Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

This closes #3254

This commit is contained in:
Clebert Suconic 2020-09-14 15:35:24 -04:00
parent 24ba4daf94 cf92c16339
commit 3fc2fedcf9
5 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
View File

@ -270,7 +270,7 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC
final Boolean validated; final Boolean validated;
if (securityManager instanceof ActiveMQSecurityManager5) { if (securityManager instanceof ActiveMQSecurityManager5) {
Subject subject = getSubjectForAuthorization(session, ((ActiveMQSecurityManager5) securityManager)); Subject subject = getSubjectForAuthorization(session, ((ActiveMQSecurityManager5) securityManager));
validated = ((ActiveMQSecurityManager5) securityManager).authorize(subject, roles, checkType); validated = ((ActiveMQSecurityManager5) securityManager).authorize(subject, roles, checkType, isFullyQualified ? fqqn.toString() : bareAddress.toString());
} else if (securityManager instanceof ActiveMQSecurityManager4) { } else if (securityManager instanceof ActiveMQSecurityManager4) {
validated = ((ActiveMQSecurityManager4) securityManager).validateUserAndRole(user, session.getPassword(), roles, checkType, bareAddress.toString(), session.getRemotingConnection(), session.getSecurityDomain()) != null; validated = ((ActiveMQSecurityManager4) securityManager).validateUserAndRole(user, session.getPassword(), roles, checkType, bareAddress.toString(), session.getRemotingConnection(), session.getSecurityDomain()) != null;
} else if (securityManager instanceof ActiveMQSecurityManager3) { } else if (securityManager instanceof ActiveMQSecurityManager3) {

3
artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java
View File

@ -113,7 +113,8 @@ public class ActiveMQJAASSecurityManager implements ActiveMQSecurityManager5 {
@Override @Override
public boolean authorize(final Subject subject, public boolean authorize(final Subject subject,
final Set<Role> roles, final Set<Role> roles,
final CheckType checkType) { final CheckType checkType,
final String address) {
boolean authorized = false; boolean authorized = false;
if (subject != null) { if (subject != null) {

5
artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager5.java
View File

@ -42,7 +42,7 @@ public interface ActiveMQSecurityManager5 extends ActiveMQSecurityManager {
* @param password the user's password * @param password the user's password
* @param remotingConnection the user's connection which contains any corresponding SSL certs * @param remotingConnection the user's connection which contains any corresponding SSL certs
* @param securityDomain the name of the JAAS security domain to use (can be null) * @param securityDomain the name of the JAAS security domain to use (can be null)
* @return the Subject of the authenticated user or null if the user isn't authenticated * @return the Subject of the authenticated user, else null
*/ */
Subject authenticate(String user, String password, RemotingConnection remotingConnection, String securityDomain); Subject authenticate(String user, String password, RemotingConnection remotingConnection, String securityDomain);
@ -55,7 +55,8 @@ public interface ActiveMQSecurityManager5 extends ActiveMQSecurityManager {
* @param subject the Subject to authorize * @param subject the Subject to authorize
* @param roles the roles configured in the security-settings * @param roles the roles configured in the security-settings
* @param checkType which permission to validate * @param checkType which permission to validate
* @param address the address (or FQQN) to grant access to
* @return true if the user is authorized, else false * @return true if the user is authorized, else false
*/ */
boolean authorize(Subject subject, Set<Role> roles, CheckType checkType); boolean authorize(Subject subject, Set<Role> roles, CheckType checkType, String address);
} }

2
artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/JAASSecurityManagerTest.java
View File

@ -92,7 +92,7 @@ public class JAASSecurityManagerTest {
Role role = new Role("programmers", true, true, true, true, true, true, true, true, true, true); Role role = new Role("programmers", true, true, true, true, true, true, true, true, true, true);
Set<Role> roles = new HashSet<>(); Set<Role> roles = new HashSet<>();
roles.add(role); roles.add(role);
boolean authorizationResult = securityManager.authorize(result, roles, CheckType.SEND); boolean authorizationResult = securityManager.authorize(result, roles, CheckType.SEND, "someaddress");
assertTrue(authorizationResult); assertTrue(authorizationResult);

9
examples/features/standard/security-manager/src/main/java/org/apache/activemq/artemis/jms/example/JAASSecurityManagerWrapper.java
View File

@ -33,16 +33,17 @@ public class JAASSecurityManagerWrapper implements ActiveMQSecurityManager5 {
@Override @Override
public Subject authenticate(String user, String password, RemotingConnection remotingConnection, String securityDomain) { public Subject authenticate(String user, String password, RemotingConnection remotingConnection, String securityDomain) {
System.out.println("authenticate(" + user + ", " + password + ", " + remotingConnection.getRemoteAddress() + ")"); System.out.println("authenticate(" + user + ", " + password + ", " + remotingConnection.getRemoteAddress() + ", " + securityDomain + ")");
return activeMQJAASSecurityManager.authenticate(user, password, remotingConnection, securityDomain); return activeMQJAASSecurityManager.authenticate(user, password, remotingConnection, securityDomain);
} }
@Override @Override
public boolean authorize(Subject subject, public boolean authorize(Subject subject,
Set<Role> roles, Set<Role> roles,
CheckType checkType) { CheckType checkType,
System.out.println("authorize(" + subject + ", " + roles + ", " + checkType + ")"); String address) {
return activeMQJAASSecurityManager.authorize(subject, roles, checkType); System.out.println("authorize(" + subject + ", " + roles + ", " + checkType + ", " + address + ")");
return activeMQJAASSecurityManager.authorize(subject, roles, checkType, address);
} }
@Override @Override