From 19dc0594e5724b1232c11b3c3bf754abd0e70c54 Mon Sep 17 00:00:00 2001 From: Martyn Taylor Date: Tue, 7 Jul 2015 15:18:02 +0100 Subject: [PATCH] Set default password properly in security manager The current Security Manager implementation was returning the username instead of the default password when validating the default user. This patch returns the correct value and cleans up the validate method. --- .../security/ActiveMQSecurityManagerImpl.java | 28 ++++++++++++------- .../impl/ActiveMQSecurityManagerImplTest.java | 5 ++-- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManagerImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManagerImpl.java index a6f4774025..c3bd1a2196 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManagerImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManagerImpl.java @@ -23,6 +23,7 @@ import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration; import org.apache.activemq.artemis.core.security.CheckType; import org.apache.activemq.artemis.core.security.Role; import org.apache.activemq.artemis.core.security.User; +import org.apache.activemq.artemis.core.server.ActiveMQServerLogger; /** * A basic implementation of the ActiveMQSecurityManager. This can be used within an appserver and be deployed by @@ -32,6 +33,8 @@ public class ActiveMQSecurityManagerImpl implements ActiveMQSecurityManager { private final SecurityConfiguration configuration; + private ActiveMQServerLogger logger = ActiveMQServerLogger.LOGGER; + public ActiveMQSecurityManagerImpl() { configuration = new SecurityConfiguration(); @@ -44,19 +47,24 @@ public class ActiveMQSecurityManagerImpl implements ActiveMQSecurityManager // Public --------------------------------------------------------------------- - public boolean validateUser(final String user, final String password) + public boolean validateUser(final String username, final String password) { - if (user == null && configuration.getDefaultUser() == null) + if (username != null) { - return false; + User user = configuration.getUser(username); + return user != null && user.isValid(username, password); + } + else if (username == null && password == null) + { + return configuration.getDefaultUser() != null; + } + else // the only possible case here is user == null, password != null + { + logger.debug("Validating default user against a provided password. This happens when username=null, password!=null"); + String defaultUsername = configuration.getDefaultUser(); + User defaultUser = configuration.getUser(defaultUsername); + return defaultUser != null && defaultUser.isValid(defaultUsername, password); } - - String defaultUser = configuration.getDefaultUser(); - User theUser = configuration.getUser(user == null ? defaultUser : user); - - boolean ok = theUser != null && theUser.isValid(user == null ? defaultUser : user, password == null ? defaultUser - : password); - return ok; } public boolean validateUserAndRole(final String user, diff --git a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java index 08e8d80b8d..c729d271b9 100644 --- a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java +++ b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java @@ -57,11 +57,12 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase @Test public void testDefaultSecurity() { - securityManager.getConfiguration().addUser("guest", "guest"); + securityManager.getConfiguration().addUser("guest", "password"); securityManager.getConfiguration().addRole("guest", "guest"); securityManager.getConfiguration().setDefaultUser("guest"); Assert.assertTrue(securityManager.validateUser(null, null)); - Assert.assertTrue(securityManager.validateUser("guest", "guest")); + Assert.assertTrue(securityManager.validateUser("guest", "password")); + Assert.assertFalse(securityManager.validateUser(null, "wrongpass")); HashSet roles = new HashSet(); roles.add(new Role("guest", true, true, true, true, true, true, true)); Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));