Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

This closes #205

This commit is contained in:
Clebert Suconic 2015-10-20 18:23:41 -04:00
parent 7dc839c07d aa7696e329
commit 7afd337496
5 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireConnection.java
View File

@ -425,6 +425,11 @@ public class OpenWireConnection implements RemotingConnection, CommandVisitor, S
} }
} }
@Override
public RemotingConnection getRemotingConnection() {
return this;
}
@Override @Override
public Connection getTransportConnection() { public Connection getTransportConnection() {
return this.transportConnection; return this.transportConnection;

3
artemis-server/src/main/java/org/apache/activemq/artemis/core/security/SecurityAuth.java
View File

@ -17,10 +17,13 @@
package org.apache.activemq.artemis.core.security; package org.apache.activemq.artemis.core.security;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
public interface SecurityAuth { public interface SecurityAuth {
String getUsername(); String getUsername();
String getPassword(); String getPassword();
RemotingConnection getRemotingConnection();
} }

2
artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
View File

@ -163,7 +163,7 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC
final boolean validated; final boolean validated;
if (securityManager instanceof ActiveMQSecurityManager2) { if (securityManager instanceof ActiveMQSecurityManager2) {
final ActiveMQSecurityManager2 securityManager2 = (ActiveMQSecurityManager2) securityManager; final ActiveMQSecurityManager2 securityManager2 = (ActiveMQSecurityManager2) securityManager;
validated = securityManager2.validateUserAndRole(user, session.getPassword(), roles, checkType, saddress); validated = securityManager2.validateUserAndRole(user, session.getPassword(), roles, checkType, saddress, session.getRemotingConnection());
} }
else { else {
validated = securityManager.validateUserAndRole(user, session.getPassword(), roles, checkType); validated = securityManager.validateUserAndRole(user, session.getPassword(), roles, checkType);

6
artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager2.java
View File

@ -20,6 +20,7 @@ import java.util.Set;
import org.apache.activemq.artemis.core.security.CheckType; import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role; import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
/** /**
* Used to validate whether a user is authorized to connect to the * Used to validate whether a user is authorized to connect to the
@ -43,7 +44,8 @@ public interface ActiveMQSecurityManager2 extends ActiveMQSecurityManager {
* @param roles the user's roles * @param roles the user's roles
* @param checkType which permission to validate * @param checkType which permission to validate
* @param address the address for which to perform authorization * @param address the address for which to perform authorization
* @param connection the user's connection
* @return true if the user is valid and they have the correct roles for the given destination address * @return true if the user is valid and they have the correct roles for the given destination address
*/ */
boolean validateUserAndRole(String user, String password, Set<Role> roles, CheckType checkType, String address); boolean validateUserAndRole(String user, String password, Set<Role> roles, CheckType checkType, String address, RemotingConnection connection);
} }

9
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
View File

@ -33,6 +33,7 @@ import org.apache.activemq.artemis.api.core.client.ClientSession;
import org.apache.activemq.artemis.api.core.client.ClientSessionFactory; import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
import org.apache.activemq.artemis.api.core.client.ServerLocator; import org.apache.activemq.artemis.api.core.client.ServerLocator;
import org.apache.activemq.artemis.core.config.Configuration; import org.apache.activemq.artemis.core.config.Configuration;
import org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnection;
import org.apache.activemq.artemis.core.security.CheckType; import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role; import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.server.ActiveMQServer; import org.apache.activemq.artemis.core.server.ActiveMQServer;
@ -40,6 +41,7 @@ import org.apache.activemq.artemis.core.server.ActiveMQServers;
import org.apache.activemq.artemis.core.server.Queue; import org.apache.activemq.artemis.core.server.Queue;
import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl; import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl;
import org.apache.activemq.artemis.core.settings.HierarchicalRepository; import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager; import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2; import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManagerImpl; import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManagerImpl;
@ -1470,7 +1472,12 @@ public class SecurityTest extends ActiveMQTestBase {
final String password, final String password,
final Set<Role> requiredRoles, final Set<Role> requiredRoles,
final CheckType checkType, final CheckType checkType,
final String address) { final String address,
final RemotingConnection connection) {
if (!(connection.getTransportConnection() instanceof InVMConnection)) {
return false;
}
if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && if ((username.equals("foo") || username.equals("bar") || username.equals("all")) &&
password.equals("frobnicate")) { password.equals("frobnicate")) {