diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ManagementHelper.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ManagementHelper.java index 7b6d3ff689..bba8419022 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ManagementHelper.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ManagementHelper.java @@ -62,6 +62,8 @@ public final class ManagementHelper { public static final SimpleString HDR_USER = new SimpleString("_AMQ_User"); + public static final SimpleString HDR_VALIDATED_USER = new SimpleString("_AMQ_ValidatedUser"); + public static final SimpleString HDR_CERT_SUBJECT_DN = new SimpleString("_AMQ_CertSubjectDN"); public static final SimpleString HDR_CHECK_TYPE = new SimpleString("_AMQ_CheckType"); diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java index 7ab353a70d..3bc60f2084 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java @@ -18,6 +18,7 @@ package org.apache.activemq.artemis.core.server.impl; import javax.json.JsonArrayBuilder; import javax.json.JsonObjectBuilder; +import javax.security.cert.X509Certificate; import javax.transaction.xa.XAException; import javax.transaction.xa.Xid; import java.util.ArrayList; @@ -58,6 +59,7 @@ import org.apache.activemq.artemis.core.postoffice.BindingType; import org.apache.activemq.artemis.core.postoffice.PostOffice; import org.apache.activemq.artemis.core.postoffice.QueueBinding; import org.apache.activemq.artemis.core.postoffice.RoutingStatus; +import org.apache.activemq.artemis.core.remoting.CertificateUtil; import org.apache.activemq.artemis.core.remoting.CloseListener; import org.apache.activemq.artemis.core.remoting.FailureListener; import org.apache.activemq.artemis.core.security.CheckType; @@ -499,6 +501,16 @@ public class ServerSessionImpl implements ServerSession, FailureListener { // HORNETQ-946 props.putSimpleStringProperty(ManagementHelper.HDR_USER, SimpleString.toSimpleString(username)); + props.putSimpleStringProperty(ManagementHelper.HDR_VALIDATED_USER, SimpleString.toSimpleString(validatedUser)); + + String certSubjectDN = "unavailable"; + X509Certificate[] certs = CertificateUtil.getCertsFromConnection(this.remotingConnection); + if (certs != null && certs.length > 0 && certs[0] != null) { + certSubjectDN = certs[0].getSubjectDN().getName(); + } + + props.putSimpleStringProperty(ManagementHelper.HDR_CERT_SUBJECT_DN, SimpleString.toSimpleString(certSubjectDN)); + props.putSimpleStringProperty(ManagementHelper.HDR_REMOTE_ADDRESS, SimpleString.toSimpleString(this.remotingConnection.getRemoteAddress())); props.putSimpleStringProperty(ManagementHelper.HDR_SESSION_NAME, SimpleString.toSimpleString(name)); diff --git a/docs/user-manual/en/management.md b/docs/user-manual/en/management.md index 5cb6838848..f7c835223d 100644 --- a/docs/user-manual/en/management.md +++ b/docs/user-manual/en/management.md @@ -735,8 +735,8 @@ un-formatted result of a call to `java.lang.System.currentTimeMillis()`. - `CONSUMER_CREATED` (2) `_AMQ_Address`, `_AMQ_ClusterName`, `_AMQ_RoutingName`, `_AMQ_Distance`, - `_AMQ_ConsumerCount`, `_AMQ_User`, `_AMQ_RemoteAddress`, - `_AMQ_SessionName`, `_AMQ_FilterString` + `_AMQ_ConsumerCount`, `_AMQ_User`, `_AMQ_ValidatedUser`, `_AMQ_RemoteAddress`, + `_AMQ_SessionName`, `_AMQ_FilterString`, `_AMQ_CertSubjectDN` - `CONSUMER_CLOSED` (3) diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/NotificationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/NotificationTest.java index 09aec0e0f7..ed5713e293 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/NotificationTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/NotificationTest.java @@ -175,8 +175,10 @@ public class NotificationTest extends ActiveMQTestBase { Assert.assertEquals(address.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString()); Assert.assertEquals(1, notifications[0].getObjectProperty(ManagementHelper.HDR_CONSUMER_COUNT)); Assert.assertEquals(SimpleString.toSimpleString("myUser"), notifications[0].getSimpleStringProperty(ManagementHelper.HDR_USER)); + Assert.assertEquals(null, notifications[0].getSimpleStringProperty(ManagementHelper.HDR_VALIDATED_USER)); Assert.assertEquals(SimpleString.toSimpleString("invm:0"), notifications[0].getSimpleStringProperty(ManagementHelper.HDR_REMOTE_ADDRESS)); Assert.assertEquals(consumerName, notifications[0].getSimpleStringProperty(ManagementHelper.HDR_SESSION_NAME)); + Assert.assertEquals(SimpleString.toSimpleString("unavailable"), notifications[0].getSimpleStringProperty(ManagementHelper.HDR_CERT_SUBJECT_DN)); consumer.close(); session.deleteQueue(queue); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java index 26e0cca4c6..d4c504c178 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java @@ -25,6 +25,7 @@ import java.util.Set; import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration; import org.apache.activemq.artemis.api.core.ActiveMQException; +import org.apache.activemq.artemis.api.core.RoutingType; import org.apache.activemq.artemis.api.core.SimpleString; import org.apache.activemq.artemis.api.core.TransportConfiguration; import org.apache.activemq.artemis.api.core.client.ActiveMQClient; @@ -46,6 +47,7 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; +import static org.apache.activemq.artemis.api.core.management.CoreNotificationType.CONSUMER_CREATED; import static org.apache.activemq.artemis.api.core.management.CoreNotificationType.SECURITY_AUTHENTICATION_VIOLATION; public class SSLSecurityNotificationTest extends ActiveMQTestBase { @@ -96,6 +98,43 @@ public class SSLSecurityNotificationTest extends ActiveMQTestBase { Assert.assertTrue(notifications[0].getObjectProperty(ManagementHelper.HDR_REMOTE_ADDRESS).toString().startsWith("/127.0.0.1")); } + @Test + public void testCONSUMER_CREATED() throws Exception { + SimpleString queue = RandomUtil.randomSimpleString(); + SimpleString address = RandomUtil.randomSimpleString(); + + Role role = new Role("notif", true, true, true, true, false, true, true, true, true, true); + Set roles = new HashSet<>(); + roles.add(role); + + server.getSecurityRepository().addMatch("#", roles); + + TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY); + tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); + tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-side-truststore.jks"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-side-keystore.jks"); + tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); + + ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); + ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator)); + + ClientSession guestSession = sf.createSession("guest", "guest", false, true, true, false, 1); + + guestSession.createQueue(address, RoutingType.ANYCAST, queue, true); + SSLSecurityNotificationTest.flush(notifConsumer); + guestSession.createConsumer(queue); + + ClientMessage[] notifications = SecurityNotificationTest.consumeMessages(1, notifConsumer); + Assert.assertEquals(CONSUMER_CREATED.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString()); + Assert.assertEquals("guest", notifications[0].getObjectProperty(ManagementHelper.HDR_USER).toString()); + Assert.assertEquals("first", notifications[0].getObjectProperty(ManagementHelper.HDR_VALIDATED_USER).toString()); + Assert.assertEquals(address.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString()); + Assert.assertEquals("CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ", notifications[0].getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN).toString()); + + guestSession.close(); + } + @Override @Before public void setUp() throws Exception { diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java index 579811a2f4..b8d5231123 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java @@ -21,6 +21,7 @@ import java.util.Set; import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration; import org.apache.activemq.artemis.api.core.ActiveMQException; +import org.apache.activemq.artemis.api.core.RoutingType; import org.apache.activemq.artemis.api.core.SimpleString; import org.apache.activemq.artemis.api.core.client.ClientConsumer; import org.apache.activemq.artemis.api.core.client.ClientMessage; @@ -40,6 +41,7 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; +import static org.apache.activemq.artemis.api.core.management.CoreNotificationType.CONSUMER_CREATED; import static org.apache.activemq.artemis.api.core.management.CoreNotificationType.SECURITY_AUTHENTICATION_VIOLATION; import static org.apache.activemq.artemis.api.core.management.CoreNotificationType.SECURITY_PERMISSION_VIOLATION; @@ -119,6 +121,36 @@ public class SecurityNotificationTest extends ActiveMQTestBase { guestSession.close(); } + @Test + public void testCONSUMER_CREATED() throws Exception { + SimpleString queue = RandomUtil.randomSimpleString(); + SimpleString address = RandomUtil.randomSimpleString(); + + Role role = new Role("role", true, true, true, true, false, true, true, true, true, true); + Set roles = new HashSet<>(); + roles.add(role); + server.getSecurityRepository().addMatch(address.toString(), roles); + ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); + securityManager.getConfiguration().addRole("guest", "role"); + + ServerLocator locator = createInVMNonHALocator(); + ClientSessionFactory sf = createSessionFactory(locator); + ClientSession guestSession = sf.createSession("guest", "guest", false, true, true, false, 1); + + guestSession.createQueue(address, RoutingType.ANYCAST, queue, true); + SecurityNotificationTest.flush(notifConsumer); + guestSession.createConsumer(queue); + + ClientMessage[] notifications = SecurityNotificationTest.consumeMessages(1, notifConsumer); + Assert.assertEquals(CONSUMER_CREATED.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString()); + Assert.assertEquals("guest", notifications[0].getObjectProperty(ManagementHelper.HDR_USER).toString()); + Assert.assertEquals("guest", notifications[0].getObjectProperty(ManagementHelper.HDR_VALIDATED_USER).toString()); + Assert.assertEquals(address.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString()); + Assert.assertEquals(SimpleString.toSimpleString("unavailable"), notifications[0].getSimpleStringProperty(ManagementHelper.HDR_CERT_SUBJECT_DN)); + + guestSession.close(); + } + // Package protected --------------------------------------------- // Protected -----------------------------------------------------