diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManagerImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManagerImpl.java index a6f4774025..c3bd1a2196 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManagerImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManagerImpl.java @@ -23,6 +23,7 @@ import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration; import org.apache.activemq.artemis.core.security.CheckType; import org.apache.activemq.artemis.core.security.Role; import org.apache.activemq.artemis.core.security.User; +import org.apache.activemq.artemis.core.server.ActiveMQServerLogger; /** * A basic implementation of the ActiveMQSecurityManager. This can be used within an appserver and be deployed by @@ -32,6 +33,8 @@ public class ActiveMQSecurityManagerImpl implements ActiveMQSecurityManager { private final SecurityConfiguration configuration; + private ActiveMQServerLogger logger = ActiveMQServerLogger.LOGGER; + public ActiveMQSecurityManagerImpl() { configuration = new SecurityConfiguration(); @@ -44,19 +47,24 @@ public class ActiveMQSecurityManagerImpl implements ActiveMQSecurityManager // Public --------------------------------------------------------------------- - public boolean validateUser(final String user, final String password) + public boolean validateUser(final String username, final String password) { - if (user == null && configuration.getDefaultUser() == null) + if (username != null) { - return false; + User user = configuration.getUser(username); + return user != null && user.isValid(username, password); + } + else if (username == null && password == null) + { + return configuration.getDefaultUser() != null; + } + else // the only possible case here is user == null, password != null + { + logger.debug("Validating default user against a provided password. This happens when username=null, password!=null"); + String defaultUsername = configuration.getDefaultUser(); + User defaultUser = configuration.getUser(defaultUsername); + return defaultUser != null && defaultUser.isValid(defaultUsername, password); } - - String defaultUser = configuration.getDefaultUser(); - User theUser = configuration.getUser(user == null ? defaultUser : user); - - boolean ok = theUser != null && theUser.isValid(user == null ? defaultUser : user, password == null ? defaultUser - : password); - return ok; } public boolean validateUserAndRole(final String user, diff --git a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java index 08e8d80b8d..c729d271b9 100644 --- a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java +++ b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java @@ -57,11 +57,12 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase @Test public void testDefaultSecurity() { - securityManager.getConfiguration().addUser("guest", "guest"); + securityManager.getConfiguration().addUser("guest", "password"); securityManager.getConfiguration().addRole("guest", "guest"); securityManager.getConfiguration().setDefaultUser("guest"); Assert.assertTrue(securityManager.validateUser(null, null)); - Assert.assertTrue(securityManager.validateUser("guest", "guest")); + Assert.assertTrue(securityManager.validateUser("guest", "password")); + Assert.assertFalse(securityManager.validateUser(null, "wrongpass")); HashSet roles = new HashSet(); roles.add(new Role("guest", true, true, true, true, true, true, true)); Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));