This closes #61 Security Manager change

This commit is contained in:
Clebert Suconic 2015-07-08 11:51:05 -04:00
commit 5b75f59bd6
2 changed files with 21 additions and 12 deletions

View File

@ -23,6 +23,7 @@ import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration;
import org.apache.activemq.artemis.core.security.CheckType; import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role; import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.security.User; import org.apache.activemq.artemis.core.security.User;
import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
/** /**
* A basic implementation of the ActiveMQSecurityManager. This can be used within an appserver and be deployed by * A basic implementation of the ActiveMQSecurityManager. This can be used within an appserver and be deployed by
@ -32,6 +33,8 @@ public class ActiveMQSecurityManagerImpl implements ActiveMQSecurityManager
{ {
private final SecurityConfiguration configuration; private final SecurityConfiguration configuration;
private ActiveMQServerLogger logger = ActiveMQServerLogger.LOGGER;
public ActiveMQSecurityManagerImpl() public ActiveMQSecurityManagerImpl()
{ {
configuration = new SecurityConfiguration(); configuration = new SecurityConfiguration();
@ -44,19 +47,24 @@ public class ActiveMQSecurityManagerImpl implements ActiveMQSecurityManager
// Public --------------------------------------------------------------------- // Public ---------------------------------------------------------------------
public boolean validateUser(final String user, final String password) public boolean validateUser(final String username, final String password)
{ {
if (user == null && configuration.getDefaultUser() == null) if (username != null)
{ {
return false; User user = configuration.getUser(username);
return user != null && user.isValid(username, password);
}
else if (username == null && password == null)
{
return configuration.getDefaultUser() != null;
}
else // the only possible case here is user == null, password != null
{
logger.debug("Validating default user against a provided password. This happens when username=null, password!=null");
String defaultUsername = configuration.getDefaultUser();
User defaultUser = configuration.getUser(defaultUsername);
return defaultUser != null && defaultUser.isValid(defaultUsername, password);
} }
String defaultUser = configuration.getDefaultUser();
User theUser = configuration.getUser(user == null ? defaultUser : user);
boolean ok = theUser != null && theUser.isValid(user == null ? defaultUser : user, password == null ? defaultUser
: password);
return ok;
} }
public boolean validateUserAndRole(final String user, public boolean validateUserAndRole(final String user,

View File

@ -57,11 +57,12 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase
@Test @Test
public void testDefaultSecurity() public void testDefaultSecurity()
{ {
securityManager.getConfiguration().addUser("guest", "guest"); securityManager.getConfiguration().addUser("guest", "password");
securityManager.getConfiguration().addRole("guest", "guest"); securityManager.getConfiguration().addRole("guest", "guest");
securityManager.getConfiguration().setDefaultUser("guest"); securityManager.getConfiguration().setDefaultUser("guest");
Assert.assertTrue(securityManager.validateUser(null, null)); Assert.assertTrue(securityManager.validateUser(null, null));
Assert.assertTrue(securityManager.validateUser("guest", "guest")); Assert.assertTrue(securityManager.validateUser("guest", "password"));
Assert.assertFalse(securityManager.validateUser(null, "wrongpass"));
HashSet<Role> roles = new HashSet<Role>(); HashSet<Role> roles = new HashSet<Role>();
roles.add(new Role("guest", true, true, true, true, true, true, true)); roles.add(new Role("guest", true, true, true, true, true, true, true));
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE)); Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));