From 84739466464a7710ba493a1e8a7cb57c29ec7078 Mon Sep 17 00:00:00 2001 From: Justin Bertram Date: Tue, 4 Aug 2020 08:20:06 -0500 Subject: [PATCH] ARTEMIS-2865 LegacyLDAPSecuritySettingPlugin can change default security match --- .../impl/LegacyLDAPSecuritySettingPlugin.java | 11 +- .../core/settings/HierarchicalRepository.java | 6 ++ .../impl/HierarchicalObjectRepository.java | 9 ++ ...LDAPSecuritySettingPluginListenerTest.java | 101 +++++++++++++++++- 4 files changed, 122 insertions(+), 5 deletions(-) diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java index 183d794e97..d9d61add68 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java @@ -463,8 +463,15 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin { processSearchResult(newRoles, (SearchResult) namingEvent.getNewBinding()); for (Map.Entry> entry : newRoles.entrySet()) { Set existingRoles = securityRepository.getMatch(entry.getKey()); - for (Role role : entry.getValue()) { - existingRoles.add(role); + // see if this the *actual* default object, not just "equals"; we don't want to change the default security match + if (existingRoles != securityRepository.getDefault()) { + for (Role role : entry.getValue()) { + logger.debug("adding role " + role + " to existing roles " + existingRoles + " at " + entry.getKey()); + existingRoles.add(role); + } + } else { + logger.debug("adding new roles " + entry.getValue() + " at " + entry.getKey()); + securityRepository.addMatch(entry.getKey(), entry.getValue()); } } } catch (NamingException e) { diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/settings/HierarchicalRepository.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/settings/HierarchicalRepository.java index cb2054a922..71379ea88e 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/settings/HierarchicalRepository.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/settings/HierarchicalRepository.java @@ -62,6 +62,12 @@ public interface HierarchicalRepository { */ void setDefault(T defaultValue); + /** + * + * @return the default match for this repo + */ + T getDefault(); + /** * remove a match from the repository * diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/settings/impl/HierarchicalObjectRepository.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/settings/impl/HierarchicalObjectRepository.java index 3ed69d037c..d6b751df3a 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/settings/impl/HierarchicalObjectRepository.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/settings/impl/HierarchicalObjectRepository.java @@ -348,6 +348,15 @@ public class HierarchicalObjectRepository implements HierarchicalRepository