This closes #205
This commit is contained in:
commit
7afd337496
|
@ -425,6 +425,11 @@ public class OpenWireConnection implements RemotingConnection, CommandVisitor, S
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public RemotingConnection getRemotingConnection() {
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Connection getTransportConnection() {
|
public Connection getTransportConnection() {
|
||||||
return this.transportConnection;
|
return this.transportConnection;
|
||||||
|
|
|
@ -17,10 +17,13 @@
|
||||||
|
|
||||||
package org.apache.activemq.artemis.core.security;
|
package org.apache.activemq.artemis.core.security;
|
||||||
|
|
||||||
|
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
|
||||||
|
|
||||||
public interface SecurityAuth {
|
public interface SecurityAuth {
|
||||||
|
|
||||||
String getUsername();
|
String getUsername();
|
||||||
|
|
||||||
String getPassword();
|
String getPassword();
|
||||||
|
|
||||||
|
RemotingConnection getRemotingConnection();
|
||||||
}
|
}
|
||||||
|
|
|
@ -163,7 +163,7 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC
|
||||||
final boolean validated;
|
final boolean validated;
|
||||||
if (securityManager instanceof ActiveMQSecurityManager2) {
|
if (securityManager instanceof ActiveMQSecurityManager2) {
|
||||||
final ActiveMQSecurityManager2 securityManager2 = (ActiveMQSecurityManager2) securityManager;
|
final ActiveMQSecurityManager2 securityManager2 = (ActiveMQSecurityManager2) securityManager;
|
||||||
validated = securityManager2.validateUserAndRole(user, session.getPassword(), roles, checkType, saddress);
|
validated = securityManager2.validateUserAndRole(user, session.getPassword(), roles, checkType, saddress, session.getRemotingConnection());
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
validated = securityManager.validateUserAndRole(user, session.getPassword(), roles, checkType);
|
validated = securityManager.validateUserAndRole(user, session.getPassword(), roles, checkType);
|
||||||
|
|
|
@ -20,6 +20,7 @@ import java.util.Set;
|
||||||
|
|
||||||
import org.apache.activemq.artemis.core.security.CheckType;
|
import org.apache.activemq.artemis.core.security.CheckType;
|
||||||
import org.apache.activemq.artemis.core.security.Role;
|
import org.apache.activemq.artemis.core.security.Role;
|
||||||
|
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Used to validate whether a user is authorized to connect to the
|
* Used to validate whether a user is authorized to connect to the
|
||||||
|
@ -43,7 +44,8 @@ public interface ActiveMQSecurityManager2 extends ActiveMQSecurityManager {
|
||||||
* @param roles the user's roles
|
* @param roles the user's roles
|
||||||
* @param checkType which permission to validate
|
* @param checkType which permission to validate
|
||||||
* @param address the address for which to perform authorization
|
* @param address the address for which to perform authorization
|
||||||
|
* @param connection the user's connection
|
||||||
* @return true if the user is valid and they have the correct roles for the given destination address
|
* @return true if the user is valid and they have the correct roles for the given destination address
|
||||||
*/
|
*/
|
||||||
boolean validateUserAndRole(String user, String password, Set<Role> roles, CheckType checkType, String address);
|
boolean validateUserAndRole(String user, String password, Set<Role> roles, CheckType checkType, String address, RemotingConnection connection);
|
||||||
}
|
}
|
|
@ -33,6 +33,7 @@ import org.apache.activemq.artemis.api.core.client.ClientSession;
|
||||||
import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
|
import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
|
||||||
import org.apache.activemq.artemis.api.core.client.ServerLocator;
|
import org.apache.activemq.artemis.api.core.client.ServerLocator;
|
||||||
import org.apache.activemq.artemis.core.config.Configuration;
|
import org.apache.activemq.artemis.core.config.Configuration;
|
||||||
|
import org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnection;
|
||||||
import org.apache.activemq.artemis.core.security.CheckType;
|
import org.apache.activemq.artemis.core.security.CheckType;
|
||||||
import org.apache.activemq.artemis.core.security.Role;
|
import org.apache.activemq.artemis.core.security.Role;
|
||||||
import org.apache.activemq.artemis.core.server.ActiveMQServer;
|
import org.apache.activemq.artemis.core.server.ActiveMQServer;
|
||||||
|
@ -40,6 +41,7 @@ import org.apache.activemq.artemis.core.server.ActiveMQServers;
|
||||||
import org.apache.activemq.artemis.core.server.Queue;
|
import org.apache.activemq.artemis.core.server.Queue;
|
||||||
import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl;
|
import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl;
|
||||||
import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
|
import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
|
||||||
|
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
|
||||||
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
|
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
|
||||||
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2;
|
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2;
|
||||||
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManagerImpl;
|
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManagerImpl;
|
||||||
|
@ -1470,7 +1472,12 @@ public class SecurityTest extends ActiveMQTestBase {
|
||||||
final String password,
|
final String password,
|
||||||
final Set<Role> requiredRoles,
|
final Set<Role> requiredRoles,
|
||||||
final CheckType checkType,
|
final CheckType checkType,
|
||||||
final String address) {
|
final String address,
|
||||||
|
final RemotingConnection connection) {
|
||||||
|
|
||||||
|
if (!(connection.getTransportConnection() instanceof InVMConnection)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
if ((username.equals("foo") || username.equals("bar") || username.equals("all")) &&
|
if ((username.equals("foo") || username.equals("bar") || username.equals("all")) &&
|
||||||
password.equals("frobnicate")) {
|
password.equals("frobnicate")) {
|
||||||
|
|
Loading…
Reference in New Issue