From 2fb8341f8d05bb7b60391b0d06b32d18554a3e74 Mon Sep 17 00:00:00 2001 From: Howard Gao Date: Thu, 4 Aug 2016 09:39:20 +0800 Subject: [PATCH] ARTEMIS-604 - Add checks for object messages in REST and AMQP - Rest interface fix - Doc fixes (Rest->REST) - JSON management and AMQP outbound --- .../activemq/artemis/api/core/JsonUtil.java | 5 +- .../proton/converter/ActiveMQJMSVendor.java | 11 +- .../rest/MessageServiceConfiguration.java | 19 ++ .../artemis/rest/MessageServiceManager.java | 23 +- .../integration/EmbeddedRestActiveMQ.java | 6 +- .../integration/EmbeddedRestActiveMQJMS.java | 5 + .../RestMessagingBootstrapListener.java | 32 +- .../artemis/rest/queue/ConsumedMessage.java | 5 +- .../rest/queue/ConsumedObjectMessage.java | 13 +- .../rest/queue/DestinationServiceManager.java | 11 + .../artemis/rest/queue/QueueConsumer.java | 11 +- .../rest/queue/QueueDestinationsResource.java | 1 + .../rest/queue/QueueServiceManager.java | 5 + .../artemis/rest/queue/push/PushConsumer.java | 8 +- .../rest/queue/push/PushConsumerResource.java | 11 +- .../artemis/rest/queue/push/PushStrategy.java | 3 + .../artemis/rest/queue/push/UriStrategy.java | 10 +- .../artemis/rest/topic/PushSubscription.java | 6 +- .../rest/topic/PushSubscriptionsResource.java | 11 +- .../rest/topic/TopicDestinationsResource.java | 2 +- .../rest/topic/TopicServiceManager.java | 5 + .../artemis/rest/util/HttpMessageHelper.java | 45 +-- .../artemis/rest/util/TimeoutTask.java | 4 +- .../activemq/artemis/rest/test/Embedded.java | 2 +- .../artemis/rest/test/EmbeddedTest.java | 2 +- .../test/PersistentPushQueueConsumerTest.java | 2 +- .../test/PersistentPushTopicConsumerTest.java | 2 +- docs/user-manual/en/security.md | 306 +++++++++--------- tests/integration-tests/pom.xml | 55 ++++ .../artemis/tests/integration/rest/Order.java | 79 +++++ .../rest/RestDeserializationTest.java | 192 +++++++++++ .../tests/integration/rest/RestTestBase.java | 97 ++++++ .../rest/util/QueueRestMessageContext.java | 76 +++++ .../integration/rest/util/ResponseUtil.java | 34 ++ .../rest/util/RestAMQConnection.java | 104 ++++++ .../rest/util/RestMessageContext.java | 271 ++++++++++++++++ .../rest/util/TopicRestMessageContext.java | 83 +++++ .../resources/rest/bwlist-rest-test-asm.xml | 37 +++ .../src/test/resources/rest/rest-test-asm.xml | 37 +++ .../rest-test-bwlist/webapp/WEB-INF/web.xml | 56 ++++ .../rest/rest-test/webapp/WEB-INF/web.xml | 58 ++++ 41 files changed, 1525 insertions(+), 220 deletions(-) create mode 100644 tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/Order.java create mode 100644 tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestDeserializationTest.java create mode 100644 tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestTestBase.java create mode 100644 tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/QueueRestMessageContext.java create mode 100644 tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/ResponseUtil.java create mode 100644 tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestAMQConnection.java create mode 100644 tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestMessageContext.java create mode 100644 tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/TopicRestMessageContext.java create mode 100644 tests/integration-tests/src/test/resources/rest/bwlist-rest-test-asm.xml create mode 100644 tests/integration-tests/src/test/resources/rest/rest-test-asm.xml create mode 100644 tests/integration-tests/src/test/resources/rest/rest-test-bwlist/webapp/WEB-INF/web.xml create mode 100644 tests/integration-tests/src/test/resources/rest/rest-test/webapp/WEB-INF/web.xml diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/JsonUtil.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/JsonUtil.java index e50540dfd5..a3da33b712 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/JsonUtil.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/JsonUtil.java @@ -19,6 +19,7 @@ package org.apache.activemq.artemis.api.core; import org.apache.activemq.artemis.core.client.ActiveMQClientMessageBundle; import org.apache.activemq.artemis.utils.Base64; import org.apache.activemq.artemis.utils.JsonLoader; +import org.apache.activemq.artemis.utils.ObjectInputStreamWithClassLoader; import org.apache.activemq.artemis.utils.StringEscapeUtils; import javax.json.Json; @@ -32,7 +33,6 @@ import javax.json.JsonValue; import javax.management.openmbean.CompositeData; import javax.management.openmbean.CompositeDataSupport; import java.io.ByteArrayInputStream; -import java.io.ObjectInputStream; import java.io.StringReader; import java.util.HashMap; import java.util.List; @@ -155,7 +155,8 @@ public final class JsonUtil { CompositeData[] cds = new CompositeData[data.length]; for (int i1 = 0; i1 < data.length; i1++) { String dataConverted = convertJsonValue(data[i1], String.class).toString(); - ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(Base64.decode(dataConverted))); + ObjectInputStreamWithClassLoader ois = new ObjectInputStreamWithClassLoader(new ByteArrayInputStream(Base64.decode(dataConverted))); + ois.setWhiteList("java.util,java.lang,javax.management"); cds[i1] = (CompositeDataSupport) ois.readObject(); } innerVal = cds; diff --git a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/proton/converter/ActiveMQJMSVendor.java b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/proton/converter/ActiveMQJMSVendor.java index 169c8e4391..ed887cfff2 100644 --- a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/proton/converter/ActiveMQJMSVendor.java +++ b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/proton/converter/ActiveMQJMSVendor.java @@ -24,18 +24,18 @@ import javax.jms.ObjectMessage; import javax.jms.StreamMessage; import javax.jms.TextMessage; -import org.apache.activemq.artemis.core.protocol.proton.converter.jms.ServerDestination; -import org.apache.activemq.artemis.core.protocol.proton.converter.jms.ServerJMSObjectMessage; -import org.apache.activemq.artemis.core.protocol.proton.converter.message.JMSVendor; -import org.apache.activemq.artemis.jms.client.ActiveMQDestination; import org.apache.activemq.artemis.core.buffers.impl.ResetLimitWrappedActiveMQBuffer; +import org.apache.activemq.artemis.core.protocol.proton.converter.jms.ServerDestination; import org.apache.activemq.artemis.core.protocol.proton.converter.jms.ServerJMSBytesMessage; import org.apache.activemq.artemis.core.protocol.proton.converter.jms.ServerJMSMapMessage; import org.apache.activemq.artemis.core.protocol.proton.converter.jms.ServerJMSMessage; +import org.apache.activemq.artemis.core.protocol.proton.converter.jms.ServerJMSObjectMessage; import org.apache.activemq.artemis.core.protocol.proton.converter.jms.ServerJMSStreamMessage; import org.apache.activemq.artemis.core.protocol.proton.converter.jms.ServerJMSTextMessage; +import org.apache.activemq.artemis.core.protocol.proton.converter.message.JMSVendor; import org.apache.activemq.artemis.core.server.ServerMessage; import org.apache.activemq.artemis.core.server.impl.ServerMessageImpl; +import org.apache.activemq.artemis.jms.client.ActiveMQDestination; import org.apache.activemq.artemis.utils.IDGenerator; public class ActiveMQJMSVendor implements JMSVendor { @@ -116,12 +116,9 @@ public class ActiveMQJMSVendor implements JMSVendor { return new ServerJMSMapMessage(wrapped, deliveryCount); case org.apache.activemq.artemis.api.core.Message.TEXT_TYPE: return new ServerJMSTextMessage(wrapped, deliveryCount); - case org.apache.activemq.artemis.api.core.Message.OBJECT_TYPE: - return new ServerJMSObjectMessage(wrapped, deliveryCount); default: return new ServerJMSMessage(wrapped, deliveryCount); } - } @Override diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/MessageServiceConfiguration.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/MessageServiceConfiguration.java index ff9e8e752e..177a7f601b 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/MessageServiceConfiguration.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/MessageServiceConfiguration.java @@ -34,6 +34,9 @@ public class MessageServiceConfiguration { private String inVmId = "0"; private boolean useLinkHeaders = false; + private String deserializationWhiteList; + private String deserializationBlackList; + @XmlElement(name = "server-in-vm-id") public String getInVmId() { return inVmId; @@ -132,4 +135,20 @@ public class MessageServiceConfiguration { public void setConsumerWindowSize(int consumerWindowSize) { this.consumerWindowSize = consumerWindowSize; } + + public String getDeserializationWhiteList() { + return deserializationWhiteList; + } + + public void setDeserializationWhiteList(String deserializationWhiteList) { + this.deserializationWhiteList = deserializationWhiteList; + } + + public String getDeserializationBlackList() { + return deserializationBlackList; + } + + public void setDeserializationBlackList(String deserializationBlackList) { + this.deserializationBlackList = deserializationBlackList; + } } diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/MessageServiceManager.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/MessageServiceManager.java index e9c853b9c3..4aaa95decf 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/MessageServiceManager.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/MessageServiceManager.java @@ -23,6 +23,7 @@ import java.net.URL; import java.util.HashMap; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; +import java.util.concurrent.TimeUnit; import javax.xml.bind.JAXBContext; @@ -32,6 +33,7 @@ import org.apache.activemq.artemis.api.core.client.ServerLocator; import org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl; import org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnectorFactory; import org.apache.activemq.artemis.core.remoting.impl.invm.TransportConstants; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.rest.queue.DestinationSettings; import org.apache.activemq.artemis.rest.queue.QueueServiceManager; import org.apache.activemq.artemis.rest.topic.TopicServiceManager; @@ -46,8 +48,8 @@ import org.apache.activemq.artemis.utils.XMLUtil; public class MessageServiceManager { protected ExecutorService threadPool; - protected QueueServiceManager queueManager = new QueueServiceManager(); - protected TopicServiceManager topicManager = new TopicServiceManager(); + protected QueueServiceManager queueManager; + protected TopicServiceManager topicManager; protected TimeoutTask timeoutTask; protected int timeoutTaskInterval = 1; protected MessageServiceConfiguration configuration = new MessageServiceConfiguration(); @@ -55,6 +57,13 @@ public class MessageServiceManager { protected String configResourcePath; protected BindingRegistry registry; + private ClientSessionFactory consumerSessionFactory; + + public MessageServiceManager(ConnectionFactoryOptions jmsOptions) { + queueManager = new QueueServiceManager(jmsOptions); + topicManager = new TopicServiceManager(jmsOptions); + } + public BindingRegistry getRegistry() { return registry; } @@ -147,7 +156,7 @@ public class MessageServiceManager { consumerLocator.setConsumerWindowSize(configuration.getConsumerWindowSize()); } - ClientSessionFactory consumerSessionFactory = consumerLocator.createSessionFactory(); + consumerSessionFactory = consumerLocator.createSessionFactory(); ActiveMQRestLogger.LOGGER.debug("Created ClientSessionFactory: " + consumerSessionFactory); ServerLocator defaultLocator = new ServerLocatorImpl(false, new TransportConfiguration(InVMConnectorFactory.class.getName(), transportConfig)); @@ -197,5 +206,13 @@ public class MessageServiceManager { if (topicManager != null) topicManager.stop(); topicManager = null; + this.timeoutTask.stop(); + threadPool.shutdown(); + try { + threadPool.awaitTermination(5000, TimeUnit.SECONDS); + } + catch (InterruptedException e) { + } + this.consumerSessionFactory.close(); } } diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/integration/EmbeddedRestActiveMQ.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/integration/EmbeddedRestActiveMQ.java index 9ac9b06a47..fc8ae4eb1b 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/integration/EmbeddedRestActiveMQ.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/integration/EmbeddedRestActiveMQ.java @@ -17,6 +17,7 @@ package org.apache.activemq.artemis.rest.integration; import org.apache.activemq.artemis.core.server.embedded.EmbeddedActiveMQ; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.jboss.resteasy.plugins.server.tjws.TJWSEmbeddedJaxrsServer; import org.apache.activemq.artemis.rest.MessageServiceManager; import org.jboss.resteasy.test.TestPortProvider; @@ -25,13 +26,14 @@ public class EmbeddedRestActiveMQ { protected TJWSEmbeddedJaxrsServer tjws = new TJWSEmbeddedJaxrsServer(); protected EmbeddedActiveMQ embeddedActiveMQ; - protected MessageServiceManager manager = new MessageServiceManager(); + protected MessageServiceManager manager = new MessageServiceManager(null); - public EmbeddedRestActiveMQ() { + public EmbeddedRestActiveMQ(ConnectionFactoryOptions jmsOptions) { int port = TestPortProvider.getPort(); tjws.setPort(port); tjws.setRootResourcePath(""); tjws.setSecurityDomain(null); + manager = new MessageServiceManager(jmsOptions); initEmbeddedActiveMQ(); } diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/integration/EmbeddedRestActiveMQJMS.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/integration/EmbeddedRestActiveMQJMS.java index 75fd361ef8..3b14437610 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/integration/EmbeddedRestActiveMQJMS.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/integration/EmbeddedRestActiveMQJMS.java @@ -16,11 +16,16 @@ */ package org.apache.activemq.artemis.rest.integration; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.jms.server.embedded.EmbeddedJMS; import org.apache.activemq.artemis.spi.core.naming.BindingRegistry; public class EmbeddedRestActiveMQJMS extends EmbeddedRestActiveMQ { + public EmbeddedRestActiveMQJMS(ConnectionFactoryOptions jmsOptions) { + super(jmsOptions); + } + @Override protected void initEmbeddedActiveMQ() { embeddedActiveMQ = new EmbeddedJMS(); diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/integration/RestMessagingBootstrapListener.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/integration/RestMessagingBootstrapListener.java index 20ce51da91..60cea036d3 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/integration/RestMessagingBootstrapListener.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/integration/RestMessagingBootstrapListener.java @@ -20,22 +20,28 @@ import javax.servlet.ServletContext; import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextListener; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.rest.MessageServiceManager; +import org.apache.activemq.artemis.utils.ObjectInputStreamWithClassLoader; import org.jboss.resteasy.spi.Registry; -public class RestMessagingBootstrapListener implements ServletContextListener { +public class RestMessagingBootstrapListener implements ServletContextListener, ConnectionFactoryOptions { MessageServiceManager manager; + private String deserializationBlackList; + private String deserializationWhiteList; @Override public void contextInitialized(ServletContextEvent contextEvent) { ServletContext context = contextEvent.getServletContext(); - String configfile = context.getInitParameter("rest.messaging.config.file"); Registry registry = (Registry) context.getAttribute(Registry.class.getName()); if (registry == null) { throw new RuntimeException("You must install RESTEasy as a Bootstrap Listener and it must be listed before this class"); } - manager = new MessageServiceManager(); + String configfile = context.getInitParameter("rest.messaging.config.file"); + deserializationBlackList = context.getInitParameter(ObjectInputStreamWithClassLoader.BLACKLIST_PROPERTY); + deserializationWhiteList = context.getInitParameter(ObjectInputStreamWithClassLoader.WHITELIST_PROPERTY); + manager = new MessageServiceManager(this); if (configfile != null) { manager.setConfigResourcePath(configfile); @@ -56,4 +62,24 @@ public class RestMessagingBootstrapListener implements ServletContextListener { manager.stop(); } } + + @Override + public String getDeserializationBlackList() { + return deserializationBlackList; + } + + @Override + public void setDeserializationBlackList(String blackList) { + deserializationBlackList = blackList; + } + + @Override + public String getDeserializationWhiteList() { + return deserializationWhiteList; + } + + @Override + public void setDeserializationWhiteList(String whiteList) { + deserializationWhiteList = whiteList; + } } \ No newline at end of file diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/ConsumedMessage.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/ConsumedMessage.java index 3c499120d4..22b8f7ffd6 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/ConsumedMessage.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/ConsumedMessage.java @@ -19,6 +19,7 @@ package org.apache.activemq.artemis.rest.queue; import org.apache.activemq.artemis.api.core.Message; import org.apache.activemq.artemis.api.core.SimpleString; import org.apache.activemq.artemis.api.core.client.ClientMessage; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.rest.HttpHeaderProperty; import org.apache.activemq.artemis.rest.ActiveMQRestLogger; @@ -51,13 +52,13 @@ public abstract class ConsumedMessage { } } - public static ConsumedMessage createConsumedMessage(ClientMessage message) { + public static ConsumedMessage createConsumedMessage(ClientMessage message, ConnectionFactoryOptions options) { Boolean aBoolean = message.getBooleanProperty(POSTED_AS_HTTP_MESSAGE); if (aBoolean != null && aBoolean.booleanValue()) { return new ConsumedHttpMessage(message); } else if (message.getType() == Message.OBJECT_TYPE) { - return new ConsumedObjectMessage(message); + return new ConsumedObjectMessage(message, options); } else { throw new IllegalArgumentException("ClientMessage must be an HTTP message or an Object message: " + message + " type: " + message.getType()); diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/ConsumedObjectMessage.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/ConsumedObjectMessage.java index b03e84fb73..ddd7a81a17 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/ConsumedObjectMessage.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/ConsumedObjectMessage.java @@ -18,19 +18,22 @@ package org.apache.activemq.artemis.rest.queue; import org.apache.activemq.artemis.api.core.Message; import org.apache.activemq.artemis.api.core.client.ClientMessage; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; +import org.apache.activemq.artemis.utils.ObjectInputStreamWithClassLoader; import javax.ws.rs.core.Response; import java.io.ByteArrayInputStream; -import java.io.ObjectInputStream; public class ConsumedObjectMessage extends ConsumedMessage { protected Object readObject; + private ConnectionFactoryOptions options; - public ConsumedObjectMessage(ClientMessage message) { + public ConsumedObjectMessage(ClientMessage message, ConnectionFactoryOptions options) { super(message); if (message.getType() != Message.OBJECT_TYPE) throw new IllegalArgumentException("Client message must be an OBJECT_TYPE"); + this.options = options; } @Override @@ -43,7 +46,11 @@ public class ConsumedObjectMessage extends ConsumedMessage { message.getBodyBuffer().readBytes(body); ByteArrayInputStream bais = new ByteArrayInputStream(body); try { - ObjectInputStream ois = new ObjectInputStream(bais); + ObjectInputStreamWithClassLoader ois = new ObjectInputStreamWithClassLoader(bais); + if (options != null) { + ois.setWhiteList(options.getDeserializationWhiteList()); + ois.setBlackList(options.getDeserializationBlackList()); + } readObject = ois.readObject(); } catch (Exception e) { diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/DestinationServiceManager.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/DestinationServiceManager.java index 7d69bd999b..93512d9706 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/DestinationServiceManager.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/DestinationServiceManager.java @@ -21,6 +21,7 @@ import org.apache.activemq.artemis.api.core.client.ClientSessionFactory; import org.apache.activemq.artemis.api.core.client.ActiveMQClient; import org.apache.activemq.artemis.api.core.client.ServerLocator; import org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnectorFactory; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.rest.util.LinkStrategy; import org.apache.activemq.artemis.rest.util.TimeoutTask; import org.apache.activemq.artemis.spi.core.naming.BindingRegistry; @@ -40,6 +41,12 @@ public abstract class DestinationServiceManager { protected LinkStrategy linkStrategy; protected BindingRegistry registry; + protected ConnectionFactoryOptions jmsOptions; + + public DestinationServiceManager(ConnectionFactoryOptions jmsOptions) { + this.jmsOptions = jmsOptions; + } + public BindingRegistry getRegistry() { return registry; } @@ -157,4 +164,8 @@ public abstract class DestinationServiceManager { public abstract void start() throws Exception; public abstract void stop(); + + public ConnectionFactoryOptions getJmsOptions() { + return jmsOptions; + } } diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/QueueConsumer.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/QueueConsumer.java index 96a1ae98f4..1ebe786af0 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/QueueConsumer.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/QueueConsumer.java @@ -33,6 +33,7 @@ import org.apache.activemq.artemis.api.core.client.ClientConsumer; import org.apache.activemq.artemis.api.core.client.ClientMessage; import org.apache.activemq.artemis.api.core.client.ClientSession; import org.apache.activemq.artemis.api.core.client.ClientSessionFactory; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.rest.ActiveMQRestLogger; import org.apache.activemq.artemis.rest.util.Constants; import org.apache.activemq.artemis.rest.util.LinkStrategy; @@ -179,7 +180,7 @@ public class QueueConsumer { return builder.build(); } previousIndex = index; - lastConsumed = ConsumedMessage.createConsumedMessage(message); + lastConsumed = ConsumedMessage.createConsumedMessage(message, this.getJmsOptions()); String token = Long.toString(lastConsumed.getMessageID()); Response response = getMessageResponse(lastConsumed, info, basePath, token).build(); if (autoAck) @@ -187,7 +188,9 @@ public class QueueConsumer { return response; } catch (Exception e) { - throw new RuntimeException(e); + Response errorResponse = Response.serverError().entity(e.getMessage()) + .status(Response.Status.INTERNAL_SERVER_ERROR).build(); + return errorResponse; } } @@ -264,4 +267,8 @@ public class QueueConsumer { String uri = builder.build().toString(); serviceManager.getLinkStrategy().setLinkHeader(response, "consumer", "consumer", uri, MediaType.APPLICATION_XML); } + + public ConnectionFactoryOptions getJmsOptions() { + return serviceManager.getJmsOptions(); + } } diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/QueueDestinationsResource.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/QueueDestinationsResource.java index 7f7ce09c92..4f66bb9250 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/QueueDestinationsResource.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/QueueDestinationsResource.java @@ -145,6 +145,7 @@ public class QueueDestinationsResource { PushConsumerResource push = new PushConsumerResource(); push.setDestination(queueName); push.setSessionFactory(manager.getConsumerSessionFactory()); + push.setJmsOptions(manager.getJmsOptions()); queueResource.setPushConsumers(push); PostMessage sender = null; diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/QueueServiceManager.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/QueueServiceManager.java index 4c61b4dc81..7779248b1a 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/QueueServiceManager.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/QueueServiceManager.java @@ -21,6 +21,7 @@ import java.util.List; import org.apache.activemq.artemis.api.core.SimpleString; import org.apache.activemq.artemis.api.core.client.ClientSession; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.rest.queue.push.PushStore; import org.apache.activemq.artemis.rest.queue.push.FilePushStore; @@ -30,6 +31,10 @@ public class QueueServiceManager extends DestinationServiceManager { protected List queues = new ArrayList<>(); protected QueueDestinationsResource destination; + public QueueServiceManager(ConnectionFactoryOptions jmsOptions) { + super(jmsOptions); + } + public List getQueues() { return queues; } diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/PushConsumer.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/PushConsumer.java index c8f17b37be..023e3f086d 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/PushConsumer.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/PushConsumer.java @@ -20,6 +20,7 @@ import org.apache.activemq.artemis.api.core.ActiveMQException; import org.apache.activemq.artemis.api.core.client.ClientConsumer; import org.apache.activemq.artemis.api.core.client.ClientSession; import org.apache.activemq.artemis.api.core.client.ClientSessionFactory; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.rest.ActiveMQRestLogger; import org.apache.activemq.artemis.rest.queue.push.xml.PushRegistration; import org.apache.activemq.artemis.utils.SelectorTranslator; @@ -38,16 +39,20 @@ public class PushConsumer { protected PushStrategy strategy; protected PushStore store; + private ConnectionFactoryOptions jmsOptions; + public PushConsumer(ClientSessionFactory factory, String destination, String id, PushRegistration registration, - PushStore store) { + PushStore store, + ConnectionFactoryOptions jmsOptions) { this.factory = factory; this.destination = destination; this.id = id; this.registration = registration; this.store = store; + this.jmsOptions = jmsOptions; } public PushStrategy getStrategy() { @@ -79,6 +84,7 @@ public class PushConsumer { strategy = new UriStrategy(); } strategy.setRegistration(registration); + strategy.setJmsOptions(jmsOptions); strategy.start(); sessions = new ArrayList<>(); diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/PushConsumerResource.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/PushConsumerResource.java index 76dcf5e7a5..ef183e551a 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/PushConsumerResource.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/PushConsumerResource.java @@ -33,6 +33,7 @@ import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.atomic.AtomicLong; import org.apache.activemq.artemis.api.core.client.ClientSessionFactory; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.rest.queue.push.xml.PushRegistration; import org.apache.activemq.artemis.rest.ActiveMQRestLogger; @@ -45,6 +46,8 @@ public class PushConsumerResource { protected final AtomicLong sessionCounter = new AtomicLong(1); protected PushStore pushStore; + private ConnectionFactoryOptions jmsOptions; + public void start() { } @@ -66,7 +69,7 @@ public class PushConsumerResource { public void addRegistration(PushRegistration reg) throws Exception { if (reg.isEnabled() == false) return; - PushConsumer consumer = new PushConsumer(sessionFactory, destination, reg.getId(), reg, pushStore); + PushConsumer consumer = new PushConsumer(sessionFactory, destination, reg.getId(), reg, pushStore, jmsOptions); consumer.start(); consumers.put(reg.getId(), consumer); } @@ -80,7 +83,7 @@ public class PushConsumerResource { String genId = sessionCounter.getAndIncrement() + "-" + startup; registration.setId(genId); registration.setDestination(destination); - PushConsumer consumer = new PushConsumer(sessionFactory, destination, genId, registration, pushStore); + PushConsumer consumer = new PushConsumer(sessionFactory, destination, genId, registration, pushStore, jmsOptions); try { consumer.start(); if (registration.isDurable() && pushStore != null) { @@ -142,4 +145,8 @@ public class PushConsumerResource { public void setDestination(String destination) { this.destination = destination; } + + public void setJmsOptions(ConnectionFactoryOptions jmsOptions) { + this.jmsOptions = jmsOptions; + } } diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/PushStrategy.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/PushStrategy.java index 8812223b50..6f291d36bc 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/PushStrategy.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/PushStrategy.java @@ -17,6 +17,7 @@ package org.apache.activemq.artemis.rest.queue.push; import org.apache.activemq.artemis.api.core.client.ClientMessage; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.rest.queue.push.xml.PushRegistration; public interface PushStrategy { @@ -36,4 +37,6 @@ public interface PushStrategy { void start() throws Exception; void stop() throws Exception; + + void setJmsOptions(ConnectionFactoryOptions jmsOptions); } diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/UriStrategy.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/UriStrategy.java index 5bca1674af..2df104bc9a 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/UriStrategy.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/queue/push/UriStrategy.java @@ -19,6 +19,7 @@ package org.apache.activemq.artemis.rest.queue.push; import javax.ws.rs.core.UriBuilder; import java.io.IOException; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.rest.queue.push.xml.BasicAuth; import org.apache.activemq.artemis.rest.queue.push.xml.PushRegistration; import org.apache.activemq.artemis.rest.util.HttpMessageHelper; @@ -59,6 +60,8 @@ public class UriStrategy implements PushStrategy { protected String method; protected String contentType; + protected ConnectionFactoryOptions jmsOptions; + UriStrategy() { connManager.setDefaultMaxPerRoute(100); connManager.setMaxTotal(1000); @@ -105,6 +108,11 @@ public class UriStrategy implements PushStrategy { connManager.shutdown(); } + @Override + public void setJmsOptions(ConnectionFactoryOptions jmsOptions) { + this.jmsOptions = jmsOptions; + } + @Override public boolean push(ClientMessage message) { ActiveMQRestLogger.LOGGER.debug("Pushing " + message); @@ -120,7 +128,7 @@ public class UriStrategy implements PushStrategy { ActiveMQRestLogger.LOGGER.debug("Setting XmlHttpHeader: " + header.getName() + "=" + header.getValue()); request.header(header.getName(), header.getValue()); } - HttpMessageHelper.buildMessage(message, request, contentType); + HttpMessageHelper.buildMessage(message, request, contentType, jmsOptions); ClientResponse res = null; try { ActiveMQRestLogger.LOGGER.debug(method + " " + uri); diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/PushSubscription.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/PushSubscription.java index da1cf34deb..1f5789f186 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/PushSubscription.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/PushSubscription.java @@ -19,6 +19,7 @@ package org.apache.activemq.artemis.rest.topic; import org.apache.activemq.artemis.api.core.ActiveMQException; import org.apache.activemq.artemis.api.core.client.ClientSession; import org.apache.activemq.artemis.api.core.client.ClientSessionFactory; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.rest.queue.push.PushStore; import org.apache.activemq.artemis.rest.ActiveMQRestLogger; import org.apache.activemq.artemis.rest.queue.push.PushConsumer; @@ -30,8 +31,9 @@ public class PushSubscription extends PushConsumer { String destination, String id, PushRegistration registration, - PushStore store) { - super(factory, destination, id, registration, store); + PushStore store, + ConnectionFactoryOptions jmsOptions) { + super(factory, destination, id, registration, store, jmsOptions); } @Override diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/PushSubscriptionsResource.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/PushSubscriptionsResource.java index c01459bcf0..602700797b 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/PushSubscriptionsResource.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/PushSubscriptionsResource.java @@ -20,6 +20,7 @@ import org.apache.activemq.artemis.api.core.ActiveMQException; import org.apache.activemq.artemis.api.core.SimpleString; import org.apache.activemq.artemis.api.core.client.ClientSession; import org.apache.activemq.artemis.api.core.client.ClientSessionFactory; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.rest.queue.push.PushConsumer; import org.apache.activemq.artemis.rest.ActiveMQRestLogger; @@ -47,6 +48,12 @@ public class PushSubscriptionsResource { protected final AtomicLong sessionCounter = new AtomicLong(1); protected TopicPushStore pushStore; + private ConnectionFactoryOptions jmsOptions; + + public PushSubscriptionsResource(ConnectionFactoryOptions jmsOptions) { + this.jmsOptions = jmsOptions; + } + public void stop() { for (PushConsumer consumer : consumers.values()) { consumer.stop(); @@ -92,7 +99,7 @@ public class PushSubscriptionsResource { if (!query.isExists()) { createSession = createSubscription(destination, reg.isDurable()); } - PushSubscription consumer = new PushSubscription(sessionFactory, reg.getDestination(), reg.getId(), reg, pushStore); + PushSubscription consumer = new PushSubscription(sessionFactory, reg.getDestination(), reg.getId(), reg, pushStore, jmsOptions); try { consumer.start(); } @@ -133,7 +140,7 @@ public class PushSubscriptionsResource { registration.setTopic(destination); ClientSession createSession = createSubscription(genId, registration.isDurable()); try { - PushSubscription consumer = new PushSubscription(sessionFactory, genId, genId, registration, pushStore); + PushSubscription consumer = new PushSubscription(sessionFactory, genId, genId, registration, pushStore, jmsOptions); try { consumer.start(); if (registration.isDurable() && pushStore != null) { diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/TopicDestinationsResource.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/TopicDestinationsResource.java index 8c72e490e4..dda2a0b642 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/TopicDestinationsResource.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/TopicDestinationsResource.java @@ -137,7 +137,7 @@ public class TopicDestinationsResource { subscriptionsResource.setDestination(topicName); subscriptionsResource.setSessionFactory(manager.getConsumerSessionFactory()); - PushSubscriptionsResource push = new PushSubscriptionsResource(); + PushSubscriptionsResource push = new PushSubscriptionsResource(manager.getJmsOptions()); push.setDestination(topicName); push.setSessionFactory(manager.getConsumerSessionFactory()); topicResource.setPushSubscriptions(push); diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/TopicServiceManager.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/TopicServiceManager.java index 3cb7b396ea..7dbdd238af 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/TopicServiceManager.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/topic/TopicServiceManager.java @@ -18,6 +18,7 @@ package org.apache.activemq.artemis.rest.topic; import org.apache.activemq.artemis.api.core.SimpleString; import org.apache.activemq.artemis.api.core.client.ClientSession; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.rest.queue.DestinationServiceManager; import java.util.ArrayList; @@ -29,6 +30,10 @@ public class TopicServiceManager extends DestinationServiceManager { protected List topics = new ArrayList<>(); protected TopicDestinationsResource destination; + public TopicServiceManager(ConnectionFactoryOptions jmsOptions) { + super(jmsOptions); + } + public TopicPushStore getPushStore() { return pushStore; } diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/util/HttpMessageHelper.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/util/HttpMessageHelper.java index 989453d718..7d97eef0cf 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/util/HttpMessageHelper.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/util/HttpMessageHelper.java @@ -18,15 +18,15 @@ package org.apache.activemq.artemis.rest.util; import org.apache.activemq.artemis.api.core.SimpleString; import org.apache.activemq.artemis.api.core.client.ClientMessage; +import org.apache.activemq.artemis.jms.client.ConnectionFactoryOptions; import org.apache.activemq.artemis.rest.HttpHeaderProperty; import org.apache.activemq.artemis.rest.ActiveMQRestLogger; +import org.apache.activemq.artemis.utils.ObjectInputStreamWithClassLoader; import org.jboss.resteasy.client.ClientRequest; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; import java.io.ByteArrayInputStream; -import java.io.ObjectInputStream; import java.util.List; import java.util.Map.Entry; @@ -39,39 +39,7 @@ public class HttpMessageHelper { return lowerKey.toLowerCase().startsWith("content") || lowerKey.toLowerCase().equals("link"); } - public static void buildMessage(ClientMessage message, Response.ResponseBuilder builder) { - for (SimpleString key : message.getPropertyNames()) { - String k = key.toString(); - String headerName = HttpHeaderProperty.fromPropertyName(k); - if (headerName == null) { - continue; - } - builder.header(headerName, message.getStringProperty(k)); - } - int size = message.getBodySize(); - if (size > 0) { - byte[] body = new byte[size]; - message.getBodyBuffer().readBytes(body); - Boolean aBoolean = message.getBooleanProperty(POSTED_AS_HTTP_MESSAGE); - if (aBoolean != null && aBoolean.booleanValue()) { - builder.entity(body); - } - else { - ByteArrayInputStream bais = new ByteArrayInputStream(body); - Object obj = null; - try { - ObjectInputStream ois = new ObjectInputStream(bais); - obj = ois.readObject(); - } - catch (Exception e) { - throw new RuntimeException(e); - } - builder.entity(obj); - } - } - } - - public static void buildMessage(ClientMessage message, ClientRequest request, String contentType) { + public static void buildMessage(ClientMessage message, ClientRequest request, String contentType, ConnectionFactoryOptions jmsOptions) { for (SimpleString key : message.getPropertyNames()) { String k = key.toString(); String headerName = HttpHeaderProperty.fromPropertyName(k); @@ -105,12 +73,17 @@ public class HttpMessageHelper { ByteArrayInputStream bais = new ByteArrayInputStream(body); Object obj = null; try { - ObjectInputStream ois = new ObjectInputStream(bais); + ObjectInputStreamWithClassLoader ois = new ObjectInputStreamWithClassLoader(bais); + if (jmsOptions != null) { + ois.setBlackList(jmsOptions.getDeserializationBlackList()); + ois.setWhiteList(jmsOptions.getDeserializationWhiteList()); + } obj = ois.readObject(); ActiveMQRestLogger.LOGGER.debug("**** Building Message from object: " + obj.toString()); request.body(contentType, obj); } catch (Exception e) { + e.printStackTrace(); throw new RuntimeException(e); } } diff --git a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/util/TimeoutTask.java b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/util/TimeoutTask.java index 381a47c89a..233a533988 100644 --- a/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/util/TimeoutTask.java +++ b/artemis-rest/src/main/java/org/apache/activemq/artemis/rest/util/TimeoutTask.java @@ -78,7 +78,9 @@ public class TimeoutTask implements Runnable { public synchronized void stop() { running = false; - thread.interrupt(); + if (thread != null) { + thread.interrupt(); + } } public synchronized int getInterval() { diff --git a/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/Embedded.java b/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/Embedded.java index 36ca637638..67a7a53110 100644 --- a/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/Embedded.java +++ b/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/Embedded.java @@ -29,7 +29,7 @@ import org.jboss.resteasy.test.TestPortProvider; public class Embedded { - protected MessageServiceManager manager = new MessageServiceManager(); + protected MessageServiceManager manager = new MessageServiceManager(null); protected MessageServiceConfiguration config = new MessageServiceConfiguration(); protected ActiveMQServer activeMQServer; protected TJWSEmbeddedJaxrsServer tjws = new TJWSEmbeddedJaxrsServer(); diff --git a/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/EmbeddedTest.java b/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/EmbeddedTest.java index 91f927c0ee..cf4e81edd7 100644 --- a/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/EmbeddedTest.java +++ b/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/EmbeddedTest.java @@ -48,7 +48,7 @@ public class EmbeddedTest { @BeforeClass public static void startEmbedded() throws Exception { - server = new EmbeddedRestActiveMQJMS(); + server = new EmbeddedRestActiveMQJMS(null); server.getManager().setConfigResourcePath("activemq-rest.xml"); SecurityConfiguration securityConfiguration = new SecurityConfiguration(); securityConfiguration.addUser("guest", "guest"); diff --git a/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/PersistentPushQueueConsumerTest.java b/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/PersistentPushQueueConsumerTest.java index d0e6c4fd02..bc15969a35 100644 --- a/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/PersistentPushQueueConsumerTest.java +++ b/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/PersistentPushQueueConsumerTest.java @@ -52,7 +52,7 @@ public class PersistentPushQueueConsumerTest { activeMQServer.start(); deployment = EmbeddedContainer.start(); - manager = new MessageServiceManager(); + manager = new MessageServiceManager(null); manager.start(); deployment.getRegistry().addSingletonResource(manager.getQueueManager().getDestination()); deployment.getRegistry().addSingletonResource(manager.getTopicManager().getDestination()); diff --git a/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/PersistentPushTopicConsumerTest.java b/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/PersistentPushTopicConsumerTest.java index d44cea97b5..571bc92ec9 100644 --- a/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/PersistentPushTopicConsumerTest.java +++ b/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/PersistentPushTopicConsumerTest.java @@ -72,7 +72,7 @@ public class PersistentPushTopicConsumerTest { public static void startup() throws Exception { deployment = EmbeddedContainer.start(); - manager = new MessageServiceManager(); + manager = new MessageServiceManager(null); manager.start(); deployment.getRegistry().addSingletonResource(manager.getQueueManager().getDestination()); deployment.getRegistry().addSingletonResource(manager.getTopicManager().getDestination()); diff --git a/docs/user-manual/en/security.md b/docs/user-manual/en/security.md index 4b06f25081..dfa9f4636e 100644 --- a/docs/user-manual/en/security.md +++ b/docs/user-manual/en/security.md @@ -257,21 +257,21 @@ For more information on configuring the SSL transport, please see [Configuring t ## User credentials Apache ActiveMQ Artemis ships with two security manager implementations: - -- The legacy, deprecated `ActiveMQSecurityManager` that reads user credentials, i.e. user names, passwords and role + +- The legacy, deprecated `ActiveMQSecurityManager` that reads user credentials, i.e. user names, passwords and role information from properties files on the classpath called `artemis-users.properties` and `artemis-roles.properties`. -- The flexible, pluggable `ActiveMQJAASSecurityManager` which supports any standard JAAS login module. Artemis ships +- The flexible, pluggable `ActiveMQJAASSecurityManager` which supports any standard JAAS login module. Artemis ships with several login modules which will be discussed further down. This is the default security manager. ### JAAS Security Manager When using JAAS much of the configuration depends on which login module is used. However, there are a few commonalities -for every case. The first place to look is in `bootstrap.xml`. Here is an example using the `PropertiesLogin` JAAS login +for every case. The first place to look is in `bootstrap.xml`. Here is an example using the `PropertiesLogin` JAAS login module which reads user, password, and role information from properties files: - + No matter what login module you're using, you'll need to specify it here in `bootstrap.xml`. The `domain` attribute here refers to the relevant login module entry in `login.config`. For example: @@ -282,7 +282,7 @@ here refers to the relevant login module entry in `login.config`. For example: org.apache.activemq.jaas.properties.role="artemis-roles.properties"; }; -The `login.config` file is a standard JAAS configuration file. You can read more about this file on +The `login.config` file is a standard JAAS configuration file. You can read more about this file on [Oracle's website](https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html). In short, the file defines: @@ -295,18 +295,18 @@ In short, the file defines: - a list of configuration options specific to the login module implementation -By default, the location and name of `login.config` is specified on the Artemis command-line which is set by +By default, the location and name of `login.config` is specified on the Artemis command-line which is set by `etc/artemis.profile` on linux and `etc\artemis.profile.cmd` on Windows. #### Dual Authentication -The JAAS Security Manager also supports another configuration parameter - `certificate-domain`. This is useful when you +The JAAS Security Manager also supports another configuration parameter - `certificate-domain`. This is useful when you want to authenticate clients connecting with SSL connections based on their SSL certificates (e.g. using the `CertificateLoginModule` discussed below) but you still want to authenticate clients connecting with non-SSL connections with, e.g., username and password. Here's an example of what would go in `bootstrap.xml`: - + And here's the corresponding `login.config`: PropertiesLogin { @@ -315,7 +315,7 @@ And here's the corresponding `login.config`: org.apache.activemq.jaas.properties.user="artemis-users.properties" org.apache.activemq.jaas.properties.role="artemis-roles.properties"; }; - + CertLogin { org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule required debug=true @@ -329,8 +329,8 @@ using `CertLogin` and any client connecting without SSL will be authenticated us ### JAAS Login Modules #### GuestLoginModule -Allows users without credentials (and, depending on how it is configured, possibly also users with invalid credentials) -to access the broker. Normally, the guest login module is chained with another login module, such as a properties login +Allows users without credentials (and, depending on how it is configured, possibly also users with invalid credentials) +to access the broker. Normally, the guest login module is chained with another login module, such as a properties login module. It is implemented by `org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule`. - `org.apache.activemq.jaas.guest.user` - the user name to assign; default is "guest" @@ -340,7 +340,7 @@ module. It is implemented by `org.apache.activemq.artemis.spi.core.security.jaas - `credentialsInvalidate` - boolean flag; if `true`, reject login requests that include a password (i.e. guest login succeeds only when the user does not provide a password); default is `false` -- `debug` - boolean flag; if `true`, enable debugging; this is used only for testing or debugging; normally, it +- `debug` - boolean flag; if `true`, enable debugging; this is used only for testing or debugging; normally, it should be set to `false`, or omitted; default is `false` There are two basic use cases for the guest login module, as follows: @@ -349,8 +349,8 @@ There are two basic use cases for the guest login module, as follows: - Guests with no credentials only. -The following snippet shows how to configure a JAAS login entry for the use case where users with no credentials or -invalid credentials are logged in as guests. In this example, the guest login module is used in combination with the +The following snippet shows how to configure a JAAS login entry for the use case where users with no credentials or +invalid credentials are logged in as guests. In this example, the guest login module is used in combination with the properties login module. activemq-domain { @@ -358,7 +358,7 @@ properties login module. debug=true org.apache.activemq.jaas.properties.user="artemis-users.properties" org.apache.activemq.jaas.properties.role="artemis-roles.properties"; - + org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule sufficient debug=true org.apache.activemq.jaas.guest.user="anyone" @@ -367,18 +367,18 @@ properties login module. Depending on the user login data, authentication proceeds as follows: -- User logs in with a valid password — the properties login module successfully authenticates the user and returns +- User logs in with a valid password — the properties login module successfully authenticates the user and returns immediately. The guest login module is not invoked. -- User logs in with an invalid password — the properties login module fails to authenticate the user, and authentication +- User logs in with an invalid password — the properties login module fails to authenticate the user, and authentication proceeds to the guest login module. The guest login module successfully authenticates the user and returns the guest principal. -- User logs in with a blank password — the properties login module fails to authenticate the user, and authentication +- User logs in with a blank password — the properties login module fails to authenticate the user, and authentication proceeds to the guest login module. The guest login module successfully authenticates the user and returns the guest principal. -The following snipped shows how to configure a JAAS login entry for the use case where only those users with no -credentials are logged in as guests. To support this use case, you must set the credentialsInvalidate option to true in -the configuration of the guest login module. You should also note that, compared with the preceding example, the order +The following snipped shows how to configure a JAAS login entry for the use case where only those users with no +credentials are logged in as guests. To support this use case, you must set the credentialsInvalidate option to true in +the configuration of the guest login module. You should also note that, compared with the preceding example, the order of the login modules is reversed and the flag attached to the properties login module is changed to requisite. activemq-guest-when-no-creds-only-domain { @@ -387,7 +387,7 @@ of the login modules is reversed and the flag attached to the properties login m credentialsInvalidate=true org.apache.activemq.jaas.guest.user="guest" org.apache.activemq.jaas.guest.role="guests"; - + org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule requisite debug=true org.apache.activemq.jaas.properties.user="artemis-users.properties" @@ -396,20 +396,20 @@ of the login modules is reversed and the flag attached to the properties login m Depending on the user login data, authentication proceeds as follows: -- User logs in with a valid password — the guest login module fails to authenticate the user (because the user has - presented a password while the credentialsInvalidate option is enabled) and authentication proceeds to the properties +- User logs in with a valid password — the guest login module fails to authenticate the user (because the user has + presented a password while the credentialsInvalidate option is enabled) and authentication proceeds to the properties login module. The properties login module successfully authenticates the user and returns. - User logs in with an invalid password — the guest login module fails to authenticate the user and authentication proceeds - to the properties login module. The properties login module also fails to authenticate the user. The nett result is + to the properties login module. The properties login module also fails to authenticate the user. The nett result is authentication failure. - + - User logs in with a blank password — the guest login module successfully authenticates the user and returns immediately. The properties login module is not invoked. - + #### PropertiesLoginModule -The JAAS properties login module provides a simple store of authentication data, where the relevant user data is stored -in a pair of flat files. This is convenient for demonstrations and testing, but for an enterprise system, the integration +The JAAS properties login module provides a simple store of authentication data, where the relevant user data is stored +in a pair of flat files. This is convenient for demonstrations and testing, but for an enterprise system, the integration with LDAP is preferable. It is implemented by `org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule`. - `org.apache.activemq.jaas.properties.user` - the path to the file which contains user and password properties @@ -418,148 +418,148 @@ with LDAP is preferable. It is implemented by `org.apache.activemq.artemis.spi.c - `reload` - boolean flag; whether or not to reload the properties files when a modification occurs; default is `false` -- `debug` - boolean flag; if `true`, enable debugging; this is used only for testing or debugging; normally, it +- `debug` - boolean flag; if `true`, enable debugging; this is used only for testing or debugging; normally, it should be set to `false`, or omitted; default is `false` -In the context of the properties login module, the `artemis-users.properties` file consists of a list of properties of the -form, `UserName=Password`. For example, to define the users `system`, `user`, and `guest`, you could create a file like +In the context of the properties login module, the `artemis-users.properties` file consists of a list of properties of the +form, `UserName=Password`. For example, to define the users `system`, `user`, and `guest`, you could create a file like the following: system=manager user=password guest=password -The `artemis-roles.properties` file consists of a list of properties of the form, `Role=UserList`, where UserList is a -comma-separated list of users. For example, to define the roles `admins`, `users`, and `guests`, you could create a file +The `artemis-roles.properties` file consists of a list of properties of the form, `Role=UserList`, where UserList is a +comma-separated list of users. For example, to define the roles `admins`, `users`, and `guests`, you could create a file like the following: admins=system users=system,user guests=guest - + #### LDAPLoginModule -The LDAP login module enables you to perform authentication and authorization by checking the incoming credentials against -user data stored in a central X.500 directory server. For systems that already have an X.500 directory server in place, -this means that you can rapidly integrate ActiveMQ Artemis with the existing security database and user accounts can be +The LDAP login module enables you to perform authentication and authorization by checking the incoming credentials against +user data stored in a central X.500 directory server. For systems that already have an X.500 directory server in place, +this means that you can rapidly integrate ActiveMQ Artemis with the existing security database and user accounts can be managed using the X.500 system. It is implemented by `org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule`. -- `initialContextFactory` - must always be set to `com.sun.jndi.ldap.LdapCtxFactory` +- `initialContextFactory` - must always be set to `com.sun.jndi.ldap.LdapCtxFactory` -- `connectionURL` - specify the location of the directory server using an ldap URL, ldap://Host:Port. You can +- `connectionURL` - specify the location of the directory server using an ldap URL, ldap://Host:Port. You can optionally qualify this URL, by adding a forward slash, `/`, followed by the DN of a particular node in the directory - tree. For example, ldap://ldapserver:10389/ou=system. - -- `authentication` - specifies the authentication method used when binding to the LDAP server. Can take either of - the values, `simple` (username and password) or `none` (anonymous). - -- `connectionUsername` - the DN of the user that opens the connection to the directory server. For example, + tree. For example, ldap://ldapserver:10389/ou=system. + +- `authentication` - specifies the authentication method used when binding to the LDAP server. Can take either of + the values, `simple` (username and password) or `none` (anonymous). + +- `connectionUsername` - the DN of the user that opens the connection to the directory server. For example, `uid=admin,ou=system`. Directory servers generally require clients to present username/password credentials in order - to open a connection. - -- `connectionPassword` - the password that matches the DN from `connectionUsername`. In the directory server, - in the DIT, the password is normally stored as a `userPassword` attribute in the corresponding directory entry. - -- `connectionProtocol` - currently, the only supported value is a blank string. In future, this option will allow - you to select the Secure Socket Layer (SSL) for the connection to the directory server. This option must be set - explicitly to an empty string, because it has no default value. - -- `userBase` - selects a particular subtree of the DIT to search for user entries. The subtree is specified by a + to open a connection. + +- `connectionPassword` - the password that matches the DN from `connectionUsername`. In the directory server, + in the DIT, the password is normally stored as a `userPassword` attribute in the corresponding directory entry. + +- `connectionProtocol` - currently, the only supported value is a blank string. In future, this option will allow + you to select the Secure Socket Layer (SSL) for the connection to the directory server. This option must be set + explicitly to an empty string, because it has no default value. + +- `userBase` - selects a particular subtree of the DIT to search for user entries. The subtree is specified by a DN, which specifes the base node of the subtree. For example, by setting this option to `ou=User,ou=ActiveMQ,ou=system`, - the search for user entries is restricted to the subtree beneath the `ou=User,ou=ActiveMQ,ou=system` node. - -- `userSearchMatching` - specifies an LDAP search filter, which is applied to the subtree selected by `userBase`. - Before passing to the LDAP search operation, the string value you provide here is subjected to string substitution, - as implemented by the `java.text.MessageFormat` class. Essentially, this means that the special string, `{0}`, is - substituted by the username, as extracted from the incoming client credentials. - - After substitution, the string is interpreted as an LDAP search filter, where the LDAP search filter syntax is - defined by the IETF standard, RFC 2254. A short introduction to the search filter syntax is available from Oracle's - JNDI tutorial, [Search Filters](http://download.oracle.com/javase/jndi/tutorial/basics/directory/filter.html). - + the search for user entries is restricted to the subtree beneath the `ou=User,ou=ActiveMQ,ou=system` node. + +- `userSearchMatching` - specifies an LDAP search filter, which is applied to the subtree selected by `userBase`. + Before passing to the LDAP search operation, the string value you provide here is subjected to string substitution, + as implemented by the `java.text.MessageFormat` class. Essentially, this means that the special string, `{0}`, is + substituted by the username, as extracted from the incoming client credentials. + + After substitution, the string is interpreted as an LDAP search filter, where the LDAP search filter syntax is + defined by the IETF standard, RFC 2254. A short introduction to the search filter syntax is available from Oracle's + JNDI tutorial, [Search Filters](http://download.oracle.com/javase/jndi/tutorial/basics/directory/filter.html). + For example, if this option is set to `(uid={0})` and the received username is `jdoe`, the search filter becomes - `(uid=jdoe)` after string substitution. If the resulting search filter is applied to the subtree selected by the + `(uid=jdoe)` after string substitution. If the resulting search filter is applied to the subtree selected by the user base, `ou=User,ou=ActiveMQ,ou=system`, it would match the entry, `uid=jdoe,ou=User,ou=ActiveMQ,ou=system` - (and possibly more deeply nested entries, depending on the specified search depth—see the `userSearchSubtree` option). - -- `userSearchSubtree` - specify the search depth for user entries, relative to the node specified by `userBase`. - This option is a boolean. `false` indicates it will try to match one of the child entries of the `userBase` node - (maps to `javax.naming.directory.SearchControls.ONELEVEL_SCOPE`). `true` indicates it will try to match any entry - belonging to the subtree of the `userBase` node (maps to `javax.naming.directory.SearchControls.SUBTREE_SCOPE`). - -- `userRoleName` - specifies the name of the multi-valued attribute of the user entry that contains a list of + (and possibly more deeply nested entries, depending on the specified search depth—see the `userSearchSubtree` option). + +- `userSearchSubtree` - specify the search depth for user entries, relative to the node specified by `userBase`. + This option is a boolean. `false` indicates it will try to match one of the child entries of the `userBase` node + (maps to `javax.naming.directory.SearchControls.ONELEVEL_SCOPE`). `true` indicates it will try to match any entry + belonging to the subtree of the `userBase` node (maps to `javax.naming.directory.SearchControls.SUBTREE_SCOPE`). + +- `userRoleName` - specifies the name of the multi-valued attribute of the user entry that contains a list of role names for the user (where the role names are interpreted as group names by the broker's authorization plug-in). - If you omit this option, no role names are extracted from the user entry. - -- `roleBase` - if you want to store role data directly in the directory server, you can use a combination of role - options (`roleBase`, `roleSearchMatching`, `roleSearchSubtree`, and `roleName`) as an alternative to (or in addition - to) specifying the `userRoleName` option. This option selects a particular subtree of the DIT to search for role/group - entries. The subtree is specified by a DN, which specifes the base node of the subtree. For example, by setting this - option to `ou=Group,ou=ActiveMQ,ou=system`, the search for role/group entries is restricted to the subtree beneath - the `ou=Group,ou=ActiveMQ,ou=system` node. - + If you omit this option, no role names are extracted from the user entry. + +- `roleBase` - if you want to store role data directly in the directory server, you can use a combination of role + options (`roleBase`, `roleSearchMatching`, `roleSearchSubtree`, and `roleName`) as an alternative to (or in addition + to) specifying the `userRoleName` option. This option selects a particular subtree of the DIT to search for role/group + entries. The subtree is specified by a DN, which specifes the base node of the subtree. For example, by setting this + option to `ou=Group,ou=ActiveMQ,ou=system`, the search for role/group entries is restricted to the subtree beneath + the `ou=Group,ou=ActiveMQ,ou=system` node. + - `roleName` - specifies the attribute type of the role entry that contains the name of the role/group (e.g. C, O, - OU, etc.). If you omit this option, the role search feature is effectively disabled. - -- `roleSearchMatching` - specifies an LDAP search filter, which is applied to the subtree selected by `roleBase`. + OU, etc.). If you omit this option, the role search feature is effectively disabled. + +- `roleSearchMatching` - specifies an LDAP search filter, which is applied to the subtree selected by `roleBase`. This works in a similar manner to the `userSearchMatching` option, except that it supports two substitution strings, - as follows: - - - `{0}` - substitutes the full DN of the matched user entry (that is, the result of the user search). For + as follows: + + - `{0}` - substitutes the full DN of the matched user entry (that is, the result of the user search). For example, for the user, `jdoe`, the substituted string could be `uid=jdoe,ou=User,ou=ActiveMQ,ou=system`. - - - `{1}` - substitutes the received username. For example, `jdoe`. - - For example, if this option is set to `(member=uid={1})` and the received username is `jdoe`, the search filter - becomes `(member=uid=jdoe)` after string substitution (assuming ApacheDS search filter syntax). If the resulting - search filter is applied to the subtree selected by the role base, `ou=Group,ou=ActiveMQ,ou=system`, it matches all - role entries that have a `member` attribute equal to `uid=jdoe` (the value of a `member` attribute is a DN). - - This option must always be set, even if role searching is disabled, because it has no default value. - + + - `{1}` - substitutes the received username. For example, `jdoe`. + + For example, if this option is set to `(member=uid={1})` and the received username is `jdoe`, the search filter + becomes `(member=uid=jdoe)` after string substitution (assuming ApacheDS search filter syntax). If the resulting + search filter is applied to the subtree selected by the role base, `ou=Group,ou=ActiveMQ,ou=system`, it matches all + role entries that have a `member` attribute equal to `uid=jdoe` (the value of a `member` attribute is a DN). + + This option must always be set, even if role searching is disabled, because it has no default value. + If you use OpenLDAP, the syntax of the search filter is `(member:=uid=jdoe)`. - -- `roleSearchSubtree` - specify the search depth for role entries, relative to the node specified by `roleBase`. + +- `roleSearchSubtree` - specify the search depth for role entries, relative to the node specified by `roleBase`. This option can take boolean values, as follows: - - - `false` (default) - try to match one of the child entries of the roleBase node (maps to - `javax.naming.directory.SearchControls.ONELEVEL_SCOPE`). - - - `true` — try to match any entry belonging to the subtree of the roleBase node (maps to + + - `false` (default) - try to match one of the child entries of the roleBase node (maps to + `javax.naming.directory.SearchControls.ONELEVEL_SCOPE`). + + - `true` — try to match any entry belonging to the subtree of the roleBase node (maps to `javax.naming.directory.SearchControls.SUBTREE_SCOPE`). -- `debug` - boolean flag; if `true`, enable debugging; this is used only for testing or debugging; normally, it +- `debug` - boolean flag; if `true`, enable debugging; this is used only for testing or debugging; normally, it should be set to `false`, or omitted; default is `false` -Add user entries under the node specified by the `userBase` option. When creating a new user entry in the directory, -choose an object class that supports the `userPassword` attribute (for example, the `person` or `inetOrgPerson` object -classes are typically suitable). After creating the user entry, add the `userPassword` attribute, to hold the user's +Add user entries under the node specified by the `userBase` option. When creating a new user entry in the directory, +choose an object class that supports the `userPassword` attribute (for example, the `person` or `inetOrgPerson` object +classes are typically suitable). After creating the user entry, add the `userPassword` attribute, to hold the user's password. -If you want to store role data in dedicated role entries (where each node represents a particular role), create a role -entry as follows. Create a new child of the `roleBase` node, where the `objectClass` of the child is `groupOfNames`. Set -the `cn` (or whatever attribute type is specified by `roleName`) of the new child node equal to the name of the -role/group. Define a `member` attribute for each member of the role/group, setting the `member` value to the DN of the -corresponding user (where the DN is specified either fully, `uid=jdoe,ou=User,ou=ActiveMQ,ou=system`, or partially, +If you want to store role data in dedicated role entries (where each node represents a particular role), create a role +entry as follows. Create a new child of the `roleBase` node, where the `objectClass` of the child is `groupOfNames`. Set +the `cn` (or whatever attribute type is specified by `roleName`) of the new child node equal to the name of the +role/group. Define a `member` attribute for each member of the role/group, setting the `member` value to the DN of the +corresponding user (where the DN is specified either fully, `uid=jdoe,ou=User,ou=ActiveMQ,ou=system`, or partially, `uid=jdoe`). -If you want to add roles to user entries, you would need to customize the directory schema, by adding a suitable +If you want to add roles to user entries, you would need to customize the directory schema, by adding a suitable attribute type to the user entry's object class. The chosen attribute type must be capable of handling multiple values. #### CertificateLoginModule The JAAS certificate authentication login module must be used in combination with SSL and the clients must be configured -with their own certificate. In this scenario, authentication is actually performed during the SSL/TLS handshake, not +with their own certificate. In this scenario, authentication is actually performed during the SSL/TLS handshake, not directly by the JAAS certificate authentication plug-in. The role of the plug-in is as follows: -- To further constrain the set of acceptable users, because only the user DNs explicitly listed in the relevant +- To further constrain the set of acceptable users, because only the user DNs explicitly listed in the relevant properties file are eligible to be authenticated. - To associate a list of groups with the received user identity, facilitating integration with the authorization feature. -- To require the presence of an incoming certificate (by default, the SSL/TLS layer is configured to treat the +- To require the presence of an incoming certificate (by default, the SSL/TLS layer is configured to treat the presence of a client certificate as optional). -The JAAS certificate login module stores a collection of certificate DNs in a pair of flat files. The files associate a +The JAAS certificate login module stores a collection of certificate DNs in a pair of flat files. The files associate a username and a list of group IDs with each DN. The certificate login module is implemented by the following class: @@ -578,13 +578,13 @@ The following `CertLogin` login entry shows how to configure certificate login m In the preceding example, the JAAS realm is configured to use a single `org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule` login module. The options supported by this login module are as follows: -- `debug` - boolean flag; if true, enable debugging; this is used only for testing or debugging; normally, +- `debug` - boolean flag; if true, enable debugging; this is used only for testing or debugging; normally, it should be set to `false`, or omitted; default is `false` -- `org.apache.activemq.jaas.textfiledn.user` - specifies the location of the user properties file (relative to the +- `org.apache.activemq.jaas.textfiledn.user` - specifies the location of the user properties file (relative to the directory containing the login configuration file). -- `org.apache.activemq.jaas.textfiledn.role` - specifies the location of the role properties file (relative to the +- `org.apache.activemq.jaas.textfiledn.role` - specifies the location of the role properties file (relative to the directory containing the login configuration file). - `reload` - boolean flag; whether or not to reload the properties files when a modification occurs; default is `false` @@ -597,29 +597,29 @@ the following: user=CN=humble user,O=Progress,C=US guest=CN=anon,O=Progress,C=DE -Each username is mapped to a subject DN, encoded as a string (where the string encoding is specified by RFC 2253). For +Each username is mapped to a subject DN, encoded as a string (where the string encoding is specified by RFC 2253). For example, the system username is mapped to the `CN=system,O=Progress,C=US` subject DN. When performing authentication, -the plug-in extracts the subject DN from the received certificate, converts it to the standard string format, and -compares it with the subject DNs in the `users.properties` file by testing for string equality. Consequently, you must +the plug-in extracts the subject DN from the received certificate, converts it to the standard string format, and +compares it with the subject DNs in the `users.properties` file by testing for string equality. Consequently, you must be careful to ensure that the subject DNs appearing in the `users.properties` file are an exact match for the subject DNs extracted from the user certificates. Note: Technically, there is some residual ambiguity in the DN string format. For example, the `domainComponent` attribute -could be represented in a string either as the string, `DC`, or as the OID, `0.9.2342.19200300.100.1.25`. Normally, you do -not need to worry about this ambiguity. But it could potentially be a problem, if you changed the underlying +could be represented in a string either as the string, `DC`, or as the OID, `0.9.2342.19200300.100.1.25`. Normally, you do +not need to worry about this ambiguity. But it could potentially be a problem, if you changed the underlying implementation of the Java security layer. -The easiest way to obtain the subject DNs from the user certificates is by invoking the `keytool` utility to print the +The easiest way to obtain the subject DNs from the user certificates is by invoking the `keytool` utility to print the certificate contents. To print the contents of a certificate in a keystore, perform the following steps: -1. Export the certificate from the keystore file into a temporary file. For example, to export the certificate with +1. Export the certificate from the keystore file into a temporary file. For example, to export the certificate with alias `broker-localhost` from the `broker.ks` keystore file, enter the following command: keytool -export -file broker.export -alias broker-localhost -keystore broker.ks -storepass password After running this command, the exported certificate is in the file, `broker.export`. -1. Print out the contents of the exported certificate. For example, to print out the contents of `broker.export`, +1. Print out the contents of the exported certificate. For example, to print out the contents of `broker.export`, enter the following command: keytool -printcert -file broker.export @@ -634,11 +634,11 @@ certificate contents. To print the contents of a certificate in a keystore, perf MD5: 3F:6C:0C:89:A8:80:29:CC:F5:2D:DA:5C:D7:3F:AB:37 SHA1: F0:79:0D:04:38:5A:46:CE:86:E1:8A:20:1F:7B:AB:3A:46:E4:34:5C - The string following `Owner:` gives the subject DN. The format used to enter the subject DN depends on your + The string following `Owner:` gives the subject DN. The format used to enter the subject DN depends on your platform. The `Owner:` string above could be represented as either `CN=localhost,\ OU=broker,\ O=Unknown,\ L=Unknown,\ ST=Unknown,\ C=Unknown` or `CN=localhost,OU=broker,O=Unknown,L=Unknown,ST=Unknown,C=Unknown`. -The `roles.properties` file consists of a list of properties of the form, `Role=UserList`, where `UserList` is a +The `roles.properties` file consists of a list of properties of the form, `Role=UserList`, where `UserList` is a comma-separated list of users. For example, to define the roles `admins`, `users`, and `guests`, you could create a file like the following: @@ -646,7 +646,7 @@ like the following: users=system,user guests=guest -The simplest way to make the login configuration available to JAAS is to add the directory containing the file, +The simplest way to make the login configuration available to JAAS is to add the directory containing the file, `login.config`, to your CLASSPATH. @@ -699,12 +699,12 @@ can be deserialized without problem, whereas those from 'not trusted' packages w deserialization. Artemis keeps a `black list` to keep track of packages that are not trusted and a `white list` -for trusted packages. By default both lists are empty, meaning any serializable object is +for trusted packages. By default both lists are empty, meaning any serializable object is allowed to be deserialized. If an object whose class matches one of the packages in black list, it is not allowed to be deserialized. If it matches one in the white list -the object can be deserialized. If a package appears in both black list and white list, -the one in black list takes precedence. If a class neither matches with `black list` -nor with the `white list`, the class deserialization will be denied +the object can be deserialized. If a package appears in both black list and white list, +the one in black list takes precedence. If a class neither matches with `black list` +nor with the `white list`, the class deserialization will be denied unless the white list is empty (meaning the user doesn't specify the white list at all). A class is considered as a 'match' if @@ -734,7 +734,7 @@ You can also set the values via ActiveMQConnectionFactory's API: public void setDeserializationBlackList(String blackList); public void setDeserializationWhiteList(String whiteList); - + Again the parameters are comma separated list of package/class names. ### Specifying black list and white list via system properties @@ -757,10 +757,24 @@ properties for their resource adapters. There are two properties that you can co These properties, once specified, are eventually set on the corresponding internal factories. +### Specifying black list and white list for REST interface +Apache Artemis REST interface ([Rest](rest.md)) allows interactions between jms client and rest clients. +It uses JMS ObjectMessage to wrap the actual user data between the 2 types of clients and deserialization +is needed during this process. If you want to control the deserialization for REST, you need to set the +black/white lists for it separately as Apache Artemis REST Interface is deployed as a web application. +You need to put the black/white lists in its web.xml, as context parameters, as follows + + + org.apache.activemq.artemis.jms.deserialization.whitelist + some.allowed.class + + + org.apache.activemq.artemis.jms.deserialization.blacklist + some.forbidden.class + + ... + - - - - +The param-value for each list is a comma separated string value representing the list. diff --git a/tests/integration-tests/pom.xml b/tests/integration-tests/pom.xml index 78ab4d8ff2..9b4a51852e 100644 --- a/tests/integration-tests/pom.xml +++ b/tests/integration-tests/pom.xml @@ -349,6 +349,26 @@ artemis-test-support ${project.version} + + + + org.eclipse.jetty.aggregate + jetty-all + ${jetty.version} + jar + uber + + + org.jboss.resteasy + resteasy-jaxrs + + + org.apache.activemq.rest + artemis-rest + 1.4.0-SNAPSHOT + compile + + @@ -356,9 +376,44 @@ src/test/resources true + + **/rest/*.xml + + + org.apache.maven.plugins + maven-assembly-plugin + + + process-test-classes + bwlist-rest-test-war + + single + + + src/test/resources/rest/bwlist-rest-test-asm.xml + rest-test-bwlist + false + target/test-classes/rest/ + + + + process-test-classes + rest-test-war + + single + + + src/test/resources/rest/rest-test-asm.xml + rest-test + false + target/test-classes/rest/ + + + + org.apache.maven.plugins maven-jar-plugin diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/Order.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/Order.java new file mode 100644 index 0000000000..6755e55d17 --- /dev/null +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/Order.java @@ -0,0 +1,79 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.rest; + +import javax.xml.bind.annotation.XmlRootElement; +import java.io.Serializable; + +@XmlRootElement(name = "order") +public class Order implements Serializable { + private static final long serialVersionUID = -3462346058107018735L; + private String name; + private String amount; + private String item; + + public Order() { + } + + public Order(String name, String amount, String item) { + assert (name != null); + assert (amount != null); + assert (item != null); + + this.name = name; + this.amount = amount; + this.item = item; + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getAmount() { + return amount; + } + + public void setAmount(String amount) { + this.amount = amount; + } + + public String getItem() { + return item; + } + + public void setItem(String item) { + this.item = item; + } + + @Override + public boolean equals(Object other) { + if (!(other instanceof Order)) { + return false; + } + Order order = (Order) other; + return name.equals(order.name) && amount.equals(order.amount) && item.equals(order.item); + } + + @Override + public int hashCode() { + return name.hashCode() + amount.hashCode() + item.hashCode(); + } +} diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestDeserializationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestDeserializationTest.java new file mode 100644 index 0000000000..1f7f8f533d --- /dev/null +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestDeserializationTest.java @@ -0,0 +1,192 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.rest; + +import javax.jms.Connection; +import javax.jms.ConnectionFactory; +import javax.jms.Destination; +import javax.jms.JMSException; +import javax.jms.MessageProducer; +import javax.jms.ObjectMessage; +import javax.jms.Session; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import java.io.File; +import java.io.Serializable; +import java.io.StringReader; + +import org.apache.activemq.artemis.jms.client.ActiveMQDestination; +import org.apache.activemq.artemis.jms.client.ActiveMQJMSConnectionFactory; +import org.apache.activemq.artemis.rest.HttpHeaderProperty; +import org.apache.activemq.artemis.tests.integration.rest.util.RestAMQConnection; +import org.apache.activemq.artemis.tests.integration.rest.util.RestMessageContext; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; + +public class RestDeserializationTest extends RestTestBase { + + private RestAMQConnection restConnection; + + @Before + public void setUp() throws Exception { + super.setUp(); + createJettyServer("localhost", 12345); + } + + @After + public void tearDown() throws Exception { + if (restConnection != null) { + restConnection.close(); + } + super.tearDown(); + } + + @Test + public void testWithoutBlackWhiteListQueue() throws Exception { + deployAndconfigureRESTService("rest-test.war"); + + Order order = new Order(); + order.setName("Bill"); + order.setItem("iPhone4"); + order.setAmount("$199.99"); + + jmsSendMessage(order, "orders", true); + + String received = restReceiveQueueMessage("orders"); + + Object object = xmlToObject(received); + + assertEquals(order, object); + } + + @Test + public void testWithoutBlackWhiteListTopic() throws Exception { + deployAndconfigureRESTService("rest-test.war"); + + RestMessageContext topicContext = restConnection.createTopicContext("ordersTopic"); + topicContext.initPullConsumers(); + + Order order = new Order(); + order.setName("Bill"); + order.setItem("iPhone4"); + order.setAmount("$199.99"); + + jmsSendMessage(order, "ordersTopic", false); + + String received = topicContext.pullMessage(); + + Object object = xmlToObject(received); + + assertEquals(order, object); + } + + @Test + public void testBlackWhiteListQueuePull() throws Exception { + deployAndconfigureRESTService("rest-test-bwlist.war"); + + Order order = new Order(); + order.setName("Bill"); + order.setItem("iPhone4"); + order.setAmount("$199.99"); + + jmsSendMessage(order, "orders", true); + + try { + String received = restReceiveQueueMessage("orders"); + fail("Object should be rejected by blacklist, but " + received); + } + catch (IllegalStateException e) { + String error = e.getMessage(); + assertTrue(error, error.contains("ClassNotFoundException")); + } + } + + @Test + public void testBlackWhiteListTopicPull() throws Exception { + deployAndconfigureRESTService("rest-test-bwlist.war"); + + RestMessageContext topicContext = restConnection.createTopicContext("ordersTopic"); + topicContext.initPullConsumers(); + + Order order = new Order(); + order.setName("Bill"); + order.setItem("iPhone4"); + order.setAmount("$199.99"); + + jmsSendMessage(order, "ordersTopic", false); + + try { + String received = topicContext.pullMessage(); + fail("object should have been rejected but: " + received); + } + catch (IllegalStateException e) { + String error = e.getMessage(); + assertTrue(error, error.contains("ClassNotFoundException")); + } + } + + private void deployAndconfigureRESTService(String warFileName) throws Exception { + jmsServer.createTopic(false, "ordersTopic", (String[]) null); + File warFile = getResourceFile("/rest/" + warFileName, warFileName); + deployWebApp("/restapp", warFile); + server.start(); + String uri = server.getURI().toASCIIString(); + System.out.println("Sever started with uri: " + uri); + + restConnection = new RestAMQConnection(uri); + } + + private Object xmlToObject(String xmlString) throws JAXBException { + JAXBContext jc = JAXBContext.newInstance(Order.class); + Unmarshaller unmarshaller = jc.createUnmarshaller(); + StringReader reader = new StringReader(xmlString); + return unmarshaller.unmarshal(reader); + } + + private String restReceiveQueueMessage(String destName) throws Exception { + RestMessageContext restContext = restConnection.createQueueContext(destName); + String val = restContext.pullMessage(); + return val; + } + + private void jmsSendMessage(Serializable value, String destName, boolean isQueue) throws JMSException { + ConnectionFactory factory = new ActiveMQJMSConnectionFactory("tcp://localhost:61616"); + String jmsDest; + if (isQueue) { + jmsDest = "jms.queue." + destName; + } + else { + jmsDest = "jms.topic." + destName; + } + Destination destination = ActiveMQDestination.fromAddress(jmsDest); + + Connection conn = factory.createConnection(); + try { + Session session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE); + MessageProducer producer = session.createProducer(destination); + ObjectMessage message = session.createObjectMessage(); + message.setStringProperty(HttpHeaderProperty.CONTENT_TYPE, "application/xml"); + message.setObject(value); + producer.send(message); + } + finally { + conn.close(); + } + } +} diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestTestBase.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestTestBase.java new file mode 100644 index 0000000000..177dfe9d53 --- /dev/null +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/RestTestBase.java @@ -0,0 +1,97 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.rest; + +import java.io.File; +import java.io.IOException; +import java.io.InputStream; + +import org.apache.activemq.artemis.tests.util.JMSTestBase; +import org.eclipse.jetty.server.Connector; +import org.eclipse.jetty.server.Server; +import org.eclipse.jetty.server.ServerConnector; +import org.eclipse.jetty.server.handler.HandlerList; +import org.eclipse.jetty.webapp.WebAppContext; +import org.junit.After; +import org.junit.Before; +import org.junit.Rule; +import org.junit.rules.TemporaryFolder; +import shaded.org.apache.commons.io.FileUtils; + +public class RestTestBase extends JMSTestBase { + + @Rule + public TemporaryFolder testFolder = new TemporaryFolder(); + + protected Server server; + protected File webAppDir; + protected HandlerList handlers; + + @Before + public void setUp() throws Exception { + super.setUp(); + webAppDir = testFolder.newFolder("test-apps"); + } + + @After + public void tearDown() throws Exception { + if (server != null) { + try { + server.stop(); + } + catch (Throwable t) { + t.printStackTrace(); + } + } + super.tearDown(); + } + + public Server createJettyServer(String host, int port) throws Exception { + server = new Server(); + ServerConnector connector = new ServerConnector(server); + connector.setHost(host); + connector.setPort(port); + server.setConnectors(new Connector[]{connector}); + + handlers = new HandlerList(); + + server.setHandler(handlers); + return server; + } + + public WebAppContext deployWebApp(String contextPath, File warFile) { + WebAppContext webapp = new WebAppContext(); + if (contextPath.startsWith("/")) { + webapp.setContextPath(contextPath); + } + else { + webapp.setContextPath("/" + contextPath); + } + webapp.setWar(warFile.getAbsolutePath()); + + handlers.addHandler(webapp); + return webapp; + } + + public File getResourceFile(String resPath, String warName) throws IOException { + InputStream input = RestTestBase.class.getResourceAsStream(resPath); + File result = new File(webAppDir, warName); + FileUtils.copyInputStreamToFile(input, result); + return result; + } + +} diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/QueueRestMessageContext.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/QueueRestMessageContext.java new file mode 100644 index 0000000000..09cc9d697a --- /dev/null +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/QueueRestMessageContext.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.rest.util; + +import java.io.IOException; + +import org.apache.http.Header; +import org.apache.http.client.methods.CloseableHttpResponse; + +public class QueueRestMessageContext extends RestMessageContext { + public static final String PREFIX_QUEUE = "/queues/jms.queue."; + + public QueueRestMessageContext(RestAMQConnection restAMQConnection, String queue) throws IOException { + super(restAMQConnection, queue); + } + + @Override + protected String getDestLink() { + return PREFIX_QUEUE + destination; + } + + @Override + protected String getPullConsumerUri() { + return getDestLink() + "/pull-consumers"; + } + + @Override + public void initPullConsumers() throws IOException { + String pullUri = getPullConsumerUri(); + CloseableHttpResponse response = null; + if (!this.autoAck) { + response = connection.post(pullUri, "application/x-www-form-urlencoded", "autoAck=false"); + } + else { + response = connection.post(pullUri); + } + + try { + int code = ResponseUtil.getHttpCode(response); + if (code == 201) { + Header header = response.getFirstHeader("Location"); + contextMap.put(KEY_PULL_CONSUMERS_LOC, header.getValue()); + header = response.getFirstHeader(KEY_MSG_CONSUME_NEXT); + contextMap.put(KEY_MSG_CONSUME_NEXT, header.getValue()); + header = response.getFirstHeader(KEY_MSG_ACK_NEXT); + if (header != null) { + contextMap.put(KEY_MSG_ACK_NEXT, header.getValue()); + } + } + } + finally { + response.close(); + } + + } + + @Override + protected String getPushLink(String pushTarget) { + return PREFIX_QUEUE + pushTarget; + } + +} diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/ResponseUtil.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/ResponseUtil.java new file mode 100644 index 0000000000..7da895704e --- /dev/null +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/ResponseUtil.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.rest.util; + +import org.apache.http.HttpEntity; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.util.EntityUtils; + +import java.io.IOException; + +public class ResponseUtil { + public static int getHttpCode(CloseableHttpResponse response) { + return response.getStatusLine().getStatusCode(); + } + + public static String getDetails(CloseableHttpResponse response) throws IOException { + HttpEntity entity = response.getEntity(); + return EntityUtils.toString(entity); + } +} diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestAMQConnection.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestAMQConnection.java new file mode 100644 index 0000000000..4b3cdd4b6f --- /dev/null +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestAMQConnection.java @@ -0,0 +1,104 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.rest.util; + +import java.io.Closeable; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpDelete; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.entity.ContentType; +import org.apache.http.entity.StringEntity; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; + +public class RestAMQConnection implements Closeable { + private CloseableHttpClient httpClient = HttpClients.createDefault(); + + private String targetUri; + private List contexts = new ArrayList<>(); + + public RestAMQConnection(String targetUri) { + this.targetUri = targetUri; + } + + public QueueRestMessageContext createQueueContext(String queue) throws Exception { + QueueRestMessageContext ctx = new QueueRestMessageContext(this, queue); + contexts.add(ctx); + return ctx; + } + + public TopicRestMessageContext createTopicContext(String topic) throws Exception { + TopicRestMessageContext ctx = new TopicRestMessageContext(this, topic, false); + contexts.add(ctx); + return ctx; + } + + @Override + public void close() throws IOException { + for (RestMessageContext ctx : contexts) { + ctx.close(); + } + httpClient.close(); + } + + private String getFullLink(String link) { + if (link.startsWith("http:")) { + return link; + } + return targetUri + link; + } + + public CloseableHttpResponse request(String destLink) throws IOException { + String fullLink = getFullLink(destLink); + HttpGet request = new HttpGet(fullLink); + CloseableHttpResponse resp = httpClient.execute(request); + return resp; + } + + public CloseableHttpResponse post(String uri, String contentType, String body) throws IOException { + String fullLink = getFullLink(uri); + HttpPost post = new HttpPost(fullLink); + StringEntity entity = new StringEntity(body, + ContentType.create(contentType)); + post.setEntity(entity); + CloseableHttpResponse resp = httpClient.execute(post); + return resp; + } + + public CloseableHttpResponse post(String uri) throws IOException { + String fullLink = getFullLink(uri); + HttpPost post = new HttpPost(fullLink); + CloseableHttpResponse resp = httpClient.execute(post); + return resp; + } + + public void delete(String uri) throws IOException { + String consumerUri = getFullLink(uri); + HttpDelete delete = new HttpDelete(consumerUri); + CloseableHttpResponse resp = httpClient.execute(delete); + } + + public String getTargetUri() { + return this.targetUri; + } + +} diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestMessageContext.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestMessageContext.java new file mode 100644 index 0000000000..a4dfa30423 --- /dev/null +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/RestMessageContext.java @@ -0,0 +1,271 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.rest.util; + +import java.io.Closeable; +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import org.apache.http.Header; +import org.apache.http.HttpEntity; +import org.apache.http.client.ClientProtocolException; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.util.EntityUtils; + +public abstract class RestMessageContext implements Closeable { + public static final String KEY_MSG_CREATE = "msg-create"; + public static final String KEY_MSG_CREATE_ID = "msg-create-with-id"; + public static final String KEY_MSG_PULL = "msg-pull-consumers"; + public static final String KEY_MSG_PUSH = "msg-push-consumers"; + + public static final String KEY_MSG_PULL_SUB = "msg-pull-subscriptions"; + public static final String KEY_MSG_PUSH_SUB = "msg-push-subscriptions"; + + public static final String KEY_MSG_CREATE_NEXT = "msg-create-next"; + + public static final String KEY_PULL_CONSUMERS_LOC = "pull-consumers-location"; + public static final String KEY_MSG_CONSUME_NEXT = "msg-consume-next"; + + public static final String KEY_MSG_CONSUMER = "msg-consumer"; + public static final String KEY_MSG_ACK_NEXT = "msg-acknowledge-next"; + public static final String KEY_MSG_ACK = "msg-acknowledgement"; + + protected RestAMQConnection connection; + protected String destination; + protected Map contextMap = new HashMap<>(); + + // consumer options + protected boolean autoAck; + protected boolean pushConsumer; + + public RestMessageContext(RestAMQConnection restAMQConnection, String dest) throws IOException { + this(restAMQConnection, dest, true, false); + } + + public RestMessageContext(RestAMQConnection restAMQConnection, String dest, boolean isAutoAck, boolean isPush) throws IOException { + this.connection = restAMQConnection; + this.destination = dest; + this.autoAck = isAutoAck; + this.pushConsumer = isPush; + prepareSelf(); + } + + private void prepareSelf() throws IOException { + String destLink = getDestLink(); + CloseableHttpResponse response = connection.request(destLink); + int code = ResponseUtil.getHttpCode(response); + if (code != 200) { + System.out.println("failed to init " + destLink); + System.out.println("reason: " + ResponseUtil.getDetails(response)); + } + try { + Header header = response.getFirstHeader(KEY_MSG_CREATE); + contextMap.put(KEY_MSG_CREATE, header.getValue()); + header = response.getFirstHeader(KEY_MSG_CREATE_ID); + contextMap.put(KEY_MSG_CREATE_ID, header.getValue()); + + header = response.getFirstHeader(KEY_MSG_PULL); + if (header != null) { + contextMap.put(KEY_MSG_PULL, header.getValue()); + } + header = response.getFirstHeader(KEY_MSG_PUSH); + if (header != null) { + contextMap.put(KEY_MSG_PUSH, header.getValue()); + } + header = response.getFirstHeader(KEY_MSG_PULL_SUB); + if (header != null) { + contextMap.put(KEY_MSG_PULL_SUB, header.getValue()); + } + header = response.getFirstHeader(KEY_MSG_PUSH_SUB); + if (header != null) { + contextMap.put(KEY_MSG_PUSH_SUB, header.getValue()); + } + } + finally { + response.close(); + } + } + + protected abstract String getDestLink(); + + protected abstract String getPullConsumerUri(); + + protected abstract String getPushLink(String pushTarget); + + public int postMessage(String content, String type) throws IOException { + String postUri; + String nextMsgUri = contextMap.get(KEY_MSG_CREATE_NEXT); + if (nextMsgUri == null) { + postUri = contextMap.get(KEY_MSG_CREATE); + } + else { + postUri = nextMsgUri; + } + CloseableHttpResponse response = connection.post(postUri, type, content); + int code = -1; + try { + code = ResponseUtil.getHttpCode(response); + // check redirection + if (code == 307) { + Header redirLoc = response.getFirstHeader("Location"); + contextMap.put(KEY_MSG_CREATE_NEXT, redirLoc.getValue()); + code = postMessage(content, type);// do it again. + } + else if (code == 201) { + Header header = response.getFirstHeader(KEY_MSG_CREATE_NEXT); + contextMap.put(KEY_MSG_CREATE_NEXT, header.getValue()); + } + } + finally { + response.close(); + } + return code; + } + + public abstract void initPullConsumers() throws IOException; + + public boolean acknowledgement(boolean ackValue) throws IOException { + String ackUri = contextMap.get(KEY_MSG_ACK); + if (ackUri != null) { + CloseableHttpResponse response = connection.post(ackUri, "application/x-www-form-urlencoded", + "acknowledge=" + ackValue); + int code = ResponseUtil.getHttpCode(response); + if (code == 200) { + contextMap.put(KEY_MSG_ACK_NEXT, response.getFirstHeader(KEY_MSG_ACK_NEXT).getValue()); + } + return true; + } + return false; + } + + public String pullMessage() throws IOException { + String message = null; + String msgPullUri = null; + if (autoAck) { + msgPullUri = contextMap.get(KEY_MSG_CONSUME_NEXT); + if (msgPullUri == null) { + initPullConsumers(); + msgPullUri = contextMap.get(KEY_MSG_CONSUME_NEXT); + } + } + else { + msgPullUri = contextMap.get(KEY_MSG_ACK_NEXT); + if (msgPullUri == null) { + initPullConsumers(); + msgPullUri = contextMap.get(KEY_MSG_ACK_NEXT); + } + } + + CloseableHttpResponse response = connection.post(msgPullUri); + int code = ResponseUtil.getHttpCode(response); + try { + if (code == 200) { + // success + HttpEntity entity = response.getEntity(); + long len = entity.getContentLength(); + + if (len != -1 && len < 1024000) { + message = EntityUtils.toString(entity); + } + else { + // drop message + System.err.println("Mesage too large, drop it " + len); + } + + Header header = response.getFirstHeader(KEY_MSG_CONSUMER); + contextMap.put(KEY_MSG_CONSUMER, header.getValue()); + + if (!autoAck) { + header = response.getFirstHeader(KEY_MSG_ACK); + contextMap.put(KEY_MSG_ACK, header.getValue()); + } + else { + header = response.getFirstHeader(KEY_MSG_CONSUME_NEXT); + contextMap.put(KEY_MSG_CONSUME_NEXT, header.getValue()); + } + } + else if (code == 503) { + if (autoAck) { + contextMap.put(KEY_MSG_CONSUME_NEXT, response.getFirstHeader(KEY_MSG_CONSUME_NEXT).getValue()); + } + else { + contextMap.put(KEY_MSG_ACK_NEXT, response.getFirstHeader(KEY_MSG_ACK_NEXT).getValue()); + } + + Header header = response.getFirstHeader("Retry-After"); + if (header != null) { + long retryDelay = Long.valueOf(response.getFirstHeader("Retry-After").getValue()); + try { + Thread.sleep(retryDelay); + } + catch (InterruptedException e) { + e.printStackTrace(); + } + message = pullMessage(); + } + } + else { + throw new IllegalStateException("error: " + ResponseUtil.getDetails(response)); + } + } + finally { + response.close(); + } + + return message; + } + + @Override + public void close() { + String consumerUri = contextMap.get(KEY_MSG_CONSUMER); + if (consumerUri != null) { + try { + connection.delete(consumerUri); + contextMap.remove(KEY_MSG_CONSUMER); + } + catch (ClientProtocolException e) { + e.printStackTrace(); + } + catch (IOException e) { + e.printStackTrace(); + } + } + } + + public void setUpPush(String pushTarget) throws Exception { + String pushLink = this.contextMap.get(KEY_MSG_PUSH); + String pushRegXml = "" + + "" + + ""; + + CloseableHttpResponse response = connection.post(pushLink, "application/xml", pushRegXml); + int code = ResponseUtil.getHttpCode(response); + try { + if (code != 201) { + System.out.println("Failed to push " + pushRegXml); + System.out.println("Location: " + pushLink); + throw new Exception("Failed to register push " + ResponseUtil.getDetails(response)); + } + } + finally { + response.close(); + } + } +} diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/TopicRestMessageContext.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/TopicRestMessageContext.java new file mode 100644 index 0000000000..44bff85ba7 --- /dev/null +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/rest/util/TopicRestMessageContext.java @@ -0,0 +1,83 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.rest.util; + +import java.io.IOException; + +import org.apache.http.Header; +import org.apache.http.client.methods.CloseableHttpResponse; + +public class TopicRestMessageContext extends RestMessageContext { + public static final String PREFIX_TOPIC = "/topics/jms.topic."; + + private boolean durableSub; + + public TopicRestMessageContext(RestAMQConnection restAMQConnection, String topic, boolean durable) throws IOException { + super(restAMQConnection, topic); + this.durableSub = durable; + } + + @Override + protected String getDestLink() { + return PREFIX_TOPIC + destination; + } + + @Override + protected String getPullConsumerUri() { + return getDestLink() + "/pull-subscriptions"; + } + + @Override + public void initPullConsumers() throws IOException { + String pullUri = getPullConsumerUri(); + CloseableHttpResponse response = null; + if (this.durableSub || !this.autoAck) { + String extraOpt = "durable=" + this.durableSub + "&autoAck=" + this.autoAck; + response = connection.post(pullUri, "application/x-www-form-urlencoded", extraOpt); + } + else { + response = connection.post(pullUri); + } + + int code = ResponseUtil.getHttpCode(response); + + try { + if (code == 201) { + Header header = response.getFirstHeader("Location"); + contextMap.put(KEY_PULL_CONSUMERS_LOC, header.getValue()); + header = response.getFirstHeader(KEY_MSG_CONSUME_NEXT); + contextMap.put(KEY_MSG_CONSUME_NEXT, header.getValue()); + header = response.getFirstHeader(KEY_MSG_ACK_NEXT); + if (header != null) { + contextMap.put(KEY_MSG_ACK_NEXT, header.getValue()); + } + } + else { + throw new IllegalStateException("Failed to init pull consumer " + ResponseUtil.getDetails(response)); + } + } + finally { + response.close(); + } + } + + @Override + protected String getPushLink(String pushTarget) { + return PREFIX_TOPIC + pushTarget; + } + +} diff --git a/tests/integration-tests/src/test/resources/rest/bwlist-rest-test-asm.xml b/tests/integration-tests/src/test/resources/rest/bwlist-rest-test-asm.xml new file mode 100644 index 0000000000..af952fed4f --- /dev/null +++ b/tests/integration-tests/src/test/resources/rest/bwlist-rest-test-asm.xml @@ -0,0 +1,37 @@ + + + + rest-test-bwlist + + war + + false + + + ../../artemis-rest/target/classes/ + /WEB-INF/classes + + + src/test/resources/rest/rest-test-bwlist/webapp/ + / + + + + diff --git a/tests/integration-tests/src/test/resources/rest/rest-test-asm.xml b/tests/integration-tests/src/test/resources/rest/rest-test-asm.xml new file mode 100644 index 0000000000..ac1d4f25e9 --- /dev/null +++ b/tests/integration-tests/src/test/resources/rest/rest-test-asm.xml @@ -0,0 +1,37 @@ + + + + rest-test + + war + + false + + + ../../artemis-rest/target/classes/ + /WEB-INF/classes + + + src/test/resources/rest/rest-test/webapp/ + / + + + + diff --git a/tests/integration-tests/src/test/resources/rest/rest-test-bwlist/webapp/WEB-INF/web.xml b/tests/integration-tests/src/test/resources/rest/rest-test-bwlist/webapp/WEB-INF/web.xml new file mode 100644 index 0000000000..a0582c0b8b --- /dev/null +++ b/tests/integration-tests/src/test/resources/rest/rest-test-bwlist/webapp/WEB-INF/web.xml @@ -0,0 +1,56 @@ + + + + + + + + + + org.apache.activemq.artemis.jms.deserialization.whitelist + some.other.package + + + org.apache.activemq.artemis.jms.deserialization.blacklist + org.apache.activemq.artemis.example.rest.Order + + + + Rest-Messaging + + org.jboss.resteasy.plugins.server.servlet.FilterDispatcher + + + + + Rest-Messaging + /* + + + + org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap + + + + org.apache.activemq.artemis.rest.integration.RestMessagingBootstrapListener + + + diff --git a/tests/integration-tests/src/test/resources/rest/rest-test/webapp/WEB-INF/web.xml b/tests/integration-tests/src/test/resources/rest/rest-test/webapp/WEB-INF/web.xml new file mode 100644 index 0000000000..3e5ecb97d5 --- /dev/null +++ b/tests/integration-tests/src/test/resources/rest/rest-test/webapp/WEB-INF/web.xml @@ -0,0 +1,58 @@ + + + + + + + + + + + + Rest-Messaging + + org.jboss.resteasy.plugins.server.servlet.FilterDispatcher + + + + + Rest-Messaging + /* + + + + org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap + + + + org.apache.activemq.artemis.rest.integration.RestMessagingBootstrapListener + + +