This commit is contained in:
Clebert Suconic 2018-03-08 12:09:41 -05:00
commit d30c463a71
2 changed files with 44 additions and 2 deletions

View File

@ -20,6 +20,7 @@ import javax.management.ObjectName;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@ -105,7 +106,9 @@ public class JMXAccessControlList {
domainAccess.put(id, access);
}
if (method.endsWith("*")) {
if (method.equals("*")) {
access.addCatchAll(roles);
} else if (method.endsWith("*")) {
String prefix = method.replace("*", "");
access.addMethodsPrefixes(prefix, roles);
} else {
@ -130,7 +133,7 @@ public class JMXAccessControlList {
private final String domain;
List<String> catchAllRoles = new ArrayList<>();
Map<String, List<String>> methodRoles = new HashMap<>();
Map<String, List<String>> methodPrefixRoles = new HashMap<>();
Map<String, List<String>> methodPrefixRoles = new LinkedHashMap<>();
Access(String domain) {
this.domain = domain;

View File

@ -150,4 +150,43 @@ public class JMXAccessControlListTest {
List<String> roles = controlList.getRolesForObject(new ObjectName("org.myDomain.foo:*"), "setSomethingMore");
Assert.assertArrayEquals(roles.toArray(), new String[]{"admin"});
}
@Test
public void testKeylessDomain() throws MalformedObjectNameException {
JMXAccessControlList controlList = new JMXAccessControlList();
controlList.addToRoleAccess("org.myDomain.foo", null,"list*", "amq","monitor");
controlList.addToRoleAccess("org.myDomain.foo", null,"get*", "amq","monitor");
controlList.addToRoleAccess("org.myDomain.foo", null,"is*", "amq","monitor");
controlList.addToRoleAccess("org.myDomain.foo", null,"set*", "amq");
controlList.addToRoleAccess("org.myDomain.foo", null,"*", "amq");
List<String> roles = controlList.getRolesForObject(new ObjectName("org.myDomain.foo:foo=bar"), "listFoo");
Assert.assertNotNull(roles);
Assert.assertEquals(roles.size(), 2);
Assert.assertEquals(roles.get(0), "amq");
Assert.assertEquals(roles.get(1), "monitor");
roles = controlList.getRolesForObject(new ObjectName("org.myDomain.foo:foo=bar"), "getFoo");
Assert.assertNotNull(roles);
Assert.assertEquals(roles.size(), 2);
Assert.assertEquals(roles.get(0), "amq");
Assert.assertEquals(roles.get(1), "monitor");
roles = controlList.getRolesForObject(new ObjectName("org.myDomain.foo:foo=bar"), "isFoo");
Assert.assertNotNull(roles);
Assert.assertEquals(roles.size(), 2);
Assert.assertEquals(roles.get(0), "amq");
Assert.assertEquals(roles.get(1), "monitor");
roles = controlList.getRolesForObject(new ObjectName("org.myDomain.foo:foo=bar"), "setFoo");
Assert.assertNotNull(roles);
Assert.assertEquals(roles.size(), 1);
Assert.assertEquals(roles.get(0), "amq");
roles = controlList.getRolesForObject(new ObjectName("org.myDomain.foo:foo=bar"), "createFoo");
Assert.assertNotNull(roles);
Assert.assertEquals(roles.size(), 1);
Assert.assertEquals(roles.get(0), "amq");
}
}