ARTEMIS-628 add BROWSE role
This commit is contained in:
jbertram
parent
08ab1f7082
commit
e9db9c286d
|
|
@ -65,6 +65,7 @@ ${cluster-security.settings}${cluster.settings}${replicated.settings}${shared-st
|
|||
<permission type="createDurableQueue" roles="${role}"/>
|
||||
<permission type="deleteDurableQueue" roles="${role}"/>
|
||||
<permission type="consume" roles="${role}"/>
|
||||
<permission type="browse" roles="${role}"/>
|
||||
<permission type="send" roles="${role}"/>
|
||||
<!-- we need this otherwise ./artemis data imp wouldn't work -->
|
||||
<permission type="manage" roles="${role}"/>
|
||||
|
|
|
|||
|
|
@ -624,6 +624,17 @@ public interface ActiveMQServerControl {
|
|||
@Parameter(desc = "a comma-separated list of roles allowed to delete non durable queues", name = "deleteNonDurableQueueRoles") String deleteNonDurableQueueRoles,
|
||||
@Parameter(desc = "a comma-separated list of roles allowed to send management messages messages", name = "manage") String manageRoles) throws Exception;
|
||||
|
||||
@Operation(desc = "Add security settings for addresses matching the addressMatch", impact = MBeanOperationInfo.ACTION)
|
||||
void addSecuritySettings(@Parameter(desc = "an address match", name = "addressMatch") String addressMatch,
|
||||
@Parameter(desc = "a comma-separated list of roles allowed to send messages", name = "send") String sendRoles,
|
||||
@Parameter(desc = "a comma-separated list of roles allowed to consume messages", name = "consume") String consumeRoles,
|
||||
@Parameter(desc = "a comma-separated list of roles allowed to create durable queues", name = "createDurableQueueRoles") String createDurableQueueRoles,
|
||||
@Parameter(desc = "a comma-separated list of roles allowed to delete durable queues", name = "deleteDurableQueueRoles") String deleteDurableQueueRoles,
|
||||
@Parameter(desc = "a comma-separated list of roles allowed to create non durable queues", name = "createNonDurableQueueRoles") String createNonDurableQueueRoles,
|
||||
@Parameter(desc = "a comma-separated list of roles allowed to delete non durable queues", name = "deleteNonDurableQueueRoles") String deleteNonDurableQueueRoles,
|
||||
@Parameter(desc = "a comma-separated list of roles allowed to send management messages messages", name = "manage") String manageRoles,
|
||||
@Parameter(desc = "a comma-separated list of roles allowed to browse queues", name = "browse") String browseRoles) throws Exception;
|
||||
|
||||
@Operation(desc = "Remove security settings for an address", impact = MBeanOperationInfo.ACTION)
|
||||
void removeSecuritySettings(@Parameter(desc = "an address match", name = "addressMatch") String addressMatch) throws Exception;
|
||||
|
||||
|
|
|
|||
|
|
@ -41,6 +41,8 @@ public final class RoleInfo {
|
|||
|
||||
private final boolean manage;
|
||||
|
||||
private final boolean browse;
|
||||
|
||||
/**
|
||||
* Returns an array of RoleInfo corresponding to the JSON serialization returned
|
||||
* by {@link AddressControl#getRolesAsJSON()}.
|
||||
|
|
@ -50,7 +52,7 @@ public final class RoleInfo {
|
|||
RoleInfo[] roles = new RoleInfo[array.length()];
|
||||
for (int i = 0; i < array.length(); i++) {
|
||||
JSONObject r = array.getJSONObject(i);
|
||||
RoleInfo role = new RoleInfo(r.getString("name"), r.getBoolean("send"), r.getBoolean("consume"), r.getBoolean("createDurableQueue"), r.getBoolean("deleteDurableQueue"), r.getBoolean("createNonDurableQueue"), r.getBoolean("deleteNonDurableQueue"), r.getBoolean("manage"));
|
||||
RoleInfo role = new RoleInfo(r.getString("name"), r.getBoolean("send"), r.getBoolean("consume"), r.getBoolean("createDurableQueue"), r.getBoolean("deleteDurableQueue"), r.getBoolean("createNonDurableQueue"), r.getBoolean("deleteNonDurableQueue"), r.getBoolean("manage"), r.getBoolean("browse"));
|
||||
roles[i] = role;
|
||||
}
|
||||
return roles;
|
||||
|
|
@ -63,7 +65,8 @@ public final class RoleInfo {
|
|||
final boolean deleteDurableQueue,
|
||||
final boolean createNonDurableQueue,
|
||||
final boolean deleteNonDurableQueue,
|
||||
final boolean manage) {
|
||||
final boolean manage,
|
||||
final boolean browse) {
|
||||
this.name = name;
|
||||
this.send = send;
|
||||
this.consume = consume;
|
||||
|
|
@ -72,6 +75,7 @@ public final class RoleInfo {
|
|||
this.createNonDurableQueue = createNonDurableQueue;
|
||||
this.deleteNonDurableQueue = deleteNonDurableQueue;
|
||||
this.manage = manage;
|
||||
this.browse = browse;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -129,4 +133,11 @@ public final class RoleInfo {
|
|||
public boolean isManage() {
|
||||
return manage;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether this role can browse queues bound to the address.
|
||||
*/
|
||||
public boolean isBrowse() {
|
||||
return browse;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -41,6 +41,8 @@ public class Role implements Serializable {
|
|||
|
||||
private final boolean manage;
|
||||
|
||||
private final boolean browse;
|
||||
|
||||
public Role(final String name,
|
||||
final boolean send,
|
||||
final boolean consume,
|
||||
|
|
@ -48,7 +50,8 @@ public class Role implements Serializable {
|
|||
final boolean deleteDurableQueue,
|
||||
final boolean createNonDurableQueue,
|
||||
final boolean deleteNonDurableQueue,
|
||||
final boolean manage) {
|
||||
final boolean manage,
|
||||
final boolean browse) {
|
||||
if (name == null) {
|
||||
throw new NullPointerException("name is null");
|
||||
}
|
||||
|
|
@ -60,6 +63,7 @@ public class Role implements Serializable {
|
|||
this.createNonDurableQueue = createNonDurableQueue;
|
||||
this.deleteNonDurableQueue = deleteNonDurableQueue;
|
||||
this.manage = manage;
|
||||
this.browse = browse;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
|
|
@ -112,6 +116,12 @@ public class Role implements Serializable {
|
|||
if (deleteNonDurableQueue) {
|
||||
stringReturn.append(" deleteNonDurableQueue ");
|
||||
}
|
||||
if (manage) {
|
||||
stringReturn.append(" manage ");
|
||||
}
|
||||
if (browse) {
|
||||
stringReturn.append(" browse ");
|
||||
}
|
||||
|
||||
stringReturn.append("]}");
|
||||
|
||||
|
|
@ -147,6 +157,12 @@ public class Role implements Serializable {
|
|||
if (send != role.send) {
|
||||
return false;
|
||||
}
|
||||
if (manage != role.manage) {
|
||||
return false;
|
||||
}
|
||||
if (browse != role.browse) {
|
||||
return false;
|
||||
}
|
||||
if (!name.equals(role.name)) {
|
||||
return false;
|
||||
}
|
||||
|
|
@ -164,10 +180,16 @@ public class Role implements Serializable {
|
|||
result = 31 * result + (deleteDurableQueue ? 1 : 0);
|
||||
result = 31 * result + (createNonDurableQueue ? 1 : 0);
|
||||
result = 31 * result + (deleteNonDurableQueue ? 1 : 0);
|
||||
result = 31 * result + (manage ? 1 : 0);
|
||||
result = 31 * result + (browse ? 1 : 0);
|
||||
return result;
|
||||
}
|
||||
|
||||
public boolean isManage() {
|
||||
return manage;
|
||||
}
|
||||
|
||||
public boolean isBrowse() {
|
||||
return browse;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,7 +31,8 @@ public class SecurityFormatter {
|
|||
String deleteDurableQueueRoles,
|
||||
String createNonDurableQueueRoles,
|
||||
String deleteNonDurableQueueRoles,
|
||||
String manageRoles) {
|
||||
String manageRoles,
|
||||
String browseRoles) {
|
||||
List<String> createDurableQueue = toList(createDurableQueueRoles);
|
||||
List<String> deleteDurableQueue = toList(deleteDurableQueueRoles);
|
||||
List<String> createNonDurableQueue = toList(createNonDurableQueueRoles);
|
||||
|
|
@ -39,6 +40,7 @@ public class SecurityFormatter {
|
|||
List<String> send = toList(sendRoles);
|
||||
List<String> consume = toList(consumeRoles);
|
||||
List<String> manage = toList(manageRoles);
|
||||
List<String> browse = toList(browseRoles);
|
||||
|
||||
Set<String> allRoles = new HashSet<>();
|
||||
allRoles.addAll(createDurableQueue);
|
||||
|
|
@ -48,10 +50,11 @@ public class SecurityFormatter {
|
|||
allRoles.addAll(send);
|
||||
allRoles.addAll(consume);
|
||||
allRoles.addAll(manage);
|
||||
allRoles.addAll(browse);
|
||||
|
||||
Set<Role> roles = new HashSet<>(allRoles.size());
|
||||
for (String role : allRoles) {
|
||||
roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role)));
|
||||
roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browse.contains(role)));
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -121,6 +121,8 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
|
|||
|
||||
private static final String MANAGE_NAME = "manage";
|
||||
|
||||
private static final String BROWSE_NAME = "browse";
|
||||
|
||||
// Address parsing
|
||||
|
||||
private static final String DEAD_LETTER_ADDRESS_NODE_NAME = "dead-letter-address";
|
||||
|
|
@ -633,6 +635,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
|
|||
ArrayList<String> createNonDurableQueue = new ArrayList<>();
|
||||
ArrayList<String> deleteNonDurableQueue = new ArrayList<>();
|
||||
ArrayList<String> manageRoles = new ArrayList<>();
|
||||
ArrayList<String> browseRoles = new ArrayList<>();
|
||||
ArrayList<String> allRoles = new ArrayList<>();
|
||||
NodeList children = node.getChildNodes();
|
||||
for (int i = 0; i < children.getLength(); i++) {
|
||||
|
|
@ -670,6 +673,9 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
|
|||
else if (MANAGE_NAME.equals(type)) {
|
||||
manageRoles.add(role.trim());
|
||||
}
|
||||
else if (BROWSE_NAME.equals(type)) {
|
||||
browseRoles.add(role.trim());
|
||||
}
|
||||
else {
|
||||
ActiveMQServerLogger.LOGGER.rolePermissionConfigurationError(type);
|
||||
}
|
||||
|
|
@ -682,7 +688,7 @@ public final class FileConfigurationParser extends XMLConfigurationUtil {
|
|||
}
|
||||
|
||||
for (String role : allRoles) {
|
||||
securityRoles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role)));
|
||||
securityRoles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browseRoles.contains(role)));
|
||||
}
|
||||
|
||||
return securityMatch;
|
||||
|
|
|
|||
|
|
@ -1415,15 +1415,28 @@ public class ActiveMQServerControlImpl extends AbstractControl implements Active
|
|||
final String createNonDurableQueueRoles,
|
||||
final String deleteNonDurableQueueRoles,
|
||||
final String manageRoles) throws Exception {
|
||||
addSecuritySettings(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, "");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addSecuritySettings(final String addressMatch,
|
||||
final String sendRoles,
|
||||
final String consumeRoles,
|
||||
final String createDurableQueueRoles,
|
||||
final String deleteDurableQueueRoles,
|
||||
final String createNonDurableQueueRoles,
|
||||
final String deleteNonDurableQueueRoles,
|
||||
final String manageRoles,
|
||||
final String browseRoles) throws Exception {
|
||||
checkStarted();
|
||||
|
||||
clearIO();
|
||||
try {
|
||||
Set<Role> roles = SecurityFormatter.createSecurity(sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles);
|
||||
Set<Role> roles = SecurityFormatter.createSecurity(sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles);
|
||||
|
||||
server.getSecurityRepository().addMatch(addressMatch, roles);
|
||||
|
||||
PersistedRoles persistedRoles = new PersistedRoles(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles);
|
||||
PersistedRoles persistedRoles = new PersistedRoles(addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles);
|
||||
|
||||
storageManager.storeSecurityRoles(persistedRoles);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,6 +44,8 @@ public class PersistedRoles implements EncodingSupport {
|
|||
|
||||
private SimpleString manageRoles;
|
||||
|
||||
private SimpleString browseRoles;
|
||||
|
||||
// Static --------------------------------------------------------
|
||||
|
||||
// Constructors --------------------------------------------------
|
||||
|
|
@ -60,6 +62,7 @@ public class PersistedRoles implements EncodingSupport {
|
|||
* @param createNonDurableQueueRoles
|
||||
* @param deleteNonDurableQueueRoles
|
||||
* @param manageRoles
|
||||
* @param browseRoles
|
||||
*/
|
||||
public PersistedRoles(final String addressMatch,
|
||||
final String sendRoles,
|
||||
|
|
@ -68,7 +71,8 @@ public class PersistedRoles implements EncodingSupport {
|
|||
final String deleteDurableQueueRoles,
|
||||
final String createNonDurableQueueRoles,
|
||||
final String deleteNonDurableQueueRoles,
|
||||
final String manageRoles) {
|
||||
final String manageRoles,
|
||||
final String browseRoles) {
|
||||
super();
|
||||
this.addressMatch = SimpleString.toSimpleString(addressMatch);
|
||||
this.sendRoles = SimpleString.toSimpleString(sendRoles);
|
||||
|
|
@ -78,6 +82,7 @@ public class PersistedRoles implements EncodingSupport {
|
|||
this.createNonDurableQueueRoles = SimpleString.toSimpleString(createNonDurableQueueRoles);
|
||||
this.deleteNonDurableQueueRoles = SimpleString.toSimpleString(deleteNonDurableQueueRoles);
|
||||
this.manageRoles = SimpleString.toSimpleString(manageRoles);
|
||||
this.browseRoles = SimpleString.toSimpleString(browseRoles);
|
||||
}
|
||||
|
||||
// Public --------------------------------------------------------
|
||||
|
|
@ -146,6 +151,13 @@ public class PersistedRoles implements EncodingSupport {
|
|||
return manageRoles.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the browseRoles
|
||||
*/
|
||||
public String getBrowseRoles() {
|
||||
return browseRoles.toString();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void encode(final ActiveMQBuffer buffer) {
|
||||
buffer.writeSimpleString(addressMatch);
|
||||
|
|
@ -156,6 +168,7 @@ public class PersistedRoles implements EncodingSupport {
|
|||
buffer.writeNullableSimpleString(createNonDurableQueueRoles);
|
||||
buffer.writeNullableSimpleString(deleteNonDurableQueueRoles);
|
||||
buffer.writeNullableSimpleString(manageRoles);
|
||||
buffer.writeNullableSimpleString(browseRoles);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -166,7 +179,8 @@ public class PersistedRoles implements EncodingSupport {
|
|||
SimpleString.sizeofNullableString(deleteDurableQueueRoles) +
|
||||
SimpleString.sizeofNullableString(createNonDurableQueueRoles) +
|
||||
SimpleString.sizeofNullableString(deleteNonDurableQueueRoles) +
|
||||
SimpleString.sizeofNullableString(manageRoles);
|
||||
SimpleString.sizeofNullableString(manageRoles) +
|
||||
SimpleString.sizeofNullableString(browseRoles);
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -180,6 +194,7 @@ public class PersistedRoles implements EncodingSupport {
|
|||
createNonDurableQueueRoles = buffer.readNullableSimpleString();
|
||||
deleteNonDurableQueueRoles = buffer.readNullableSimpleString();
|
||||
manageRoles = buffer.readNullableSimpleString();
|
||||
browseRoles = buffer.readNullableSimpleString();
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
|
|
@ -196,6 +211,7 @@ public class PersistedRoles implements EncodingSupport {
|
|||
result = prime * result + ((deleteDurableQueueRoles == null) ? 0 : deleteDurableQueueRoles.hashCode());
|
||||
result = prime * result + ((deleteNonDurableQueueRoles == null) ? 0 : deleteNonDurableQueueRoles.hashCode());
|
||||
result = prime * result + ((manageRoles == null) ? 0 : manageRoles.hashCode());
|
||||
result = prime * result + ((browseRoles == null) ? 0 : browseRoles.hashCode());
|
||||
result = prime * result + ((sendRoles == null) ? 0 : sendRoles.hashCode());
|
||||
result = prime * result + (int) (storeId ^ (storeId >>> 32));
|
||||
return result;
|
||||
|
|
@ -255,6 +271,12 @@ public class PersistedRoles implements EncodingSupport {
|
|||
}
|
||||
else if (!manageRoles.equals(other.manageRoles))
|
||||
return false;
|
||||
if (browseRoles == null) {
|
||||
if (other.browseRoles != null)
|
||||
return false;
|
||||
}
|
||||
else if (!browseRoles.equals(other.browseRoles))
|
||||
return false;
|
||||
if (sendRoles == null) {
|
||||
if (other.sendRoles != null)
|
||||
return false;
|
||||
|
|
@ -288,6 +310,8 @@ public class PersistedRoles implements EncodingSupport {
|
|||
deleteNonDurableQueueRoles +
|
||||
", manageRoles=" +
|
||||
manageRoles +
|
||||
", browseRoles=" +
|
||||
browseRoles +
|
||||
"]";
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -58,6 +58,12 @@ public enum CheckType {
|
|||
public boolean hasRole(final Role role) {
|
||||
return role.isManage();
|
||||
}
|
||||
},
|
||||
BROWSE {
|
||||
@Override
|
||||
public boolean hasRole(final Role role) {
|
||||
return role.isBrowse();
|
||||
}
|
||||
};
|
||||
|
||||
public abstract boolean hasRole(final Role role);
|
||||
|
|
|
|||
|
|
@ -2116,7 +2116,7 @@ public class ActiveMQServerImpl implements ActiveMQServer {
|
|||
List<PersistedRoles> roles = storageManager.recoverPersistedRoles();
|
||||
|
||||
for (PersistedRoles roleItem : roles) {
|
||||
Set<Role> setRoles = SecurityFormatter.createSecurity(roleItem.getSendRoles(), roleItem.getConsumeRoles(), roleItem.getCreateDurableQueueRoles(), roleItem.getDeleteDurableQueueRoles(), roleItem.getCreateNonDurableQueueRoles(), roleItem.getDeleteNonDurableQueueRoles(), roleItem.getManageRoles());
|
||||
Set<Role> setRoles = SecurityFormatter.createSecurity(roleItem.getSendRoles(), roleItem.getConsumeRoles(), roleItem.getCreateDurableQueueRoles(), roleItem.getDeleteDurableQueueRoles(), roleItem.getCreateNonDurableQueueRoles(), roleItem.getDeleteNonDurableQueueRoles(), roleItem.getManageRoles(), roleItem.getBrowseRoles());
|
||||
|
||||
securityRepository.addMatch(roleItem.getAddressMatch().toString(), setRoles);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -379,7 +379,8 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
|
|||
permissionType.equalsIgnoreCase(adminPermissionValue),
|
||||
permissionType.equalsIgnoreCase(adminPermissionValue),
|
||||
permissionType.equalsIgnoreCase(adminPermissionValue),
|
||||
false); // there is no permission from ActiveMQ 5.x that corresponds to the "manage" permission in ActiveMQ Artemis
|
||||
false, // there is no permission from ActiveMQ 5.x that corresponds to the "manage" permission in ActiveMQ Artemis
|
||||
permissionType.equalsIgnoreCase(readPermissionValue)); // the "browse" permission matches "read" from ActiveMQ 5.x
|
||||
roles.add(role);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -416,7 +416,12 @@ public class ServerSessionImpl implements ServerSession, FailureListener {
|
|||
throw ActiveMQMessageBundle.BUNDLE.noSuchQueue(queueName);
|
||||
}
|
||||
|
||||
securityCheck(binding.getAddress(), CheckType.CONSUME, this);
|
||||
if (browseOnly) {
|
||||
securityCheck(binding.getAddress(), CheckType.BROWSE, this);
|
||||
}
|
||||
else {
|
||||
securityCheck(binding.getAddress(), CheckType.CONSUME, this);
|
||||
}
|
||||
|
||||
Filter filter = FilterImpl.createFilter(filterString);
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,13 @@ package org.apache.activemq.artemis.core.security;
|
|||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.apache.activemq.artemis.core.security.CheckType.BROWSE;
|
||||
import static org.apache.activemq.artemis.core.security.CheckType.CONSUME;
|
||||
import static org.apache.activemq.artemis.core.security.CheckType.CREATE_DURABLE_QUEUE;
|
||||
import static org.apache.activemq.artemis.core.security.CheckType.CREATE_NON_DURABLE_QUEUE;
|
||||
import static org.apache.activemq.artemis.core.security.CheckType.DELETE_DURABLE_QUEUE;
|
||||
import static org.apache.activemq.artemis.core.security.CheckType.DELETE_NON_DURABLE_QUEUE;
|
||||
import static org.apache.activemq.artemis.core.security.CheckType.MANAGE;
|
||||
import static org.apache.activemq.artemis.core.security.CheckType.SEND;
|
||||
|
||||
public class RoleTest extends Assert {
|
||||
|
|
@ -38,46 +40,65 @@ public class RoleTest extends Assert {
|
|||
// Public --------------------------------------------------------
|
||||
|
||||
@Test
|
||||
public void testReadRole() throws Exception {
|
||||
Role role = new Role("testReadRole", true, false, false, false, false, false, false);
|
||||
public void testWriteRole() throws Exception {
|
||||
Role role = new Role("testWriteRole", true, false, false, false, false, false, false, false);
|
||||
Assert.assertTrue(SEND.hasRole(role));
|
||||
Assert.assertFalse(CONSUME.hasRole(role));
|
||||
Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(MANAGE.hasRole(role));
|
||||
Assert.assertFalse(BROWSE.hasRole(role));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWriteRole() throws Exception {
|
||||
Role role = new Role("testWriteRole", false, true, false, false, false, false, false);
|
||||
public void testReadRole() throws Exception {
|
||||
Role role = new Role("testReadRole", false, true, false, false, false, false, false, true);
|
||||
Assert.assertFalse(SEND.hasRole(role));
|
||||
Assert.assertTrue(CONSUME.hasRole(role));
|
||||
Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(MANAGE.hasRole(role));
|
||||
Assert.assertTrue(BROWSE.hasRole(role));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCreateRole() throws Exception {
|
||||
Role role = new Role("testWriteRole", false, false, true, false, false, false, false);
|
||||
Role role = new Role("testCreateRole", false, false, true, false, false, false, false, false);
|
||||
Assert.assertFalse(SEND.hasRole(role));
|
||||
Assert.assertFalse(CONSUME.hasRole(role));
|
||||
Assert.assertTrue(CREATE_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(MANAGE.hasRole(role));
|
||||
Assert.assertFalse(BROWSE.hasRole(role));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testManageRole() throws Exception {
|
||||
Role role = new Role("testManageRole", false, false, false, false, false, false, true, false);
|
||||
Assert.assertFalse(SEND.hasRole(role));
|
||||
Assert.assertFalse(CONSUME.hasRole(role));
|
||||
Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role));
|
||||
Assert.assertTrue(MANAGE.hasRole(role));
|
||||
Assert.assertFalse(BROWSE.hasRole(role));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testEqualsAndHashcode() throws Exception {
|
||||
Role role = new Role("testEquals", true, true, true, false, false, false, false);
|
||||
Role sameRole = new Role("testEquals", true, true, true, false, false, false, false);
|
||||
Role roleWithDifferentName = new Role("notEquals", true, true, true, false, false, false, false);
|
||||
Role roleWithDifferentRead = new Role("testEquals", false, true, true, false, false, false, false);
|
||||
Role roleWithDifferentWrite = new Role("testEquals", true, false, true, false, false, false, false);
|
||||
Role roleWithDifferentCreate = new Role("testEquals", true, true, false, false, false, false, false);
|
||||
Role role = new Role("testEquals", true, true, true, false, false, false, false, false);
|
||||
Role sameRole = new Role("testEquals", true, true, true, false, false, false, false, false);
|
||||
Role roleWithDifferentName = new Role("notEquals", true, true, true, false, false, false, false, false);
|
||||
Role roleWithDifferentRead = new Role("testEquals", false, true, true, false, false, false, false, false);
|
||||
Role roleWithDifferentWrite = new Role("testEquals", true, false, true, false, false, false, false, false);
|
||||
Role roleWithDifferentCreate = new Role("testEquals", true, true, false, false, false, false, false, false);
|
||||
|
||||
Assert.assertTrue(role.equals(role));
|
||||
|
||||
|
|
|
|||
|
|
@ -72,13 +72,13 @@ public class RepositoryTest extends ActiveMQTestBase {
|
|||
public void testSingletwo() {
|
||||
securityRepository.addMatch("queues.another.aq.*", new HashSet<Role>());
|
||||
HashSet<Role> roles = new HashSet<>(2);
|
||||
roles.add(new Role("test1", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("test2", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("test1", true, true, true, true, true, true, true, true));
|
||||
roles.add(new Role("test2", true, true, true, true, true, true, true, true));
|
||||
securityRepository.addMatch("queues.aq", roles);
|
||||
HashSet<Role> roles2 = new HashSet<>(2);
|
||||
roles2.add(new Role("test1", true, true, true, true, true, true, true));
|
||||
roles2.add(new Role("test2", true, true, true, true, true, true, true));
|
||||
roles2.add(new Role("test3", true, true, true, true, true, true, true));
|
||||
roles2.add(new Role("test1", true, true, true, true, true, true, true, true));
|
||||
roles2.add(new Role("test2", true, true, true, true, true, true, true, true));
|
||||
roles2.add(new Role("test3", true, true, true, true, true, true, true, true));
|
||||
securityRepository.addMatch("queues.another.andanother", roles2);
|
||||
|
||||
HashSet<Role> hashSet = securityRepository.getMatch("queues.another.andanother");
|
||||
|
|
@ -89,8 +89,8 @@ public class RepositoryTest extends ActiveMQTestBase {
|
|||
public void testWithoutWildcard() {
|
||||
securityRepository.addMatch("queues.1.*", new HashSet<Role>());
|
||||
HashSet<Role> roles = new HashSet<>(2);
|
||||
roles.add(new Role("test1", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("test2", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("test1", true, true, true, true, true, true, true, true));
|
||||
roles.add(new Role("test2", true, true, true, true, true, true, true, true));
|
||||
securityRepository.addMatch("queues.2.aq", roles);
|
||||
HashSet<Role> hashSet = securityRepository.getMatch("queues.2.aq");
|
||||
Assert.assertEquals(hashSet.size(), 2);
|
||||
|
|
|
|||
|
|
@ -53,6 +53,9 @@ match the address. Those permissions are:
|
|||
- `consume`. This permission allows the user to consume a message from
|
||||
a queue bound to matching addresses.
|
||||
|
||||
- `browse`. This permission allows the user to browse a queue bound to
|
||||
the matching address.
|
||||
|
||||
- `manage`. This permission allows the user to invoke management
|
||||
operations by sending management messages to the management address.
|
||||
|
||||
|
|
@ -225,11 +228,11 @@ may not be applied as expected to JMS destinations since Artemis always prefixes
|
|||
"jms.topic." as necessary.
|
||||
|
||||
ActiveMQ 5.x only has 3 permission types - `read`, `write`, and `admin`. These permission types are described on their
|
||||
[website](http://activemq.apache.org/security.html). However, as described previously, ActiveMQ Artemis has 6 permission
|
||||
[website](http://activemq.apache.org/security.html). However, as described previously, ActiveMQ Artemis has 7 permission
|
||||
types - `createDurableQueue`, `deleteDurableQueue`, `createNonDurableQueue`, `deleteNonDurableQueue`, `send`, `consume`,
|
||||
and `manage`. Here's how the old types are mapped to the new types:
|
||||
`browse`, and `manage`. Here's how the old types are mapped to the new types:
|
||||
|
||||
- `read` - `consume`
|
||||
- `read` - `consume`, `browse`
|
||||
- `write` - `send`
|
||||
- `admin` - `createDurableQueue`, `deleteDurableQueue`, `createNonDurableQueue`, `deleteNonDurableQueue`
|
||||
|
||||
|
|
|
|||
|
|
@ -107,7 +107,7 @@ public class AutoCreateJmsDestinationTest extends JMSTestBase {
|
|||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest");
|
||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
|
||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "rejectAll");
|
||||
Role role = new Role("rejectAll", false, false, false, false, false, false, false);
|
||||
Role role = new Role("rejectAll", false, false, false, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
server.getSecurityRepository().addMatch("#", roles);
|
||||
|
|
@ -245,7 +245,7 @@ public class AutoCreateJmsDestinationTest extends JMSTestBase {
|
|||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest");
|
||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
|
||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "allowAll");
|
||||
Role role = new Role("allowAll", true, true, true, true, true, true, true);
|
||||
Role role = new Role("allowAll", true, true, true, true, true, true, true, true);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
server.getSecurityRepository().addMatch("#", roles);
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ public class SecurityFailoverTest extends FailoverTest {
|
|||
protected ActiveMQJAASSecurityManager installSecurity(TestableServer server) {
|
||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getServer().getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("a", "b");
|
||||
Role role = new Role("arole", true, true, true, true, true, true, true);
|
||||
Role role = new Role("arole", true, true, true, true, true, true, true, true);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
server.getServer().getSecurityRepository().addMatch("#", roles);
|
||||
|
|
|
|||
|
|
@ -402,7 +402,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase {
|
|||
String exactAddress = "test.whatever";
|
||||
|
||||
assertEquals(0, serverControl.getRoles(addressMatch).length);
|
||||
serverControl.addSecuritySettings(addressMatch, "foo", "foo, bar", "foo", "bar", "foo, bar", "", "");
|
||||
serverControl.addSecuritySettings(addressMatch, "foo", "foo, bar", "foo", "bar", "foo, bar", "", "", "bar");
|
||||
|
||||
// Restart the server. Those settings should be persisted
|
||||
|
||||
|
|
@ -430,6 +430,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase {
|
|||
assertTrue(fooRole.isCreateNonDurableQueue());
|
||||
assertFalse(fooRole.isDeleteNonDurableQueue());
|
||||
assertFalse(fooRole.isManage());
|
||||
assertFalse(fooRole.isBrowse());
|
||||
|
||||
assertFalse(barRole.isSend());
|
||||
assertTrue(barRole.isConsume());
|
||||
|
|
@ -438,6 +439,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase {
|
|||
assertTrue(barRole.isCreateNonDurableQueue());
|
||||
assertFalse(barRole.isDeleteNonDurableQueue());
|
||||
assertFalse(barRole.isManage());
|
||||
assertTrue(barRole.isBrowse());
|
||||
|
||||
serverControl.removeSecuritySettings(addressMatch);
|
||||
assertEquals(0, serverControl.getRoles(exactAddress).length);
|
||||
|
|
|
|||
|
|
@ -552,6 +552,19 @@ public class ActiveMQServerControlUsingCoreTest extends ActiveMQServerControlTes
|
|||
proxy.invokeOperation("addSecuritySettings", addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addSecuritySettings(String addressMatch,
|
||||
String sendRoles,
|
||||
String consumeRoles,
|
||||
String createDurableQueueRoles,
|
||||
String deleteDurableQueueRoles,
|
||||
String createNonDurableQueueRoles,
|
||||
String deleteNonDurableQueueRoles,
|
||||
String manageRoles,
|
||||
String browseRoles) throws Exception {
|
||||
proxy.invokeOperation("addSecuritySettings", addressMatch, sendRoles, consumeRoles, createDurableQueueRoles, deleteDurableQueueRoles, createNonDurableQueueRoles, deleteNonDurableQueueRoles, manageRoles, browseRoles);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeSecuritySettings(String addressMatch) throws Exception {
|
||||
proxy.invokeOperation("removeSecuritySettings", addressMatch);
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ public class AddressControlTest extends ManagementTestBase {
|
|||
public void testGetRoles() throws Exception {
|
||||
SimpleString address = RandomUtil.randomSimpleString();
|
||||
SimpleString queue = RandomUtil.randomSimpleString();
|
||||
Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
|
||||
Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
|
||||
|
||||
session.createQueue(address, queue, true);
|
||||
|
||||
|
|
@ -148,7 +148,7 @@ public class AddressControlTest extends ManagementTestBase {
|
|||
public void testGetRolesAsJSON() throws Exception {
|
||||
SimpleString address = RandomUtil.randomSimpleString();
|
||||
SimpleString queue = RandomUtil.randomSimpleString();
|
||||
Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
|
||||
Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
|
||||
|
||||
session.createQueue(address, queue, true);
|
||||
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ public class AddressControlUsingCoreTest extends ManagementTestBase {
|
|||
public void testGetRoles() throws Exception {
|
||||
SimpleString address = RandomUtil.randomSimpleString();
|
||||
SimpleString queue = RandomUtil.randomSimpleString();
|
||||
Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
|
||||
Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean());
|
||||
|
||||
session.createQueue(address, queue, true);
|
||||
|
||||
|
|
|
|||
|
|
@ -90,10 +90,10 @@ public class SecurityManagementWithConfiguredAdminUserTest extends SecurityManag
|
|||
securityManager.getConfiguration().addRole(invalidAdminUser, "guest");
|
||||
|
||||
Set<Role> adminRole = securityRepository.getMatch(ActiveMQDefaultConfiguration.getDefaultManagementAddress().toString());
|
||||
adminRole.add(new Role("admin", true, true, true, true, true, true, true));
|
||||
adminRole.add(new Role("admin", true, true, true, true, true, true, true, true));
|
||||
securityRepository.addMatch(ActiveMQDefaultConfiguration.getDefaultManagementAddress().toString(), adminRole);
|
||||
Set<Role> guestRole = securityRepository.getMatch("*");
|
||||
guestRole.add(new Role("guest", true, true, true, true, true, true, false));
|
||||
guestRole.add(new Role("guest", true, true, true, true, true, true, false, true));
|
||||
securityRepository.addMatch("*", guestRole);
|
||||
|
||||
return server;
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ public class SecurityNotificationTest extends ActiveMQTestBase {
|
|||
SimpleString address = RandomUtil.randomSimpleString();
|
||||
|
||||
// guest can not create queue
|
||||
Role role = new Role("roleCanNotCreateQueue", true, true, false, true, false, true, true);
|
||||
Role role = new Role("roleCanNotCreateQueue", true, true, false, true, false, true, true, true);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
server.getSecurityRepository().addMatch(address.toString(), roles);
|
||||
|
|
@ -138,7 +138,7 @@ public class SecurityNotificationTest extends ActiveMQTestBase {
|
|||
securityManager.getConfiguration().addUser("guest", "guest");
|
||||
securityManager.getConfiguration().setDefaultUser("guest");
|
||||
|
||||
Role role = new Role("notif", true, true, true, true, true, true, true);
|
||||
Role role = new Role("notif", true, true, true, true, true, true, true, true);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
server.getSecurityRepository().addMatch(ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress().toString(), roles);
|
||||
|
|
|
|||
|
|
@ -77,24 +77,23 @@ public class OpenWireTestBase extends ActiveMQTestBase {
|
|||
securityManager.getConfiguration().addRole("openwireSender", "sender");
|
||||
securityManager.getConfiguration().addUser("openwireSender", "SeNdEr");
|
||||
//sender cannot receive
|
||||
Role senderRole = new Role("sender", true, false, false, false, true, true, false);
|
||||
Role senderRole = new Role("sender", true, false, false, false, true, true, false, false);
|
||||
|
||||
securityManager.getConfiguration().addRole("openwireReceiver", "receiver");
|
||||
securityManager.getConfiguration().addUser("openwireReceiver", "ReCeIvEr");
|
||||
//receiver cannot send
|
||||
Role receiverRole = new Role("receiver", false, true, false, false, true, true, false);
|
||||
Role receiverRole = new Role("receiver", false, true, false, false, true, true, false, true);
|
||||
|
||||
securityManager.getConfiguration().addRole("openwireGuest", "guest");
|
||||
securityManager.getConfiguration().addUser("openwireGuest", "GuEsT");
|
||||
|
||||
//guest cannot do anything
|
||||
Role guestRole = new Role("guest", false, false, false, false, false, false, false);
|
||||
Role guestRole = new Role("guest", false, false, false, false, false, false, false, false);
|
||||
|
||||
securityManager.getConfiguration().addRole("openwireDestinationManager", "manager");
|
||||
securityManager.getConfiguration().addUser("openwireDestinationManager", "DeStInAtIoN");
|
||||
|
||||
//guest cannot do anything
|
||||
Role destRole = new Role("manager", false, false, false, false, true, true, false);
|
||||
Role destRole = new Role("manager", false, false, false, false, true, true, false, false);
|
||||
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(senderRole);
|
||||
|
|
|
|||
|
|
@ -52,9 +52,9 @@ public class RolesConfigurationStorageTest extends StorageManagerTestBase {
|
|||
public void testStoreSecuritySettings() throws Exception {
|
||||
createStorage();
|
||||
|
||||
addSetting(new PersistedRoles("a#", "a1", "a1", "a1", "a1", "a1", "a1", "a1"));
|
||||
addSetting(new PersistedRoles("a#", "a1", "a1", "a1", "a1", "a1", "a1", "a1", "a1"));
|
||||
|
||||
addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1"));
|
||||
addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1"));
|
||||
|
||||
journal.stop();
|
||||
|
||||
|
|
@ -64,9 +64,9 @@ public class RolesConfigurationStorageTest extends StorageManagerTestBase {
|
|||
|
||||
checkSettings();
|
||||
|
||||
addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1"));
|
||||
addSetting(new PersistedRoles("a2", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1"));
|
||||
|
||||
addSetting(new PersistedRoles("a3", "a1", null, "a1", "a1", "a1", "a1", "a1"));
|
||||
addSetting(new PersistedRoles("a3", "a1", null, "a1", "a1", "a1", "a1", "a1", "a1"));
|
||||
|
||||
checkSettings();
|
||||
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ public class ActiveMQMessageHandlerSecurityTest extends ActiveMQRATestBase {
|
|||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("testuser", "testpassword");
|
||||
securityManager.getConfiguration().addRole("testuser", "arole");
|
||||
Role role = new Role("arole", false, true, false, false, false, false, false);
|
||||
Role role = new Role("arole", false, true, false, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ public class JMSContextTest extends ActiveMQRATestBase {
|
|||
securityManager.getConfiguration().setDefaultUser("guest");
|
||||
securityManager.getConfiguration().addRole("testuser", "arole");
|
||||
securityManager.getConfiguration().addRole("guest", "arole");
|
||||
Role role = new Role("arole", true, true, true, true, true, true, true);
|
||||
Role role = new Role("arole", true, true, true, true, true, true, true, true);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ public class OutgoingConnectionTest extends ActiveMQRATestBase {
|
|||
securityManager.getConfiguration().setDefaultUser("guest");
|
||||
securityManager.getConfiguration().addRole("testuser", "arole");
|
||||
securityManager.getConfiguration().addRole("guest", "arole");
|
||||
Role role = new Role("arole", true, true, true, true, true, true, true);
|
||||
Role role = new Role("arole", true, true, true, true, true, true, true, true);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ public class OutgoingConnectionTestJTA extends ActiveMQRATestBase {
|
|||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest");
|
||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("testuser", "arole");
|
||||
((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "arole");
|
||||
Role role = new Role("arole", true, true, true, true, true, true, true);
|
||||
Role role = new Role("arole", true, true, true, true, true, true, true, true);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
|
||||
|
|
|
|||
|
|
@ -183,7 +183,7 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
|
|||
final SimpleString NON_DURABLE_QUEUE = new SimpleString("nonDurableQueue");
|
||||
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(new Role("programmers", false, false, false, false, false, false, false));
|
||||
roles.add(new Role("programmers", false, false, false, false, false, false, false, false));
|
||||
server.getConfiguration().putSecurityRoles("#", roles);
|
||||
server.start();
|
||||
server.createQueue(ADDRESS, DURABLE_QUEUE, null, true, false);
|
||||
|
|
@ -257,6 +257,15 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
|
|||
// ignore
|
||||
}
|
||||
|
||||
// BROWSE
|
||||
try {
|
||||
ClientConsumer browser = session.createConsumer(DURABLE_QUEUE, true);
|
||||
Assert.fail("should throw exception here");
|
||||
}
|
||||
catch (ActiveMQException e) {
|
||||
// ignore
|
||||
}
|
||||
|
||||
session.close();
|
||||
cf.close();
|
||||
}
|
||||
|
|
@ -268,7 +277,7 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
|
|||
final SimpleString NON_DURABLE_QUEUE = new SimpleString("nonDurableQueue");
|
||||
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(new Role("admins", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("admins", true, true, true, true, true, true, true, true));
|
||||
server.getConfiguration().putSecurityRoles("#", roles);
|
||||
server.start();
|
||||
|
||||
|
|
@ -337,6 +346,14 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
|
|||
Assert.fail("should not throw exception here");
|
||||
}
|
||||
|
||||
// CONSUME
|
||||
try {
|
||||
session.createConsumer(DURABLE_QUEUE, true);
|
||||
}
|
||||
catch (ActiveMQException e) {
|
||||
Assert.fail("should not throw exception here");
|
||||
}
|
||||
|
||||
session.close();
|
||||
cf.close();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -229,7 +229,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
|
||||
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(new Role("programmers", false, false, false, false, false, false, false));
|
||||
roles.add(new Role("programmers", false, false, false, false, false, false, false, false));
|
||||
server.getConfiguration().putSecurityRoles("#", roles);
|
||||
server.start();
|
||||
server.createQueue(ADDRESS, DURABLE_QUEUE, null, true, false);
|
||||
|
|
@ -302,6 +302,15 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
catch (ActiveMQException e) {
|
||||
// ignore
|
||||
}
|
||||
|
||||
// BROWSE
|
||||
try {
|
||||
ClientConsumer browser = session.createConsumer(DURABLE_QUEUE, true);
|
||||
Assert.fail("should throw exception here");
|
||||
}
|
||||
catch (ActiveMQException e) {
|
||||
// ignore
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -324,7 +333,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
|
||||
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(new Role("programmers", false, false, false, false, false, false, false));
|
||||
roles.add(new Role("programmers", false, false, false, false, false, false, false, false));
|
||||
server.getConfiguration().putSecurityRoles("#", roles);
|
||||
|
||||
server.start();
|
||||
|
|
@ -407,6 +416,15 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
catch (ActiveMQException e) {
|
||||
// ignore
|
||||
}
|
||||
|
||||
// BROWSE
|
||||
try {
|
||||
ClientConsumer browser = session.createConsumer(DURABLE_QUEUE, true);
|
||||
Assert.fail("should throw exception here");
|
||||
}
|
||||
catch (ActiveMQException e) {
|
||||
// ignore
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -418,7 +436,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
|
||||
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(new Role("programmers", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("programmers", true, true, true, true, true, true, true, true));
|
||||
server.getConfiguration().putSecurityRoles("#", roles);
|
||||
server.start();
|
||||
|
||||
|
|
@ -484,6 +502,14 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
catch (ActiveMQException e) {
|
||||
Assert.fail("should not throw exception here");
|
||||
}
|
||||
|
||||
// BROWSE
|
||||
try {
|
||||
session.createConsumer(DURABLE_QUEUE, true);
|
||||
}
|
||||
catch (ActiveMQException e) {
|
||||
Assert.fail("should not throw exception here");
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -506,7 +532,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
|
||||
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(new Role("programmers", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("programmers", true, true, true, true, true, true, true, true));
|
||||
server.getConfiguration().putSecurityRoles("#", roles);
|
||||
server.start();
|
||||
|
||||
|
|
@ -579,6 +605,14 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
catch (ActiveMQException e) {
|
||||
Assert.fail("should not throw exception here");
|
||||
}
|
||||
|
||||
// BROWSE
|
||||
try {
|
||||
session.createConsumer(DURABLE_QUEUE, true);
|
||||
}
|
||||
catch (ActiveMQException e) {
|
||||
Assert.fail("should not throw exception here");
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -590,7 +624,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("GuestLogin");
|
||||
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(new Role("bar", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("bar", true, true, true, true, true, true, true, false));
|
||||
server.getConfiguration().putSecurityRoles("#", roles);
|
||||
server.start();
|
||||
|
||||
|
|
@ -750,7 +784,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("auser", "pass");
|
||||
Role role = new Role("arole", false, false, true, false, false, false, false);
|
||||
Role role = new Role("arole", false, false, true, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||
|
|
@ -769,7 +803,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("auser", "pass");
|
||||
Role role = new Role("arole", false, false, false, false, false, false, false);
|
||||
Role role = new Role("arole", false, false, false, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||
|
|
@ -796,7 +830,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("auser", "pass");
|
||||
Role role = new Role("arole", false, false, true, true, false, false, false);
|
||||
Role role = new Role("arole", false, false, true, true, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||
|
|
@ -815,7 +849,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("auser", "pass");
|
||||
Role role = new Role("arole", false, false, true, false, false, false, false);
|
||||
Role role = new Role("arole", false, false, true, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||
|
|
@ -844,7 +878,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("auser", "pass");
|
||||
Role role = new Role("arole", false, false, false, false, true, false, false);
|
||||
Role role = new Role("arole", false, false, false, false, true, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||
|
|
@ -863,7 +897,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("auser", "pass");
|
||||
Role role = new Role("arole", false, false, false, false, false, false, false);
|
||||
Role role = new Role("arole", false, false, false, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||
|
|
@ -890,7 +924,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("auser", "pass");
|
||||
Role role = new Role("arole", false, false, false, false, true, true, false);
|
||||
Role role = new Role("arole", false, false, false, false, true, true, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||
|
|
@ -909,7 +943,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("auser", "pass");
|
||||
Role role = new Role("arole", false, false, false, false, true, false, false);
|
||||
Role role = new Role("arole", false, false, false, false, true, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||
|
|
@ -942,7 +976,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
|
||||
securityManager.getConfiguration().addUser("auser", "pass");
|
||||
|
||||
Role role = new Role("arole", true, true, true, false, false, false, false);
|
||||
Role role = new Role("arole", true, true, true, false, false, false, false, false);
|
||||
|
||||
Set<Role> roles = new HashSet<>();
|
||||
|
||||
|
|
@ -974,7 +1008,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
|
||||
receivedMessage.acknowledge();
|
||||
|
||||
role = new Role("arole", false, false, true, false, false, false, false);
|
||||
role = new Role("arole", false, false, true, false, false, false, false, false);
|
||||
|
||||
roles = new HashSet<>();
|
||||
|
||||
|
|
@ -1002,7 +1036,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("auser", "pass");
|
||||
Role role = new Role("arole", false, false, true, false, false, false, false);
|
||||
Role role = new Role("arole", false, false, true, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||
|
|
@ -1032,7 +1066,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("auser", "pass");
|
||||
Role role = new Role("arole", false, false, true, false, false, false, false);
|
||||
Role role = new Role("arole", false, false, true, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
securityRepository.addMatch(SecurityTest.addressA, roles);
|
||||
|
|
@ -1058,8 +1092,8 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
securityManager.getConfiguration().addUser("guest", "guest");
|
||||
securityManager.getConfiguration().addRole("guest", "guest");
|
||||
securityManager.getConfiguration().setDefaultUser("guest");
|
||||
Role role = new Role("arole", false, true, false, false, false, false, false);
|
||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false);
|
||||
Role role = new Role("arole", false, true, false, false, false, false, false, false);
|
||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(sendRole);
|
||||
roles.add(role);
|
||||
|
|
@ -1086,8 +1120,8 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
securityManager.getConfiguration().addUser("guest", "guest");
|
||||
securityManager.getConfiguration().addRole("guest", "guest");
|
||||
securityManager.getConfiguration().setDefaultUser("guest");
|
||||
Role role = new Role("arole", false, false, false, false, false, false, false);
|
||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false);
|
||||
Role role = new Role("arole", false, false, false, false, false, false, false, false);
|
||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(sendRole);
|
||||
roles.add(role);
|
||||
|
|
@ -1123,9 +1157,9 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
securityManager.getConfiguration().addUser("guest", "guest");
|
||||
securityManager.getConfiguration().addRole("guest", "guest");
|
||||
securityManager.getConfiguration().setDefaultUser("guest");
|
||||
Role role = new Role("arole", false, false, false, false, false, false, false);
|
||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false);
|
||||
Role receiveRole = new Role("receiver", false, true, false, false, false, false, false);
|
||||
Role role = new Role("arole", false, false, false, false, false, false, false, false);
|
||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
|
||||
Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(sendRole);
|
||||
roles.add(role);
|
||||
|
|
@ -1174,9 +1208,9 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
securityManager.getConfiguration().addUser("guest", "guest");
|
||||
securityManager.getConfiguration().addRole("guest", "guest");
|
||||
securityManager.getConfiguration().setDefaultUser("guest");
|
||||
Role role = new Role("arole", false, false, false, false, false, false, false);
|
||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false);
|
||||
Role receiveRole = new Role("receiver", false, true, false, false, false, false, false);
|
||||
Role role = new Role("arole", false, false, false, false, false, false, false, false);
|
||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
|
||||
Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(sendRole);
|
||||
roles.add(role);
|
||||
|
|
@ -1234,11 +1268,11 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
securityManager.getConfiguration().addUser("guest", "guest");
|
||||
securityManager.getConfiguration().addRole("guest", "guest");
|
||||
securityManager.getConfiguration().setDefaultUser("guest");
|
||||
Role role = new Role("arole", false, false, false, false, false, false, false);
|
||||
Role role = new Role("arole", false, false, false, false, false, false, false, false);
|
||||
System.out.println("guest:" + role);
|
||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false);
|
||||
Role sendRole = new Role("guest", true, false, true, false, false, false, false, false);
|
||||
System.out.println("guest:" + sendRole);
|
||||
Role receiveRole = new Role("receiver", false, true, false, false, false, false, false);
|
||||
Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false);
|
||||
System.out.println("guest:" + receiveRole);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(sendRole);
|
||||
|
|
@ -1323,7 +1357,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("auser", "pass");
|
||||
Role role = new Role("arole", false, false, false, false, false, false, true);
|
||||
Role role = new Role("arole", false, false, false, false, false, false, true, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
securityRepository.addMatch(configuration.getManagementAddress().toString(), roles);
|
||||
|
|
@ -1344,7 +1378,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("auser", "pass");
|
||||
Role role = new Role("arole", false, false, true, false, false, false, false);
|
||||
Role role = new Role("arole", false, false, true, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
securityRepository.addMatch(configuration.getManagementAddress().toString(), roles);
|
||||
|
|
@ -1375,7 +1409,7 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("auser", "pass");
|
||||
Role role = new Role("arole", false, false, true, false, false, false, false);
|
||||
Role role = new Role("arole", false, false, true, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
securityRepository.addMatch(configuration.getManagementAddress().toString(), roles);
|
||||
|
|
@ -1411,23 +1445,23 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
securityManager.getConfiguration().addRole("frank", "user");
|
||||
securityManager.getConfiguration().addRole("sam", "news-user");
|
||||
securityManager.getConfiguration().addRole("sam", "user");
|
||||
Role all = new Role("all", true, true, true, true, true, true, true);
|
||||
Role all = new Role("all", true, true, true, true, true, true, true, true);
|
||||
HierarchicalRepository<Set<Role>> repository = server.getSecurityRepository();
|
||||
Set<Role> add = new HashSet<>();
|
||||
add.add(new Role("user", true, true, true, true, true, true, false));
|
||||
add.add(new Role("user", true, true, true, true, true, true, false, true));
|
||||
add.add(all);
|
||||
repository.addMatch("#", add);
|
||||
Set<Role> add1 = new HashSet<>();
|
||||
add1.add(all);
|
||||
add1.add(new Role("user", false, false, true, true, true, true, false));
|
||||
add1.add(new Role("europe-user", true, false, false, false, false, false, false));
|
||||
add1.add(new Role("news-user", false, true, false, false, false, false, false));
|
||||
add1.add(new Role("user", false, false, true, true, true, true, false, true));
|
||||
add1.add(new Role("europe-user", true, false, false, false, false, false, false, true));
|
||||
add1.add(new Role("news-user", false, true, false, false, false, false, false, true));
|
||||
repository.addMatch("news.europe.#", add1);
|
||||
Set<Role> add2 = new HashSet<>();
|
||||
add2.add(all);
|
||||
add2.add(new Role("user", false, false, true, true, true, true, false));
|
||||
add2.add(new Role("us-user", true, false, false, false, false, false, false));
|
||||
add2.add(new Role("news-user", false, true, false, false, false, false, false));
|
||||
add2.add(new Role("user", false, false, true, true, true, true, false, true));
|
||||
add2.add(new Role("us-user", true, false, false, false, false, false, false, true));
|
||||
add2.add(new Role("news-user", false, true, false, false, false, false, false, true));
|
||||
repository.addMatch("news.us.#", add2);
|
||||
ClientSession billConnection = null;
|
||||
ClientSession andrewConnection = null;
|
||||
|
|
@ -1542,23 +1576,23 @@ public class SecurityTest extends ActiveMQTestBase {
|
|||
securityManager.getConfiguration().addRole("frank", "user");
|
||||
securityManager.getConfiguration().addRole("sam", "news-user");
|
||||
securityManager.getConfiguration().addRole("sam", "user");
|
||||
Role all = new Role("all", true, true, true, true, true, true, true);
|
||||
Role all = new Role("all", true, true, true, true, true, true, true, true);
|
||||
HierarchicalRepository<Set<Role>> repository = server.getSecurityRepository();
|
||||
Set<Role> add = new HashSet<>();
|
||||
add.add(new Role("user", true, true, true, true, true, true, false));
|
||||
add.add(new Role("user", true, true, true, true, true, true, false, true));
|
||||
add.add(all);
|
||||
repository.addMatch("#", add);
|
||||
Set<Role> add1 = new HashSet<>();
|
||||
add1.add(all);
|
||||
add1.add(new Role("user", false, false, true, true, true, true, false));
|
||||
add1.add(new Role("europe-user", true, false, false, false, false, false, false));
|
||||
add1.add(new Role("news-user", false, true, false, false, false, false, false));
|
||||
add1.add(new Role("user", false, false, true, true, true, true, false, true));
|
||||
add1.add(new Role("europe-user", true, false, false, false, false, false, false, true));
|
||||
add1.add(new Role("news-user", false, true, false, false, false, false, false, true));
|
||||
repository.addMatch("news.europe.#", add1);
|
||||
Set<Role> add2 = new HashSet<>();
|
||||
add2.add(all);
|
||||
add2.add(new Role("user", false, false, true, true, true, true, false));
|
||||
add2.add(new Role("us-user", true, false, false, false, false, false, false));
|
||||
add2.add(new Role("news-user", false, true, false, false, false, false, false));
|
||||
add2.add(new Role("user", false, false, true, true, true, true, false, true));
|
||||
add2.add(new Role("us-user", true, false, false, false, false, false, false, true));
|
||||
add2.add(new Role("news-user", false, true, false, false, false, false, false, true));
|
||||
repository.addMatch("news.us.#", add2);
|
||||
ClientSession billConnection = null;
|
||||
ClientSession andrewConnection = null;
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ public class ResourceLimitTest extends ActiveMQTestBase {
|
|||
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
|
||||
securityManager.getConfiguration().addUser("myUser", "password");
|
||||
securityManager.getConfiguration().addRole("myUser", "arole");
|
||||
Role role = new Role("arole", false, false, false, false, true, true, false);
|
||||
Role role = new Role("arole", false, false, false, false, true, true, false, true);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
server.getSecurityRepository().addMatch("#", roles);
|
||||
|
|
|
|||
|
|
@ -128,8 +128,8 @@ public class DualAuthenticationTest extends ActiveMQTestBase {
|
|||
server = addServer(ActiveMQServers.newActiveMQServer(config, ManagementFactory.getPlatformMBeanServer(), securityManager, false));
|
||||
|
||||
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
|
||||
Role sendRole = new Role("producers", true, false, true, false, true, false, false);
|
||||
Role receiveRole = new Role("consumers", false, true, false, false, false, false, false);
|
||||
Role sendRole = new Role("producers", true, false, true, false, true, false, false, false);
|
||||
Role receiveRole = new Role("consumers", false, true, false, false, false, false, false, false);
|
||||
Set<Role> roles = new HashSet<>();
|
||||
roles.add(sendRole);
|
||||
roles.add(receiveRole);
|
||||
|
|
|
|||
|
|
@ -205,7 +205,7 @@ public abstract class StompTestBase extends ActiveMQTestBase {
|
|||
securityManager.getConfiguration().addRole(defUser, role);
|
||||
config.getSecurityRoles().put("#", new HashSet<Role>() {
|
||||
{
|
||||
add(new Role(role, true, true, true, true, true, true, true));
|
||||
add(new Role(role, true, true, true, true, true, true, true, true));
|
||||
}
|
||||
});
|
||||
}
|
||||
|
|
|
|||
|
|
@ -49,6 +49,7 @@
|
|||
<permission type="createNonDurableQueue" roles="guest,def"/>
|
||||
<permission type="deleteNonDurableQueue" roles="guest,def"/>
|
||||
<permission type="consume" roles="guest,def"/>
|
||||
<permission type="browse" roles="guest,def"/>
|
||||
<permission type="send" roles="guest,def"/>
|
||||
</security-setting>
|
||||
</security-settings>
|
||||
|
|
|
|||
|
|
@ -62,22 +62,22 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase {
|
|||
Assert.assertTrue(securityManager.validateUser("guest", "password"));
|
||||
Assert.assertFalse(securityManager.validateUser(null, "wrongpass"));
|
||||
HashSet<Role> roles = new HashSet<>();
|
||||
roles.add(new Role("guest", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("guest", true, true, true, true, true, true, true, true));
|
||||
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
|
||||
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
|
||||
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
|
||||
roles = new HashSet<>();
|
||||
roles.add(new Role("guest", true, true, false, true, true, true, true));
|
||||
roles.add(new Role("guest", true, true, false, true, true, true, true, true));
|
||||
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
|
||||
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
|
||||
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
|
||||
roles = new HashSet<>();
|
||||
roles.add(new Role("guest", true, false, false, true, true, true, true));
|
||||
roles.add(new Role("guest", true, false, false, true, true, true, true, true));
|
||||
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
|
||||
Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
|
||||
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
|
||||
roles = new HashSet<>();
|
||||
roles.add(new Role("guest", false, false, false, true, true, true, true));
|
||||
roles.add(new Role("guest", false, false, false, true, true, true, true, true));
|
||||
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));
|
||||
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.SEND));
|
||||
Assert.assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CONSUME));
|
||||
|
|
@ -129,19 +129,19 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase {
|
|||
securityManager.getConfiguration().addRole("newuser1", "role3");
|
||||
securityManager.getConfiguration().addRole("newuser1", "role4");
|
||||
HashSet<Role> roles = new HashSet<>();
|
||||
roles.add(new Role("role1", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("role1", true, true, true, true, true, true, true, true));
|
||||
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||
roles = new HashSet<>();
|
||||
roles.add(new Role("role2", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("role2", true, true, true, true, true, true, true, true));
|
||||
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||
roles = new HashSet<>();
|
||||
roles.add(new Role("role3", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("role3", true, true, true, true, true, true, true, true));
|
||||
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||
roles = new HashSet<>();
|
||||
roles.add(new Role("role4", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("role4", true, true, true, true, true, true, true, true));
|
||||
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||
roles = new HashSet<>();
|
||||
roles.add(new Role("role5", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("role5", true, true, true, true, true, true, true, true));
|
||||
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||
}
|
||||
|
||||
|
|
@ -155,19 +155,19 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase {
|
|||
securityManager.getConfiguration().removeRole("newuser1", "role2");
|
||||
securityManager.getConfiguration().removeRole("newuser1", "role4");
|
||||
HashSet<Role> roles = new HashSet<>();
|
||||
roles.add(new Role("role1", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("role1", true, true, true, true, true, true, true, true));
|
||||
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||
roles = new HashSet<>();
|
||||
roles.add(new Role("role2", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("role2", true, true, true, true, true, true, true, true));
|
||||
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||
roles = new HashSet<>();
|
||||
roles.add(new Role("role3", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("role3", true, true, true, true, true, true, true, true));
|
||||
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||
roles = new HashSet<>();
|
||||
roles.add(new Role("role4", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("role4", true, true, true, true, true, true, true, true));
|
||||
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||
roles = new HashSet<>();
|
||||
roles.add(new Role("role5", true, true, true, true, true, true, true));
|
||||
roles.add(new Role("role5", true, true, true, true, true, true, true, true));
|
||||
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue