This closes #630 ARTEMIS-628 add BROWSE role
This commit is contained in:
Andy Taylor
commit
1893d773a4
|
|
@ -65,6 +65,7 @@ ${cluster-security.settings}${cluster.settings}${replicated.settings}${shared-st
|
||||||
<permission type="createDurableQueue" roles="${role}"/>
|
<permission type="createDurableQueue" roles="${role}"/>
|
||||||
<permission type="deleteDurableQueue" roles="${role}"/>
|
<permission type="deleteDurableQueue" roles="${role}"/>
|
||||||
<permission type="consume" roles="${role}"/>
|
<permission type="consume" roles="${role}"/>
|
||||||
|
<permission type="browse" roles="${role}"/>
|
||||||
<permission type="send" roles="${role}"/>
|
<permission type="send" roles="${role}"/>
|
||||||
<!-- we need this otherwise ./artemis data imp wouldn't work -->
|
<!-- we need this otherwise ./artemis data imp wouldn't work -->
|
||||||
<permission type="manage" roles="${role}"/>
|
<permission type="manage" roles="${role}"/>
|
||||||
|
|
|
||||||
|
|
@ -624,6 +624,17 @@ public interface ActiveMQServerControl {
|
||||||
@Parameter(desc = "a comma-separated list of roles allowed to delete non durable queues", name = "deleteNonDurableQueueRoles") String deleteNonDurableQueueRoles,
|
@Parameter(desc = "a comma-separated list of roles allowed to delete non durable queues", name = "deleteNonDurableQueueRoles") String deleteNonDurableQueueRoles,
|
||||||
@Parameter(desc = "a comma-separated list of roles allowed to send management messages messages", name = "manage") String manageRoles) throws Exception;
|
@Parameter(desc = "a comma-separated list of roles allowed to send management messages messages", name = "manage") String manageRoles) throws Exception;
|
||||||
|
|
||||||
|
@Operation(desc = "Add security settings for addresses matching the addressMatch", impact = MBeanOperationInfo.ACTION)
|
||||||
|
void addSecuritySettings(@Parameter(desc = "an address match", name = "addressMatch") String addressMatch,
|
||||||
|
@Parameter(desc = "a comma-separated list of roles allowed to send messages", name = "send") String sendRoles,
|
||||||
|
@Parameter(desc = "a comma-separated list of roles allowed to consume messages", name = "consume") String consumeRoles,
|
||||||
|
@Parameter(desc = "a comma-separated list of roles allowed to create durable queues", name = "createDurableQueueRoles") String createDurableQueueRoles,
|
||||||
|
@Parameter(desc = "a comma-separated list of roles allowed to delete durable queues", name = "deleteDurableQueueRoles") String deleteDurableQueueRoles,
|
||||||
|
@Parameter(desc = "a comma-separated list of roles allowed to create non durable queues", name = "createNonDurableQueueRoles") String createNonDurableQueueRoles,
|
||||||
|
@Parameter(desc = "a comma-separated list of roles allowed to delete non durable queues", name = "deleteNonDurableQueueRoles") String deleteNonDurableQueueRoles,
|
||||||
|
@Parameter(desc = "a comma-separated list of roles allowed to send management messages messages", name = "manage") String manageRoles,
|
||||||
|
@Parameter(desc = "a comma-separated list of roles allowed to browse queues", name = "browse") String browseRoles) throws Exception;
|
||||||
|
|
||||||
@Operation(desc = "Remove security settings for an address", impact = MBeanOperationInfo.ACTION)
|
@Operation(desc = "Remove security settings for an address", impact = MBeanOperationInfo.ACTION)
|
||||||
void removeSecuritySettings(@Parameter(desc = "an address match", name = "addressMatch") String addressMatch) throws Exception;
|
void removeSecuritySettings(@Parameter(desc = "an address match", name = "addressMatch") String addressMatch) throws Exception;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -41,6 +41,8 @@ public final class RoleInfo {
|
||||||
|
|
||||||
private final boolean manage;
|
private final boolean manage;
|
||||||
|
|
||||||
|
private final boolean browse;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns an array of RoleInfo corresponding to the JSON serialization returned
|
* Returns an array of RoleInfo corresponding to the JSON serialization returned
|
||||||
* by {@link AddressControl#getRolesAsJSON()}.
|
* by {@link AddressControl#getRolesAsJSON()}.
|
||||||
|
|
@ -50,7 +52,7 @@ public final class RoleInfo {
|
||||||
RoleInfo[] roles = new RoleInfo[array.length()];
|
RoleInfo[] roles = new RoleInfo[array.length()];
|
||||||
for (int i = 0; i < array.length(); i++) {
|
for (int i = 0; i < array.length(); i++) {
|
||||||
JSONObject r = array.getJSONObject(i);
|
JSONObject r = array.getJSONObject(i);
|
||||||
RoleInfo role = new RoleInfo(r.getString("name"), r.getBoolean("send"), r.getBoolean("consume"), r.getBoolean("createDurableQueue"), r.getBoolean("deleteDurableQueue"), r.getBoolean("createNonDurableQueue"), r.getBoolean("deleteNonDurableQueue"), r.getBoolean("manage"));
|
RoleInfo role = new RoleInfo(r.getString("name"), r.getBoolean("send"), r.getBoolean("consume"), r.getBoolean("createDurableQueue"), r.getBoolean("deleteDurableQueue"), r.getBoolean("createNonDurableQueue"), r.getBoolean("deleteNonDurableQueue"), r.getBoolean("manage"), r.getBoolean("browse"));
|
||||||
roles[i] = role;
|
roles[i] = role;
|
||||||
}
|
}
|
||||||
return roles;
|
return roles;
|
||||||
|
|
@ -63,7 +65,8 @@ public final class RoleInfo {
|
||||||
final boolean deleteDurableQueue,
|
final boolean deleteDurableQueue,
|
||||||
final boolean createNonDurableQueue,
|
final boolean createNonDurableQueue,
|
||||||
final boolean deleteNonDurableQueue,
|
final boolean deleteNonDurableQueue,
|
||||||
final boolean manage) {
|
final boolean manage,
|
||||||
|
final boolean browse) {
|
||||||
this.name = name;
|
this.name = name;
|
||||||
this.send = send;
|
this.send = send;
|
||||||
this.consume = consume;
|
this.consume = consume;
|
||||||
|
|
@ -72,6 +75,7 @@ public final class RoleInfo {
|
||||||
this.createNonDurableQueue = createNonDurableQueue;
|
this.createNonDurableQueue = createNonDurableQueue;
|
||||||
this.deleteNonDurableQueue = deleteNonDurableQueue;
|
this.deleteNonDurableQueue = deleteNonDurableQueue;
|
||||||
this.manage = manage;
|
this.manage = manage;
|
||||||
|
this.browse = browse;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -129,4 +133,11 @@ public final class RoleInfo {
|
||||||
public boolean isManage() {
|
public boolean isManage() {
|
||||||
return manage;
|
return manage;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns whether this role can browse queues bound to the address.
|
||||||
|
*/
|
||||||
|
public boolean isBrowse() {
|
||||||
|
return browse;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -41,6 +41,8 @@ public class Role implements Serializable {
|
||||||
|
|
||||||
private final boolean manage;
|
private final boolean manage;
|
||||||
|
|
||||||
|
private final boolean browse;
|
||||||
|
|
||||||
public Role(final String name,
|
public Role(final String name,
|
||||||
final boolean send,
|
final boolean send,
|
||||||
final boolean consume,
|
final boolean consume,
|
||||||
|
|
@ -48,7 +50,8 @@ public class Role implements Serializable {
|
||||||
final boolean deleteDurableQueue,
|
final boolean deleteDurableQueue,
|
||||||
final boolean createNonDurableQueue,
|
final boolean createNonDurableQueue,
|
||||||
final boolean deleteNonDurableQueue,
|
final boolean deleteNonDurableQueue,
|
||||||
final boolean manage) {
|
final boolean manage,
|
||||||
|
final boolean browse) {
|
||||||
if (name == null) {
|
if (name == null) {
|
||||||
throw new NullPointerException("name is null");
|
throw new NullPointerException("name is null");
|
||||||
}
|
}
|
||||||
|
|
@ -60,6 +63,7 @@ public class Role implements Serializable {
|
||||||
this.createNonDurableQueue = createNonDurableQueue;
|
this.createNonDurableQueue = createNonDurableQueue;
|
||||||
this.deleteNonDurableQueue = deleteNonDurableQueue;
|
this.deleteNonDurableQueue = deleteNonDurableQueue;
|
||||||
this.manage = manage;
|
this.manage = manage;
|
||||||
|
this.browse = browse;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getName() {
|
public String getName() {
|
||||||
|
|
@ -112,6 +116,12 @@ public class Role implements Serializable {
|
||||||
if (deleteNonDurableQueue) {
|
if (deleteNonDurableQueue) {
|
||||||
stringReturn.append(" deleteNonDurableQueue ");
|
stringReturn.append(" deleteNonDurableQueue ");
|
||||||
}
|
}
|
||||||
|
if (manage) {
|
||||||
|
stringReturn.append(" manage ");
|
||||||
|
}
|
||||||
|
if (browse) {
|
||||||
|
stringReturn.append(" browse ");
|
||||||
|
}
|
||||||
|
|
||||||
stringReturn.append("]}");
|
stringReturn.append("]}");
|
||||||
|
|
||||||
|
|
@ -147,6 +157,12 @@ public class Role implements Serializable {
|
||||||
if (send != role.send) {
|
if (send != role.send) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
if (manage != role.manage) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if (browse != role.browse) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
if (!name.equals(role.name)) {
|
if (!name.equals(role.name)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
@ -164,10 +180,16 @@ public class Role implements Serializable {
|
||||||
result = 31 * result + (deleteDurableQueue ? 1 : 0);
|
result = 31 * result + (deleteDurableQueue ? 1 : 0);
|
||||||
result = 31 * result + (createNonDurableQueue ? 1 : 0);
|
result = 31 * result + (createNonDurableQueue ? 1 : 0);
|
||||||
result = 31 * result + (deleteNonDurableQueue ? 1 : 0);
|
result = 31 * result + (deleteNonDurableQueue ? 1 : 0);
|
||||||
|
result = 31 * result + (manage ? 1 : 0);
|
||||||
|
result = 31 * result + (browse ? 1 : 0);
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isManage() {
|
public boolean isManage() {
|
||||||
return manage;
|
return manage;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean isBrowse() {
|
||||||
|
return browse;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,8 @@ public class SecurityFormatter {
|
||||||
String deleteDurableQueueRoles,
|
String deleteDurableQueueRoles,
|
||||||
String createNonDurableQueueRoles,
|
String createNonDurableQueueRoles,
|
||||||
String deleteNonDurableQueueRoles,
|
String deleteNonDurableQueueRoles,
|
||||||
String manageRoles) {
|
String manageRoles,
|
||||||
|
String browseRoles) {
|
||||||
List<String> createDurableQueue = toList(createDurableQueueRoles);
|
List<String> createDurableQueue = toList(createDurableQueueRoles);
|
||||||
List<String> deleteDurableQueue = toList(deleteDurableQueueRoles);
|
List<String> deleteDurableQueue = toList(deleteDurableQueueRoles);
|
||||||
List<String> createNonDurableQueue = toList(createNonDurableQueueRoles);
|
List<String> createNonDurableQueue = toList(createNonDurableQueueRoles);
|
||||||
|
|
@ -39,6 +40,7 @@ public class SecurityFormatter {
|
||||||
List<String> send = toList(sendRoles);
|
List<String> send = toList(sendRoles);
|
||||||
List<String> consume = toList(consumeRoles);
|
List<String> consume = toList(consumeRoles);
|
||||||
List<String> manage = toList(manageRoles);
|
List<String> manage = toList(manageRoles);
|
||||||
|
List<String> browse = toList(browseRoles);
|
||||||
|
|
||||||
Set<String> allRoles = new HashSet<>();
|
Set<String> allRoles = new HashSet<>();
|
||||||
allRoles.addAll(createDurableQueue);
|
allRoles.addAll(createDurableQueue);
|
||||||
|
|
@ -48,10 +50,11 @@ public class SecurityFormatter {
|
||||||
allRoles.addAll(send);
|
allRoles.addAll(send);
|
||||||
allRoles.addAll(consume);
|
allRoles.addAll(consume);
|
||||||
allRoles.addAll(manage);
|
allRoles.addAll(manage);
|
||||||
|
allRoles.addAll(browse);
|
||||||
|
|
||||||
Set<Role> roles = new HashSet<>(allRoles.size());
|
Set<Role> roles = new HashSet<>(allRoles.size());
|
||||||
for (String role : allRoles) {
|
for (String role : allRoles) {
|
||||||
roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role)));
|
roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browse.contains(role)));
|
||||||
}
|
}
|
||||||
return roles;
|
return roles;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -121,6 +121,8 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
|
||||||
|
|
||||||
private static final String MANAGE_NAME = "manage";
|
private static final String MANAGE_NAME = "manage";
|
||||||
|
|
||||||
|
private static final String BROWSE_NAME = "browse";
|
||||||
|
|
||||||
// Address parsing
|
// Address parsing
|
||||||
|
|
||||||
private static final String DEAD_LETTER_ADDRESS_NODE_NAME = "dead-letter-address";
|
private static final String DEAD_LETTER_ADDRESS_NODE_NAME = "dead-letter-address";
|
||||||
|
|
@ -633,6 +635,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
|
||||||
ArrayList<String> createNonDurableQueue = new ArrayList<>();
|
ArrayList<String> createNonDurableQueue = new ArrayList<>();
|
||||||
ArrayList<String> deleteNonDurableQueue = new ArrayList<>();
|
ArrayList<String> deleteNonDurableQueue = new ArrayList<>();
|
||||||
ArrayList<String> manageRoles = new ArrayList<>();
|
ArrayList<String> manageRoles = new ArrayList<>();
|
||||||
|
ArrayList<String> browseRoles = new ArrayList<>();
|
||||||
ArrayList<String> allRoles = new ArrayList<>();
|
ArrayList<String> allRoles = new ArrayList<>();
|
||||||
NodeList children = node.getChildNodes();
|
NodeList children = node.getChildNodes();
|
||||||
for (int i = 0; i < children.getLength(); i++) {
|
for (int i = 0; i < children.getLength(); i++) {
|
||||||
|
|
@ -670,6 +673,9 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
|
||||||
else if (MANAGE_NAME.equals(type)) {
|
else if (MANAGE_NAME.equals(type)) {
|
||||||
manageRoles.add(role.trim());
|
manageRoles.add(role.trim());
|
||||||
}
|
}
|
||||||
|
else if (BROWSE_NAME.equals(type)) {
|
||||||
|
browseRoles.add(role.trim());
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
ActiveMQServerLogger.LOGGER.rolePermissionConfigurationError(type);
|
ActiveMQServerLogger.LOGGER.rolePermissionConfigurationError(type);
|
||||||
}
|
}
|
||||||
|
|
@ -682,7 +688,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
|
||||||
}
|
}
|
||||||
|
|
||||||
for (String role : allRoles) {
|
for (String role : allRoles) {
|
||||||
securityRoles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role)));
|
securityRoles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browseRoles.contains(role)));
|
||||||
}
|
}
|
||||||
|
|
||||||
return securityMatch;
|
return securityMatch;
|
||||||
|
|
|
||||||
|
|
@ -1415,15 +1415,28 @@ public class ActiveMQServerControlImpl extends AbstractControl implements Active
|
||||||
final String createNonDurableQueueRoles,
|
final String createNonDurableQueueRoles,
|
||||||
final String deleteNonDurableQueueRoles,
|
final String deleteNonDurableQueueRoles,
|
||||||
final String manageRoles) throws Exception {
|
final String manageRoles) throws Exception {
|
||||||
|
addSecuritySettings(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, "");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void addSecuritySettings(final String addressMatch,
|
||||||
|
final String sendRoles,
|
||||||
|
final String consumeRoles,
|
||||||
|
final String createDurableQueueRoles,
|
||||||
|
final String deleteDurableQueueRoles,
|
||||||
|
final String createNonDurableQueueRoles,
|
||||||
|
final String deleteNonDurableQueueRoles,
|
||||||
|
final String manageRoles,
|
||||||
|
final String browseRoles) throws Exception {
|
||||||
checkStarted();
|
checkStarted();
|
||||||
|
|
||||||
clearIO();
|
clearIO();
|
||||||
try {
|
try {
|
||||||
Set<Role> roles = SecurityFormatter.createSecurity(sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles);
|
Set<Role> roles = SecurityFormatter.createSecurity(sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles);
|
||||||
|
|
||||||
server.getSecurityRepository().addMatch(addressMatch, roles);
|
server.getSecurityRepository().addMatch(addressMatch, roles);
|
||||||
|
|
||||||
PersistedRoles persistedRoles = new PersistedRoles(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles);
|
PersistedRoles persistedRoles = new PersistedRoles(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles);
|
||||||
|
|
||||||
storageManager.storeSecurityRoles(persistedRoles);
|
storageManager.storeSecurityRoles(persistedRoles);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -44,6 +44,8 @@ public class PersistedRoles implements EncodingSupport {
|
||||||
|
|
||||||
private SimpleString manageRoles;
|
private SimpleString manageRoles;
|
||||||
|
|
||||||
|
private SimpleString browseRoles;
|
||||||
|
|
||||||
// Static --------------------------------------------------------
|
// Static --------------------------------------------------------
|
||||||
|
|
||||||
// Constructors --------------------------------------------------
|
// Constructors --------------------------------------------------
|
||||||
|
|
@ -60,6 +62,7 @@ public class PersistedRoles implements EncodingSupport {
|
||||||
* @param createNonDurableQueueRoles
|
* @param createNonDurableQueueRoles
|
||||||
* @param deleteNonDurableQueueRoles
|
* @param deleteNonDurableQueueRoles
|
||||||
* @param manageRoles
|
* @param manageRoles
|
||||||
|
* @param browseRoles
|
||||||
*/
|
*/
|
||||||
public PersistedRoles(final String addressMatch,
|
public PersistedRoles(final String addressMatch,
|
||||||
final String sendRoles,
|
final String sendRoles,
|
||||||
|
|
@ -68,7 +71,8 @@ public class PersistedRoles implements EncodingSupport {
|
||||||
final String deleteDurableQueueRoles,
|
final String deleteDurableQueueRoles,
|
||||||
final String createNonDurableQueueRoles,
|
final String createNonDurableQueueRoles,
|
||||||
final String deleteNonDurableQueueRoles,
|
final String deleteNonDurableQueueRoles,
|
||||||
final String manageRoles) {
|
final String manageRoles,
|
||||||
|
final String browseRoles) {
|
||||||
super();
|
super();
|
||||||
this.addressMatch = SimpleString.toSimpleString(addressMatch);
|
this.addressMatch = SimpleString.toSimpleString(addressMatch);
|
||||||
this.sendRoles = SimpleString.toSimpleString(sendRoles);
|
this.sendRoles = SimpleString.toSimpleString(sendRoles);
|
||||||
|
|
@ -78,6 +82,7 @@ public class PersistedRoles implements EncodingSupport {
|
||||||
this.createNonDurableQueueRoles = SimpleString.toSimpleString(createNonDurableQueueRoles);
|
this.createNonDurableQueueRoles = SimpleString.toSimpleString(createNonDurableQueueRoles);
|
||||||
this.deleteNonDurableQueueRoles = SimpleString.toSimpleString(deleteNonDurableQueueRoles);
|
this.deleteNonDurableQueueRoles = SimpleString.toSimpleString(deleteNonDurableQueueRoles);
|
||||||
this.manageRoles = SimpleString.toSimpleString(manageRoles);
|
this.manageRoles = SimpleString.toSimpleString(manageRoles);
|
||||||
|
this.browseRoles = SimpleString.toSimpleString(browseRoles);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Public --------------------------------------------------------
|
// Public --------------------------------------------------------
|
||||||
|
|
@ -146,6 +151,13 @@ public class PersistedRoles implements EncodingSupport {
|
||||||
return manageRoles.toString();
|
return manageRoles.toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return the browseRoles
|
||||||
|
*/
|
||||||
|
public String getBrowseRoles() {
|
||||||
|
return browseRoles.toString();
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void encode(final ActiveMQBuffer buffer) {
|
public void encode(final ActiveMQBuffer buffer) {
|
||||||
buffer.writeSimpleString(addressMatch);
|
buffer.writeSimpleString(addressMatch);
|
||||||
|
|
@ -156,6 +168,7 @@ public class PersistedRoles implements EncodingSupport {
|
||||||
buffer.writeNullableSimpleString(createNonDurableQueueRoles);
|
buffer.writeNullableSimpleString(createNonDurableQueueRoles);
|
||||||
buffer.writeNullableSimpleString(deleteNonDurableQueueRoles);
|
buffer.writeNullableSimpleString(deleteNonDurableQueueRoles);
|
||||||
buffer.writeNullableSimpleString(manageRoles);
|
buffer.writeNullableSimpleString(manageRoles);
|
||||||
|
buffer.writeNullableSimpleString(browseRoles);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
@ -166,7 +179,8 @@ public class PersistedRoles implements EncodingSupport {
|
||||||
SimpleString.sizeofNullableString(deleteDurableQueueRoles) +
|
SimpleString.sizeofNullableString(deleteDurableQueueRoles) +
|
||||||
SimpleString.sizeofNullableString(createNonDurableQueueRoles) +
|
SimpleString.sizeofNullableString(createNonDurableQueueRoles) +
|
||||||
SimpleString.sizeofNullableString(deleteNonDurableQueueRoles) +
|
SimpleString.sizeofNullableString(deleteNonDurableQueueRoles) +
|
||||||
SimpleString.sizeofNullableString(manageRoles);
|
SimpleString.sizeofNullableString(manageRoles) +
|
||||||
|
SimpleString.sizeofNullableString(browseRoles);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -180,6 +194,7 @@ public class PersistedRoles implements EncodingSupport {
|
||||||
createNonDurableQueueRoles = buffer.readNullableSimpleString();
|
createNonDurableQueueRoles = buffer.readNullableSimpleString();
|
||||||
deleteNonDurableQueueRoles = buffer.readNullableSimpleString();
|
deleteNonDurableQueueRoles = buffer.readNullableSimpleString();
|
||||||
manageRoles = buffer.readNullableSimpleString();
|
manageRoles = buffer.readNullableSimpleString();
|
||||||
|
browseRoles = buffer.readNullableSimpleString();
|
||||||
}
|
}
|
||||||
|
|
||||||
/* (non-Javadoc)
|
/* (non-Javadoc)
|
||||||
|
|
@ -196,6 +211,7 @@ public class PersistedRoles implements EncodingSupport {
|
||||||
result = prime * result + ((deleteDurableQueueRoles == null) ? 0 : deleteDurableQueueRoles.hashCode());
|
result = prime * result + ((deleteDurableQueueRoles == null) ? 0 : deleteDurableQueueRoles.hashCode());
|
||||||
result = prime * result + ((deleteNonDurableQueueRoles == null) ? 0 : deleteNonDurableQueueRoles.hashCode());
|
result = prime * result + ((deleteNonDurableQueueRoles == null) ? 0 : deleteNonDurableQueueRoles.hashCode());
|
||||||
result = prime * result + ((manageRoles == null) ? 0 : manageRoles.hashCode());
|
result = prime * result + ((manageRoles == null) ? 0 : manageRoles.hashCode());
|
||||||
|
result = prime * result + ((browseRoles == null) ? 0 : browseRoles.hashCode());
|
||||||
result = prime * result + ((sendRoles == null) ? 0 : sendRoles.hashCode());
|
result = prime * result + ((sendRoles == null) ? 0 : sendRoles.hashCode());
|
||||||
result = prime * result + (int) (storeId ^ (storeId >>> 32));
|
result = prime * result + (int) (storeId ^ (storeId >>> 32));
|
||||||
return result;
|
return result;
|
||||||
|
|
@ -255,6 +271,12 @@ public class PersistedRoles implements EncodingSupport {
|
||||||
}
|
}
|
||||||
else if (!manageRoles.equals(other.manageRoles))
|
else if (!manageRoles.equals(other.manageRoles))
|
||||||
return false;
|
return false;
|
||||||
|
if (browseRoles == null) {
|
||||||
|
if (other.browseRoles != null)
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
else if (!browseRoles.equals(other.browseRoles))
|
||||||
|
return false;
|
||||||
if (sendRoles == null) {
|
if (sendRoles == null) {
|
||||||
if (other.sendRoles != null)
|
if (other.sendRoles != null)
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -288,6 +310,8 @@ public class PersistedRoles implements EncodingSupport {
|
||||||
deleteNonDurableQueueRoles +
|
deleteNonDurableQueueRoles +
|
||||||
", manageRoles=" +
|
", manageRoles=" +
|
||||||
manageRoles +
|
manageRoles +
|
||||||
|
", browseRoles=" +
|
||||||
|
browseRoles +
|
||||||
"]";
|
"]";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -58,6 +58,12 @@ public enum CheckType {
|
||||||
public boolean hasRole(final Role role) {
|
public boolean hasRole(final Role role) {
|
||||||
return role.isManage();
|
return role.isManage();
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
BROWSE {
|
||||||
|
@Override
|
||||||
|
public boolean hasRole(final Role role) {
|
||||||
|
return role.isBrowse();
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
public abstract boolean hasRole(final Role role);
|
public abstract boolean hasRole(final Role role);
|
||||||
|
|
|
||||||
|
|
@ -2116,7 +2116,7 @@ public class ActiveMQServerImpl implements ActiveMQServer {
|
||||||
List<PersistedRoles> roles = storageManager.recoverPersistedRoles();
|
List<PersistedRoles> roles = storageManager.recoverPersistedRoles();
|
||||||
|
|
||||||
for (PersistedRoles roleItem : roles) {
|
for (PersistedRoles roleItem : roles) {
|
||||||
Set<Role> setRoles = SecurityFormatter.createSecurity(roleItem.getSendRoles(), roleItem.getConsumeRoles(), roleItem.getCreateDurableQueueRoles(), roleItem.getDeleteDurableQueueRoles(), roleItem.getCreateNonDurableQueueRoles(), roleItem.getDeleteNonDurableQueueRoles(), roleItem.getManageRoles());
|
Set<Role> setRoles = SecurityFormatter.createSecurity(roleItem.getSendRoles(), roleItem.getConsumeRoles(), roleItem.getCreateDurableQueueRoles(), roleItem.getDeleteDurableQueueRoles(), roleItem.getCreateNonDurableQueueRoles(), roleItem.getDeleteNonDurableQueueRoles(), roleItem.getManageRoles(), roleItem.getBrowseRoles());
|
||||||
|
|
||||||
securityRepository.addMatch(roleItem.getAddressMatch().toString(), setRoles);
|
securityRepository.addMatch(roleItem.getAddressMatch().toString(), setRoles);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -379,7 +379,8 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
|
||||||
permissionType.equalsIgnoreCase(adminPermissionValue),
|
permissionType.equalsIgnoreCase(adminPermissionValue),
|
||||||
permissionType.equalsIgnoreCase(adminPermissionValue),
|
permissionType.equalsIgnoreCase(adminPermissionValue),
|
||||||
permissionType.equalsIgnoreCase(adminPermissionValue),
|
permissionType.equalsIgnoreCase(adminPermissionValue),
|
||||||
false); // there is no permission from ActiveMQ 5.x that corresponds to the "manage" permission in ActiveMQ Artemis
|
false, // there is no permission from ActiveMQ 5.x that corresponds to the "manage" permission in ActiveMQ Artemis
|
||||||
|
permissionType.equalsIgnoreCase(readPermissionValue)); // the "browse" permission matches "read" from ActiveMQ 5.x
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -416,7 +416,12 @@ public class ServerSessionImpl implements ServerSession, FailureListener {
|
||||||
throw ActiveMQMessageBundle.BUNDLE.noSuchQueue(queueName);
|
throw ActiveMQMessageBundle.BUNDLE.noSuchQueue(queueName);
|
||||||
}
|
}
|
||||||
|
|
||||||
securityCheck(binding.getAddress(), CheckType.CONSUME, this);
|
if (browseOnly) {
|
||||||
|
securityCheck(binding.getAddress(), CheckType.BROWSE, this);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
securityCheck(binding.getAddress(), CheckType.CONSUME, this);
|
||||||
|
}
|
||||||
|
|
||||||
Filter filter = FilterImpl.createFilter(filterString);
|
Filter filter = FilterImpl.createFilter(filterString);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -19,11 +19,13 @@ package org.apache.activemq.artemis.core.security;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
|
import static org.apache.activemq.artemis.core.security.CheckType.BROWSE;
|
||||||
import static org.apache.activemq.artemis.core.security.CheckType.CONSUME;
|
import static org.apache.activemq.artemis.core.security.CheckType.CONSUME;
|
||||||
import static org.apache.activemq.artemis.core.security.CheckType.CREATE_DURABLE_QUEUE;
|
import static org.apache.activemq.artemis.core.security.CheckType.CREATE_DURABLE_QUEUE;
|
||||||
import static org.apache.activemq.artemis.core.security.CheckType.CREATE_NON_DURABLE_QUEUE;
|
import static org.apache.activemq.artemis.core.security.CheckType.CREATE_NON_DURABLE_QUEUE;
|
||||||
import static org.apache.activemq.artemis.core.security.CheckType.DELETE_DURABLE_QUEUE;
|
import static org.apache.activemq.artemis.core.security.CheckType.DELETE_DURABLE_QUEUE;
|
||||||
import static org.apache.activemq.artemis.core.security.CheckType.DELETE_NON_DURABLE_QUEUE;
|
import static org.apache.activemq.artemis.core.security.CheckType.DELETE_NON_DURABLE_QUEUE;
|
||||||
|
import static org.apache.activemq.artemis.core.security.CheckType.MANAGE;
|
||||||
import static org.apache.activemq.artemis.core.security.CheckType.SEND;
|
import static org.apache.activemq.artemis.core.security.CheckType.SEND;
|
||||||
|
|
||||||
public class RoleTest extends Assert {
|
public class RoleTest extends Assert {
|
||||||
|
|
@ -38,46 +40,65 @@ public class RoleTest extends Assert {
|
||||||
// Public --------------------------------------------------------
|
// Public --------------------------------------------------------
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testReadRole() throws Exception {
|
public void testWriteRole() throws Exception {
|
||||||
Role role = new Role("testReadRole", true, false, false, false, false, false, false);
|
Role role = new Role("testWriteRole", true, false, false, false, false, false, false, false);
|
||||||
Assert.assertTrue(SEND.hasRole(role));
|
Assert.assertTrue(SEND.hasRole(role));
|
||||||
Assert.assertFalse(CONSUME.hasRole(role));
|
Assert.assertFalse(CONSUME.hasRole(role));
|
||||||
Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role));
|
Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role));
|
||||||
Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
|
Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
|
||||||
Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
|
Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
|
||||||
Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
|
Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
|
||||||
|
Assert.assertFalse(MANAGE.hasRole(role));
|
||||||
|
Assert.assertFalse(BROWSE.hasRole(role));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testWriteRole() throws Exception {
|
public void testReadRole() throws Exception {
|
||||||
Role role = new Role("testWriteRole", false, true, false, false, false, false, false);
|
Role role = new Role("testReadRole", false, true, false, false, false, false, false, true);
|
||||||
Assert.assertFalse(SEND.hasRole(role));
|
Assert.assertFalse(SEND.hasRole(role));
|
||||||
Assert.assertTrue(CONSUME.hasRole(role));
|
Assert.assertTrue(CONSUME.hasRole(role));
|
||||||
Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role));
|
Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role));
|
||||||
Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
|
Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
|
||||||
Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
|
Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
|
||||||
Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
|
Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
|
||||||
|
Assert.assertFalse(MANAGE.hasRole(role));
|
||||||
|
Assert.assertTrue(BROWSE.hasRole(role));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testCreateRole() throws Exception {
|
public void testCreateRole() throws Exception {
|
||||||
Role role = new Role("testWriteRole", false, false, true, false, false, false, false);
|
Role role = new Role("testCreateRole", false, false, true, false, false, false, false, false);
|
||||||
Assert.assertFalse(SEND.hasRole(role));
|
Assert.assertFalse(SEND.hasRole(role));
|
||||||
Assert.assertFalse(CONSUME.hasRole(role));
|
Assert.assertFalse(CONSUME.hasRole(role));
|
||||||
Assert.assertTrue(CREATE_DURABLE_QUEUE.hasRole(role));
|
Assert.assertTrue(CREATE_DURABLE_QUEUE.hasRole(role));
|
||||||
Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
|
Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
|
||||||
Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
|
Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
|
||||||
Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
|
Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
|
||||||
|
Assert.assertFalse(MANAGE.hasRole(role));
|
||||||
|
Assert.assertFalse(BROWSE.hasRole(role));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testManageRole() throws Exception {
|
||||||
|
Role role = new Role("testManageRole", false, false, false, false, false, false, true, false);
|
||||||
|
Assert.assertFalse(SEND.hasRole(role));
|
||||||
|
Assert.assertFalse(CONSUME.hasRole(role));
|
||||||
|
Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role));
|
||||||
|
Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
|
||||||
|
Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
|
||||||
|
Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
|
||||||
|
Assert.assertTrue(MANAGE.hasRole(role));
|
||||||
|
Assert.assertFalse(BROWSE.hasRole(role));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testEqualsAndHashcode() throws Exception {
|
public void testEqualsAndHashcode() throws Exception {
|
||||||
Role role = new Role("testEquals", true, true, true, false, false, false, false);
|
Role role = new Role("testEquals", true, true, true, false, false, false, false, false);
|
||||||
Role sameRole = new Role("testEquals", true, true, true, false, false, false, false);
|
Role sameRole = new Role("testEquals", true, true, true, false, false, false, false, false);
|
||||||
Role roleWithDifferentName = new Role("notEquals", true, true, true, false, false, false, false);
|
Role roleWithDifferentName = new Role("notEquals", true, true, true, false, false, false, false, false);
|
||||||
Role roleWithDifferentRead = new Role("testEquals", false, true, true, false, false, false, false);
|
Role roleWithDifferentRead = new Role("testEquals", false, true, true, false, false, false, false, false);
|
||||||
Role roleWithDifferentWrite = new Role("testEquals", true, false, true, false, false, false, false);
|
Role roleWithDifferentWrite = new Role("testEquals", true, false, true, false, false, false, false, false);
|
||||||
Role roleWithDifferentCreate = new Role("testEquals", true, true, false, false, false, false, false);
|
Role roleWithDifferentCreate = new Role("testEquals", true, true, false, false, false, false, false, false);
|
||||||
|
|
||||||
Assert.assertTrue(role.equals(role));
|
Assert.assertTrue(role.equals(role));
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -72,13 +72,13 @@ public class RepositoryTest extends ActiveMQTestBase {
|
||||||
public void testSingletwo() {
|
public void testSingletwo() {
|
||||||
securityRepository.addMatch("queues.another.aq.*", new HashSet<Role>());
|
securityRepository.addMatch("queues.another.aq.*", new HashSet<Role>());
|
||||||
HashSet<Role> roles = new HashSet<>(2);
|
HashSet<Role> roles = new HashSet<>(2);
|
||||||
roles.add(new Role("test1", true, true, true, true, true, true, true));
|
roles.add(new Role("test1", true, true, true, true, true, true, true, true));
|
||||||
roles.add(new Role("test2", true, true, true, true, true, true, true));
|
roles.add(new Role("test2", true, true, true, true, true, true, true, true));
|
||||||
securityRepository.addMatch("queues.aq", roles);
|
securityRepository.addMatch("queues.aq", roles);
|
||||||
HashSet<Role> roles2 = new HashSet<>(2);
|
HashSet<Role> roles2 = new HashSet<>(2);
|
||||||
roles2.add(new Role("test1", true, true, true, true, true, true, true));
|
roles2.add(new Role("test1", true, true, true, true, true, true, true, true));
|
||||||
roles2.add(new Role("test2", true, true, true, true, true, true, true));
|
roles2.add(new Role("test2", true, true, true, true, true, true, true, true));
|
||||||
roles2.add(new Role("test3", true, true, true, true, true, true, true));
|
roles2.add(new Role("test3", true, true, true, true, true, true, true, true));
|
||||||
securityRepository.addMatch("queues.another.andanother", roles2);
|
securityRepository.addMatch("queues.another.andanother", roles2);
|
||||||
|
|
||||||
HashSet<Role> hashSet = securityRepository.getMatch("queues.another.andanother");
|
HashSet<Role> hashSet = securityRepository.getMatch("queues.another.andanother");
|
||||||
|
|
@ -89,8 +89,8 @@ public class RepositoryTest extends ActiveMQTestBase {
|
||||||
public void testWithoutWildcard() {
|
public void testWithoutWildcard() {
|
||||||
securityRepository.addMatch("queues.1.*", new HashSet<Role>());
|
securityRepository.addMatch("queues.1.*", new HashSet<Role>());
|
||||||
HashSet<Role> roles = new HashSet<>(2);
|
HashSet<Role> roles = new HashSet<>(2);
|
||||||
roles.add(new Role("test1", true, true, true, true, true, true, true));
|
roles.add(new Role("test1", true, true, true, true, true, true, true, true));
|
||||||
roles.add(new Role("test2", true, true, true, true, true, true, true));
|
roles.add(new Role("test2", true, true, true, true, true, true, true, true));
|
||||||
securityRepository.addMatch("queues.2.aq", roles);
|
securityRepository.addMatch("queues.2.aq", roles);
|
||||||
HashSet<Role> hashSet = securityRepository.getMatch("queues.2.aq");
|
HashSet<Role> hashSet = securityRepository.getMatch("queues.2.aq");
|
||||||
Assert.assertEquals(hashSet.size(), 2);
|
Assert.assertEquals(hashSet.size(), 2);
|
||||||
|
|
|
||||||
|
|
@ -53,6 +53,9 @@ match the address. Those permissions are:
|
||||||
- `consume`. This permission allows the user to consume a message from
|
- `consume`. This permission allows the user to consume a message from
|
||||||
a queue bound to matching addresses.
|
a queue bound to matching addresses.
|
||||||
|
|
||||||
|
- `browse`. This permission allows the user to browse a queue bound to
|
||||||
|
the matching address.
|
||||||
|
|
||||||
- `manage`. This permission allows the user to invoke management
|
- `manage`. This permission allows the user to invoke management
|
||||||
operations by sending management messages to the management address.
|
operations by sending management messages to the management address.
|
||||||
|
|
||||||
|
|
@ -225,11 +228,11 @@ may not be applied as expected to JMS destinations since Artemis always prefixes
|
||||||
"jms.topic." as necessary.
|
"jms.topic." as necessary.
|
||||||
|
|
||||||
ActiveMQ 5.x only has 3 permission types - `read`, `write`, and `admin`. These permission types are described on their
|
ActiveMQ 5.x only has 3 permission types - `read`, `write`, and `admin`. These permission types are described on their
|
||||||
[website](http://activemq.apache.org/security.html). However, as described previously, ActiveMQ Artemis has 6 permission
|
[website](http://activemq.apache.org/security.html). However, as described previously, ActiveMQ Artemis has 7 permission
|
||||||
types - `createDurableQueue`, `deleteDurableQueue`, `createNonDurableQueue`, `deleteNonDurableQueue`, `send`, `consume`,
|
types - `createDurableQueue`, `deleteDurableQueue`, `createNonDurableQueue`, `deleteNonDurableQueue`, `send`, `consume`,
|
||||||
and `manage`. Here's how the old types are mapped to the new types:
|
`browse`, and `manage`. Here's how the old types are mapped to the new types:
|
||||||
|
|
||||||
- `read` - `consume`
|
- `read` - `consume`, `browse`
|
||||||
- `write` - `send`
|
- `write` - `send`
|
||||||
- `admin` - `createDurableQueue`, `deleteDurableQueue`, `createNonDurableQueue`, `deleteNonDurableQueue`
|
- `admin` - `createDurableQueue`, `deleteDurableQueue`, `createNonDurableQueue`, `deleteNonDurableQueue`
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -107,7 +107,7 @@ public class AutoCreateJmsDestinationTest extends JMSTestBase {
|
||||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest");
|
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest");
|
||||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
|
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
|
||||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "rejectAll");
|
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "rejectAll");
|
||||||
Role role = new Role("rejectAll", false, false, false, false, false, false, false);
|
Role role = new Role("rejectAll", false, false, false, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
server.getSecurityRepository().addMatch("#", roles);
|
server.getSecurityRepository().addMatch("#", roles);
|
||||||
|
|
@ -245,7 +245,7 @@ public class AutoCreateJmsDestinationTest extends JMSTestBase {
|
||||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest");
|
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest");
|
||||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
|
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
|
||||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "allowAll");
|
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "allowAll");
|
||||||
Role role = new Role("allowAll", true, true, true, true, true, true, true);
|
Role role = new Role("allowAll", true, true, true, true, true, true, true, true);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
server.getSecurityRepository().addMatch("#", roles);
|
server.getSecurityRepository().addMatch("#", roles);
|
||||||
|
|
|
||||||
|
|
@ -103,7 +103,7 @@ public class SecurityFailoverTest extends FailoverTest {
|
||||||
protected ActiveMQJAASSecurityManager installSecurity(TestableServer server) {
|
protected ActiveMQJAASSecurityManager installSecurity(TestableServer server) {
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getServer().getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getServer().getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("a", "b");
|
securityManager.getConfiguration().addUser("a", "b");
|
||||||
Role role = new Role("arole", true, true, true, true, true, true, true);
|
Role role = new Role("arole", true, true, true, true, true, true, true, true);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
server.getServer().getSecurityRepository().addMatch("#", roles);
|
server.getServer().getSecurityRepository().addMatch("#", roles);
|
||||||
|
|
|
||||||
|
|
@ -402,7 +402,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase {
|
||||||
String exactAddress = "test.whatever";
|
String exactAddress = "test.whatever";
|
||||||
|
|
||||||
assertEquals(0, serverControl.getRoles(addressMatch).length);
|
assertEquals(0, serverControl.getRoles(addressMatch).length);
|
||||||
serverControl.addSecuritySettings(addressMatch, "foo", "foo, bar", "foo", "bar", "foo, bar", "", "");
|
serverControl.addSecuritySettings(addressMatch, "foo", "foo, bar", "foo", "bar", "foo, bar", "", "", "bar");
|
||||||
|
|
||||||
// Restart the server. Those settings should be persisted
|
// Restart the server. Those settings should be persisted
|
||||||
|
|
||||||
|
|
@ -430,6 +430,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase {
|
||||||
assertTrue(fooRole.isCreateNonDurableQueue());
|
assertTrue(fooRole.isCreateNonDurableQueue());
|
||||||
assertFalse(fooRole.isDeleteNonDurableQueue());
|
assertFalse(fooRole.isDeleteNonDurableQueue());
|
||||||
assertFalse(fooRole.isManage());
|
assertFalse(fooRole.isManage());
|
||||||
|
assertFalse(fooRole.isBrowse());
|
||||||
|
|
||||||
assertFalse(barRole.isSend());
|
assertFalse(barRole.isSend());
|
||||||
assertTrue(barRole.isConsume());
|
assertTrue(barRole.isConsume());
|
||||||
|
|
@ -438,6 +439,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase {
|
||||||
assertTrue(barRole.isCreateNonDurableQueue());
|
assertTrue(barRole.isCreateNonDurableQueue());
|
||||||
assertFalse(barRole.isDeleteNonDurableQueue());
|
assertFalse(barRole.isDeleteNonDurableQueue());
|
||||||
assertFalse(barRole.isManage());
|
assertFalse(barRole.isManage());
|
||||||
|
assertTrue(barRole.isBrowse());
|
||||||
|
|
||||||
serverControl.removeSecuritySettings(addressMatch);
|
serverControl.removeSecuritySettings(addressMatch);
|
||||||
assertEquals(0, serverControl.getRoles(exactAddress).length);
|
assertEquals(0, serverControl.getRoles(exactAddress).length);
|
||||||
|
|
|
||||||
|
|
@ -552,6 +552,19 @@ public class ActiveMQServerControlUsingCoreTest extends ActiveMQServerControlTes
|
||||||
proxy.invokeOperation("addSecuritySettings", addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles);
|
proxy.invokeOperation("addSecuritySettings", addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void addSecuritySettings(String addressMatch,
|
||||||
|
String sendRoles,
|
||||||
|
String consumeRoles,
|
||||||
|
String createDurableQueueRoles,
|
||||||
|
String deleteDurableQueueRoles,
|
||||||
|
String createNonDurableQueueRoles,
|
||||||
|
String deleteNonDurableQueueRoles,
|
||||||
|
String manageRoles,
|
||||||
|
String browseRoles) throws Exception {
|
||||||
|
proxy.invokeOperation("addSecuritySettings", addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void removeSecuritySettings(String addressMatch) throws Exception {
|
public void removeSecuritySettings(String addressMatch) throws Exception {
|
||||||
proxy.invokeOperation("removeSecuritySettings", addressMatch);
|
proxy.invokeOperation("removeSecuritySettings", addressMatch);
|
||||||
|
|
|
||||||
|
|
@ -117,7 +117,7 @@ public class AddressControlTest extends ManagementTestBase {
|
||||||
public void testGetRoles() throws Exception {
|
public void testGetRoles() throws Exception {
|
||||||
SimpleString address = RandomUtil.randomSimpleString();
|
SimpleString address = RandomUtil.randomSimpleString();
|
||||||
SimpleString queue = RandomUtil.randomSimpleString();
|
SimpleString queue = RandomUtil.randomSimpleString();
|
||||||
Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
|
Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
|
||||||
|
|
||||||
session.createQueue(address, queue, true);
|
session.createQueue(address, queue, true);
|
||||||
|
|
||||||
|
|
@ -148,7 +148,7 @@ public class AddressControlTest extends ManagementTestBase {
|
||||||
public void testGetRolesAsJSON() throws Exception {
|
public void testGetRolesAsJSON() throws Exception {
|
||||||
SimpleString address = RandomUtil.randomSimpleString();
|
SimpleString address = RandomUtil.randomSimpleString();
|
||||||
SimpleString queue = RandomUtil.randomSimpleString();
|
SimpleString queue = RandomUtil.randomSimpleString();
|
||||||
Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
|
Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
|
||||||
|
|
||||||
session.createQueue(address, queue, true);
|
session.createQueue(address, queue, true);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -121,7 +121,7 @@ public class AddressControlUsingCoreTest extends ManagementTestBase {
|
||||||
public void testGetRoles() throws Exception {
|
public void testGetRoles() throws Exception {
|
||||||
SimpleString address = RandomUtil.randomSimpleString();
|
SimpleString address = RandomUtil.randomSimpleString();
|
||||||
SimpleString queue = RandomUtil.randomSimpleString();
|
SimpleString queue = RandomUtil.randomSimpleString();
|
||||||
Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
|
Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
|
||||||
|
|
||||||
session.createQueue(address, queue, true);
|
session.createQueue(address, queue, true);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -90,10 +90,10 @@ public class SecurityManagementWithConfiguredAdminUserTest extends SecurityManag
|
||||||
securityManager.getConfiguration().addRole(invalidAdminUser, "guest");
|
securityManager.getConfiguration().addRole(invalidAdminUser, "guest");
|
||||||
|
|
||||||
Set<Role> adminRole = securityRepository.getMatch(ActiveMQDefaultConfiguration.getDefaultManagementAddress().toString());
|
Set<Role> adminRole = securityRepository.getMatch(ActiveMQDefaultConfiguration.getDefaultManagementAddress().toString());
|
||||||
adminRole.add(new Role("admin", true, true, true, true, true, true, true));
|
adminRole.add(new Role("admin", true, true, true, true, true, true, true, true));
|
||||||
securityRepository.addMatch(ActiveMQDefaultConfiguration.getDefaultManagementAddress().toString(), adminRole);
|
securityRepository.addMatch(ActiveMQDefaultConfiguration.getDefaultManagementAddress().toString(), adminRole);
|
||||||
Set<Role> guestRole = securityRepository.getMatch("*");
|
Set<Role> guestRole = securityRepository.getMatch("*");
|
||||||
guestRole.add(new Role("guest", true, true, true, true, true, true, false));
|
guestRole.add(new Role("guest", true, true, true, true, true, true, false, true));
|
||||||
securityRepository.addMatch("*", guestRole);
|
securityRepository.addMatch("*", guestRole);
|
||||||
|
|
||||||
return server;
|
return server;
|
||||||
|
|
|
||||||
|
|
@ -89,7 +89,7 @@ public class SecurityNotificationTest extends ActiveMQTestBase {
|
||||||
SimpleString address = RandomUtil.randomSimpleString();
|
SimpleString address = RandomUtil.randomSimpleString();
|
||||||
|
|
||||||
// guest can not create queue
|
// guest can not create queue
|
||||||
Role role = new Role("roleCanNotCreateQueue", true, true, false, true, false, true, true);
|
Role role = new Role("roleCanNotCreateQueue", true, true, false, true, false, true, true, true);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
server.getSecurityRepository().addMatch(address.toString(), roles);
|
server.getSecurityRepository().addMatch(address.toString(), roles);
|
||||||
|
|
@ -138,7 +138,7 @@ public class SecurityNotificationTest extends ActiveMQTestBase {
|
||||||
securityManager.getConfiguration().addUser("guest", "guest");
|
securityManager.getConfiguration().addUser("guest", "guest");
|
||||||
securityManager.getConfiguration().setDefaultUser("guest");
|
securityManager.getConfiguration().setDefaultUser("guest");
|
||||||
|
|
||||||
Role role = new Role("notif", true, true, true, true, true, true, true);
|
Role role = new Role("notif", true, true, true, true, true, true, true, true);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
server.getSecurityRepository().addMatch(ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress().toString(), roles);
|
server.getSecurityRepository().addMatch(ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress().toString(), roles);
|
||||||
|
|
|
||||||
|
|
@ -77,24 +77,23 @@ public class OpenWireTestBase extends ActiveMQTestBase {
|
||||||
securityManager.getConfiguration().addRole("openwireSender", "sender");
|
securityManager.getConfiguration().addRole("openwireSender", "sender");
|
||||||
securityManager.getConfiguration().addUser("openwireSender", "SeNdEr");
|
securityManager.getConfiguration().addUser("openwireSender", "SeNdEr");
|
||||||
//sender cannot receive
|
//sender cannot receive
|
||||||
Role senderRole = new Role("sender", true, false, false, false, true, true, false);
|
Role senderRole = new Role("sender", true, false, false, false, true, true, false, false);
|
||||||
|
|
||||||
securityManager.getConfiguration().addRole("openwireReceiver", "receiver");
|
securityManager.getConfiguration().addRole("openwireReceiver", "receiver");
|
||||||
securityManager.getConfiguration().addUser("openwireReceiver", "ReCeIvEr");
|
securityManager.getConfiguration().addUser("openwireReceiver", "ReCeIvEr");
|
||||||
//receiver cannot send
|
//receiver cannot send
|
||||||
Role receiverRole = new Role("receiver", false, true, false, false, true, true, false);
|
Role receiverRole = new Role("receiver", false, true, false, false, true, true, false, true);
|
||||||
|
|
||||||
securityManager.getConfiguration().addRole("openwireGuest", "guest");
|
securityManager.getConfiguration().addRole("openwireGuest", "guest");
|
||||||
securityManager.getConfiguration().addUser("openwireGuest", "GuEsT");
|
securityManager.getConfiguration().addUser("openwireGuest", "GuEsT");
|
||||||
|
|
||||||
//guest cannot do anything
|
//guest cannot do anything
|
||||||
Role guestRole = new Role("guest", false, false, false, false, false, false, false);
|
Role guestRole = new Role("guest", false, false, false, false, false, false, false, false);
|
||||||
|
|
||||||
securityManager.getConfiguration().addRole("openwireDestinationManager", "manager");
|
securityManager.getConfiguration().addRole("openwireDestinationManager", "manager");
|
||||||
securityManager.getConfiguration().addUser("openwireDestinationManager", "DeStInAtIoN");
|
securityManager.getConfiguration().addUser("openwireDestinationManager", "DeStInAtIoN");
|
||||||
|
|
||||||
//guest cannot do anything
|
Role destRole = new Role("manager", false, false, false, false, true, true, false, false);
|
||||||
Role destRole = new Role("manager", false, false, false, false, true, true, false);
|
|
||||||
|
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(senderRole);
|
roles.add(senderRole);
|
||||||
|
|
|
||||||
|
|
@ -52,9 +52,9 @@ public class RolesConfigurationStorageTest extends StorageManagerTestBase {
|
||||||
public void testStoreSecuritySettings() throws Exception {
|
public void testStoreSecuritySettings() throws Exception {
|
||||||
createStorage();
|
createStorage();
|
||||||
|
|
||||||
addSetting(new PersistedRoles("a#", "a1", "a1", "a1", "a1", "a1", "a1", "a1"));
|
addSetting(new PersistedRoles("a#", "a1", "a1", "a1", "a1", "a1", "a1", "a1", "a1"));
|
||||||
|
|
||||||
addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1"));
|
addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1"));
|
||||||
|
|
||||||
journal.stop();
|
journal.stop();
|
||||||
|
|
||||||
|
|
@ -64,9 +64,9 @@ public class RolesConfigurationStorageTest extends StorageManagerTestBase {
|
||||||
|
|
||||||
checkSettings();
|
checkSettings();
|
||||||
|
|
||||||
addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1"));
|
addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1"));
|
||||||
|
|
||||||
addSetting(new PersistedRoles("a3", "a1", null, "a1", "a1", "a1", "a1", "a1"));
|
addSetting(new PersistedRoles("a3", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1"));
|
||||||
|
|
||||||
checkSettings();
|
checkSettings();
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -67,7 +67,7 @@ public class ActiveMQMessageHandlerSecurityTest extends ActiveMQRATestBase {
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("testuser", "testpassword");
|
securityManager.getConfiguration().addUser("testuser", "testpassword");
|
||||||
securityManager.getConfiguration().addRole("testuser", "arole");
|
securityManager.getConfiguration().addRole("testuser", "arole");
|
||||||
Role role = new Role("arole", false, true, false, false, false, false, false);
|
Role role = new Role("arole", false, true, false, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
|
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
|
||||||
|
|
|
||||||
|
|
@ -57,7 +57,7 @@ public class JMSContextTest extends ActiveMQRATestBase {
|
||||||
securityManager.getConfiguration().setDefaultUser("guest");
|
securityManager.getConfiguration().setDefaultUser("guest");
|
||||||
securityManager.getConfiguration().addRole("testuser", "arole");
|
securityManager.getConfiguration().addRole("testuser", "arole");
|
||||||
securityManager.getConfiguration().addRole("guest", "arole");
|
securityManager.getConfiguration().addRole("guest", "arole");
|
||||||
Role role = new Role("arole", true, true, true, true, true, true, true);
|
Role role = new Role("arole", true, true, true, true, true, true, true, true);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
|
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
|
||||||
|
|
|
||||||
|
|
@ -82,7 +82,7 @@ public class OutgoingConnectionTest extends ActiveMQRATestBase {
|
||||||
securityManager.getConfiguration().setDefaultUser("guest");
|
securityManager.getConfiguration().setDefaultUser("guest");
|
||||||
securityManager.getConfiguration().addRole("testuser", "arole");
|
securityManager.getConfiguration().addRole("testuser", "arole");
|
||||||
securityManager.getConfiguration().addRole("guest", "arole");
|
securityManager.getConfiguration().addRole("guest", "arole");
|
||||||
Role role = new Role("arole", true, true, true, true, true, true, true);
|
Role role = new Role("arole", true, true, true, true, true, true, true, true);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
|
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
|
||||||
|
|
|
||||||
|
|
@ -71,7 +71,7 @@ public class OutgoingConnectionTestJTA extends ActiveMQRATestBase {
|
||||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
|
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
|
||||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("testuser", "arole");
|
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("testuser", "arole");
|
||||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "arole");
|
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "arole");
|
||||||
Role role = new Role("arole", true, true, true, true, true, true, true);
|
Role role = new Role("arole", true, true, true, true, true, true, true, true);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
|
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
|
||||||
|
|
|
||||||
|
|
@ -183,7 +183,7 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
|
||||||
final SimpleString NON_DURABLE_QUEUE = new SimpleString("nonDurableQueue");
|
final SimpleString NON_DURABLE_QUEUE = new SimpleString("nonDurableQueue");
|
||||||
|
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(new Role("programmers", false, false, false, false, false, false, false));
|
roles.add(new Role("programmers", false, false, false, false, false, false, false, false));
|
||||||
server.getConfiguration().putSecurityRoles("#", roles);
|
server.getConfiguration().putSecurityRoles("#", roles);
|
||||||
server.start();
|
server.start();
|
||||||
server.createQueue(ADDRESS, DURABLE_QUEUE, null, true, false);
|
server.createQueue(ADDRESS, DURABLE_QUEUE, null, true, false);
|
||||||
|
|
@ -257,6 +257,15 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
|
||||||
// ignore
|
// ignore
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// BROWSE
|
||||||
|
try {
|
||||||
|
ClientConsumer browser = session.createConsumer(DURABLE_QUEUE, true);
|
||||||
|
Assert.fail("should throw exception here");
|
||||||
|
}
|
||||||
|
catch (ActiveMQException e) {
|
||||||
|
// ignore
|
||||||
|
}
|
||||||
|
|
||||||
session.close();
|
session.close();
|
||||||
cf.close();
|
cf.close();
|
||||||
}
|
}
|
||||||
|
|
@ -268,7 +277,7 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
|
||||||
final SimpleString NON_DURABLE_QUEUE = new SimpleString("nonDurableQueue");
|
final SimpleString NON_DURABLE_QUEUE = new SimpleString("nonDurableQueue");
|
||||||
|
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(new Role("admins", true, true, true, true, true, true, true));
|
roles.add(new Role("admins", true, true, true, true, true, true, true, true));
|
||||||
server.getConfiguration().putSecurityRoles("#", roles);
|
server.getConfiguration().putSecurityRoles("#", roles);
|
||||||
server.start();
|
server.start();
|
||||||
|
|
||||||
|
|
@ -337,6 +346,14 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
|
||||||
Assert.fail("should not throw exception here");
|
Assert.fail("should not throw exception here");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CONSUME
|
||||||
|
try {
|
||||||
|
session.createConsumer(DURABLE_QUEUE, true);
|
||||||
|
}
|
||||||
|
catch (ActiveMQException e) {
|
||||||
|
Assert.fail("should not throw exception here");
|
||||||
|
}
|
||||||
|
|
||||||
session.close();
|
session.close();
|
||||||
cf.close();
|
cf.close();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -229,7 +229,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
|
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
|
||||||
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
|
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(new Role("programmers", false, false, false, false, false, false, false));
|
roles.add(new Role("programmers", false, false, false, false, false, false, false, false));
|
||||||
server.getConfiguration().putSecurityRoles("#", roles);
|
server.getConfiguration().putSecurityRoles("#", roles);
|
||||||
server.start();
|
server.start();
|
||||||
server.createQueue(ADDRESS, DURABLE_QUEUE, null, true, false);
|
server.createQueue(ADDRESS, DURABLE_QUEUE, null, true, false);
|
||||||
|
|
@ -302,6 +302,15 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
catch (ActiveMQException e) {
|
catch (ActiveMQException e) {
|
||||||
// ignore
|
// ignore
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// BROWSE
|
||||||
|
try {
|
||||||
|
ClientConsumer browser = session.createConsumer(DURABLE_QUEUE, true);
|
||||||
|
Assert.fail("should throw exception here");
|
||||||
|
}
|
||||||
|
catch (ActiveMQException e) {
|
||||||
|
// ignore
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -324,7 +333,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
|
server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
|
||||||
|
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(new Role("programmers", false, false, false, false, false, false, false));
|
roles.add(new Role("programmers", false, false, false, false, false, false, false, false));
|
||||||
server.getConfiguration().putSecurityRoles("#", roles);
|
server.getConfiguration().putSecurityRoles("#", roles);
|
||||||
|
|
||||||
server.start();
|
server.start();
|
||||||
|
|
@ -407,6 +416,15 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
catch (ActiveMQException e) {
|
catch (ActiveMQException e) {
|
||||||
// ignore
|
// ignore
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// BROWSE
|
||||||
|
try {
|
||||||
|
ClientConsumer browser = session.createConsumer(DURABLE_QUEUE, true);
|
||||||
|
Assert.fail("should throw exception here");
|
||||||
|
}
|
||||||
|
catch (ActiveMQException e) {
|
||||||
|
// ignore
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -418,7 +436,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
|
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
|
||||||
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
|
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(new Role("programmers", true, true, true, true, true, true, true));
|
roles.add(new Role("programmers", true, true, true, true, true, true, true, true));
|
||||||
server.getConfiguration().putSecurityRoles("#", roles);
|
server.getConfiguration().putSecurityRoles("#", roles);
|
||||||
server.start();
|
server.start();
|
||||||
|
|
||||||
|
|
@ -484,6 +502,14 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
catch (ActiveMQException e) {
|
catch (ActiveMQException e) {
|
||||||
Assert.fail("should not throw exception here");
|
Assert.fail("should not throw exception here");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// BROWSE
|
||||||
|
try {
|
||||||
|
session.createConsumer(DURABLE_QUEUE, true);
|
||||||
|
}
|
||||||
|
catch (ActiveMQException e) {
|
||||||
|
Assert.fail("should not throw exception here");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -506,7 +532,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
|
server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
|
||||||
|
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(new Role("programmers", true, true, true, true, true, true, true));
|
roles.add(new Role("programmers", true, true, true, true, true, true, true, true));
|
||||||
server.getConfiguration().putSecurityRoles("#", roles);
|
server.getConfiguration().putSecurityRoles("#", roles);
|
||||||
server.start();
|
server.start();
|
||||||
|
|
||||||
|
|
@ -579,6 +605,14 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
catch (ActiveMQException e) {
|
catch (ActiveMQException e) {
|
||||||
Assert.fail("should not throw exception here");
|
Assert.fail("should not throw exception here");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// BROWSE
|
||||||
|
try {
|
||||||
|
session.createConsumer(DURABLE_QUEUE, true);
|
||||||
|
}
|
||||||
|
catch (ActiveMQException e) {
|
||||||
|
Assert.fail("should not throw exception here");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -590,7 +624,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("GuestLogin");
|
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("GuestLogin");
|
||||||
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
|
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(new Role("bar", true, true, true, true, true, true, true));
|
roles.add(new Role("bar", true, true, true, true, true, true, true, false));
|
||||||
server.getConfiguration().putSecurityRoles("#", roles);
|
server.getConfiguration().putSecurityRoles("#", roles);
|
||||||
server.start();
|
server.start();
|
||||||
|
|
||||||
|
|
@ -750,7 +784,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("auser", "pass");
|
securityManager.getConfiguration().addUser("auser", "pass");
|
||||||
Role role = new Role("arole", false, false, true, false, false, false, false);
|
Role role = new Role("arole", false, false, true, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||||
|
|
@ -769,7 +803,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("auser", "pass");
|
securityManager.getConfiguration().addUser("auser", "pass");
|
||||||
Role role = new Role("arole", false, false, false, false, false, false, false);
|
Role role = new Role("arole", false, false, false, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||||
|
|
@ -796,7 +830,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("auser", "pass");
|
securityManager.getConfiguration().addUser("auser", "pass");
|
||||||
Role role = new Role("arole", false, false, true, true, false, false, false);
|
Role role = new Role("arole", false, false, true, true, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||||
|
|
@ -815,7 +849,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("auser", "pass");
|
securityManager.getConfiguration().addUser("auser", "pass");
|
||||||
Role role = new Role("arole", false, false, true, false, false, false, false);
|
Role role = new Role("arole", false, false, true, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||||
|
|
@ -844,7 +878,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("auser", "pass");
|
securityManager.getConfiguration().addUser("auser", "pass");
|
||||||
Role role = new Role("arole", false, false, false, false, true, false, false);
|
Role role = new Role("arole", false, false, false, false, true, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||||
|
|
@ -863,7 +897,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("auser", "pass");
|
securityManager.getConfiguration().addUser("auser", "pass");
|
||||||
Role role = new Role("arole", false, false, false, false, false, false, false);
|
Role role = new Role("arole", false, false, false, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||||
|
|
@ -890,7 +924,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("auser", "pass");
|
securityManager.getConfiguration().addUser("auser", "pass");
|
||||||
Role role = new Role("arole", false, false, false, false, true, true, false);
|
Role role = new Role("arole", false, false, false, false, true, true, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||||
|
|
@ -909,7 +943,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("auser", "pass");
|
securityManager.getConfiguration().addUser("auser", "pass");
|
||||||
Role role = new Role("arole", false, false, false, false, true, false, false);
|
Role role = new Role("arole", false, false, false, false, true, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||||
|
|
@ -942,7 +976,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
|
|
||||||
securityManager.getConfiguration().addUser("auser", "pass");
|
securityManager.getConfiguration().addUser("auser", "pass");
|
||||||
|
|
||||||
Role role = new Role("arole", true, true, true, false, false, false, false);
|
Role role = new Role("arole", true, true, true, false, false, false, false, false);
|
||||||
|
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
|
|
||||||
|
|
@ -974,7 +1008,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
|
|
||||||
receivedMessage.acknowledge();
|
receivedMessage.acknowledge();
|
||||||
|
|
||||||
role = new Role("arole", false, false, true, false, false, false, false);
|
role = new Role("arole", false, false, true, false, false, false, false, false);
|
||||||
|
|
||||||
roles = new HashSet<>();
|
roles = new HashSet<>();
|
||||||
|
|
||||||
|
|
@ -1002,7 +1036,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("auser", "pass");
|
securityManager.getConfiguration().addUser("auser", "pass");
|
||||||
Role role = new Role("arole", false, false, true, false, false, false, false);
|
Role role = new Role("arole", false, false, true, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||||
|
|
@ -1032,7 +1066,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("auser", "pass");
|
securityManager.getConfiguration().addUser("auser", "pass");
|
||||||
Role role = new Role("arole", false, false, true, false, false, false, false);
|
Role role = new Role("arole", false, false, true, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||||
|
|
@ -1058,8 +1092,8 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
securityManager.getConfiguration().addUser("guest", "guest");
|
securityManager.getConfiguration().addUser("guest", "guest");
|
||||||
securityManager.getConfiguration().addRole("guest", "guest");
|
securityManager.getConfiguration().addRole("guest", "guest");
|
||||||
securityManager.getConfiguration().setDefaultUser("guest");
|
securityManager.getConfiguration().setDefaultUser("guest");
|
||||||
Role role = new Role("arole", false, true, false, false, false, false, false);
|
Role role = new Role("arole", false, true, false, false, false, false, false, false);
|
||||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false);
|
Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(sendRole);
|
roles.add(sendRole);
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
|
|
@ -1086,8 +1120,8 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
securityManager.getConfiguration().addUser("guest", "guest");
|
securityManager.getConfiguration().addUser("guest", "guest");
|
||||||
securityManager.getConfiguration().addRole("guest", "guest");
|
securityManager.getConfiguration().addRole("guest", "guest");
|
||||||
securityManager.getConfiguration().setDefaultUser("guest");
|
securityManager.getConfiguration().setDefaultUser("guest");
|
||||||
Role role = new Role("arole", false, false, false, false, false, false, false);
|
Role role = new Role("arole", false, false, false, false, false, false, false, false);
|
||||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false);
|
Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(sendRole);
|
roles.add(sendRole);
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
|
|
@ -1123,9 +1157,9 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
securityManager.getConfiguration().addUser("guest", "guest");
|
securityManager.getConfiguration().addUser("guest", "guest");
|
||||||
securityManager.getConfiguration().addRole("guest", "guest");
|
securityManager.getConfiguration().addRole("guest", "guest");
|
||||||
securityManager.getConfiguration().setDefaultUser("guest");
|
securityManager.getConfiguration().setDefaultUser("guest");
|
||||||
Role role = new Role("arole", false, false, false, false, false, false, false);
|
Role role = new Role("arole", false, false, false, false, false, false, false, false);
|
||||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false);
|
Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
|
||||||
Role receiveRole = new Role("receiver", false, true, false, false, false, false, false);
|
Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(sendRole);
|
roles.add(sendRole);
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
|
|
@ -1174,9 +1208,9 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
securityManager.getConfiguration().addUser("guest", "guest");
|
securityManager.getConfiguration().addUser("guest", "guest");
|
||||||
securityManager.getConfiguration().addRole("guest", "guest");
|
securityManager.getConfiguration().addRole("guest", "guest");
|
||||||
securityManager.getConfiguration().setDefaultUser("guest");
|
securityManager.getConfiguration().setDefaultUser("guest");
|
||||||
Role role = new Role("arole", false, false, false, false, false, false, false);
|
Role role = new Role("arole", false, false, false, false, false, false, false, false);
|
||||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false);
|
Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
|
||||||
Role receiveRole = new Role("receiver", false, true, false, false, false, false, false);
|
Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(sendRole);
|
roles.add(sendRole);
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
|
|
@ -1234,11 +1268,11 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
securityManager.getConfiguration().addUser("guest", "guest");
|
securityManager.getConfiguration().addUser("guest", "guest");
|
||||||
securityManager.getConfiguration().addRole("guest", "guest");
|
securityManager.getConfiguration().addRole("guest", "guest");
|
||||||
securityManager.getConfiguration().setDefaultUser("guest");
|
securityManager.getConfiguration().setDefaultUser("guest");
|
||||||
Role role = new Role("arole", false, false, false, false, false, false, false);
|
Role role = new Role("arole", false, false, false, false, false, false, false, false);
|
||||||
System.out.println("guest:" + role);
|
System.out.println("guest:" + role);
|
||||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false);
|
Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
|
||||||
System.out.println("guest:" + sendRole);
|
System.out.println("guest:" + sendRole);
|
||||||
Role receiveRole = new Role("receiver", false, true, false, false, false, false, false);
|
Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false);
|
||||||
System.out.println("guest:" + receiveRole);
|
System.out.println("guest:" + receiveRole);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(sendRole);
|
roles.add(sendRole);
|
||||||
|
|
@ -1323,7 +1357,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("auser", "pass");
|
securityManager.getConfiguration().addUser("auser", "pass");
|
||||||
Role role = new Role("arole", false, false, false, false, false, false, true);
|
Role role = new Role("arole", false, false, false, false, false, false, true, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
securityRepository.addMatch(configuration.getManagementAddress().toString(), roles);
|
securityRepository.addMatch(configuration.getManagementAddress().toString(), roles);
|
||||||
|
|
@ -1344,7 +1378,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("auser", "pass");
|
securityManager.getConfiguration().addUser("auser", "pass");
|
||||||
Role role = new Role("arole", false, false, true, false, false, false, false);
|
Role role = new Role("arole", false, false, true, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
securityRepository.addMatch(configuration.getManagementAddress().toString(), roles);
|
securityRepository.addMatch(configuration.getManagementAddress().toString(), roles);
|
||||||
|
|
@ -1375,7 +1409,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("auser", "pass");
|
securityManager.getConfiguration().addUser("auser", "pass");
|
||||||
Role role = new Role("arole", false, false, true, false, false, false, false);
|
Role role = new Role("arole", false, false, true, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
securityRepository.addMatch(configuration.getManagementAddress().toString(), roles);
|
securityRepository.addMatch(configuration.getManagementAddress().toString(), roles);
|
||||||
|
|
@ -1411,23 +1445,23 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
securityManager.getConfiguration().addRole("frank", "user");
|
securityManager.getConfiguration().addRole("frank", "user");
|
||||||
securityManager.getConfiguration().addRole("sam", "news-user");
|
securityManager.getConfiguration().addRole("sam", "news-user");
|
||||||
securityManager.getConfiguration().addRole("sam", "user");
|
securityManager.getConfiguration().addRole("sam", "user");
|
||||||
Role all = new Role("all", true, true, true, true, true, true, true);
|
Role all = new Role("all", true, true, true, true, true, true, true, true);
|
||||||
HierarchicalRepository<Set<Role>> repository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> repository = server.getSecurityRepository();
|
||||||
Set<Role> add = new HashSet<>();
|
Set<Role> add = new HashSet<>();
|
||||||
add.add(new Role("user", true, true, true, true, true, true, false));
|
add.add(new Role("user", true, true, true, true, true, true, false, true));
|
||||||
add.add(all);
|
add.add(all);
|
||||||
repository.addMatch("#", add);
|
repository.addMatch("#", add);
|
||||||
Set<Role> add1 = new HashSet<>();
|
Set<Role> add1 = new HashSet<>();
|
||||||
add1.add(all);
|
add1.add(all);
|
||||||
add1.add(new Role("user", false, false, true, true, true, true, false));
|
add1.add(new Role("user", false, false, true, true, true, true, false, true));
|
||||||
add1.add(new Role("europe-user", true, false, false, false, false, false, false));
|
add1.add(new Role("europe-user", true, false, false, false, false, false, false, true));
|
||||||
add1.add(new Role("news-user", false, true, false, false, false, false, false));
|
add1.add(new Role("news-user", false, true, false, false, false, false, false, true));
|
||||||
repository.addMatch("news.europe.#", add1);
|
repository.addMatch("news.europe.#", add1);
|
||||||
Set<Role> add2 = new HashSet<>();
|
Set<Role> add2 = new HashSet<>();
|
||||||
add2.add(all);
|
add2.add(all);
|
||||||
add2.add(new Role("user", false, false, true, true, true, true, false));
|
add2.add(new Role("user", false, false, true, true, true, true, false, true));
|
||||||
add2.add(new Role("us-user", true, false, false, false, false, false, false));
|
add2.add(new Role("us-user", true, false, false, false, false, false, false, true));
|
||||||
add2.add(new Role("news-user", false, true, false, false, false, false, false));
|
add2.add(new Role("news-user", false, true, false, false, false, false, false, true));
|
||||||
repository.addMatch("news.us.#", add2);
|
repository.addMatch("news.us.#", add2);
|
||||||
ClientSession billConnection = null;
|
ClientSession billConnection = null;
|
||||||
ClientSession andrewConnection = null;
|
ClientSession andrewConnection = null;
|
||||||
|
|
@ -1542,23 +1576,23 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
securityManager.getConfiguration().addRole("frank", "user");
|
securityManager.getConfiguration().addRole("frank", "user");
|
||||||
securityManager.getConfiguration().addRole("sam", "news-user");
|
securityManager.getConfiguration().addRole("sam", "news-user");
|
||||||
securityManager.getConfiguration().addRole("sam", "user");
|
securityManager.getConfiguration().addRole("sam", "user");
|
||||||
Role all = new Role("all", true, true, true, true, true, true, true);
|
Role all = new Role("all", true, true, true, true, true, true, true, true);
|
||||||
HierarchicalRepository<Set<Role>> repository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> repository = server.getSecurityRepository();
|
||||||
Set<Role> add = new HashSet<>();
|
Set<Role> add = new HashSet<>();
|
||||||
add.add(new Role("user", true, true, true, true, true, true, false));
|
add.add(new Role("user", true, true, true, true, true, true, false, true));
|
||||||
add.add(all);
|
add.add(all);
|
||||||
repository.addMatch("#", add);
|
repository.addMatch("#", add);
|
||||||
Set<Role> add1 = new HashSet<>();
|
Set<Role> add1 = new HashSet<>();
|
||||||
add1.add(all);
|
add1.add(all);
|
||||||
add1.add(new Role("user", false, false, true, true, true, true, false));
|
add1.add(new Role("user", false, false, true, true, true, true, false, true));
|
||||||
add1.add(new Role("europe-user", true, false, false, false, false, false, false));
|
add1.add(new Role("europe-user", true, false, false, false, false, false, false, true));
|
||||||
add1.add(new Role("news-user", false, true, false, false, false, false, false));
|
add1.add(new Role("news-user", false, true, false, false, false, false, false, true));
|
||||||
repository.addMatch("news.europe.#", add1);
|
repository.addMatch("news.europe.#", add1);
|
||||||
Set<Role> add2 = new HashSet<>();
|
Set<Role> add2 = new HashSet<>();
|
||||||
add2.add(all);
|
add2.add(all);
|
||||||
add2.add(new Role("user", false, false, true, true, true, true, false));
|
add2.add(new Role("user", false, false, true, true, true, true, false, true));
|
||||||
add2.add(new Role("us-user", true, false, false, false, false, false, false));
|
add2.add(new Role("us-user", true, false, false, false, false, false, false, true));
|
||||||
add2.add(new Role("news-user", false, true, false, false, false, false, false));
|
add2.add(new Role("news-user", false, true, false, false, false, false, false, true));
|
||||||
repository.addMatch("news.us.#", add2);
|
repository.addMatch("news.us.#", add2);
|
||||||
ClientSession billConnection = null;
|
ClientSession billConnection = null;
|
||||||
ClientSession andrewConnection = null;
|
ClientSession andrewConnection = null;
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,7 @@ public class ResourceLimitTest extends ActiveMQTestBase {
|
||||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||||
securityManager.getConfiguration().addUser("myUser", "password");
|
securityManager.getConfiguration().addUser("myUser", "password");
|
||||||
securityManager.getConfiguration().addRole("myUser", "arole");
|
securityManager.getConfiguration().addRole("myUser", "arole");
|
||||||
Role role = new Role("arole", false, false, false, false, true, true, false);
|
Role role = new Role("arole", false, false, false, false, true, true, false, true);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
server.getSecurityRepository().addMatch("#", roles);
|
server.getSecurityRepository().addMatch("#", roles);
|
||||||
|
|
|
||||||
|
|
@ -128,8 +128,8 @@ public class DualAuthenticationTest extends ActiveMQTestBase {
|
||||||
server = addServer(ActiveMQServers.newActiveMQServer(config, ManagementFactory.getPlatformMBeanServer(), securityManager, false));
|
server = addServer(ActiveMQServers.newActiveMQServer(config, ManagementFactory.getPlatformMBeanServer(), securityManager, false));
|
||||||
|
|
||||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||||
Role sendRole = new Role("producers", true, false, true, false, true, false, false);
|
Role sendRole = new Role("producers", true, false, true, false, true, false, false, false);
|
||||||
Role receiveRole = new Role("consumers", false, true, false, false, false, false, false);
|
Role receiveRole = new Role("consumers", false, true, false, false, false, false, false, false);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(sendRole);
|
roles.add(sendRole);
|
||||||
roles.add(receiveRole);
|
roles.add(receiveRole);
|
||||||
|
|
|
||||||
|
|
@ -205,7 +205,7 @@ public abstract class StompTestBase extends ActiveMQTestBase {
|
||||||
securityManager.getConfiguration().addRole(defUser, role);
|
securityManager.getConfiguration().addRole(defUser, role);
|
||||||
config.getSecurityRoles().put("#", new HashSet<Role>() {
|
config.getSecurityRoles().put("#", new HashSet<Role>() {
|
||||||
{
|
{
|
||||||
add(new Role(role, true, true, true, true, true, true, true));
|
add(new Role(role, true, true, true, true, true, true, true, true));
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -49,6 +49,7 @@
|
||||||
<permission type="createNonDurableQueue" roles="guest,def"/>
|
<permission type="createNonDurableQueue" roles="guest,def"/>
|
||||||
<permission type="deleteNonDurableQueue" roles="guest,def"/>
|
<permission type="deleteNonDurableQueue" roles="guest,def"/>
|
||||||
<permission type="consume" roles="guest,def"/>
|
<permission type="consume" roles="guest,def"/>
|
||||||
|
<permission type="browse" roles="guest,def"/>
|
||||||
<permission type="send" roles="guest,def"/>
|
<permission type="send" roles="guest,def"/>
|
||||||
</security-setting>
|
</security-setting>
|
||||||
</security-settings>
|
</security-settings>
|
||||||
|
|
|
||||||
|
|
@ -62,22 +62,22 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase {
|
||||||
Assert.assertTrue(securityManager.validateUser("guest", "password"));
|
Assert.assertTrue(securityManager.validateUser("guest", "password"));
|
||||||
Assert.assertFalse(securityManager.validateUser(null, "wrongpass"));
|
Assert.assertFalse(securityManager.validateUser(null, "wrongpass"));
|
||||||
HashSet<Role> roles = new HashSet<>();
|
HashSet<Role> roles = new HashSet<>();
|
||||||
roles.add(new Role("guest", true, true, true, true, true, true, true));
|
roles.add(new Role("guest", true, true, true, true, true, true, true, true));
|
||||||
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
|
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
|
||||||
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
|
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
|
||||||
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
|
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
|
||||||
roles = new HashSet<>();
|
roles = new HashSet<>();
|
||||||
roles.add(new Role("guest", true, true, false, true, true, true, true));
|
roles.add(new Role("guest", true, true, false, true, true, true, true, true));
|
||||||
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
|
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
|
||||||
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
|
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
|
||||||
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
|
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
|
||||||
roles = new HashSet<>();
|
roles = new HashSet<>();
|
||||||
roles.add(new Role("guest", true, false, false, true, true, true, true));
|
roles.add(new Role("guest", true, false, false, true, true, true, true, true));
|
||||||
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
|
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
|
||||||
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
|
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
|
||||||
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
|
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
|
||||||
roles = new HashSet<>();
|
roles = new HashSet<>();
|
||||||
roles.add(new Role("guest", false, false, false, true, true, true, true));
|
roles.add(new Role("guest", false, false, false, true, true, true, true, true));
|
||||||
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
|
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
|
||||||
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
|
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
|
||||||
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
|
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
|
||||||
|
|
@ -129,19 +129,19 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase {
|
||||||
securityManager.getConfiguration().addRole("newuser1", "role3");
|
securityManager.getConfiguration().addRole("newuser1", "role3");
|
||||||
securityManager.getConfiguration().addRole("newuser1", "role4");
|
securityManager.getConfiguration().addRole("newuser1", "role4");
|
||||||
HashSet<Role> roles = new HashSet<>();
|
HashSet<Role> roles = new HashSet<>();
|
||||||
roles.add(new Role("role1", true, true, true, true, true, true, true));
|
roles.add(new Role("role1", true, true, true, true, true, true, true, true));
|
||||||
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||||
roles = new HashSet<>();
|
roles = new HashSet<>();
|
||||||
roles.add(new Role("role2", true, true, true, true, true, true, true));
|
roles.add(new Role("role2", true, true, true, true, true, true, true, true));
|
||||||
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||||
roles = new HashSet<>();
|
roles = new HashSet<>();
|
||||||
roles.add(new Role("role3", true, true, true, true, true, true, true));
|
roles.add(new Role("role3", true, true, true, true, true, true, true, true));
|
||||||
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||||
roles = new HashSet<>();
|
roles = new HashSet<>();
|
||||||
roles.add(new Role("role4", true, true, true, true, true, true, true));
|
roles.add(new Role("role4", true, true, true, true, true, true, true, true));
|
||||||
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||||
roles = new HashSet<>();
|
roles = new HashSet<>();
|
||||||
roles.add(new Role("role5", true, true, true, true, true, true, true));
|
roles.add(new Role("role5", true, true, true, true, true, true, true, true));
|
||||||
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -155,19 +155,19 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase {
|
||||||
securityManager.getConfiguration().removeRole("newuser1", "role2");
|
securityManager.getConfiguration().removeRole("newuser1", "role2");
|
||||||
securityManager.getConfiguration().removeRole("newuser1", "role4");
|
securityManager.getConfiguration().removeRole("newuser1", "role4");
|
||||||
HashSet<Role> roles = new HashSet<>();
|
HashSet<Role> roles = new HashSet<>();
|
||||||
roles.add(new Role("role1", true, true, true, true, true, true, true));
|
roles.add(new Role("role1", true, true, true, true, true, true, true, true));
|
||||||
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||||
roles = new HashSet<>();
|
roles = new HashSet<>();
|
||||||
roles.add(new Role("role2", true, true, true, true, true, true, true));
|
roles.add(new Role("role2", true, true, true, true, true, true, true, true));
|
||||||
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||||
roles = new HashSet<>();
|
roles = new HashSet<>();
|
||||||
roles.add(new Role("role3", true, true, true, true, true, true, true));
|
roles.add(new Role("role3", true, true, true, true, true, true, true, true));
|
||||||
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||||
roles = new HashSet<>();
|
roles = new HashSet<>();
|
||||||
roles.add(new Role("role4", true, true, true, true, true, true, true));
|
roles.add(new Role("role4", true, true, true, true, true, true, true, true));
|
||||||
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||||
roles = new HashSet<>();
|
roles = new HashSet<>();
|
||||||
roles.add(new Role("role5", true, true, true, true, true, true, true));
|
roles.add(new Role("role5", true, true, true, true, true, true, true, true));
|
||||||
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue