ARTEMIS-270 Supply RemotingConnection for authorization

2015-10-20 23:06:04 +02:00 · 2015-10-20 23:06:04 +02:00 · aa7696e329
parent 7dc839c07d
commit aa7696e329
5 changed files with 21 additions and 4 deletions
--- a/artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireConnection.java
+++ b/artemis-protocols/artemis-openwire-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/openwire/OpenWireConnection.java
@ -425,6 +425,11 @@ public class OpenWireConnection implements RemotingConnection, CommandVisitor, S
      }
   }

+   @Override
+   public RemotingConnection getRemotingConnection() {
+      return this;
+   }
+
   @Override
   public Connection getTransportConnection() {
      return this.transportConnection;
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/SecurityAuth.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/SecurityAuth.java
@ -17,10 +17,13 @@

 package org.apache.activemq.artemis.core.security;

+import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
+
 public interface SecurityAuth {

   String getUsername();

   String getPassword();

+   RemotingConnection getRemotingConnection();
 }
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
@ -163,7 +163,7 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC
         final boolean validated;
         if (securityManager instanceof ActiveMQSecurityManager2) {
            final ActiveMQSecurityManager2 securityManager2 = (ActiveMQSecurityManager2) securityManager;
-            validated = securityManager2.validateUserAndRole(user, session.getPassword(), roles, checkType, saddress);
+            validated = securityManager2.validateUserAndRole(user, session.getPassword(), roles, checkType, saddress, session.getRemotingConnection());
         }
         else {
            validated = securityManager.validateUserAndRole(user, session.getPassword(), roles, checkType);
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager2.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager2.java
@ -20,6 +20,7 @@ import java.util.Set;

 import org.apache.activemq.artemis.core.security.CheckType;
 import org.apache.activemq.artemis.core.security.Role;
+import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;

 /**
 * Used to validate whether a user is authorized to connect to the
@ -43,7 +44,8 @@ public interface ActiveMQSecurityManager2 extends ActiveMQSecurityManager {
    * @param roles     the user's roles
    * @param checkType which permission to validate
    * @param address   the address for which to perform authorization
+    * @param connection   the user's connection
    * @return true if the user is valid and they have the correct roles for the given destination address
    */
-   boolean validateUserAndRole(String user, String password, Set<Role> roles, CheckType checkType, String address);
+   boolean validateUserAndRole(String user, String password, Set<Role> roles, CheckType checkType, String address, RemotingConnection connection);
 }
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
@ -33,6 +33,7 @@ import org.apache.activemq.artemis.api.core.client.ClientSession;
 import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
 import org.apache.activemq.artemis.api.core.client.ServerLocator;
 import org.apache.activemq.artemis.core.config.Configuration;
+import org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnection;
 import org.apache.activemq.artemis.core.security.CheckType;
 import org.apache.activemq.artemis.core.security.Role;
 import org.apache.activemq.artemis.core.server.ActiveMQServer;
@ -40,6 +41,7 @@ import org.apache.activemq.artemis.core.server.ActiveMQServers;
 import org.apache.activemq.artemis.core.server.Queue;
 import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl;
 import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
 import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
 import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2;
 import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManagerImpl;
@ -1470,7 +1472,12 @@ public class SecurityTest extends ActiveMQTestBase {
               final String password,
               final Set<Role> requiredRoles,
               final CheckType checkType,
-               final String address) {
+               final String address,
+               final RemotingConnection connection) {
+
+               if (!(connection.getTransportConnection() instanceof InVMConnection)) {
+                  return false;
+               }

               if ((username.equals("foo") || username.equals("bar") || username.equals("all")) &&
                   password.equals("frobnicate")) {