Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ARTEMIS-2377 - add password encryption to security plugins 

https://issues.apache.org/jira/browse/ARTEMIS-2377
This commit is contained in:
Andy 2019-06-11 19:16:33 +01:00
parent a652ec251f
commit 959d25f0e6
3 changed files with 126 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java
View File

@ -706,7 +706,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
* @param e * @param e
* @param config * @param config
*/ */
private void parseSecurity(final Element e, final Configuration config) { private void parseSecurity(final Element e, final Configuration config) throws Exception {
NodeList elements = e.getElementsByTagName("security-settings"); NodeList elements = e.getElementsByTagName("security-settings");
if (elements.getLength() != 0) { if (elements.getLength() != 0) {
Element node = (Element) elements.item(0); Element node = (Element) elements.item(0);
@ -724,7 +724,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
} }
list = node.getElementsByTagName(SECURITY_PLUGIN_ELEMENT_NAME); list = node.getElementsByTagName(SECURITY_PLUGIN_ELEMENT_NAME);
for (int i = 0; i < list.getLength(); i++) { for (int i = 0; i < list.getLength(); i++) {
Pair<SecuritySettingPlugin, Map<String, String>> securityItem = parseSecuritySettingPlugins(list.item(i)); Pair<SecuritySettingPlugin, Map<String, String>> securityItem = parseSecuritySettingPlugins(list.item(i), config.isMaskPassword(), config.getPasswordCodec());
config.addSecuritySettingPlugin(securityItem.getA().init(securityItem.getB())); config.addSecuritySettingPlugin(securityItem.getA().init(securityItem.getB()));
} }
} }
@ -953,7 +953,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
return mappedRoles.toArray(new String[mappedRoles.size()]); return mappedRoles.toArray(new String[mappedRoles.size()]);
} }
private Pair<SecuritySettingPlugin, Map<String, String>> parseSecuritySettingPlugins(Node item) { private Pair<SecuritySettingPlugin, Map<String, String>> parseSecuritySettingPlugins(Node item, Boolean maskPassword, String passwordCodec) throws Exception {
final String clazz = item.getAttributes().getNamedItem("class-name").getNodeValue(); final String clazz = item.getAttributes().getNamedItem("class-name").getNodeValue();
final Map<String, String> settings = new HashMap<>(); final Map<String, String> settings = new HashMap<>();
NodeList children = item.getChildNodes(); NodeList children = item.getChildNodes();
@ -962,7 +962,10 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
final String nodeName = child.getNodeName(); final String nodeName = child.getNodeName();
if (SETTING_ELEMENT_NAME.equalsIgnoreCase(nodeName)) { if (SETTING_ELEMENT_NAME.equalsIgnoreCase(nodeName)) {
final String settingName = getAttributeValue(child, NAME_ATTR_NAME); final String settingName = getAttributeValue(child, NAME_ATTR_NAME);
final String settingValue = getAttributeValue(child, VALUE_ATTR_NAME); String settingValue = getAttributeValue(child, VALUE_ATTR_NAME);
if (settingValue != null && PasswordMaskingUtil.isEncMasked(settingValue)) {
settingValue = PasswordMaskingUtil.resolveMask(maskPassword, settingValue, passwordCodec);
}
settings.put(settingName, settingValue); settings.put(settingName, settingValue);
} }
} }

85
artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationSecurityPluginTest.java Normal file
View File

@ -0,0 +1,85 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.artemis.core.config.impl;
import org.apache.activemq.artemis.core.config.Configuration;
import org.apache.activemq.artemis.core.config.FileDeploymentManager;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.server.SecuritySettingPlugin;
import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
import org.junit.Assert;
import org.junit.Test;
import java.util.List;
import java.util.Map;
import java.util.Set;
public class FileConfigurationSecurityPluginTest extends ConfigurationImplTest {
protected String getConfigurationName() {
return "ConfigurationTest-security-plugin-config.xml";
}
@Override
@Test
public void testDefaults() {
List<SecuritySettingPlugin> securitySettingPlugins = conf.getSecuritySettingPlugins();
Assert.assertEquals(1, securitySettingPlugins.size());
Assert.assertEquals("secret", MyPlugin.options.get("setting1"));
Assert.assertEquals("hello", MyPlugin.options.get("setting2"));
}
@Override
protected Configuration createConfiguration() throws Exception {
FileConfiguration fc = new FileConfiguration();
FileDeploymentManager deploymentManager = new FileDeploymentManager(getConfigurationName());
deploymentManager.addDeployable(fc);
deploymentManager.readConfiguration();
return fc;
}
public static class MyPlugin implements SecuritySettingPlugin {
private static Map<String, String> options;
public MyPlugin() {
}
@Override
public SecuritySettingPlugin init(Map<String, String> options) {
MyPlugin.options = options;
return this;
}
@Override
public SecuritySettingPlugin stop() {
return null;
}
@Override
public Map<String, Set<Role>> getSecurityRoles() {
return null;
}
@Override
public void setSecurityRepository(HierarchicalRepository<Set<Role>> securityRepository) {
}
}
}

34
artemis-server/src/test/resources/ConfigurationTest-security-plugin-config.xml Normal file
View File

@ -0,0 +1,34 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<configuration
xmlns="urn:activemq"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:activemq ../../../../activemq-server/src/main/resources/schema/artemis-server.xsd">
<core xmlns="urn:activemq:core">
<!-- <mask-password>true</mask-password>
<password-codec>org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec</password-codec>
-->
<security-settings>
<security-setting-plugin class-name="org.apache.activemq.artemis.core.config.impl.FileConfigurationSecurityPluginTest$MyPlugin">
<setting name="setting1" value="ENC(-41e444c3ed07d6dd)"/>
<setting name="setting2" value="hello"/>
</security-setting-plugin>
</security-settings>
</core>
</configuration>