Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ARTEMIS-4146 reauthenticated subjects are not cached

This commit is contained in:
Justin Bertram 2023-01-26 22:36:55 -06:00 committed by clebertsuconic
parent 3908dfc055
commit 49f8846861
2 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
View File

@ -408,7 +408,13 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC
* successfully authenticate before requesting authorization for anything. * successfully authenticate before requesting authorization for anything.
*/ */
if (cached == null) { if (cached == null) {
return securityManager.authenticate(auth.getUsername(), auth.getPassword(), auth.getRemotingConnection(), auth.getSecurityDomain()); try {
Subject subject = securityManager.authenticate(auth.getUsername(), auth.getPassword(), auth.getRemotingConnection(), auth.getSecurityDomain());
authenticationCache.put(createAuthenticationCacheKey(auth.getUsername(), auth.getPassword(), auth.getRemotingConnection()), new Pair<>(subject != null, subject));
return subject;
} catch (NoCacheLoginException e) {
return null;
}
} }
return cached.getB(); return cached.getB();
} }

36
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
View File

@ -2569,6 +2569,42 @@ public class SecurityTest extends ActiveMQTestBase {
} }
} }
@Test
public void testReauthenticationIsCached() throws Exception {
ActiveMQServer server = createServer();
server.start();
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
Role role = new Role("arole", true, false, false, false, false, false, false, false, true, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(SecurityTest.addressA, roles);
securityManager.getConfiguration().addRole("auser", "arole");
server.createQueue(new QueueConfiguration(SecurityTest.queueA).setAddress(SecurityTest.addressA));
((SecurityStoreImpl)server.getSecurityStore()).invalidateAuthenticationCache();
((SecurityStoreImpl)server.getSecurityStore()).invalidateAuthorizationCache();
locator.setBlockOnNonDurableSend(true);
ClientSessionFactory cf = createSessionFactory(locator);
ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1);
ClientProducer cp = session.createProducer(SecurityTest.addressA);
cp.send(session.createMessage(false));
assertEquals(1, ((SecurityStoreImpl)server.getSecurityStore()).getAuthenticationCacheSize());
assertEquals(1, ((SecurityStoreImpl)server.getSecurityStore()).getAuthorizationCacheSize());
((SecurityStoreImpl)server.getSecurityStore()).invalidateAuthenticationCache();
((SecurityStoreImpl)server.getSecurityStore()).invalidateAuthorizationCache();
cp.send(session.createMessage(false));
assertEquals(1, ((SecurityStoreImpl)server.getSecurityStore()).getAuthenticationCacheSize());
assertEquals(1, ((SecurityStoreImpl)server.getSecurityStore()).getAuthorizationCacheSize());
}
// Check the user connection has both send and receive permissions on the queue // Check the user connection has both send and receive permissions on the queue
private void checkUserSendAndReceive(final String genericQueueName, private void checkUserSendAndReceive(final String genericQueueName,
final ClientSession connection) throws Exception { final ClientSession connection) throws Exception {