https://issues.apache.org/jira/browse/AMQ-3791 - CachedLDAPAuthorizationMap improvements

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1347580 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Bosanac Dejan 2012-06-07 11:58:40 +00:00
parent 279ecfcd6d
commit 1f862ba3cd
28 changed files with 2798 additions and 543 deletions

View File

@ -0,0 +1,358 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.security;
import org.apache.activemq.command.ActiveMQQueue;
import org.apache.activemq.command.ActiveMQTopic;
import org.apache.activemq.jaas.GroupPrincipal;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.shared.ldap.model.ldif.LdifEntry;
import org.apache.directory.shared.ldap.model.ldif.LdifReader;
import org.apache.directory.shared.ldap.model.message.ModifyRequest;
import org.apache.directory.shared.ldap.model.message.ModifyRequestImpl;
import org.apache.directory.shared.ldap.model.name.Dn;
import org.apache.directory.shared.ldap.model.name.Rdn;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.naming.Context;
import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration;
import javax.naming.directory.DirContext;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
public abstract class AbstractCachedLDAPAuthorizationMapLegacyTest extends AbstractLdapTestUnit {
static final GroupPrincipal GUESTS = new GroupPrincipal("guests");
static final GroupPrincipal USERS = new GroupPrincipal("users");
static final GroupPrincipal ADMINS = new GroupPrincipal("admins");
protected LdapConnection connection;
protected CachedLDAPAuthorizationMap map;
@Before
public void setup() throws Exception {
connection = getLdapConnection();
map = createMap();
}
@After
public void cleanup() throws Exception {
if (connection != null) {
try {
connection.close();
} catch (IOException e) {
// Ignore
}
}
if (map != null) {
map.destroy();
}
}
@Test
public void testQuery() throws Exception {
map.query();
Set<?> readACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + readACLs, 2, readACLs.size());
assertTrue("Contains admin group", readACLs.contains(ADMINS));
assertTrue("Contains users group", readACLs.contains(USERS));
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
}
@Test
public void testSynchronousUpdate() throws Exception {
map.setRefreshInterval(1);
map.query();
Set<?> readACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + readACLs, 2, readACLs.size());
assertTrue("Contains admin group", readACLs.contains(ADMINS));
assertTrue("Contains users group", readACLs.contains(USERS));
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
LdifReader reader = new LdifReader(getRemoveLdif());
for (LdifEntry entry : reader) {
connection.delete(entry.getDn());
}
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
assertNull(map.getTempDestinationReadACLs());
assertNull(map.getTempDestinationWriteACLs());
assertNull(map.getTempDestinationAdminACLs());
}
@Test
public void testWildcards() throws Exception {
map.query();
Set<?> fooACLs = map.getReadACLs(new ActiveMQQueue("FOO.1"));
assertEquals("set size: " + fooACLs, 2, fooACLs.size());
assertTrue("Contains admin group", fooACLs.contains(ADMINS));
assertTrue("Contains users group", fooACLs.contains(USERS));
Set<?> barACLs = map.getReadACLs(new ActiveMQQueue("BAR.2"));
assertEquals("set size: " + barACLs, 2, barACLs.size());
assertTrue("Contains admin group", barACLs.contains(ADMINS));
assertTrue("Contains users group", barACLs.contains(USERS));
}
@Test
public void testAdvisory() throws Exception {
map.query();
Set<?> readACLs = map.getReadACLs(new ActiveMQTopic("ActiveMQ.Advisory.Connection"));
assertEquals("set size: " + readACLs, 2, readACLs.size());
assertTrue("Contains admin group", readACLs.contains(ADMINS));
assertTrue("Contains users group", readACLs.contains(USERS));
}
@Test
public void testTemporary() throws Exception {
map.query();
Thread.sleep(1000);
Set<?> readACLs = map.getTempDestinationReadACLs();
assertEquals("set size: " + readACLs, 2, readACLs.size());
assertTrue("Contains admin group", readACLs.contains(ADMINS));
assertTrue("Contains users group", readACLs.contains(USERS));
}
@Test
public void testAdd() throws Exception {
map.query();
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
LdifReader reader = new LdifReader(getAddLdif());
for (LdifEntry entry : reader) {
connection.add(entry.getEntry());
}
Thread.sleep(2000);
failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
}
@Test
public void testRemove() throws Exception {
map.query();
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
LdifReader reader = new LdifReader(getRemoveLdif());
for (LdifEntry entry : reader) {
connection.delete(entry.getDn());
}
Thread.sleep(2000);
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
assertTrue(map.getTempDestinationReadACLs() == null || map.getTempDestinationReadACLs().isEmpty());
assertTrue(map.getTempDestinationWriteACLs() == null || map.getTempDestinationWriteACLs().isEmpty());
assertTrue(map.getTempDestinationAdminACLs() == null || map.getTempDestinationAdminACLs().isEmpty());
}
@Test
public void testRenameDestination() throws Exception {
map.query();
// Test for a destination rename
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
connection.rename(new Dn("cn=TEST.FOO," + getQueueBaseDn()),
new Rdn("cn=TEST.BAR"));
Thread.sleep(2000);
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.BAR"));
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
}
@Test
public void testRenamePermission() throws Exception {
map.query();
// Test for a permission rename
connection.delete(new Dn("cn=Read,cn=TEST.FOO," + getQueueBaseDn()));
Thread.sleep(2000);
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
failedACLs = map.getWriteACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
connection.rename(new Dn("cn=Write,cn=TEST.FOO," + getQueueBaseDn()),
new Rdn("cn=Read"));
Thread.sleep(2000);
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
failedACLs = map.getWriteACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
}
@Test
public void testChange() throws Exception {
map.query();
// Change permission entry
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
Dn dn = new Dn("cn=read,cn=TEST.FOO," + getQueueBaseDn());
ModifyRequest request = new ModifyRequestImpl();
request.setName(dn);
setupModifyRequest(request);
connection.modify(request);
Thread.sleep(2000);
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 1, failedACLs.size());
// Change destination entry
request = new ModifyRequestImpl();
request.setName(new Dn("cn=TEST.FOO," + getQueueBaseDn()));
request.add("description", "This is a description! In fact, it is a very good description.");
connection.modify(request);
Thread.sleep(2000);
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 1, failedACLs.size());
}
protected CachedLDAPAuthorizationMap createMap() {
return new CachedLDAPAuthorizationMap();
}
protected abstract InputStream getAddLdif();
protected abstract InputStream getRemoveLdif();
protected void setupModifyRequest(ModifyRequest request) {
request.remove("member", "cn=users");
}
protected abstract String getQueueBaseDn();
protected abstract LdapConnection getLdapConnection() throws Exception;
public static void cleanAndLoad(String deleteFromDn, String ldifResourcePath,
String ldapHost, int ldapPort, String ldapUser, String ldapPass,
DirContext context) throws Exception {
// Cleanup everything used for testing.
List<String> dns = new LinkedList<String>();
dns.add(deleteFromDn);
while (!dns.isEmpty()) {
String name = dns.get(dns.size() - 1);
Context currentContext = (Context) context.lookup(name);
NamingEnumeration<NameClassPair> namingEnum = currentContext.list("");
if (namingEnum.hasMore()) {
while (namingEnum.hasMore()) {
dns.add(namingEnum.next().getNameInNamespace());
}
} else {
context.unbind(name);
dns.remove(dns.size() - 1);
}
}
// A bit of a hacked approach to loading an LDIF into OpenLDAP since there isn't an easy way to do it
// otherwise. This approach invokes the command line tool programmatically but has
// to short-circuit the call to System.exit that the command line tool makes when it finishes.
// We are assuming that there isn't already a security manager in place.
final SecurityManager securityManager = new SecurityManager() {
public void checkPermission(java.security.Permission permission) {
if (permission.getName().contains("exitVM")) {
throw new SecurityException("System.exit calls disabled for the moment.");
}
}
};
System.setSecurityManager(securityManager);
File file = new File(AbstractCachedLDAPAuthorizationMapLegacyTest.class.getClassLoader().getResource(
ldifResourcePath).toURI());
Class<?> clazz = Class.forName("LDAPModify");
Method mainMethod = clazz.getMethod("main", String[].class);
try {
mainMethod.invoke(null, new Object[] {
new String[] {
"-v",
"-h", ldapHost,
"-p", String.valueOf(ldapPort),
"-D", ldapUser,
"-w", ldapPass,
"-a",
"-f", file.toString()}});
} catch (InvocationTargetException e) {
if (!(e.getTargetException() instanceof SecurityException)) {
throw e;
}
}
System.setSecurityManager(null);
}
}

View File

@ -0,0 +1,63 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.security;
import org.apache.activemq.command.ActiveMQQueue;
import org.apache.activemq.jaas.UserPrincipal;
import org.apache.directory.shared.ldap.model.message.ModifyRequest;
import org.junit.Test;
import java.util.Set;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
public abstract class AbstractCachedLDAPAuthorizationModuleTest
extends AbstractCachedLDAPAuthorizationMapLegacyTest {
static final UserPrincipal JDOE = new UserPrincipal("jdoe");
@Test
public void testQuery() throws Exception {
map.query();
Set<?> readACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOOBAR"));
assertEquals("set size: " + readACLs, 3, readACLs.size());
assertTrue("Contains admin group", readACLs.contains(ADMINS));
assertTrue("Contains users group", readACLs.contains(USERS));
assertTrue("Contains jdoe user", readACLs.contains(JDOE));
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
super.testQuery();
}
@Override
protected final void setupModifyRequest(ModifyRequest request) {
request.remove("member", getMemberAttributeValueForModifyRequest());
}
protected abstract String getMemberAttributeValueForModifyRequest();
@Override
protected CachedLDAPAuthorizationMap createMap() {
CachedLDAPAuthorizationMap map = super.createMap();
map.setLegacyGroupMapping(false);
return map;
}
}

View File

@ -0,0 +1,97 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.security;
import java.io.IOException;
import java.io.InputStream;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.shared.ldap.model.exception.LdapException;
import org.apache.directory.shared.ldap.model.name.Dn;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
/**
* Test of the {@link CachedLDAPAuthorizationMap} that tests against a basic OpenLDAP instance.
* Disabled by default because it requires external setup to provide the OpenLDAP instance.
*
* To enable, you need an OpenLDAP with a minimum of the following in the slapd.conf file:
*
* suffix "dc=apache,dc=org"
* rootdn "cn=Manager,dc=apache,dc=org"
* rootpw {SSHA}+Rx8kj98q3FlK5rUkT2hAtMP5v2ImQ82
*
* If you wish to use different settings or don't use the default port, change the constants
* below for your environment.
*/
@Ignore
public class CachedLDAPAuthorizationModuleLegacyOpenLDAPTest extends
AbstractCachedLDAPAuthorizationMapLegacyTest {
protected static final String LDAP_USER = "cn=Manager,dc=apache,dc=org";
protected static final String LDAP_PASS = "password";
protected static final String LDAP_HOST = "localhost";
protected static final int LDAP_PORT = 389;
@Before
@Override
public void setup() throws Exception {
super.setup();
cleanAndLoad("dc=apache,dc=org", "org/apache/activemq/security/activemq-openldap-legacy.ldif",
LDAP_HOST, LDAP_PORT, LDAP_USER, LDAP_PASS, map.open());
}
@Test
public void testRenameDestination() throws Exception {
// Subtree rename not implemented by OpenLDAP.
}
protected CachedLDAPAuthorizationMap createMap() {
CachedLDAPAuthorizationMap newMap = super.createMap();
newMap.setConnectionURL("ldap://" + LDAP_HOST + ":" + String.valueOf(LDAP_PORT));
newMap.setConnectionUsername(LDAP_USER);
newMap.setConnectionPassword(LDAP_PASS);
// Persistent search is not supported in OpenLDAP
newMap.setRefreshInterval(10);
newMap.setQueueSearchBase("ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org");
newMap.setTopicSearchBase("ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org");
newMap.setTempSearchBase("ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org");
return newMap;
}
protected InputStream getAddLdif() {
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-openldap-legacy-add.ldif");
}
protected InputStream getRemoveLdif() {
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-openldap-legacy-delete.ldif");
}
protected String getQueueBaseDn() {
return "ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org";
}
protected LdapConnection getLdapConnection() throws LdapException, IOException {
LdapConnection connection = new LdapNetworkConnection(LDAP_HOST, LDAP_PORT);
connection.bind(new Dn(LDAP_USER), LDAP_PASS);
return connection;
}
}

View File

@ -0,0 +1,65 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.security;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.shared.ldap.model.exception.LdapException;
import org.apache.directory.shared.ldap.model.name.Dn;
import org.junit.runner.RunWith;
import java.io.IOException;
import java.io.InputStream;
@RunWith( FrameworkRunner.class )
@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
@ApplyLdifFiles(
"org/apache/activemq/security/activemq-apacheds-legacy.ldif"
)
public class CachedLDAPAuthorizationModuleLegacyTest extends AbstractCachedLDAPAuthorizationMapLegacyTest {
@Override
protected CachedLDAPAuthorizationMap createMap() {
CachedLDAPAuthorizationMap map = super.createMap();
map.setConnectionURL("ldap://localhost:" + getLdapServer().getPort());
return map;
}
protected InputStream getAddLdif() {
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-apacheds-legacy-add.ldif");
}
protected InputStream getRemoveLdif() {
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-apacheds-legacy-delete.ldif");
}
protected String getQueueBaseDn() {
return "ou=Queue,ou=Destination,ou=ActiveMQ,ou=system";
}
protected LdapConnection getLdapConnection() throws LdapException, IOException {
LdapConnection connection = new LdapNetworkConnection("localhost", getLdapServer().getPort());
connection.bind(new Dn("uid=admin,ou=system"), "secret");
return connection;
}
}

View File

@ -0,0 +1,106 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.security;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.shared.ldap.model.exception.LdapException;
import org.apache.directory.shared.ldap.model.name.Dn;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
import java.io.IOException;
import java.io.InputStream;
/**
* Test of the {@link CachedLDAPAuthorizationMap} that tests against a basic OpenLDAP instance.
* Disabled by default because it requires external setup to provide the OpenLDAP instance.
*
* To enable, you need an OpenLDAP with a minimum of the following in the slapd.conf file:
*
* suffix "dc=apache,dc=org"
* rootdn "cn=Manager,dc=apache,dc=org"
* rootpw {SSHA}+Rx8kj98q3FlK5rUkT2hAtMP5v2ImQ82
*
* If you wish to use different settings or don't use the default port, change the constants
* below for your environment.
*/
@Ignore
public class CachedLDAPAuthorizationModuleOpenLDAPTest extends AbstractCachedLDAPAuthorizationModuleTest {
protected static final String LDAP_USER = "cn=Manager,dc=apache,dc=org";
protected static final String LDAP_PASS = "password";
protected static final String LDAP_HOST = "localhost";
protected static final int LDAP_PORT = 389;
@Before
@Override
public void setup() throws Exception {
super.setup();
cleanAndLoad("dc=apache,dc=org", "org/apache/activemq/security/activemq-openldap.ldif",
LDAP_HOST, LDAP_PORT, LDAP_USER, LDAP_PASS, map.open());
}
@Test
public void testRenameDestination() throws Exception {
// Subtree rename not implemented by OpenLDAP.
}
@Override
protected CachedLDAPAuthorizationMap createMap() {
CachedLDAPAuthorizationMap newMap = super.createMap();
newMap.setConnectionURL("ldap://" + LDAP_HOST + ":" + String.valueOf(LDAP_PORT));
newMap.setConnectionUsername(LDAP_USER);
newMap.setConnectionPassword(LDAP_PASS);
// Persistent search is not supported in OpenLDAP
newMap.setRefreshInterval(10);
newMap.setQueueSearchBase("ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org");
newMap.setTopicSearchBase("ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org");
newMap.setTempSearchBase("ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org");
return newMap;
}
@Override
protected InputStream getAddLdif() {
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-openldap-add.ldif");
}
@Override
protected InputStream getRemoveLdif() {
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-openldap-delete.ldif");
}
@Override
protected String getMemberAttributeValueForModifyRequest() {
return "cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org";
}
@Override
protected String getQueueBaseDn() {
return "ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org";
}
@Override
protected LdapConnection getLdapConnection() throws LdapException, IOException {
LdapConnection connection = new LdapNetworkConnection(LDAP_HOST, LDAP_PORT);
connection.bind(new Dn(LDAP_USER), LDAP_PASS);
return connection;
}
}

View File

@ -16,34 +16,16 @@
*/
package org.apache.activemq.security;
import org.apache.activemq.command.ActiveMQQueue;
import org.apache.activemq.command.ActiveMQTopic;
import org.apache.activemq.jaas.GroupPrincipal;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.message.BindResponse;
import org.apache.directory.ldap.client.api.message.ModifyDnResponse;
import org.apache.directory.ldap.client.api.message.ModifyRequest;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.shared.ldap.ldif.LdifEntry;
import org.apache.directory.shared.ldap.ldif.LdifReader;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.DN;
import org.apache.directory.shared.ldap.name.RDN;
import org.junit.Test;
import org.apache.directory.shared.ldap.model.name.Dn;
import org.junit.runner.RunWith;
import java.util.List;
import java.util.Set;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertNotNull;
import java.io.InputStream;
@RunWith( FrameworkRunner.class )
@ -51,184 +33,39 @@ import static org.junit.Assert.assertNotNull;
@ApplyLdifFiles(
"org/apache/activemq/security/activemq-apacheds.ldif"
)
public class CachedLDAPAuthorizationModuleTest extends AbstractLdapTestUnit {
public class CachedLDAPAuthorizationModuleTest extends AbstractCachedLDAPAuthorizationModuleTest {
static final GroupPrincipal GUESTS = new GroupPrincipal("guests");
static final GroupPrincipal USERS = new GroupPrincipal("users");
static final GroupPrincipal ADMINS = new GroupPrincipal("admins");
@Test
public void testQuery() throws Exception {
CachedLDAPAuthorizationMap map = new CachedLDAPAuthorizationMap();
map.query();
Set readACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + readACLs, 2, readACLs.size());
assertTrue("Contains admin group", readACLs.contains(ADMINS));
assertTrue("Contains users group", readACLs.contains(USERS));
Set failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
@Override
protected CachedLDAPAuthorizationMap createMap() {
CachedLDAPAuthorizationMap map = super.createMap();
map.setConnectionURL("ldap://localhost:" + getLdapServer().getPort());
return map;
}
@Override
protected InputStream getAddLdif() {
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-apacheds-add.ldif");
}
@Test
public void testWildcards() throws Exception {
CachedLDAPAuthorizationMap map1 = new CachedLDAPAuthorizationMap();
map1.query();
Set fooACLs = map1.getReadACLs(new ActiveMQQueue("FOO.1"));
assertEquals("set size: " + fooACLs, 2, fooACLs.size());
assertTrue("Contains admin group", fooACLs.contains(ADMINS));
assertTrue("Contains users group", fooACLs.contains(USERS));
CachedLDAPAuthorizationMap map2 = new CachedLDAPAuthorizationMap();
map2.query();
Set barACLs = map2.getReadACLs(new ActiveMQQueue("BAR.2"));
assertEquals("set size: " + barACLs, 2, barACLs.size());
assertTrue("Contains admin group", barACLs.contains(ADMINS));
assertTrue("Contains users group", barACLs.contains(USERS));
@Override
protected InputStream getRemoveLdif() {
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-apacheds-delete.ldif");
}
@Test
public void testAdvisory() throws Exception {
CachedLDAPAuthorizationMap map = new CachedLDAPAuthorizationMap();
map.query();
Set readACLs = map.getReadACLs(new ActiveMQTopic("ActiveMQ.Advisory.Connection"));
assertEquals("set size: " + readACLs, 2, readACLs.size());
assertTrue("Contains admin group", readACLs.contains(ADMINS));
assertTrue("Contains users group", readACLs.contains(USERS));
@Override
protected String getMemberAttributeValueForModifyRequest() {
return "cn=users,ou=Group,ou=ActiveMQ,ou=system";
}
@Test
public void testTemporary() throws Exception {
CachedLDAPAuthorizationMap map = new CachedLDAPAuthorizationMap();
map.query();
Thread.sleep(1000);
Set readACLs = map.getTempDestinationReadACLs();
assertEquals("set size: " + readACLs, 2, readACLs.size());
assertTrue("Contains admin group", readACLs.contains(ADMINS));
assertTrue("Contains users group", readACLs.contains(USERS));
}
@Test
public void testAdd() throws Exception {
CachedLDAPAuthorizationMap map = new CachedLDAPAuthorizationMap();
map.query();
Set failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
LdapConnection connection = new LdapConnection( "localhost", 1024 );
BindResponse bindResponse = connection.bind("uid=admin,ou=system", "secret");
assertNotNull(bindResponse);
assertEquals(ResultCodeEnum.SUCCESS, bindResponse.getLdapResult().getResultCode());
assertTrue(connection.isAuthenticated());
LdifReader reader = new LdifReader(getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/add.ldif"));
List<LdifEntry> entries = service.getTestEntries();
for (LdifEntry entry : reader) {
connection.add(entry.getEntry());
}
Thread.sleep(2000);
failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
connection.close();
}
@Test
public void testRemove() throws Exception {
CachedLDAPAuthorizationMap map = new CachedLDAPAuthorizationMap();
map.query();
Set failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
LdapConnection connection = new LdapConnection( "localhost", 1024 );
BindResponse bindResponse = connection.bind("uid=admin,ou=system", "secret");
assertNotNull(bindResponse);
assertEquals(ResultCodeEnum.SUCCESS, bindResponse.getLdapResult().getResultCode());
assertTrue(connection.isAuthenticated());
LdifReader reader = new LdifReader(getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/delete.ldif"));
List<LdifEntry> entries = service.getTestEntries();
for (LdifEntry entry : reader) {
connection.delete(entry.getDn());
}
Thread.sleep(2000);
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
connection.close();
}
@Test
public void testRename() throws Exception {
CachedLDAPAuthorizationMap map = new CachedLDAPAuthorizationMap();
map.query();
Set failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
LdapConnection connection = new LdapConnection( "localhost", 1024 );
BindResponse bindResponse = connection.bind("uid=admin,ou=system", "secret");
assertNotNull(bindResponse);
assertEquals(ResultCodeEnum.SUCCESS, bindResponse.getLdapResult().getResultCode());
assertTrue(connection.isAuthenticated());
ModifyDnResponse resp = connection.rename(new DN("cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system"),
new RDN("cn=TEST.BAR"));
Thread.sleep(2000);
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.BAR"));
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
connection.close();
}
@Test
public void testChange() throws Exception {
CachedLDAPAuthorizationMap map = new CachedLDAPAuthorizationMap();
map.query();
Set failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
LdapConnection connection = new LdapConnection( "localhost", 1024 );
BindResponse bindResponse = connection.bind("uid=admin,ou=system", "secret");
assertNotNull(bindResponse);
assertEquals(ResultCodeEnum.SUCCESS, bindResponse.getLdapResult().getResultCode());
assertTrue(connection.isAuthenticated());
DN dn = new DN("cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system");
ModifyRequest request = new ModifyRequest(dn);
request.remove("member", "cn=users");
connection.modify(request);
Thread.sleep(2000);
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
assertEquals("set size: " + failedACLs, 1, failedACLs.size());
connection.close();
protected String getQueueBaseDn() {
return "ou=Queue,ou=Destination,ou=ActiveMQ,ou=system";
}
@Override
protected LdapConnection getLdapConnection() throws Exception {
LdapConnection connection = new LdapNetworkConnection("localhost", getLdapServer().getPort());
connection.bind(new Dn("uid=admin,ou=system"), "secret");
return connection;
}
}

View File

@ -0,0 +1,131 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.security;
import org.apache.activemq.ActiveMQConnectionFactory;
import org.apache.activemq.broker.BrokerFactory;
import org.apache.activemq.broker.BrokerService;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.ldap.LdapServer;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import javax.jms.*;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
@RunWith( FrameworkRunner.class )
@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
@ApplyLdifFiles(
"org/apache/activemq/security/activemq-apacheds-legacy.ldif"
)
public class CachedLDAPSecurityLegacyTest extends AbstractLdapTestUnit {
public BrokerService broker;
public static LdapServer ldapServer;
@Before
public void setup() throws Exception {
System.setProperty("ldapPort", String.valueOf(getLdapServer().getPort()));
broker = BrokerFactory.createBroker("xbean:org/apache/activemq/security/activemq-apacheds-legacy.xml");
broker.start();
broker.waitUntilStarted();
}
@After
public void shutdown() throws Exception {
broker.stop();
broker.waitUntilStopped();
}
@Test
public void testSendReceive() throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("vm://localhost");
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
conn.start();
Queue queue = sess.createQueue("TEST.FOO");
MessageProducer producer = sess.createProducer(queue);
MessageConsumer consumer = sess.createConsumer(queue);
producer.send(sess.createTextMessage("test"));
Message msg = consumer.receive(1000);
assertNotNull(msg);
}
@Test
public void testSendDenied() throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("vm://localhost");
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
conn.start();
Queue queue = sess.createQueue("ADMIN.FOO");
MessageProducer producer = sess.createProducer(queue);
try {
producer.send(sess.createTextMessage("test"));
fail("expect auth exception");
} catch (JMSException expected) {
}
}
@Test
public void testCompositeSendDenied() throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("vm://localhost");
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
conn.start();
Queue queue = sess.createQueue("TEST.FOO,ADMIN.FOO");
MessageProducer producer = sess.createProducer(queue);
try {
producer.send(sess.createTextMessage("test"));
fail("expect auth exception");
} catch (JMSException expected) {
}
}
@Test
public void testTempDestinations() throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("vm://localhost");
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
conn.start();
Queue queue = sess.createTemporaryQueue();
MessageProducer producer = sess.createProducer(queue);
MessageConsumer consumer = sess.createConsumer(queue);
producer.send(sess.createTextMessage("test"));
Message msg = consumer.receive(1000);
assertNotNull(msg);
}
}

View File

@ -16,115 +16,30 @@
*/
package org.apache.activemq.security;
import org.apache.activemq.ActiveMQConnectionFactory;
import org.apache.activemq.broker.BrokerFactory;
import org.apache.activemq.broker.BrokerService;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.ldap.LdapServer;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import javax.jms.*;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
@RunWith( FrameworkRunner.class )
@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
@ApplyLdifFiles(
"org/apache/activemq/security/activemq-apacheds.ldif"
)
public class CachedLDAPSecurityTest extends AbstractLdapTestUnit {
public BrokerService broker;
public static LdapServer ldapServer;
public class CachedLDAPSecurityTest extends CachedLDAPSecurityLegacyTest {
@Before
@Override
public void setup() throws Exception {
broker = BrokerFactory.createBroker("xbean:org/apache/activemq/security/activemq-apacheds.xml");
broker.start();
broker.waitUntilStarted();
//System.in.read();
System.setProperty("ldapPort", String.valueOf(getLdapServer().getPort()));
broker = BrokerFactory.createBroker("xbean:org/apache/activemq/security/activemq-apacheds.xml");
broker.start();
broker.waitUntilStarted();
}
@After
public void shutdown() throws Exception {
broker.stop();
broker.waitUntilStopped();
}
@Test
public void testSendReceive() throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
conn.start();
Queue queue = sess.createQueue("TEST.FOO");
MessageProducer producer = sess.createProducer(queue);
MessageConsumer consumer = sess.createConsumer(queue);
producer.send(sess.createTextMessage("test"));
Message msg = consumer.receive(1000);
assertNotNull(msg);
}
@Test
public void testSendDenied() throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
conn.start();
Queue queue = sess.createQueue("ADMIN.FOO");
MessageProducer producer = sess.createProducer(queue);
try {
producer.send(sess.createTextMessage("test"));
fail("expect auth exception");
} catch (JMSException expected) {
}
}
@Test
public void testCompositeSendDenied() throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
conn.start();
Queue queue = sess.createQueue("TEST.FOO,ADMIN.FOO");
MessageProducer producer = sess.createProducer(queue);
try {
producer.send(sess.createTextMessage("test"));
fail("expect auth exception");
} catch (JMSException expected) {
}
}
@Test
public void testTempDestinations() throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
conn.start();
Queue queue = sess.createTemporaryQueue();
MessageProducer producer = sess.createProducer(queue);
MessageConsumer consumer = sess.createConsumer(queue);
producer.send(sess.createTextMessage("test"));
Message msg = consumer.receive(1000);
assertNotNull(msg);
}
}

View File

@ -65,7 +65,7 @@ public class LDAPAuthorizationMapTest extends AbstractLdapTestUnit {
@Before
public void setup() throws Exception {
authMap = new LDAPAuthorizationMap();
authMap.setConnectionURL("ldap://localhost:1024");
authMap.setConnectionURL("ldap://localhost:" + getLdapServer().getPort());
authMap.setTopicSearchMatchingFormat(new MessageFormat("uid={0},ou=topics,ou=destinations,o=ActiveMQ,ou=system"));
authMap.setQueueSearchMatchingFormat(new MessageFormat("uid={0},ou=queues,ou=destinations,o=ActiveMQ,ou=system"));
authMap.setAdvisorySearchBase("uid=ActiveMQ.Advisory,ou=topics,ou=destinations,o=ActiveMQ,ou=system");

View File

@ -50,9 +50,11 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
@Before
public void setup() throws Exception {
broker = BrokerFactory.createBroker("xbean:org/apache/activemq/security/activemq-ldap.xml");
broker.start();
broker.waitUntilStarted();
System.setProperty("ldapPort", String.valueOf(getLdapServer().getPort()));
broker = BrokerFactory.createBroker("xbean:org/apache/activemq/security/activemq-ldap.xml");
broker.start();
broker.waitUntilStarted();
}
@After

View File

@ -0,0 +1,47 @@
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
## FAILED
dn: cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: FAILED
description: New queue
objectClass: applicationProcess
objectClass: top
dn: cn=admin,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: admin
description: Admin privilege group, members are roles
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: read
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system

View File

@ -0,0 +1,40 @@
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete
dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete
dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete
dn: cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete

View File

@ -44,4 +44,4 @@ cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users
member: cn=admins
member: cn=admins

View File

@ -15,9 +15,6 @@
## limitations under the License.
## ---------------------------------------------------------------------------
dn: cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete
@ -25,4 +22,17 @@ dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete
dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete
changetype: delete
dn: cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
changetype: delete

View File

@ -0,0 +1,264 @@
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
##########################
## Define basic objects ##
##########################
dn: ou=ActiveMQ,ou=system
objectClass: organizationalUnit
objectClass: top
ou: ActiveMQ
dn: ou=Services,ou=system
ou: Services
objectClass: organizationalUnit
objectClass: top
dn: cn=mqbroker,ou=Services,ou=system
cn: mqbroker
objectClass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
description: Bind user for MQ broker
###################
## Define groups ##
###################
dn: ou=Group,ou=ActiveMQ,ou=system
objectClass: organizationalUnit
objectClass: top
ou: Group
dn: cn=admins,ou=Group,ou=ActiveMQ,ou=system
cn: admins
member: uid=admin
objectClass: groupOfNames
objectClass: top
dn: cn=users,ou=Group,ou=ActiveMQ,ou=system
cn: users
member: uid=jdoe
objectClass: groupOfNames
objectClass: top
##################
## Define users ##
##################
dn: ou=User,ou=ActiveMQ,ou=system
objectClass: organizationalUnit
objectClass: top
ou: User
dn: uid=admin,ou=User,ou=ActiveMQ,ou=system
uid: admin
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
dn: uid=jdoe,ou=User,ou=ActiveMQ,ou=system
uid: jdoe
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Jane Doe
sn: Doe
#########################
## Define destinations ##
#########################
dn: ou=Destination,ou=ActiveMQ,ou=system
objectClass: organizationalUnit
objectClass: top
ou: Destination
dn: ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
objectClass: organizationalUnit
objectClass: top
ou: Topic
dn: ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
objectClass: organizationalUnit
objectClass: top
ou: Queue
## TEST.FOO
dn: cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: TEST.FOO
description: A queue
objectClass: applicationProcess
objectClass: top
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: admin
description: Admin privilege group, members are roles
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: read
member: cn=users
member: cn=admins
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users
member: cn=admins
## FOO.>
dn: cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: FOO.$
description: A queue
objectClass: applicationProcess
objectClass: top
dn: cn=admin,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: admin
description: Admin privilege group, members are roles
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: read
member: cn=users
member: cn=admins
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users
member: cn=admins
## BAR.*
dn: cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: BAR.*
description: A queue
objectClass: applicationProcess
objectClass: top
dn: cn=admin,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: admin
description: Admin privilege group, members are roles
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: read
member: cn=users
member: cn=admins
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users
member: cn=admins
#######################
## Define advisories ##
#######################
dn: cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: ActiveMQ.Advisory.$
objectClass: applicationProcess
objectClass: top
description: Advisory topics
dn: cn=read,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: read
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: write
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=admin,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: admin
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
######################
## Define temporary ##
######################
dn: ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
objectClass: organizationalUnit
objectClass: top
ou: Temp
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
cn: read
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
cn: write
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
cn: admin
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top

View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- START SNIPPET: xbean -->
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:amq="http://activemq.apache.org/schema/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
<broker useJmx="false" xmlns="http://activemq.apache.org/schema/core" persistent="false">
<plugins>
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="jdoe" password="sunflower"
groups="users"/>
<authenticationUser username="admin" password="sunflower"
groups="admin"/>
</users>
</simpleAuthenticationPlugin>
<authorizationPlugin>
<map>
<cachedLDAPAuthorizationMap connectionURL="ldap://localhost:${ldapPort}"/>
</map>
</authorizationPlugin>
</plugins>
</broker>
</beans>
<!-- END SNIPPET: xbean -->

View File

@ -20,12 +20,6 @@
## Define basic objects ##
##########################
# Uncomment if adding to open ldap
# dn: ou=system
# objectclass: organizationalUnit
# objectclass: top
# ou: system
dn: ou=ActiveMQ,ou=system
objectClass: organizationalUnit
objectClass: top
@ -57,13 +51,13 @@ ou: Group
dn: cn=admins,ou=Group,ou=ActiveMQ,ou=system
cn: admins
member: uid=admin
member: uid=admin,ou=User,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
dn: cn=users,ou=Group,ou=ActiveMQ,ou=system
cn: users
member: uid=jdoe
member: uid=jdoe,ou=User,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
@ -127,15 +121,15 @@ objectClass: top
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: admin
description: Admin privilege group, members are roles
member: cn=admins
member: cn=users
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: read
member: cn=users
member: cn=admins
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
@ -143,9 +137,41 @@ dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users
member: cn=admins
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
## TEST.FOOBAR
dn: cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: TEST.BAR
description: A queue
objectClass: applicationProcess
objectClass: top
dn: cn=admin,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: admin
description: Admin privilege group, members are roles
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: read
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
member: uid=jdoe,ou=User,ou=ActiveMQ,ou=system
member: cn=notthere,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
member: uid=jdoe,ou=User,ou=ActiveMQ,ou=system
## FOO.>
@ -158,15 +184,15 @@ objectClass: top
dn: cn=admin,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: admin
description: Admin privilege group, members are roles
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: read
member: cn=users
member: cn=admins
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
@ -174,9 +200,8 @@ dn: cn=write,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users
member: cn=admins
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
## BAR.*
@ -189,15 +214,15 @@ objectClass: top
dn: cn=admin,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: admin
description: Admin privilege group, members are roles
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: read
member: cn=users
member: cn=admins
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
@ -205,8 +230,8 @@ dn: cn=write,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users
member: cn=admins
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
#######################
## Define advisories ##
@ -220,22 +245,22 @@ description: Advisory topics
dn: cn=read,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: read
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: write
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
dn: cn=admin,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: admin
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
@ -250,21 +275,21 @@ ou: Temp
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
cn: read
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
cn: write
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
cn: admin
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
objectClass: groupOfNames
objectClass: top
objectClass: top

View File

@ -39,16 +39,10 @@
<authorizationPlugin>
<map>
<cachedLDAPAuthorizationMap/>
<cachedLDAPAuthorizationMap legacyGroupMapping="false" connectionURL="ldap://localhost:${ldapPort}"/>
</map>
</authorizationPlugin>
</plugins>
<transportConnectors>
<transportConnector uri="tcp://localhost:61616"/>
</transportConnectors>
</broker>
</beans>

View File

@ -46,7 +46,7 @@
<bean id="lDAPAuthorizationMap" class="org.apache.activemq.security.LDAPAuthorizationMap"
xmlns="http://www.springframework.org/schema/beans">
<property name="initialContextFactory" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<property name="connectionURL" value="ldap://localhost:1024"/>
<property name="connectionURL" value="ldap://localhost:${ldapPort}"/>
<property name="authentication" value="simple"/>
<property name="connectionUsername" value="uid=admin,ou=system"/>
<property name="connectionPassword" value="secret"/>

View File

@ -0,0 +1,47 @@
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
## FAILED
dn: cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: FAILED
description: New queue
objectClass: applicationProcess
objectClass: top
dn: cn=admin,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: admin
description: Admin privilege group, members are roles
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: read
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org

View File

@ -0,0 +1,38 @@
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
changetype: delete
dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
changetype: delete
dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
changetype: delete
dn: cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
changetype: delete
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
changetype: delete
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
changetype: delete
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
changetype: delete

View File

@ -0,0 +1,47 @@
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
## FAILED
dn: cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: FAILED
description: New queue
objectClass: applicationProcess
objectClass: top
dn: cn=admin,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: admin
description: Admin privilege group, members are roles
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: read
member: cn=users
member: cn=admins
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users
member: cn=admins

View File

@ -0,0 +1,38 @@
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
changetype: delete
dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
changetype: delete
dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
changetype: delete
dn: cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
changetype: delete
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
changetype: delete
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
changetype: delete
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
changetype: delete

View File

@ -0,0 +1,281 @@
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
##########################
## Define basic objects ##
##########################
dn: dc=apache,dc=org
objectClass: dcObject
objectClass: organization
dc: apache
o: Apache
dn: dc=activemq,dc=apache,dc=org
objectClass: dcObject
objectClass: container
objectClass: top
cn: activemq
dc: activemq
dn: ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: organizationalUnit
objectClass: top
ou: ActiveMQ
dn: ou=Services,dc=activemq,dc=apache,dc=org
ou: Services
objectClass: organizationalUnit
objectClass: top
dn: cn=mqbroker,ou=Services,dc=activemq,dc=apache,dc=org
cn: mqbroker
objectClass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
description: Bind user for MQ broker
###################
## Define groups ##
###################
dn: ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: organizationalUnit
objectClass: top
ou: Group
dn: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: admins
member: uid=admin
objectClass: groupOfNames
objectClass: top
dn: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: users
member: uid=jdoe
objectClass: groupOfNames
objectClass: top
##################
## Define users ##
##################
dn: ou=User,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: organizationalUnit
objectClass: top
ou: User
dn: uid=admin,ou=User,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
uid: admin
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
objectclass: uidObject
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Admin
sn: Admin
dn: uid=jdoe,ou=User,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
uid: jdoe
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
objectclass: uidObject
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Jane Doe
sn: Doe
#########################
## Define destinations ##
#########################
dn: ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: organizationalUnit
objectClass: top
ou: Destination
dn: ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: organizationalUnit
objectClass: top
ou: Topic
dn: ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: organizationalUnit
objectClass: top
ou: Queue
## TEST.FOO
dn: cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: TEST.FOO
description: A queue
objectClass: applicationProcess
objectClass: top
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: admin
description: Admin privilege group, members are roles
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: read
member: cn=users
member: cn=admins
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users
member: cn=admins
## FOO.>
dn: cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: FOO.$
description: A queue
objectClass: applicationProcess
objectClass: top
dn: cn=admin,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: admin
description: Admin privilege group, members are roles
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: read
member: cn=users
member: cn=admins
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users
member: cn=admins
## BAR.*
dn: cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: BAR.*
description: A queue
objectClass: applicationProcess
objectClass: top
dn: cn=admin,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: admin
description: Admin privilege group, members are roles
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: read
member: cn=users
member: cn=admins
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users
member: cn=admins
#######################
## Define advisories ##
#######################
dn: cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: ActiveMQ.Advisory.$
objectClass: applicationProcess
objectClass: top
description: Advisory topics
dn: cn=read,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: read
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: write
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=admin,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: admin
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
######################
## Define temporary ##
######################
dn: ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: organizationalUnit
objectClass: top
ou: Temp
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: read
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: write
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: admin
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top

View File

@ -20,11 +20,18 @@
## Define basic objects ##
##########################
# Uncomment if adding to open ldap
dn: dc=apache,dc=org
objectClass: dcObject
objectClass: organization
dc: apache
o: Apache
dn: dc=activemq,dc=apache,dc=org
dc: activemq
objectClass: domain
objectClass: dcObject
objectClass: container
objectClass: top
cn: activemq
dc: activemq
dn: ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: organizationalUnit
@ -81,15 +88,18 @@ ou: User
dn: uid=admin,ou=User,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
uid: admin
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
objectclass: uidObject
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Admin
sn: Admin
dn: uid=jdoe,ou=User,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
uid: jdoe
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
objectclass: inetOrgPerson
objectclass: uidObject
objectclass: organizationalPerson
objectclass: person
objectclass: top
@ -127,15 +137,15 @@ objectClass: top
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: admin
description: Admin privilege group, members are roles
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: read
member: cn=users
member: cn=admins
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
@ -143,9 +153,41 @@ dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apac
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users
member: cn=admins
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
## TEST.FOOBAR
dn: cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: TEST.BAR
description: A queue
objectClass: applicationProcess
objectClass: top
dn: cn=admin,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: admin
description: Admin privilege group, members are roles
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: read
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: uid=jdoe,ou=User,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=notthere,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: uid=jdoe,ou=User,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
## FOO.>
@ -158,15 +200,15 @@ objectClass: top
dn: cn=admin,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: admin
description: Admin privilege group, members are roles
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: read
member: cn=users
member: cn=admins
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
@ -174,9 +216,8 @@ dn: cn=write,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users
member: cn=admins
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
## BAR.*
@ -189,15 +230,15 @@ objectClass: top
dn: cn=admin,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: admin
description: Admin privilege group, members are roles
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
dn: cn=read,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: read
member: cn=users
member: cn=admins
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
@ -205,8 +246,8 @@ dn: cn=write,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,
cn: write
objectClass: groupOfNames
objectClass: top
member: cn=users
member: cn=admins
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
#######################
## Define advisories ##
@ -220,22 +261,22 @@ description: Advisory topics
dn: cn=read,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: read
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: write
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
dn: cn=admin,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: admin
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
@ -250,21 +291,22 @@ ou: Temp
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: read
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: write
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
cn: admin
member: cn=admins
member: cn=users
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
objectClass: groupOfNames
objectClass: top
objectClass: top

View File

@ -41,11 +41,10 @@
<map>
<cachedLDAPAuthorizationMap
connectionURL="ldap://localhost:389"
connectionUsername="cn=admin,dc=activemq,dc=apache,dc=org"
connectionUsername="cn=mqbroker,ou=Services,dc=activemq,dc=apache,dc=org"
connectionPassword="sunflower"
baseDn="dc=activemq,dc=apache,dc=org"
refreshInterval="300000"
/>
refreshInterval="300000" />
</map>
</authorizationPlugin>
</plugins>

View File

@ -60,7 +60,7 @@
<commons-pool-version>1.5.6</commons-pool-version>
<commons-primitives-version>1.0</commons-primitives-version>
<commons-net-version>2.2</commons-net-version>
<directory-version>1.5.7</directory-version>
<directory-version>2.0.0-M6</directory-version>
<fusemq-leveldb-version>1.2</fusemq-leveldb-version>
<geronimo-version>1.0</geronimo-version>
<howl-version>0.1.8</howl-version>