Set default password properly in security manager

The current Security Manager implementation was returning the username
instead of the default password when validating  the default user.

This patch returns the correct value and cleans up the validate method.
This commit is contained in:
Martyn Taylor 2015-07-07 15:18:02 +01:00
parent f72c183529
commit 19dc0594e5
2 changed files with 21 additions and 12 deletions

View File

@ -23,6 +23,7 @@ import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration;
import org.apache.activemq.artemis.core.security.CheckType; import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role; import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.security.User; import org.apache.activemq.artemis.core.security.User;
import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
/** /**
* A basic implementation of the ActiveMQSecurityManager. This can be used within an appserver and be deployed by * A basic implementation of the ActiveMQSecurityManager. This can be used within an appserver and be deployed by
@ -32,6 +33,8 @@ public class ActiveMQSecurityManagerImpl implements ActiveMQSecurityManager
{ {
private final SecurityConfiguration configuration; private final SecurityConfiguration configuration;
private ActiveMQServerLogger logger = ActiveMQServerLogger.LOGGER;
public ActiveMQSecurityManagerImpl() public ActiveMQSecurityManagerImpl()
{ {
configuration = new SecurityConfiguration(); configuration = new SecurityConfiguration();
@ -44,19 +47,24 @@ public class ActiveMQSecurityManagerImpl implements ActiveMQSecurityManager
// Public --------------------------------------------------------------------- // Public ---------------------------------------------------------------------
public boolean validateUser(final String user, final String password) public boolean validateUser(final String username, final String password)
{ {
if (user == null && configuration.getDefaultUser() == null) if (username != null)
{ {
return false; User user = configuration.getUser(username);
return user != null && user.isValid(username, password);
}
else if (username == null && password == null)
{
return configuration.getDefaultUser() != null;
}
else // the only possible case here is user == null, password != null
{
logger.debug("Validating default user against a provided password. This happens when username=null, password!=null");
String defaultUsername = configuration.getDefaultUser();
User defaultUser = configuration.getUser(defaultUsername);
return defaultUser != null && defaultUser.isValid(defaultUsername, password);
} }
String defaultUser = configuration.getDefaultUser();
User theUser = configuration.getUser(user == null ? defaultUser : user);
boolean ok = theUser != null && theUser.isValid(user == null ? defaultUser : user, password == null ? defaultUser
: password);
return ok;
} }
public boolean validateUserAndRole(final String user, public boolean validateUserAndRole(final String user,

View File

@ -57,11 +57,12 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase
@Test @Test
public void testDefaultSecurity() public void testDefaultSecurity()
{ {
securityManager.getConfiguration().addUser("guest", "guest"); securityManager.getConfiguration().addUser("guest", "password");
securityManager.getConfiguration().addRole("guest", "guest"); securityManager.getConfiguration().addRole("guest", "guest");
securityManager.getConfiguration().setDefaultUser("guest"); securityManager.getConfiguration().setDefaultUser("guest");
Assert.assertTrue(securityManager.validateUser(null, null)); Assert.assertTrue(securityManager.validateUser(null, null));
Assert.assertTrue(securityManager.validateUser("guest", "guest")); Assert.assertTrue(securityManager.validateUser("guest", "password"));
Assert.assertFalse(securityManager.validateUser(null, "wrongpass"));
HashSet<Role> roles = new HashSet<Role>(); HashSet<Role> roles = new HashSet<Role>();
roles.add(new Role("guest", true, true, true, true, true, true, true)); roles.add(new Role("guest", true, true, true, true, true, true, true));
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE)); Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));