From 7cc890ae6f96964c6b05a3aac2298f691e2567c0 Mon Sep 17 00:00:00 2001 From: Justin Bertram Date: Mon, 22 Apr 2019 14:54:33 -0500 Subject: [PATCH] ARTEMIS-2307 prefix not removed for security check --- .../core/server/impl/ServerSessionImpl.java | 6 +-- .../integration/client/CoreClientTest.java | 39 +++++++++++++++++-- 2 files changed, 39 insertions(+), 6 deletions(-) diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java index f6d845529b..4f8e514631 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java @@ -653,15 +653,15 @@ public class ServerSessionImpl implements ServerSession, FailureListener { if (durable) { // make sure the user has privileges to create this queue - securityCheck(addressInfo.getName(), name, CheckType.CREATE_DURABLE_QUEUE, this); + securityCheck(art.getName(), unPrefixedName, CheckType.CREATE_DURABLE_QUEUE, this); } else { - securityCheck(addressInfo.getName(), name, CheckType.CREATE_NON_DURABLE_QUEUE, this); + securityCheck(art.getName(), unPrefixedName, CheckType.CREATE_NON_DURABLE_QUEUE, this); } AddressSettings as = server.getAddressSettingsRepository().getMatch(art.getName().toString()); if (as.isAutoCreateAddresses() && server.getAddressInfo(art.getName()) == null) { - securityCheck(addressInfo.getName(), name, CheckType.CREATE_ADDRESS, this); + securityCheck(art.getName(), unPrefixedName, CheckType.CREATE_ADDRESS, this); } server.checkQueueCreationLimit(getUsername()); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/CoreClientTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/CoreClientTest.java index b7dfd986ef..abf604e567 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/CoreClientTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/client/CoreClientTest.java @@ -18,8 +18,10 @@ package org.apache.activemq.artemis.tests.integration.client; import java.util.ArrayList; import java.util.HashMap; +import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Set; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledThreadPoolExecutor; @@ -36,10 +38,15 @@ import org.apache.activemq.artemis.api.core.client.ClientSessionFactory; import org.apache.activemq.artemis.api.core.client.ServerLocator; import org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl; import org.apache.activemq.artemis.core.config.Configuration; +import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration; +import org.apache.activemq.artemis.core.security.Role; import org.apache.activemq.artemis.core.server.ActiveMQServer; import org.apache.activemq.artemis.core.server.ActiveMQServers; +import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl; import org.apache.activemq.artemis.core.settings.impl.AddressSettings; import org.apache.activemq.artemis.jms.client.ActiveMQTextMessage; +import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager; +import org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule; import org.apache.activemq.artemis.tests.integration.IntegrationTestLogger; import org.apache.activemq.artemis.tests.util.ActiveMQTestBase; import org.apache.activemq.artemis.utils.ActiveMQThreadFactory; @@ -154,6 +161,15 @@ public class CoreClientTest extends ActiveMQTestBase { @Test public void testCoreClientPrefixes() throws Exception { + internalTestCoreClientPrefixes(false); + } + + @Test + public void testCoreClientPrefixesWithSecurity() throws Exception { + internalTestCoreClientPrefixes(true); + } + + public void internalTestCoreClientPrefixes(boolean security) throws Exception { Configuration configuration = createBasicConfig(); configuration.clearAcceptorConfigurations(); @@ -183,14 +199,31 @@ public class CoreClientTest extends ActiveMQTestBase { configuration.addAcceptorConfiguration("prefix", acceptor.toString()); - ActiveMQServer server = createServer(configuration); + ActiveMQJAASSecurityManager securityManager = null; + + if (security) { + configuration.setSecurityEnabled(true); + + SecurityConfiguration securityConfiguration = new SecurityConfiguration(); + securityConfiguration.addUser("myUser", "myPass"); + securityConfiguration.addRole("myUser", "myrole"); + securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName(), securityConfiguration); + } + + ActiveMQServer server = addServer(new ActiveMQServerImpl(configuration, securityManager)); + server.start(); - ServerLocator locator = ServerLocatorImpl.newLocator(locatorString); + Role myRole = new Role("myrole", true, true, true, true, true, true, true, true, true, true); + Set anySet = new HashSet<>(); + anySet.add(myRole); + server.getSecurityRepository().addMatch(baseAddress, anySet); + + ServerLocator locator = addServerLocator(ServerLocatorImpl.newLocator(locatorString)); ClientSessionFactory sf = createSessionFactory(locator); - ClientSession session = sf.createSession(false, true, true); + ClientSession session = sf.createSession("myUser", "myPass", false, true, true, false, 0); Map consumerMap = new HashMap<>();