This closes #205

This commit is contained in:
Clebert Suconic 2015-10-20 18:23:41 -04:00
commit 7afd337496
5 changed files with 21 additions and 4 deletions

View File

@ -425,6 +425,11 @@ public class OpenWireConnection implements RemotingConnection, CommandVisitor, S
}
}
@Override
public RemotingConnection getRemotingConnection() {
return this;
}
@Override
public Connection getTransportConnection() {
return this.transportConnection;

View File

@ -17,10 +17,13 @@
package org.apache.activemq.artemis.core.security;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
public interface SecurityAuth {
String getUsername();
String getPassword();
RemotingConnection getRemotingConnection();
}

View File

@ -163,7 +163,7 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC
final boolean validated;
if (securityManager instanceof ActiveMQSecurityManager2) {
final ActiveMQSecurityManager2 securityManager2 = (ActiveMQSecurityManager2) securityManager;
validated = securityManager2.validateUserAndRole(user, session.getPassword(), roles, checkType, saddress);
validated = securityManager2.validateUserAndRole(user, session.getPassword(), roles, checkType, saddress, session.getRemotingConnection());
}
else {
validated = securityManager.validateUserAndRole(user, session.getPassword(), roles, checkType);

View File

@ -20,6 +20,7 @@ import java.util.Set;
import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
/**
* Used to validate whether a user is authorized to connect to the
@ -43,7 +44,8 @@ public interface ActiveMQSecurityManager2 extends ActiveMQSecurityManager {
* @param roles the user's roles
* @param checkType which permission to validate
* @param address the address for which to perform authorization
* @param connection the user's connection
* @return true if the user is valid and they have the correct roles for the given destination address
*/
boolean validateUserAndRole(String user, String password, Set<Role> roles, CheckType checkType, String address);
}
boolean validateUserAndRole(String user, String password, Set<Role> roles, CheckType checkType, String address, RemotingConnection connection);
}

View File

@ -33,6 +33,7 @@ import org.apache.activemq.artemis.api.core.client.ClientSession;
import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
import org.apache.activemq.artemis.api.core.client.ServerLocator;
import org.apache.activemq.artemis.core.config.Configuration;
import org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnection;
import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
@ -40,6 +41,7 @@ import org.apache.activemq.artemis.core.server.ActiveMQServers;
import org.apache.activemq.artemis.core.server.Queue;
import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl;
import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManagerImpl;
@ -1470,7 +1472,12 @@ public class SecurityTest extends ActiveMQTestBase {
final String password,
final Set<Role> requiredRoles,
final CheckType checkType,
final String address) {
final String address,
final RemotingConnection connection) {
if (!(connection.getTransportConnection() instanceof InVMConnection)) {
return false;
}
if ((username.equals("foo") || username.equals("bar") || username.equals("all")) &&
password.equals("frobnicate")) {