ARTEMIS-2886 put address/FQQN into new security manager interface
The default JAAS security manager doesn't need the address/FQQN for authorization, but I'm putting it back into the interface because there are other use cases which *do* need it.
This commit is contained in:
parent
24ba4daf94
commit
cf92c16339
|
@ -270,7 +270,7 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC
|
||||||
final Boolean validated;
|
final Boolean validated;
|
||||||
if (securityManager instanceof ActiveMQSecurityManager5) {
|
if (securityManager instanceof ActiveMQSecurityManager5) {
|
||||||
Subject subject = getSubjectForAuthorization(session, ((ActiveMQSecurityManager5) securityManager));
|
Subject subject = getSubjectForAuthorization(session, ((ActiveMQSecurityManager5) securityManager));
|
||||||
validated = ((ActiveMQSecurityManager5) securityManager).authorize(subject, roles, checkType);
|
validated = ((ActiveMQSecurityManager5) securityManager).authorize(subject, roles, checkType, isFullyQualified ? fqqn.toString() : bareAddress.toString());
|
||||||
} else if (securityManager instanceof ActiveMQSecurityManager4) {
|
} else if (securityManager instanceof ActiveMQSecurityManager4) {
|
||||||
validated = ((ActiveMQSecurityManager4) securityManager).validateUserAndRole(user, session.getPassword(), roles, checkType, bareAddress.toString(), session.getRemotingConnection(), session.getSecurityDomain()) != null;
|
validated = ((ActiveMQSecurityManager4) securityManager).validateUserAndRole(user, session.getPassword(), roles, checkType, bareAddress.toString(), session.getRemotingConnection(), session.getSecurityDomain()) != null;
|
||||||
} else if (securityManager instanceof ActiveMQSecurityManager3) {
|
} else if (securityManager instanceof ActiveMQSecurityManager3) {
|
||||||
|
|
|
@ -113,7 +113,8 @@ public class ActiveMQJAASSecurityManager implements ActiveMQSecurityManager5 {
|
||||||
@Override
|
@Override
|
||||||
public boolean authorize(final Subject subject,
|
public boolean authorize(final Subject subject,
|
||||||
final Set<Role> roles,
|
final Set<Role> roles,
|
||||||
final CheckType checkType) {
|
final CheckType checkType,
|
||||||
|
final String address) {
|
||||||
boolean authorized = false;
|
boolean authorized = false;
|
||||||
|
|
||||||
if (subject != null) {
|
if (subject != null) {
|
||||||
|
|
|
@ -42,7 +42,7 @@ public interface ActiveMQSecurityManager5 extends ActiveMQSecurityManager {
|
||||||
* @param password the user's password
|
* @param password the user's password
|
||||||
* @param remotingConnection the user's connection which contains any corresponding SSL certs
|
* @param remotingConnection the user's connection which contains any corresponding SSL certs
|
||||||
* @param securityDomain the name of the JAAS security domain to use (can be null)
|
* @param securityDomain the name of the JAAS security domain to use (can be null)
|
||||||
* @return the Subject of the authenticated user or null if the user isn't authenticated
|
* @return the Subject of the authenticated user, else null
|
||||||
*/
|
*/
|
||||||
Subject authenticate(String user, String password, RemotingConnection remotingConnection, String securityDomain);
|
Subject authenticate(String user, String password, RemotingConnection remotingConnection, String securityDomain);
|
||||||
|
|
||||||
|
@ -55,7 +55,8 @@ public interface ActiveMQSecurityManager5 extends ActiveMQSecurityManager {
|
||||||
* @param subject the Subject to authorize
|
* @param subject the Subject to authorize
|
||||||
* @param roles the roles configured in the security-settings
|
* @param roles the roles configured in the security-settings
|
||||||
* @param checkType which permission to validate
|
* @param checkType which permission to validate
|
||||||
|
* @param address the address (or FQQN) to grant access to
|
||||||
* @return true if the user is authorized, else false
|
* @return true if the user is authorized, else false
|
||||||
*/
|
*/
|
||||||
boolean authorize(Subject subject, Set<Role> roles, CheckType checkType);
|
boolean authorize(Subject subject, Set<Role> roles, CheckType checkType, String address);
|
||||||
}
|
}
|
||||||
|
|
|
@ -92,7 +92,7 @@ public class JAASSecurityManagerTest {
|
||||||
Role role = new Role("programmers", true, true, true, true, true, true, true, true, true, true);
|
Role role = new Role("programmers", true, true, true, true, true, true, true, true, true, true);
|
||||||
Set<Role> roles = new HashSet<>();
|
Set<Role> roles = new HashSet<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
boolean authorizationResult = securityManager.authorize(result, roles, CheckType.SEND);
|
boolean authorizationResult = securityManager.authorize(result, roles, CheckType.SEND, "someaddress");
|
||||||
|
|
||||||
assertTrue(authorizationResult);
|
assertTrue(authorizationResult);
|
||||||
|
|
||||||
|
|
|
@ -33,16 +33,17 @@ public class JAASSecurityManagerWrapper implements ActiveMQSecurityManager5 {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Subject authenticate(String user, String password, RemotingConnection remotingConnection, String securityDomain) {
|
public Subject authenticate(String user, String password, RemotingConnection remotingConnection, String securityDomain) {
|
||||||
System.out.println("authenticate(" + user + ", " + password + ", " + remotingConnection.getRemoteAddress() + ")");
|
System.out.println("authenticate(" + user + ", " + password + ", " + remotingConnection.getRemoteAddress() + ", " + securityDomain + ")");
|
||||||
return activeMQJAASSecurityManager.authenticate(user, password, remotingConnection, securityDomain);
|
return activeMQJAASSecurityManager.authenticate(user, password, remotingConnection, securityDomain);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean authorize(Subject subject,
|
public boolean authorize(Subject subject,
|
||||||
Set<Role> roles,
|
Set<Role> roles,
|
||||||
CheckType checkType) {
|
CheckType checkType,
|
||||||
System.out.println("authorize(" + subject + ", " + roles + ", " + checkType + ")");
|
String address) {
|
||||||
return activeMQJAASSecurityManager.authorize(subject, roles, checkType);
|
System.out.println("authorize(" + subject + ", " + roles + ", " + checkType + ", " + address + ")");
|
||||||
|
return activeMQJAASSecurityManager.authorize(subject, roles, checkType, address);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
Loading…
Reference in New Issue