + roles.add(new Role("programmers", false, false, false, false, false, false, false, false)); server.getConfiguration().putSecurityRoles("#", roles); server.start(); server.createQueue(ADDRESS, DURABLE_QUEUE, null, true, false); @@ -302,6 +302,15 @@ public class SecurityTest extends ActiveMQTestBase { catch (ActiveMQException e) { // ignore } + + // BROWSE + try { + ClientConsumer browser = session.createConsumer(DURABLE_QUEUE, true); + Assert.fail("should throw exception here"); + } + catch (ActiveMQException e) { + // ignore + } } @Test @@ -324,7 +333,7 @@ public class SecurityTest extends ActiveMQTestBase { server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params)); Set roles = new HashSet<>(); - roles.add(new Role("programmers", false, false, false, false, false, false, false)); + roles.add(new Role("programmers", false, false, false, false, false, false, false, false)); server.getConfiguration().putSecurityRoles("#", roles); server.start(); @@ -407,6 +416,15 @@ public class SecurityTest extends ActiveMQTestBase { catch (ActiveMQException e) { // ignore } + + // BROWSE + try { + ClientConsumer browser = session.createConsumer(DURABLE_QUEUE, true); + Assert.fail("should throw exception here"); + } + catch (ActiveMQException e) { + // ignore + } } @Test @@ -418,7 +436,7 @@ public class SecurityTest extends ActiveMQTestBase { ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin"); ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false)); Set roles = new HashSet<>(); - roles.add(new Role("programmers", true, true, true, true, true, true, true)); + roles.add(new Role("programmers", true, true, true, true, true, true, true, true)); server.getConfiguration().putSecurityRoles("#", roles); server.start(); @@ -484,6 +502,14 @@ public class SecurityTest extends ActiveMQTestBase { catch (ActiveMQException e) { Assert.fail("should not throw exception here"); } + + // BROWSE + try { + session.createConsumer(DURABLE_QUEUE, true); + } + catch (ActiveMQException e) { + Assert.fail("should not throw exception here"); + } } @Test @@ -506,7 +532,7 @@ public class SecurityTest extends ActiveMQTestBase { server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params)); Set roles = new HashSet<>(); - roles.add(new Role("programmers", true, true, true, true, true, true, true)); + roles.add(new Role("programmers", true, true, true, true, true, true, true, true)); server.getConfiguration().putSecurityRoles("#", roles); server.start(); @@ -579,6 +605,14 @@ public class SecurityTest extends ActiveMQTestBase { catch (ActiveMQException e) { Assert.fail("should not throw exception here"); } + + // BROWSE + try { + session.createConsumer(DURABLE_QUEUE, true); + } + catch (ActiveMQException e) { + Assert.fail("should not throw exception here"); + } } @Test @@ -590,7 +624,7 @@ public class SecurityTest extends ActiveMQTestBase { ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("GuestLogin"); ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false)); Set roles = new HashSet<>(); - roles.add(new Role("bar", true, true, true, true, true, true, true)); + roles.add(new Role("bar", true, true, true, true, true, true, true, false)); server.getConfiguration().putSecurityRoles("#", roles); server.start(); @@ -750,7 +784,7 @@ public class SecurityTest extends ActiveMQTestBase { HierarchicalRepository> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); - Role role = new Role("arole", false, false, true, false, false, false, false); + Role role = new Role("arole", false, false, true, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); @@ -769,7 +803,7 @@ public class SecurityTest extends ActiveMQTestBase { HierarchicalRepository> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); - Role role = new Role("arole", false, false, false, false, false, false, false); + Role role = new Role("arole", false, false, false, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); @@ -796,7 +830,7 @@ public class SecurityTest extends ActiveMQTestBase { HierarchicalRepository> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); - Role role = new Role("arole", false, false, true, true, false, false, false); + Role role = new Role("arole", false, false, true, true, false, false, false, false); Set roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); @@ -815,7 +849,7 @@ public class SecurityTest extends ActiveMQTestBase { HierarchicalRepository> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); - Role role = new Role("arole", false, false, true, false, false, false, false); + Role role = new Role("arole", false, false, true, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); @@ -844,7 +878,7 @@ public class SecurityTest extends ActiveMQTestBase { HierarchicalRepository> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); - Role role = new Role("arole", false, false, false, false, true, false, false); + Role role = new Role("arole", false, false, false, false, true, false, false, false); Set roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); @@ -863,7 +897,7 @@ public class SecurityTest extends ActiveMQTestBase { HierarchicalRepository> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); - Role role = new Role("arole", false, false, false, false, false, false, false); + Role role = new Role("arole", false, false, false, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); @@ -890,7 +924,7 @@ public class SecurityTest extends ActiveMQTestBase { HierarchicalRepository> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); - Role role = new Role("arole", false, false, false, false, true, true, false); + Role role = new Role("arole", false, false, false, false, true, true, false, false); Set roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); @@ -909,7 +943,7 @@ public class SecurityTest extends ActiveMQTestBase { HierarchicalRepository> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); - Role role = new Role("arole", false, false, false, false, true, false, false); + Role role = new Role("arole", false, false, false, false, true, false, false, false); Set roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); @@ -942,7 +976,7 @@ public class SecurityTest extends ActiveMQTestBase { securityManager.getConfiguration().addUser("auser", "pass"); - Role role = new Role("arole", true, true, true, false, false, false, false); + Role role = new Role("arole", true, true, true, false, false, false, false, false); Set roles = new HashSet<>(); @@ -974,7 +1008,7 @@ public class SecurityTest extends ActiveMQTestBase { receivedMessage.acknowledge(); - role = new Role("arole", false, false, true, false, false, false, false); + role = new Role("arole", false, false, true, false, false, false, false, false); roles = new HashSet<>(); @@ -1002,7 +1036,7 @@ public class SecurityTest extends ActiveMQTestBase { HierarchicalRepository> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); - Role role = new Role("arole", false, false, true, false, false, false, false); + Role role = new Role("arole", false, false, true, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); @@ -1032,7 +1066,7 @@ public class SecurityTest extends ActiveMQTestBase { HierarchicalRepository> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); - Role role = new Role("arole", false, false, true, false, false, false, false); + Role role = new Role("arole", false, false, true, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); @@ -1058,8 +1092,8 @@ public class SecurityTest extends ActiveMQTestBase { securityManager.getConfiguration().addUser("guest", "guest"); securityManager.getConfiguration().addRole("guest", "guest"); securityManager.getConfiguration().setDefaultUser("guest"); - Role role = new Role("arole", false, true, false, false, false, false, false); - Role sendRole = new Role("guest", true, false, true, false, false, false, false); + Role role = new Role("arole", false, true, false, false, false, false, false, false); + Role sendRole = new Role("guest", true, false, true, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(sendRole); roles.add(role); @@ -1086,8 +1120,8 @@ public class SecurityTest extends ActiveMQTestBase { securityManager.getConfiguration().addUser("guest", "guest"); securityManager.getConfiguration().addRole("guest", "guest"); securityManager.getConfiguration().setDefaultUser("guest"); - Role role = new Role("arole", false, false, false, false, false, false, false); - Role sendRole = new Role("guest", true, false, true, false, false, false, false); + Role role = new Role("arole", false, false, false, false, false, false, false, false); + Role sendRole = new Role("guest", true, false, true, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(sendRole); roles.add(role); @@ -1123,9 +1157,9 @@ public class SecurityTest extends ActiveMQTestBase { securityManager.getConfiguration().addUser("guest", "guest"); securityManager.getConfiguration().addRole("guest", "guest"); securityManager.getConfiguration().setDefaultUser("guest"); - Role role = new Role("arole", false, false, false, false, false, false, false); - Role sendRole = new Role("guest", true, false, true, false, false, false, false); - Role receiveRole = new Role("receiver", false, true, false, false, false, false, false); + Role role = new Role("arole", false, false, false, false, false, false, false, false); + Role sendRole = new Role("guest", true, false, true, false, false, false, false, false); + Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(sendRole); roles.add(role); @@ -1174,9 +1208,9 @@ public class SecurityTest extends ActiveMQTestBase { securityManager.getConfiguration().addUser("guest", "guest"); securityManager.getConfiguration().addRole("guest", "guest"); securityManager.getConfiguration().setDefaultUser("guest"); - Role role = new Role("arole", false, false, false, false, false, false, false); - Role sendRole = new Role("guest", true, false, true, false, false, false, false); - Role receiveRole = new Role("receiver", false, true, false, false, false, false, false); + Role role = new Role("arole", false, false, false, false, false, false, false, false); + Role sendRole = new Role("guest", true, false, true, false, false, false, false, false); + Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(sendRole); roles.add(role); @@ -1234,11 +1268,11 @@ public class SecurityTest extends ActiveMQTestBase { securityManager.getConfiguration().addUser("guest", "guest"); securityManager.getConfiguration().addRole("guest", "guest"); securityManager.getConfiguration().setDefaultUser("guest"); - Role role = new Role("arole", false, false, false, false, false, false, false); + Role role = new Role("arole", false, false, false, false, false, false, false, false); System.out.println("guest:" + role); - Role sendRole = new Role("guest", true, false, true, false, false, false, false); + Role sendRole = new Role("guest", true, false, true, false, false, false, false, false); System.out.println("guest:" + sendRole); - Role receiveRole = new Role("receiver", false, true, false, false, false, false, false); + Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false); System.out.println("guest:" + receiveRole); Set roles = new HashSet<>(); roles.add(sendRole); @@ -1323,7 +1357,7 @@ public class SecurityTest extends ActiveMQTestBase { HierarchicalRepository> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); - Role role = new Role("arole", false, false, false, false, false, false, true); + Role role = new Role("arole", false, false, false, false, false, false, true, false); Set roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(configuration.getManagementAddress().toString(), roles); @@ -1344,7 +1378,7 @@ public class SecurityTest extends ActiveMQTestBase { HierarchicalRepository> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); - Role role = new Role("arole", false, false, true, false, false, false, false); + Role role = new Role("arole", false, false, true, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(configuration.getManagementAddress().toString(), roles); @@ -1375,7 +1409,7 @@ public class SecurityTest extends ActiveMQTestBase { HierarchicalRepository> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); - Role role = new Role("arole", false, false, true, false, false, false, false); + Role role = new Role("arole", false, false, true, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(configuration.getManagementAddress().toString(), roles); @@ -1411,23 +1445,23 @@ public class SecurityTest extends ActiveMQTestBase { securityManager.getConfiguration().addRole("frank", "user"); securityManager.getConfiguration().addRole("sam", "news-user"); securityManager.getConfiguration().addRole("sam", "user"); - Role all = new Role("all", true, true, true, true, true, true, true); + Role all = new Role("all", true, true, true, true, true, true, true, true); HierarchicalRepository> repository = server.getSecurityRepository(); Set add = new HashSet<>(); - add.add(new Role("user", true, true, true, true, true, true, false)); + add.add(new Role("user", true, true, true, true, true, true, false, true)); add.add(all); repository.addMatch("#", add); Set add1 = new HashSet<>(); add1.add(all); - add1.add(new Role("user", false, false, true, true, true, true, false)); - add1.add(new Role("europe-user", true, false, false, false, false, false, false)); - add1.add(new Role("news-user", false, true, false, false, false, false, false)); + add1.add(new Role("user", false, false, true, true, true, true, false, true)); + add1.add(new Role("europe-user", true, false, false, false, false, false, false, true)); + add1.add(new Role("news-user", false, true, false, false, false, false, false, true)); repository.addMatch("news.europe.#", add1); Set add2 = new HashSet<>(); add2.add(all); - add2.add(new Role("user", false, false, true, true, true, true, false)); - add2.add(new Role("us-user", true, false, false, false, false, false, false)); - add2.add(new Role("news-user", false, true, false, false, false, false, false)); + add2.add(new Role("user", false, false, true, true, true, true, false, true)); + add2.add(new Role("us-user", true, false, false, false, false, false, false, true)); + add2.add(new Role("news-user", false, true, false, false, false, false, false, true)); repository.addMatch("news.us.#", add2); ClientSession billConnection = null; ClientSession andrewConnection = null; @@ -1542,23 +1576,23 @@ public class SecurityTest extends ActiveMQTestBase { securityManager.getConfiguration().addRole("frank", "user"); securityManager.getConfiguration().addRole("sam", "news-user"); securityManager.getConfiguration().addRole("sam", "user"); - Role all = new Role("all", true, true, true, true, true, true, true); + Role all = new Role("all", true, true, true, true, true, true, true, true); HierarchicalRepository> repository = server.getSecurityRepository(); Set add = new HashSet<>(); - add.add(new Role("user", true, true, true, true, true, true, false)); + add.add(new Role("user", true, true, true, true, true, true, false, true)); add.add(all); repository.addMatch("#", add); Set add1 = new HashSet<>(); add1.add(all); - add1.add(new Role("user", false, false, true, true, true, true, false)); - add1.add(new Role("europe-user", true, false, false, false, false, false, false)); - add1.add(new Role("news-user", false, true, false, false, false, false, false)); + add1.add(new Role("user", false, false, true, true, true, true, false, true)); + add1.add(new Role("europe-user", true, false, false, false, false, false, false, true)); + add1.add(new Role("news-user", false, true, false, false, false, false, false, true)); repository.addMatch("news.europe.#", add1); Set add2 = new HashSet<>(); add2.add(all); - add2.add(new Role("user", false, false, true, true, true, true, false)); - add2.add(new Role("us-user", true, false, false, false, false, false, false)); - add2.add(new Role("news-user", false, true, false, false, false, false, false)); + add2.add(new Role("user", false, false, true, true, true, true, false, true)); + add2.add(new Role("us-user", true, false, false, false, false, false, false, true)); + add2.add(new Role("news-user", false, true, false, false, false, false, false, true)); repository.addMatch("news.us.#", add2); ClientSession billConnection = null; ClientSession andrewConnection = null; diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/ResourceLimitTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/ResourceLimitTest.java index 2a4082124d..52524c542e 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/ResourceLimitTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/ResourceLimitTest.java @@ -62,7 +62,7 @@ public class ResourceLimitTest extends ActiveMQTestBase { ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("myUser", "password"); securityManager.getConfiguration().addRole("myUser", "arole"); - Role role = new Role("arole", false, false, false, false, true, true, false); + Role role = new Role("arole", false, false, false, false, true, true, false, true); Set roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch("#", roles); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/DualAuthenticationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/DualAuthenticationTest.java index d3c67671ab..3540615cac 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/DualAuthenticationTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/DualAuthenticationTest.java @@ -128,8 +128,8 @@ public class DualAuthenticationTest extends ActiveMQTestBase { server = addServer(ActiveMQServers.newActiveMQServer(config, ManagementFactory.getPlatformMBeanServer(), securityManager, false)); HierarchicalRepository> securityRepository = server.getSecurityRepository(); - Role sendRole = new Role("producers", true, false, true, false, true, false, false); - Role receiveRole = new Role("consumers", false, true, false, false, false, false, false); + Role sendRole = new Role("producers", true, false, true, false, true, false, false, false); + Role receiveRole = new Role("consumers", false, true, false, false, false, false, false, false); Set roles = new HashSet<>(); roles.add(sendRole); roles.add(receiveRole); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/stomp/StompTestBase.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/stomp/StompTestBase.java index f2def067d6..9baf1232a7 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/stomp/StompTestBase.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/stomp/StompTestBase.java @@ -205,7 +205,7 @@ public abstract class StompTestBase extends ActiveMQTestBase { securityManager.getConfiguration().addRole(defUser, role); config.getSecurityRoles().put("#", new HashSet() { { - add(new Role(role, true, true, true, true, true, true, true)); + add(new Role(role, true, true, true, true, true, true, true, true)); } }); } diff --git a/tests/jms-tests/src/test/resources/broker.xml b/tests/jms-tests/src/test/resources/broker.xml index 4a060124fe..28550ae647 100644 --- a/tests/jms-tests/src/test/resources/broker.xml +++ b/tests/jms-tests/src/test/resources/broker.xml @@ -49,6 +49,7 @@ + diff --git a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java index fdd32c0436..bf1b2b61a7 100644 --- a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java +++ b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java @@ -62,22 +62,22 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase { Assert.assertTrue(securityManager.validateUser("guest", "password")); Assert.assertFalse(securityManager.validateUser(null, "wrongpass")); HashSet roles = new HashSet<>(); - roles.add(new Role("guest", true, true, true, true, true, true, true)); + roles.add(new Role("guest", true, true, true, true, true, true, true, true)); Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE)); Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND)); Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME)); roles = new HashSet<>(); - roles.add(new Role("guest", true, true, false, true, true, true, true)); + roles.add(new Role("guest", true, true, false, true, true, true, true, true)); Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE)); Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND)); Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME)); roles = new HashSet<>(); - roles.add(new Role("guest", true, false, false, true, true, true, true)); + roles.add(new Role("guest", true, false, false, true, true, true, true, true)); Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE)); Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND)); Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME)); roles = new HashSet<>(); - roles.add(new Role("guest", false, false, false, true, true, true, true)); + roles.add(new Role("guest", false, false, false, true, true, true, true, true)); Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE)); Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND)); Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME)); @@ -129,19 +129,19 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase { securityManager.getConfiguration().addRole("newuser1", "role3"); securityManager.getConfiguration().addRole("newuser1", "role4"); HashSet roles = new HashSet<>(); - roles.add(new Role("role1", true, true, true, true, true, true, true)); + roles.add(new Role("role1", true, true, true, true, true, true, true, true)); Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND)); roles = new HashSet<>(); - roles.add(new Role("role2", true, true, true, true, true, true, true)); + roles.add(new Role("role2", true, true, true, true, true, true, true, true)); Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND)); roles = new HashSet<>(); - roles.add(new Role("role3", true, true, true, true, true, true, true)); + roles.add(new Role("role3", true, true, true, true, true, true, true, true)); Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND)); roles = new HashSet<>(); - roles.add(new Role("role4", true, true, true, true, true, true, true)); + roles.add(new Role("role4", true, true, true, true, true, true, true, true)); Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND)); roles = new HashSet<>(); - roles.add(new Role("role5", true, true, true, true, true, true, true)); + roles.add(new Role("role5", true, true, true, true, true, true, true, true)); Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND)); } @@ -155,19 +155,19 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase { securityManager.getConfiguration().removeRole("newuser1", "role2"); securityManager.getConfiguration().removeRole("newuser1", "role4"); HashSet roles = new HashSet<>(); - roles.add(new Role("role1", true, true, true, true, true, true, true)); + roles.add(new Role("role1", true, true, true, true, true, true, true, true)); Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND)); roles = new HashSet<>(); - roles.add(new Role("role2", true, true, true, true, true, true, true)); + roles.add(new Role("role2", true, true, true, true, true, true, true, true)); Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND)); roles = new HashSet<>(); - roles.add(new Role("role3", true, true, true, true, true, true, true)); + roles.add(new Role("role3", true, true, true, true, true, true, true, true)); Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND)); roles = new HashSet<>(); - roles.add(new Role("role4", true, true, true, true, true, true, true)); + roles.add(new Role("role4", true, true, true, true, true, true, true, true)); Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND)); roles = new HashSet<>(); - roles.add(new Role("role5", true, true, true, true, true, true, true)); + roles.add(new Role("role5", true, true, true, true, true, true, true, true)); Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND)); } }