ARTEMIS-1310 - ensure chosen sasl mechanism is from the advertised list
This commit is contained in:
gtully
Justin Bertram
parent
04a585ff85
commit
da1e0043ae
|
|
@ -40,8 +40,8 @@ import org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPExceptio
|
|||
import org.apache.activemq.artemis.protocol.amqp.logger.ActiveMQAMQPProtocolMessageBundle;
|
||||
import org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext;
|
||||
import org.apache.activemq.artemis.protocol.amqp.proton.AmqpSupport;
|
||||
import org.apache.activemq.artemis.protocol.amqp.proton.transaction.ProtonTransactionImpl;
|
||||
import org.apache.activemq.artemis.protocol.amqp.proton.handler.ExtCapability;
|
||||
import org.apache.activemq.artemis.protocol.amqp.proton.transaction.ProtonTransactionImpl;
|
||||
import org.apache.activemq.artemis.protocol.amqp.sasl.AnonymousServerSASL;
|
||||
import org.apache.activemq.artemis.protocol.amqp.sasl.GSSAPIServerSASL;
|
||||
import org.apache.activemq.artemis.protocol.amqp.sasl.PlainSASL;
|
||||
|
|
@ -96,27 +96,42 @@ public class AMQPConnectionCallback implements FailureListener, CloseListener {
|
|||
|
||||
public ServerSASL getServerSASL(final String mechanism) {
|
||||
ServerSASL result = null;
|
||||
switch (mechanism) {
|
||||
case PlainSASL.NAME:
|
||||
result = new PlainSASL(server.getSecurityStore());
|
||||
break;
|
||||
if (isPermittedMechanism(mechanism)) {
|
||||
switch (mechanism) {
|
||||
case PlainSASL.NAME:
|
||||
result = new PlainSASL(server.getSecurityStore());
|
||||
break;
|
||||
|
||||
case AnonymousServerSASL.NAME:
|
||||
result = new AnonymousServerSASL();
|
||||
break;
|
||||
case AnonymousServerSASL.NAME:
|
||||
result = new AnonymousServerSASL();
|
||||
break;
|
||||
|
||||
case GSSAPIServerSASL.NAME:
|
||||
GSSAPIServerSASL gssapiServerSASL = new GSSAPIServerSASL();
|
||||
gssapiServerSASL.setLoginConfigScope(manager.getSaslLoginConfigScope());
|
||||
result = gssapiServerSASL;
|
||||
break;
|
||||
case GSSAPIServerSASL.NAME:
|
||||
GSSAPIServerSASL gssapiServerSASL = new GSSAPIServerSASL();
|
||||
gssapiServerSASL.setLoginConfigScope(manager.getSaslLoginConfigScope());
|
||||
result = gssapiServerSASL;
|
||||
break;
|
||||
|
||||
default:
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
private boolean isPermittedMechanism(String mechanism) {
|
||||
if (saslMechanisms == null || saslMechanisms.length == 0) {
|
||||
return AnonymousServerSASL.NAME.equals(mechanism);
|
||||
} else {
|
||||
for (String candidate : saslMechanisms) {
|
||||
if (candidate.equals(mechanism)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public boolean isSupportsAnonymous() {
|
||||
boolean supportsAnonymous = false;
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,50 @@
|
|||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.activemq.artemis.protocol.amqp.broker;
|
||||
|
||||
import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl;
|
||||
import org.apache.activemq.artemis.protocol.amqp.sasl.AnonymousServerSASL;
|
||||
import org.apache.activemq.artemis.protocol.amqp.sasl.GSSAPIServerSASL;
|
||||
import org.apache.activemq.artemis.protocol.amqp.sasl.PlainSASL;
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
|
||||
public class AMQPConnectionCallbackTest {
|
||||
|
||||
@Test
|
||||
public void getServerSASLOnlyAllowedMechs() throws Exception {
|
||||
ProtonProtocolManager protonProtocolManager = new ProtonProtocolManager(new ProtonProtocolManagerFactory(), null, null, null);
|
||||
protonProtocolManager.setSaslMechanisms(new String[]{PlainSASL.NAME});
|
||||
AMQPConnectionCallback connectionCallback = new AMQPConnectionCallback(protonProtocolManager, null, null, new ActiveMQServerImpl());
|
||||
assertEquals(1, connectionCallback.getSaslMechanisms().length);
|
||||
for (String mech: connectionCallback.getSaslMechanisms()) {
|
||||
assertNotNull(connectionCallback.getServerSASL(mech));
|
||||
}
|
||||
assertNull("can't get mechanism not in the list", connectionCallback.getServerSASL(GSSAPIServerSASL.NAME));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getServerSASLAnonDefault() throws Exception {
|
||||
ProtonProtocolManager protonProtocolManager = new ProtonProtocolManager(new ProtonProtocolManagerFactory(), null, null, null);
|
||||
protonProtocolManager.setSaslMechanisms(new String[]{});
|
||||
AMQPConnectionCallback connectionCallback = new AMQPConnectionCallback(protonProtocolManager, null, null, new ActiveMQServerImpl());
|
||||
assertNotNull("can get anon with empty list", connectionCallback.getServerSASL(AnonymousServerSASL.NAME));
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue