Set default password properly in security manager
The current Security Manager implementation was returning the username instead of the default password when validating the default user. This patch returns the correct value and cleans up the validate method.
This commit is contained in:
parent
f72c183529
commit
19dc0594e5
|
@ -23,6 +23,7 @@ import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration;
|
||||||
import org.apache.activemq.artemis.core.security.CheckType;
|
import org.apache.activemq.artemis.core.security.CheckType;
|
||||||
import org.apache.activemq.artemis.core.security.Role;
|
import org.apache.activemq.artemis.core.security.Role;
|
||||||
import org.apache.activemq.artemis.core.security.User;
|
import org.apache.activemq.artemis.core.security.User;
|
||||||
|
import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A basic implementation of the ActiveMQSecurityManager. This can be used within an appserver and be deployed by
|
* A basic implementation of the ActiveMQSecurityManager. This can be used within an appserver and be deployed by
|
||||||
|
@ -32,6 +33,8 @@ public class ActiveMQSecurityManagerImpl implements ActiveMQSecurityManager
|
||||||
{
|
{
|
||||||
private final SecurityConfiguration configuration;
|
private final SecurityConfiguration configuration;
|
||||||
|
|
||||||
|
private ActiveMQServerLogger logger = ActiveMQServerLogger.LOGGER;
|
||||||
|
|
||||||
public ActiveMQSecurityManagerImpl()
|
public ActiveMQSecurityManagerImpl()
|
||||||
{
|
{
|
||||||
configuration = new SecurityConfiguration();
|
configuration = new SecurityConfiguration();
|
||||||
|
@ -44,19 +47,24 @@ public class ActiveMQSecurityManagerImpl implements ActiveMQSecurityManager
|
||||||
|
|
||||||
// Public ---------------------------------------------------------------------
|
// Public ---------------------------------------------------------------------
|
||||||
|
|
||||||
public boolean validateUser(final String user, final String password)
|
public boolean validateUser(final String username, final String password)
|
||||||
{
|
{
|
||||||
if (user == null && configuration.getDefaultUser() == null)
|
if (username != null)
|
||||||
{
|
{
|
||||||
return false;
|
User user = configuration.getUser(username);
|
||||||
|
return user != null && user.isValid(username, password);
|
||||||
|
}
|
||||||
|
else if (username == null && password == null)
|
||||||
|
{
|
||||||
|
return configuration.getDefaultUser() != null;
|
||||||
|
}
|
||||||
|
else // the only possible case here is user == null, password != null
|
||||||
|
{
|
||||||
|
logger.debug("Validating default user against a provided password. This happens when username=null, password!=null");
|
||||||
|
String defaultUsername = configuration.getDefaultUser();
|
||||||
|
User defaultUser = configuration.getUser(defaultUsername);
|
||||||
|
return defaultUser != null && defaultUser.isValid(defaultUsername, password);
|
||||||
}
|
}
|
||||||
|
|
||||||
String defaultUser = configuration.getDefaultUser();
|
|
||||||
User theUser = configuration.getUser(user == null ? defaultUser : user);
|
|
||||||
|
|
||||||
boolean ok = theUser != null && theUser.isValid(user == null ? defaultUser : user, password == null ? defaultUser
|
|
||||||
: password);
|
|
||||||
return ok;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean validateUserAndRole(final String user,
|
public boolean validateUserAndRole(final String user,
|
||||||
|
|
|
@ -57,11 +57,12 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase
|
||||||
@Test
|
@Test
|
||||||
public void testDefaultSecurity()
|
public void testDefaultSecurity()
|
||||||
{
|
{
|
||||||
securityManager.getConfiguration().addUser("guest", "guest");
|
securityManager.getConfiguration().addUser("guest", "password");
|
||||||
securityManager.getConfiguration().addRole("guest", "guest");
|
securityManager.getConfiguration().addRole("guest", "guest");
|
||||||
securityManager.getConfiguration().setDefaultUser("guest");
|
securityManager.getConfiguration().setDefaultUser("guest");
|
||||||
Assert.assertTrue(securityManager.validateUser(null, null));
|
Assert.assertTrue(securityManager.validateUser(null, null));
|
||||||
Assert.assertTrue(securityManager.validateUser("guest", "guest"));
|
Assert.assertTrue(securityManager.validateUser("guest", "password"));
|
||||||
|
Assert.assertFalse(securityManager.validateUser(null, "wrongpass"));
|
||||||
HashSet<Role> roles = new HashSet<Role>();
|
HashSet<Role> roles = new HashSet<Role>();
|
||||||
roles.add(new Role("guest", true, true, true, true, true, true, true));
|
roles.add(new Role("guest", true, true, true, true, true, true, true));
|
||||||
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
|
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
|
||||||
|
|
Loading…
Reference in New Issue