From aa7696e3293ffe99f5d856dd18c0f5e19573fa31 Mon Sep 17 00:00:00 2001
From: Julian Scheid <julians37@gmail.com>
Date: Tue, 20 Oct 2015 23:06:04 +0200
Subject: [PATCH] ARTEMIS-270 Supply RemotingConnection for authorization

---
 .../core/protocol/openwire/OpenWireConnection.java       | 5 +++++
 .../activemq/artemis/core/security/SecurityAuth.java     | 3 +++
 .../artemis/core/security/impl/SecurityStoreImpl.java    | 2 +-
 .../spi/core/security/ActiveMQSecurityManager2.java      | 6 ++++--
 .../artemis/tests/integration/security/SecurityTest.java | 9 ++++++++-
 5 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireConnection.java b/artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireConnection.java
index 25a985d60e..4f1f0f6d26 100644
--- a/artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireConnection.java
+++ b/artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireConnection.java
@@ -425,6 +425,11 @@ public class OpenWireConnection implements RemotingConnection, CommandVisitor, S
       }
    }
 
+   @Override
+   public RemotingConnection getRemotingConnection() {
+      return this;
+   }
+
    @Override
    public Connection getTransportConnection() {
       return this.transportConnection;
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/SecurityAuth.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/SecurityAuth.java
index 1325e3945a..e7d4bb2e79 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/SecurityAuth.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/SecurityAuth.java
@@ -17,10 +17,13 @@
 
 package org.apache.activemq.artemis.core.security;
 
+import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
+
 public interface SecurityAuth {
 
    String getUsername();
 
    String getPassword();
 
+   RemotingConnection getRemotingConnection();
 }
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
index a12ff4f55f..d3c7d03fc2 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
@@ -163,7 +163,7 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC
          final boolean validated;
          if (securityManager instanceof ActiveMQSecurityManager2) {
             final ActiveMQSecurityManager2 securityManager2 = (ActiveMQSecurityManager2) securityManager;
-            validated = securityManager2.validateUserAndRole(user, session.getPassword(), roles, checkType, saddress);
+            validated = securityManager2.validateUserAndRole(user, session.getPassword(), roles, checkType, saddress, session.getRemotingConnection());
          }
          else {
             validated = securityManager.validateUserAndRole(user, session.getPassword(), roles, checkType);
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager2.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager2.java
index 1e3cb108a3..72b41214b4 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager2.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager2.java
@@ -20,6 +20,7 @@ import java.util.Set;
 
 import org.apache.activemq.artemis.core.security.CheckType;
 import org.apache.activemq.artemis.core.security.Role;
+import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
 
 /**
  * Used to validate whether a user is authorized to connect to the
@@ -43,7 +44,8 @@ public interface ActiveMQSecurityManager2 extends ActiveMQSecurityManager {
     * @param roles     the user's roles
     * @param checkType which permission to validate
     * @param address   the address for which to perform authorization
+    * @param connection   the user's connection
     * @return true if the user is valid and they have the correct roles for the given destination address
     */
-   boolean validateUserAndRole(String user, String password, Set<Role> roles, CheckType checkType, String address);
-}
\ No newline at end of file
+   boolean validateUserAndRole(String user, String password, Set<Role> roles, CheckType checkType, String address, RemotingConnection connection);
+}
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
index 269c3db6da..b45ce456ca 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
@@ -33,6 +33,7 @@ import org.apache.activemq.artemis.api.core.client.ClientSession;
 import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
 import org.apache.activemq.artemis.api.core.client.ServerLocator;
 import org.apache.activemq.artemis.core.config.Configuration;
+import org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnection;
 import org.apache.activemq.artemis.core.security.CheckType;
 import org.apache.activemq.artemis.core.security.Role;
 import org.apache.activemq.artemis.core.server.ActiveMQServer;
@@ -40,6 +41,7 @@ import org.apache.activemq.artemis.core.server.ActiveMQServers;
 import org.apache.activemq.artemis.core.server.Queue;
 import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl;
 import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
 import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
 import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2;
 import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManagerImpl;
@@ -1470,7 +1472,12 @@ public class SecurityTest extends ActiveMQTestBase {
                final String password,
                final Set<Role> requiredRoles,
                final CheckType checkType,
-               final String address) {
+               final String address,
+               final RemotingConnection connection) {
+
+               if (!(connection.getTransportConnection() instanceof InVMConnection)) {
+                  return false;
+               }
 
                if ((username.equals("foo") || username.equals("bar") || username.equals("all")) &&
                    password.equals("frobnicate")) {