mirror of https://github.com/apache/activemq.git
https://issues.apache.org/jira/browse/AMQ-3791 - CachedLDAPAuthorizationMap improvements
git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1347580 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
279ecfcd6d
commit
1f862ba3cd
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,358 @@
|
|||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.activemq.security;
|
||||
|
||||
import org.apache.activemq.command.ActiveMQQueue;
|
||||
import org.apache.activemq.command.ActiveMQTopic;
|
||||
import org.apache.activemq.jaas.GroupPrincipal;
|
||||
import org.apache.directory.ldap.client.api.LdapConnection;
|
||||
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
|
||||
import org.apache.directory.shared.ldap.model.ldif.LdifEntry;
|
||||
import org.apache.directory.shared.ldap.model.ldif.LdifReader;
|
||||
import org.apache.directory.shared.ldap.model.message.ModifyRequest;
|
||||
import org.apache.directory.shared.ldap.model.message.ModifyRequestImpl;
|
||||
import org.apache.directory.shared.ldap.model.name.Dn;
|
||||
import org.apache.directory.shared.ldap.model.name.Rdn;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.naming.Context;
|
||||
import javax.naming.NameClassPair;
|
||||
import javax.naming.NamingEnumeration;
|
||||
import javax.naming.directory.DirContext;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
public abstract class AbstractCachedLDAPAuthorizationMapLegacyTest extends AbstractLdapTestUnit {
|
||||
|
||||
static final GroupPrincipal GUESTS = new GroupPrincipal("guests");
|
||||
static final GroupPrincipal USERS = new GroupPrincipal("users");
|
||||
static final GroupPrincipal ADMINS = new GroupPrincipal("admins");
|
||||
|
||||
protected LdapConnection connection;
|
||||
protected CachedLDAPAuthorizationMap map;
|
||||
|
||||
@Before
|
||||
public void setup() throws Exception {
|
||||
connection = getLdapConnection();
|
||||
map = createMap();
|
||||
}
|
||||
|
||||
@After
|
||||
public void cleanup() throws Exception {
|
||||
if (connection != null) {
|
||||
try {
|
||||
connection.close();
|
||||
} catch (IOException e) {
|
||||
// Ignore
|
||||
}
|
||||
}
|
||||
|
||||
if (map != null) {
|
||||
map.destroy();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testQuery() throws Exception {
|
||||
map.query();
|
||||
Set<?> readACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + readACLs, 2, readACLs.size());
|
||||
assertTrue("Contains admin group", readACLs.contains(ADMINS));
|
||||
assertTrue("Contains users group", readACLs.contains(USERS));
|
||||
|
||||
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
|
||||
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSynchronousUpdate() throws Exception {
|
||||
map.setRefreshInterval(1);
|
||||
map.query();
|
||||
Set<?> readACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + readACLs, 2, readACLs.size());
|
||||
assertTrue("Contains admin group", readACLs.contains(ADMINS));
|
||||
assertTrue("Contains users group", readACLs.contains(USERS));
|
||||
|
||||
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
|
||||
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
|
||||
|
||||
LdifReader reader = new LdifReader(getRemoveLdif());
|
||||
|
||||
for (LdifEntry entry : reader) {
|
||||
connection.delete(entry.getDn());
|
||||
}
|
||||
|
||||
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
|
||||
|
||||
assertNull(map.getTempDestinationReadACLs());
|
||||
assertNull(map.getTempDestinationWriteACLs());
|
||||
assertNull(map.getTempDestinationAdminACLs());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWildcards() throws Exception {
|
||||
map.query();
|
||||
Set<?> fooACLs = map.getReadACLs(new ActiveMQQueue("FOO.1"));
|
||||
assertEquals("set size: " + fooACLs, 2, fooACLs.size());
|
||||
assertTrue("Contains admin group", fooACLs.contains(ADMINS));
|
||||
assertTrue("Contains users group", fooACLs.contains(USERS));
|
||||
|
||||
Set<?> barACLs = map.getReadACLs(new ActiveMQQueue("BAR.2"));
|
||||
assertEquals("set size: " + barACLs, 2, barACLs.size());
|
||||
assertTrue("Contains admin group", barACLs.contains(ADMINS));
|
||||
assertTrue("Contains users group", barACLs.contains(USERS));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAdvisory() throws Exception {
|
||||
map.query();
|
||||
Set<?> readACLs = map.getReadACLs(new ActiveMQTopic("ActiveMQ.Advisory.Connection"));
|
||||
assertEquals("set size: " + readACLs, 2, readACLs.size());
|
||||
assertTrue("Contains admin group", readACLs.contains(ADMINS));
|
||||
assertTrue("Contains users group", readACLs.contains(USERS));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testTemporary() throws Exception {
|
||||
map.query();
|
||||
|
||||
Thread.sleep(1000);
|
||||
Set<?> readACLs = map.getTempDestinationReadACLs();
|
||||
assertEquals("set size: " + readACLs, 2, readACLs.size());
|
||||
assertTrue("Contains admin group", readACLs.contains(ADMINS));
|
||||
assertTrue("Contains users group", readACLs.contains(USERS));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAdd() throws Exception {
|
||||
map.query();
|
||||
|
||||
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
|
||||
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
|
||||
|
||||
LdifReader reader = new LdifReader(getAddLdif());
|
||||
|
||||
for (LdifEntry entry : reader) {
|
||||
connection.add(entry.getEntry());
|
||||
}
|
||||
|
||||
Thread.sleep(2000);
|
||||
|
||||
failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
|
||||
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRemove() throws Exception {
|
||||
map.query();
|
||||
|
||||
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
|
||||
|
||||
LdifReader reader = new LdifReader(getRemoveLdif());
|
||||
|
||||
for (LdifEntry entry : reader) {
|
||||
connection.delete(entry.getDn());
|
||||
}
|
||||
|
||||
Thread.sleep(2000);
|
||||
|
||||
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
|
||||
|
||||
assertTrue(map.getTempDestinationReadACLs() == null || map.getTempDestinationReadACLs().isEmpty());
|
||||
assertTrue(map.getTempDestinationWriteACLs() == null || map.getTempDestinationWriteACLs().isEmpty());
|
||||
assertTrue(map.getTempDestinationAdminACLs() == null || map.getTempDestinationAdminACLs().isEmpty());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRenameDestination() throws Exception {
|
||||
map.query();
|
||||
|
||||
// Test for a destination rename
|
||||
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
|
||||
|
||||
connection.rename(new Dn("cn=TEST.FOO," + getQueueBaseDn()),
|
||||
new Rdn("cn=TEST.BAR"));
|
||||
|
||||
Thread.sleep(2000);
|
||||
|
||||
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
|
||||
|
||||
|
||||
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.BAR"));
|
||||
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRenamePermission() throws Exception {
|
||||
map.query();
|
||||
|
||||
// Test for a permission rename
|
||||
connection.delete(new Dn("cn=Read,cn=TEST.FOO," + getQueueBaseDn()));
|
||||
|
||||
Thread.sleep(2000);
|
||||
|
||||
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
|
||||
|
||||
failedACLs = map.getWriteACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
|
||||
|
||||
connection.rename(new Dn("cn=Write,cn=TEST.FOO," + getQueueBaseDn()),
|
||||
new Rdn("cn=Read"));
|
||||
|
||||
Thread.sleep(2000);
|
||||
|
||||
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
|
||||
|
||||
failedACLs = map.getWriteACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testChange() throws Exception {
|
||||
map.query();
|
||||
|
||||
// Change permission entry
|
||||
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
|
||||
|
||||
Dn dn = new Dn("cn=read,cn=TEST.FOO," + getQueueBaseDn());
|
||||
|
||||
ModifyRequest request = new ModifyRequestImpl();
|
||||
request.setName(dn);
|
||||
setupModifyRequest(request);
|
||||
|
||||
connection.modify(request);
|
||||
|
||||
Thread.sleep(2000);
|
||||
|
||||
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 1, failedACLs.size());
|
||||
|
||||
// Change destination entry
|
||||
request = new ModifyRequestImpl();
|
||||
request.setName(new Dn("cn=TEST.FOO," + getQueueBaseDn()));
|
||||
request.add("description", "This is a description! In fact, it is a very good description.");
|
||||
|
||||
connection.modify(request);
|
||||
|
||||
Thread.sleep(2000);
|
||||
|
||||
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 1, failedACLs.size());
|
||||
}
|
||||
|
||||
protected CachedLDAPAuthorizationMap createMap() {
|
||||
return new CachedLDAPAuthorizationMap();
|
||||
}
|
||||
|
||||
protected abstract InputStream getAddLdif();
|
||||
|
||||
protected abstract InputStream getRemoveLdif();
|
||||
|
||||
protected void setupModifyRequest(ModifyRequest request) {
|
||||
request.remove("member", "cn=users");
|
||||
}
|
||||
|
||||
protected abstract String getQueueBaseDn();
|
||||
|
||||
protected abstract LdapConnection getLdapConnection() throws Exception;
|
||||
|
||||
public static void cleanAndLoad(String deleteFromDn, String ldifResourcePath,
|
||||
String ldapHost, int ldapPort, String ldapUser, String ldapPass,
|
||||
DirContext context) throws Exception {
|
||||
// Cleanup everything used for testing.
|
||||
List<String> dns = new LinkedList<String>();
|
||||
dns.add(deleteFromDn);
|
||||
|
||||
while (!dns.isEmpty()) {
|
||||
String name = dns.get(dns.size() - 1);
|
||||
Context currentContext = (Context) context.lookup(name);
|
||||
NamingEnumeration<NameClassPair> namingEnum = currentContext.list("");
|
||||
|
||||
if (namingEnum.hasMore()) {
|
||||
while (namingEnum.hasMore()) {
|
||||
dns.add(namingEnum.next().getNameInNamespace());
|
||||
}
|
||||
} else {
|
||||
context.unbind(name);
|
||||
dns.remove(dns.size() - 1);
|
||||
}
|
||||
}
|
||||
|
||||
// A bit of a hacked approach to loading an LDIF into OpenLDAP since there isn't an easy way to do it
|
||||
// otherwise. This approach invokes the command line tool programmatically but has
|
||||
// to short-circuit the call to System.exit that the command line tool makes when it finishes.
|
||||
// We are assuming that there isn't already a security manager in place.
|
||||
final SecurityManager securityManager = new SecurityManager() {
|
||||
|
||||
public void checkPermission(java.security.Permission permission) {
|
||||
if (permission.getName().contains("exitVM")) {
|
||||
throw new SecurityException("System.exit calls disabled for the moment.");
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
System.setSecurityManager(securityManager);
|
||||
|
||||
|
||||
File file = new File(AbstractCachedLDAPAuthorizationMapLegacyTest.class.getClassLoader().getResource(
|
||||
ldifResourcePath).toURI());
|
||||
|
||||
Class<?> clazz = Class.forName("LDAPModify");
|
||||
Method mainMethod = clazz.getMethod("main", String[].class);
|
||||
|
||||
try {
|
||||
mainMethod.invoke(null, new Object[] {
|
||||
new String[] {
|
||||
"-v",
|
||||
"-h", ldapHost,
|
||||
"-p", String.valueOf(ldapPort),
|
||||
"-D", ldapUser,
|
||||
"-w", ldapPass,
|
||||
"-a",
|
||||
"-f", file.toString()}});
|
||||
} catch (InvocationTargetException e) {
|
||||
if (!(e.getTargetException() instanceof SecurityException)) {
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
System.setSecurityManager(null);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,63 @@
|
|||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.activemq.security;
|
||||
|
||||
import org.apache.activemq.command.ActiveMQQueue;
|
||||
import org.apache.activemq.jaas.UserPrincipal;
|
||||
import org.apache.directory.shared.ldap.model.message.ModifyRequest;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
public abstract class AbstractCachedLDAPAuthorizationModuleTest
|
||||
extends AbstractCachedLDAPAuthorizationMapLegacyTest {
|
||||
|
||||
static final UserPrincipal JDOE = new UserPrincipal("jdoe");
|
||||
|
||||
@Test
|
||||
public void testQuery() throws Exception {
|
||||
map.query();
|
||||
Set<?> readACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOOBAR"));
|
||||
assertEquals("set size: " + readACLs, 3, readACLs.size());
|
||||
assertTrue("Contains admin group", readACLs.contains(ADMINS));
|
||||
assertTrue("Contains users group", readACLs.contains(USERS));
|
||||
assertTrue("Contains jdoe user", readACLs.contains(JDOE));
|
||||
|
||||
Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
|
||||
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
|
||||
|
||||
super.testQuery();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected final void setupModifyRequest(ModifyRequest request) {
|
||||
request.remove("member", getMemberAttributeValueForModifyRequest());
|
||||
}
|
||||
|
||||
protected abstract String getMemberAttributeValueForModifyRequest();
|
||||
|
||||
@Override
|
||||
protected CachedLDAPAuthorizationMap createMap() {
|
||||
CachedLDAPAuthorizationMap map = super.createMap();
|
||||
map.setLegacyGroupMapping(false);
|
||||
return map;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,97 @@
|
|||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.activemq.security;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
||||
import org.apache.directory.ldap.client.api.LdapConnection;
|
||||
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
|
||||
import org.apache.directory.shared.ldap.model.exception.LdapException;
|
||||
import org.apache.directory.shared.ldap.model.name.Dn;
|
||||
import org.junit.Before;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
|
||||
/**
|
||||
* Test of the {@link CachedLDAPAuthorizationMap} that tests against a basic OpenLDAP instance.
|
||||
* Disabled by default because it requires external setup to provide the OpenLDAP instance.
|
||||
*
|
||||
* To enable, you need an OpenLDAP with a minimum of the following in the slapd.conf file:
|
||||
*
|
||||
* suffix "dc=apache,dc=org"
|
||||
* rootdn "cn=Manager,dc=apache,dc=org"
|
||||
* rootpw {SSHA}+Rx8kj98q3FlK5rUkT2hAtMP5v2ImQ82
|
||||
*
|
||||
* If you wish to use different settings or don't use the default port, change the constants
|
||||
* below for your environment.
|
||||
*/
|
||||
@Ignore
|
||||
public class CachedLDAPAuthorizationModuleLegacyOpenLDAPTest extends
|
||||
AbstractCachedLDAPAuthorizationMapLegacyTest {
|
||||
|
||||
protected static final String LDAP_USER = "cn=Manager,dc=apache,dc=org";
|
||||
protected static final String LDAP_PASS = "password";
|
||||
protected static final String LDAP_HOST = "localhost";
|
||||
protected static final int LDAP_PORT = 389;
|
||||
|
||||
@Before
|
||||
@Override
|
||||
public void setup() throws Exception {
|
||||
|
||||
super.setup();
|
||||
|
||||
cleanAndLoad("dc=apache,dc=org", "org/apache/activemq/security/activemq-openldap-legacy.ldif",
|
||||
LDAP_HOST, LDAP_PORT, LDAP_USER, LDAP_PASS, map.open());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRenameDestination() throws Exception {
|
||||
// Subtree rename not implemented by OpenLDAP.
|
||||
}
|
||||
|
||||
protected CachedLDAPAuthorizationMap createMap() {
|
||||
CachedLDAPAuthorizationMap newMap = super.createMap();
|
||||
newMap.setConnectionURL("ldap://" + LDAP_HOST + ":" + String.valueOf(LDAP_PORT));
|
||||
newMap.setConnectionUsername(LDAP_USER);
|
||||
newMap.setConnectionPassword(LDAP_PASS);
|
||||
// Persistent search is not supported in OpenLDAP
|
||||
newMap.setRefreshInterval(10);
|
||||
newMap.setQueueSearchBase("ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org");
|
||||
newMap.setTopicSearchBase("ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org");
|
||||
newMap.setTempSearchBase("ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org");
|
||||
return newMap;
|
||||
}
|
||||
|
||||
protected InputStream getAddLdif() {
|
||||
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-openldap-legacy-add.ldif");
|
||||
}
|
||||
|
||||
protected InputStream getRemoveLdif() {
|
||||
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-openldap-legacy-delete.ldif");
|
||||
}
|
||||
|
||||
protected String getQueueBaseDn() {
|
||||
return "ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org";
|
||||
}
|
||||
|
||||
protected LdapConnection getLdapConnection() throws LdapException, IOException {
|
||||
LdapConnection connection = new LdapNetworkConnection(LDAP_HOST, LDAP_PORT);
|
||||
connection.bind(new Dn(LDAP_USER), LDAP_PASS);
|
||||
return connection;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,65 @@
|
|||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.activemq.security;
|
||||
|
||||
import org.apache.directory.ldap.client.api.LdapConnection;
|
||||
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
|
||||
import org.apache.directory.server.annotations.CreateLdapServer;
|
||||
import org.apache.directory.server.annotations.CreateTransport;
|
||||
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
|
||||
import org.apache.directory.server.core.integ.FrameworkRunner;
|
||||
import org.apache.directory.shared.ldap.model.exception.LdapException;
|
||||
import org.apache.directory.shared.ldap.model.name.Dn;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
||||
|
||||
@RunWith( FrameworkRunner.class )
|
||||
@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
|
||||
@ApplyLdifFiles(
|
||||
"org/apache/activemq/security/activemq-apacheds-legacy.ldif"
|
||||
)
|
||||
public class CachedLDAPAuthorizationModuleLegacyTest extends AbstractCachedLDAPAuthorizationMapLegacyTest {
|
||||
|
||||
@Override
|
||||
protected CachedLDAPAuthorizationMap createMap() {
|
||||
CachedLDAPAuthorizationMap map = super.createMap();
|
||||
map.setConnectionURL("ldap://localhost:" + getLdapServer().getPort());
|
||||
return map;
|
||||
}
|
||||
|
||||
protected InputStream getAddLdif() {
|
||||
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-apacheds-legacy-add.ldif");
|
||||
}
|
||||
|
||||
protected InputStream getRemoveLdif() {
|
||||
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-apacheds-legacy-delete.ldif");
|
||||
}
|
||||
|
||||
protected String getQueueBaseDn() {
|
||||
return "ou=Queue,ou=Destination,ou=ActiveMQ,ou=system";
|
||||
}
|
||||
|
||||
protected LdapConnection getLdapConnection() throws LdapException, IOException {
|
||||
LdapConnection connection = new LdapNetworkConnection("localhost", getLdapServer().getPort());
|
||||
connection.bind(new Dn("uid=admin,ou=system"), "secret");
|
||||
return connection;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,106 @@
|
|||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.activemq.security;
|
||||
|
||||
import org.apache.directory.ldap.client.api.LdapConnection;
|
||||
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
|
||||
import org.apache.directory.shared.ldap.model.exception.LdapException;
|
||||
import org.apache.directory.shared.ldap.model.name.Dn;
|
||||
import org.junit.Before;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
||||
/**
|
||||
* Test of the {@link CachedLDAPAuthorizationMap} that tests against a basic OpenLDAP instance.
|
||||
* Disabled by default because it requires external setup to provide the OpenLDAP instance.
|
||||
*
|
||||
* To enable, you need an OpenLDAP with a minimum of the following in the slapd.conf file:
|
||||
*
|
||||
* suffix "dc=apache,dc=org"
|
||||
* rootdn "cn=Manager,dc=apache,dc=org"
|
||||
* rootpw {SSHA}+Rx8kj98q3FlK5rUkT2hAtMP5v2ImQ82
|
||||
*
|
||||
* If you wish to use different settings or don't use the default port, change the constants
|
||||
* below for your environment.
|
||||
*/
|
||||
@Ignore
|
||||
public class CachedLDAPAuthorizationModuleOpenLDAPTest extends AbstractCachedLDAPAuthorizationModuleTest {
|
||||
|
||||
protected static final String LDAP_USER = "cn=Manager,dc=apache,dc=org";
|
||||
protected static final String LDAP_PASS = "password";
|
||||
protected static final String LDAP_HOST = "localhost";
|
||||
protected static final int LDAP_PORT = 389;
|
||||
|
||||
@Before
|
||||
@Override
|
||||
public void setup() throws Exception {
|
||||
|
||||
super.setup();
|
||||
|
||||
cleanAndLoad("dc=apache,dc=org", "org/apache/activemq/security/activemq-openldap.ldif",
|
||||
LDAP_HOST, LDAP_PORT, LDAP_USER, LDAP_PASS, map.open());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRenameDestination() throws Exception {
|
||||
// Subtree rename not implemented by OpenLDAP.
|
||||
}
|
||||
|
||||
@Override
|
||||
protected CachedLDAPAuthorizationMap createMap() {
|
||||
CachedLDAPAuthorizationMap newMap = super.createMap();
|
||||
newMap.setConnectionURL("ldap://" + LDAP_HOST + ":" + String.valueOf(LDAP_PORT));
|
||||
newMap.setConnectionUsername(LDAP_USER);
|
||||
newMap.setConnectionPassword(LDAP_PASS);
|
||||
// Persistent search is not supported in OpenLDAP
|
||||
newMap.setRefreshInterval(10);
|
||||
newMap.setQueueSearchBase("ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org");
|
||||
newMap.setTopicSearchBase("ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org");
|
||||
newMap.setTempSearchBase("ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org");
|
||||
return newMap;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected InputStream getAddLdif() {
|
||||
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-openldap-add.ldif");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected InputStream getRemoveLdif() {
|
||||
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-openldap-delete.ldif");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getMemberAttributeValueForModifyRequest() {
|
||||
return "cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org";
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getQueueBaseDn() {
|
||||
return "ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org";
|
||||
}
|
||||
|
||||
@Override
|
||||
protected LdapConnection getLdapConnection() throws LdapException, IOException {
|
||||
LdapConnection connection = new LdapNetworkConnection(LDAP_HOST, LDAP_PORT);
|
||||
connection.bind(new Dn(LDAP_USER), LDAP_PASS);
|
||||
return connection;
|
||||
}
|
||||
}
|
|
@ -16,34 +16,16 @@
|
|||
*/
|
||||
package org.apache.activemq.security;
|
||||
|
||||
import org.apache.activemq.command.ActiveMQQueue;
|
||||
import org.apache.activemq.command.ActiveMQTopic;
|
||||
import org.apache.activemq.jaas.GroupPrincipal;
|
||||
import org.apache.directory.ldap.client.api.LdapConnection;
|
||||
import org.apache.directory.ldap.client.api.message.BindResponse;
|
||||
import org.apache.directory.ldap.client.api.message.ModifyDnResponse;
|
||||
import org.apache.directory.ldap.client.api.message.ModifyRequest;
|
||||
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
|
||||
import org.apache.directory.server.annotations.CreateLdapServer;
|
||||
import org.apache.directory.server.annotations.CreateTransport;
|
||||
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
|
||||
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
|
||||
import org.apache.directory.server.core.integ.FrameworkRunner;
|
||||
import org.apache.directory.shared.ldap.ldif.LdifEntry;
|
||||
import org.apache.directory.shared.ldap.ldif.LdifReader;
|
||||
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
|
||||
import org.apache.directory.shared.ldap.name.DN;
|
||||
import org.apache.directory.shared.ldap.name.RDN;
|
||||
import org.junit.Test;
|
||||
import org.apache.directory.shared.ldap.model.name.Dn;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
|
||||
|
||||
import java.io.InputStream;
|
||||
|
||||
|
||||
@RunWith( FrameworkRunner.class )
|
||||
|
@ -51,184 +33,39 @@ import static org.junit.Assert.assertNotNull;
|
|||
@ApplyLdifFiles(
|
||||
"org/apache/activemq/security/activemq-apacheds.ldif"
|
||||
)
|
||||
public class CachedLDAPAuthorizationModuleTest extends AbstractLdapTestUnit {
|
||||
public class CachedLDAPAuthorizationModuleTest extends AbstractCachedLDAPAuthorizationModuleTest {
|
||||
|
||||
static final GroupPrincipal GUESTS = new GroupPrincipal("guests");
|
||||
static final GroupPrincipal USERS = new GroupPrincipal("users");
|
||||
static final GroupPrincipal ADMINS = new GroupPrincipal("admins");
|
||||
|
||||
@Test
|
||||
public void testQuery() throws Exception {
|
||||
CachedLDAPAuthorizationMap map = new CachedLDAPAuthorizationMap();
|
||||
map.query();
|
||||
Set readACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + readACLs, 2, readACLs.size());
|
||||
assertTrue("Contains admin group", readACLs.contains(ADMINS));
|
||||
assertTrue("Contains users group", readACLs.contains(USERS));
|
||||
|
||||
Set failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
|
||||
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
|
||||
@Override
|
||||
protected CachedLDAPAuthorizationMap createMap() {
|
||||
CachedLDAPAuthorizationMap map = super.createMap();
|
||||
map.setConnectionURL("ldap://localhost:" + getLdapServer().getPort());
|
||||
return map;
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testWildcards() throws Exception {
|
||||
CachedLDAPAuthorizationMap map1 = new CachedLDAPAuthorizationMap();
|
||||
map1.query();
|
||||
Set fooACLs = map1.getReadACLs(new ActiveMQQueue("FOO.1"));
|
||||
assertEquals("set size: " + fooACLs, 2, fooACLs.size());
|
||||
assertTrue("Contains admin group", fooACLs.contains(ADMINS));
|
||||
assertTrue("Contains users group", fooACLs.contains(USERS));
|
||||
|
||||
CachedLDAPAuthorizationMap map2 = new CachedLDAPAuthorizationMap();
|
||||
map2.query();
|
||||
Set barACLs = map2.getReadACLs(new ActiveMQQueue("BAR.2"));
|
||||
assertEquals("set size: " + barACLs, 2, barACLs.size());
|
||||
assertTrue("Contains admin group", barACLs.contains(ADMINS));
|
||||
assertTrue("Contains users group", barACLs.contains(USERS));
|
||||
@Override
|
||||
protected InputStream getAddLdif() {
|
||||
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-apacheds-add.ldif");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAdvisory() throws Exception {
|
||||
CachedLDAPAuthorizationMap map = new CachedLDAPAuthorizationMap();
|
||||
map.query();
|
||||
Set readACLs = map.getReadACLs(new ActiveMQTopic("ActiveMQ.Advisory.Connection"));
|
||||
assertEquals("set size: " + readACLs, 2, readACLs.size());
|
||||
assertTrue("Contains admin group", readACLs.contains(ADMINS));
|
||||
assertTrue("Contains users group", readACLs.contains(USERS));
|
||||
@Override
|
||||
protected InputStream getRemoveLdif() {
|
||||
return getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/activemq-apacheds-delete.ldif");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testTemporary() throws Exception {
|
||||
CachedLDAPAuthorizationMap map = new CachedLDAPAuthorizationMap();
|
||||
map.query();
|
||||
Thread.sleep(1000);
|
||||
Set readACLs = map.getTempDestinationReadACLs();
|
||||
assertEquals("set size: " + readACLs, 2, readACLs.size());
|
||||
assertTrue("Contains admin group", readACLs.contains(ADMINS));
|
||||
assertTrue("Contains users group", readACLs.contains(USERS));
|
||||
@Override
|
||||
protected String getMemberAttributeValueForModifyRequest() {
|
||||
return "cn=users,ou=Group,ou=ActiveMQ,ou=system";
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAdd() throws Exception {
|
||||
CachedLDAPAuthorizationMap map = new CachedLDAPAuthorizationMap();
|
||||
map.query();
|
||||
|
||||
Set failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
|
||||
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
|
||||
|
||||
LdapConnection connection = new LdapConnection( "localhost", 1024 );
|
||||
BindResponse bindResponse = connection.bind("uid=admin,ou=system", "secret");
|
||||
assertNotNull(bindResponse);
|
||||
assertEquals(ResultCodeEnum.SUCCESS, bindResponse.getLdapResult().getResultCode());
|
||||
assertTrue(connection.isAuthenticated());
|
||||
|
||||
|
||||
LdifReader reader = new LdifReader(getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/add.ldif"));
|
||||
|
||||
List<LdifEntry> entries = service.getTestEntries();
|
||||
for (LdifEntry entry : reader) {
|
||||
connection.add(entry.getEntry());
|
||||
|
||||
}
|
||||
|
||||
Thread.sleep(2000);
|
||||
|
||||
failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
|
||||
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
|
||||
|
||||
connection.close();
|
||||
|
||||
|
||||
protected String getQueueBaseDn() {
|
||||
return "ou=Queue,ou=Destination,ou=ActiveMQ,ou=system";
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRemove() throws Exception {
|
||||
CachedLDAPAuthorizationMap map = new CachedLDAPAuthorizationMap();
|
||||
map.query();
|
||||
|
||||
Set failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
|
||||
|
||||
LdapConnection connection = new LdapConnection( "localhost", 1024 );
|
||||
BindResponse bindResponse = connection.bind("uid=admin,ou=system", "secret");
|
||||
assertNotNull(bindResponse);
|
||||
assertEquals(ResultCodeEnum.SUCCESS, bindResponse.getLdapResult().getResultCode());
|
||||
assertTrue(connection.isAuthenticated());
|
||||
|
||||
|
||||
LdifReader reader = new LdifReader(getClass().getClassLoader().getResourceAsStream("org/apache/activemq/security/delete.ldif"));
|
||||
|
||||
List<LdifEntry> entries = service.getTestEntries();
|
||||
for (LdifEntry entry : reader) {
|
||||
connection.delete(entry.getDn());
|
||||
}
|
||||
|
||||
Thread.sleep(2000);
|
||||
|
||||
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
|
||||
|
||||
connection.close();
|
||||
@Override
|
||||
protected LdapConnection getLdapConnection() throws Exception {
|
||||
LdapConnection connection = new LdapNetworkConnection("localhost", getLdapServer().getPort());
|
||||
connection.bind(new Dn("uid=admin,ou=system"), "secret");
|
||||
return connection;
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRename() throws Exception {
|
||||
CachedLDAPAuthorizationMap map = new CachedLDAPAuthorizationMap();
|
||||
map.query();
|
||||
|
||||
Set failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
|
||||
|
||||
LdapConnection connection = new LdapConnection( "localhost", 1024 );
|
||||
BindResponse bindResponse = connection.bind("uid=admin,ou=system", "secret");
|
||||
assertNotNull(bindResponse);
|
||||
assertEquals(ResultCodeEnum.SUCCESS, bindResponse.getLdapResult().getResultCode());
|
||||
assertTrue(connection.isAuthenticated());
|
||||
|
||||
ModifyDnResponse resp = connection.rename(new DN("cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system"),
|
||||
new RDN("cn=TEST.BAR"));
|
||||
|
||||
Thread.sleep(2000);
|
||||
|
||||
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 0, failedACLs.size());
|
||||
|
||||
|
||||
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.BAR"));
|
||||
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
|
||||
|
||||
connection.close();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testChange() throws Exception {
|
||||
CachedLDAPAuthorizationMap map = new CachedLDAPAuthorizationMap();
|
||||
map.query();
|
||||
|
||||
Set failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 2, failedACLs.size());
|
||||
|
||||
LdapConnection connection = new LdapConnection( "localhost", 1024 );
|
||||
BindResponse bindResponse = connection.bind("uid=admin,ou=system", "secret");
|
||||
assertNotNull(bindResponse);
|
||||
assertEquals(ResultCodeEnum.SUCCESS, bindResponse.getLdapResult().getResultCode());
|
||||
assertTrue(connection.isAuthenticated());
|
||||
|
||||
DN dn = new DN("cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system");
|
||||
|
||||
ModifyRequest request = new ModifyRequest(dn);
|
||||
request.remove("member", "cn=users");
|
||||
|
||||
connection.modify(request);
|
||||
|
||||
Thread.sleep(2000);
|
||||
|
||||
failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
|
||||
assertEquals("set size: " + failedACLs, 1, failedACLs.size());
|
||||
|
||||
connection.close();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,131 @@
|
|||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.activemq.security;
|
||||
|
||||
import org.apache.activemq.ActiveMQConnectionFactory;
|
||||
import org.apache.activemq.broker.BrokerFactory;
|
||||
import org.apache.activemq.broker.BrokerService;
|
||||
import org.apache.directory.server.annotations.CreateLdapServer;
|
||||
import org.apache.directory.server.annotations.CreateTransport;
|
||||
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
|
||||
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
|
||||
import org.apache.directory.server.core.integ.FrameworkRunner;
|
||||
import org.apache.directory.server.ldap.LdapServer;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
import javax.jms.*;
|
||||
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
|
||||
@RunWith( FrameworkRunner.class )
|
||||
@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
|
||||
@ApplyLdifFiles(
|
||||
"org/apache/activemq/security/activemq-apacheds-legacy.ldif"
|
||||
)
|
||||
public class CachedLDAPSecurityLegacyTest extends AbstractLdapTestUnit {
|
||||
|
||||
public BrokerService broker;
|
||||
|
||||
public static LdapServer ldapServer;
|
||||
|
||||
@Before
|
||||
public void setup() throws Exception {
|
||||
System.setProperty("ldapPort", String.valueOf(getLdapServer().getPort()));
|
||||
|
||||
broker = BrokerFactory.createBroker("xbean:org/apache/activemq/security/activemq-apacheds-legacy.xml");
|
||||
broker.start();
|
||||
broker.waitUntilStarted();
|
||||
}
|
||||
|
||||
@After
|
||||
public void shutdown() throws Exception {
|
||||
broker.stop();
|
||||
broker.waitUntilStopped();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSendReceive() throws Exception {
|
||||
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("vm://localhost");
|
||||
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
|
||||
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
|
||||
conn.start();
|
||||
Queue queue = sess.createQueue("TEST.FOO");
|
||||
|
||||
MessageProducer producer = sess.createProducer(queue);
|
||||
MessageConsumer consumer = sess.createConsumer(queue);
|
||||
|
||||
producer.send(sess.createTextMessage("test"));
|
||||
Message msg = consumer.receive(1000);
|
||||
assertNotNull(msg);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSendDenied() throws Exception {
|
||||
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("vm://localhost");
|
||||
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
|
||||
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
|
||||
conn.start();
|
||||
Queue queue = sess.createQueue("ADMIN.FOO");
|
||||
|
||||
MessageProducer producer = sess.createProducer(queue);
|
||||
try {
|
||||
producer.send(sess.createTextMessage("test"));
|
||||
fail("expect auth exception");
|
||||
} catch (JMSException expected) {
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCompositeSendDenied() throws Exception {
|
||||
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("vm://localhost");
|
||||
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
|
||||
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
|
||||
conn.start();
|
||||
Queue queue = sess.createQueue("TEST.FOO,ADMIN.FOO");
|
||||
|
||||
MessageProducer producer = sess.createProducer(queue);
|
||||
try {
|
||||
producer.send(sess.createTextMessage("test"));
|
||||
fail("expect auth exception");
|
||||
} catch (JMSException expected) {
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testTempDestinations() throws Exception {
|
||||
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("vm://localhost");
|
||||
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
|
||||
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
|
||||
conn.start();
|
||||
Queue queue = sess.createTemporaryQueue();
|
||||
|
||||
MessageProducer producer = sess.createProducer(queue);
|
||||
MessageConsumer consumer = sess.createConsumer(queue);
|
||||
|
||||
producer.send(sess.createTextMessage("test"));
|
||||
Message msg = consumer.receive(1000);
|
||||
assertNotNull(msg);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -16,115 +16,30 @@
|
|||
*/
|
||||
package org.apache.activemq.security;
|
||||
|
||||
import org.apache.activemq.ActiveMQConnectionFactory;
|
||||
import org.apache.activemq.broker.BrokerFactory;
|
||||
import org.apache.activemq.broker.BrokerService;
|
||||
import org.apache.directory.server.annotations.CreateLdapServer;
|
||||
import org.apache.directory.server.annotations.CreateTransport;
|
||||
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
|
||||
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
|
||||
import org.apache.directory.server.core.integ.FrameworkRunner;
|
||||
import org.apache.directory.server.ldap.LdapServer;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
import javax.jms.*;
|
||||
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
|
||||
@RunWith( FrameworkRunner.class )
|
||||
@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
|
||||
@ApplyLdifFiles(
|
||||
"org/apache/activemq/security/activemq-apacheds.ldif"
|
||||
)
|
||||
public class CachedLDAPSecurityTest extends AbstractLdapTestUnit {
|
||||
|
||||
public BrokerService broker;
|
||||
|
||||
public static LdapServer ldapServer;
|
||||
public class CachedLDAPSecurityTest extends CachedLDAPSecurityLegacyTest {
|
||||
|
||||
@Before
|
||||
@Override
|
||||
public void setup() throws Exception {
|
||||
broker = BrokerFactory.createBroker("xbean:org/apache/activemq/security/activemq-apacheds.xml");
|
||||
broker.start();
|
||||
broker.waitUntilStarted();
|
||||
//System.in.read();
|
||||
System.setProperty("ldapPort", String.valueOf(getLdapServer().getPort()));
|
||||
|
||||
broker = BrokerFactory.createBroker("xbean:org/apache/activemq/security/activemq-apacheds.xml");
|
||||
broker.start();
|
||||
broker.waitUntilStarted();
|
||||
}
|
||||
|
||||
@After
|
||||
public void shutdown() throws Exception {
|
||||
broker.stop();
|
||||
broker.waitUntilStopped();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSendReceive() throws Exception {
|
||||
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
|
||||
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
|
||||
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
|
||||
conn.start();
|
||||
Queue queue = sess.createQueue("TEST.FOO");
|
||||
|
||||
MessageProducer producer = sess.createProducer(queue);
|
||||
MessageConsumer consumer = sess.createConsumer(queue);
|
||||
|
||||
producer.send(sess.createTextMessage("test"));
|
||||
Message msg = consumer.receive(1000);
|
||||
assertNotNull(msg);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSendDenied() throws Exception {
|
||||
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
|
||||
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
|
||||
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
|
||||
conn.start();
|
||||
Queue queue = sess.createQueue("ADMIN.FOO");
|
||||
|
||||
MessageProducer producer = sess.createProducer(queue);
|
||||
try {
|
||||
producer.send(sess.createTextMessage("test"));
|
||||
fail("expect auth exception");
|
||||
} catch (JMSException expected) {
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCompositeSendDenied() throws Exception {
|
||||
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
|
||||
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
|
||||
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
|
||||
conn.start();
|
||||
Queue queue = sess.createQueue("TEST.FOO,ADMIN.FOO");
|
||||
|
||||
MessageProducer producer = sess.createProducer(queue);
|
||||
try {
|
||||
producer.send(sess.createTextMessage("test"));
|
||||
fail("expect auth exception");
|
||||
} catch (JMSException expected) {
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testTempDestinations() throws Exception {
|
||||
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
|
||||
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
|
||||
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
|
||||
conn.start();
|
||||
Queue queue = sess.createTemporaryQueue();
|
||||
|
||||
MessageProducer producer = sess.createProducer(queue);
|
||||
MessageConsumer consumer = sess.createConsumer(queue);
|
||||
|
||||
producer.send(sess.createTextMessage("test"));
|
||||
Message msg = consumer.receive(1000);
|
||||
assertNotNull(msg);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -65,7 +65,7 @@ public class LDAPAuthorizationMapTest extends AbstractLdapTestUnit {
|
|||
@Before
|
||||
public void setup() throws Exception {
|
||||
authMap = new LDAPAuthorizationMap();
|
||||
authMap.setConnectionURL("ldap://localhost:1024");
|
||||
authMap.setConnectionURL("ldap://localhost:" + getLdapServer().getPort());
|
||||
authMap.setTopicSearchMatchingFormat(new MessageFormat("uid={0},ou=topics,ou=destinations,o=ActiveMQ,ou=system"));
|
||||
authMap.setQueueSearchMatchingFormat(new MessageFormat("uid={0},ou=queues,ou=destinations,o=ActiveMQ,ou=system"));
|
||||
authMap.setAdvisorySearchBase("uid=ActiveMQ.Advisory,ou=topics,ou=destinations,o=ActiveMQ,ou=system");
|
||||
|
|
|
@ -50,9 +50,11 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
|
|||
|
||||
@Before
|
||||
public void setup() throws Exception {
|
||||
broker = BrokerFactory.createBroker("xbean:org/apache/activemq/security/activemq-ldap.xml");
|
||||
broker.start();
|
||||
broker.waitUntilStarted();
|
||||
System.setProperty("ldapPort", String.valueOf(getLdapServer().getPort()));
|
||||
|
||||
broker = BrokerFactory.createBroker("xbean:org/apache/activemq/security/activemq-ldap.xml");
|
||||
broker.start();
|
||||
broker.waitUntilStarted();
|
||||
}
|
||||
|
||||
@After
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
## Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
## contributor license agreements. See the NOTICE file distributed with
|
||||
## this work for additional information regarding copyright ownership.
|
||||
## The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
## (the "License"); you may not use this file except in compliance with
|
||||
## the License. You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
## FAILED
|
||||
|
||||
dn: cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: FAILED
|
||||
description: New queue
|
||||
objectClass: applicationProcess
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: read
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
|
@ -0,0 +1,40 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
## Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
## contributor license agreements. See the NOTICE file distributed with
|
||||
## this work for additional information regarding copyright ownership.
|
||||
## The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
## (the "License"); you may not use this file except in compliance with
|
||||
## the License. You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
|
||||
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
changetype: delete
|
||||
|
||||
|
||||
dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
changetype: delete
|
||||
|
||||
dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
changetype: delete
|
||||
|
||||
dn: cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
changetype: delete
|
||||
|
||||
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
|
||||
changetype: delete
|
||||
|
||||
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
|
||||
changetype: delete
|
||||
|
||||
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
|
||||
changetype: delete
|
||||
|
||||
|
|
@ -15,9 +15,6 @@
|
|||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
|
||||
dn: cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
changetype: delete
|
||||
|
||||
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
changetype: delete
|
||||
|
||||
|
@ -26,3 +23,16 @@ changetype: delete
|
|||
|
||||
dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
changetype: delete
|
||||
|
||||
dn: cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
changetype: delete
|
||||
|
||||
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
|
||||
changetype: delete
|
||||
|
||||
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
|
||||
changetype: delete
|
||||
|
||||
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
|
||||
changetype: delete
|
||||
|
|
@ -0,0 +1,264 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
## Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
## contributor license agreements. See the NOTICE file distributed with
|
||||
## this work for additional information regarding copyright ownership.
|
||||
## The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
## (the "License"); you may not use this file except in compliance with
|
||||
## the License. You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
##########################
|
||||
## Define basic objects ##
|
||||
##########################
|
||||
|
||||
dn: ou=ActiveMQ,ou=system
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: ActiveMQ
|
||||
|
||||
dn: ou=Services,ou=system
|
||||
ou: Services
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
|
||||
dn: cn=mqbroker,ou=Services,ou=system
|
||||
cn: mqbroker
|
||||
objectClass: organizationalRole
|
||||
objectClass: top
|
||||
objectClass: simpleSecurityObject
|
||||
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
|
||||
description: Bind user for MQ broker
|
||||
|
||||
|
||||
###################
|
||||
## Define groups ##
|
||||
###################
|
||||
|
||||
|
||||
dn: ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: Group
|
||||
|
||||
dn: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
cn: admins
|
||||
member: uid=admin
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
cn: users
|
||||
member: uid=jdoe
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
|
||||
##################
|
||||
## Define users ##
|
||||
##################
|
||||
|
||||
|
||||
dn: ou=User,ou=ActiveMQ,ou=system
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: User
|
||||
|
||||
dn: uid=admin,ou=User,ou=ActiveMQ,ou=system
|
||||
uid: admin
|
||||
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
|
||||
objectClass: account
|
||||
objectClass: simpleSecurityObject
|
||||
objectClass: top
|
||||
|
||||
|
||||
dn: uid=jdoe,ou=User,ou=ActiveMQ,ou=system
|
||||
uid: jdoe
|
||||
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
|
||||
objectclass: inetOrgPerson
|
||||
objectclass: organizationalPerson
|
||||
objectclass: person
|
||||
objectclass: top
|
||||
cn: Jane Doe
|
||||
sn: Doe
|
||||
|
||||
|
||||
#########################
|
||||
## Define destinations ##
|
||||
#########################
|
||||
|
||||
dn: ou=Destination,ou=ActiveMQ,ou=system
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: Destination
|
||||
|
||||
dn: ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: Topic
|
||||
|
||||
dn: ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: Queue
|
||||
|
||||
## TEST.FOO
|
||||
|
||||
dn: cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: TEST.FOO
|
||||
description: A queue
|
||||
objectClass: applicationProcess
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: read
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
|
||||
|
||||
## FOO.>
|
||||
|
||||
dn: cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: FOO.$
|
||||
description: A queue
|
||||
objectClass: applicationProcess
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: read
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
|
||||
|
||||
## BAR.*
|
||||
|
||||
dn: cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: BAR.*
|
||||
description: A queue
|
||||
objectClass: applicationProcess
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: read
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
|
||||
#######################
|
||||
## Define advisories ##
|
||||
#######################
|
||||
|
||||
dn: cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: ActiveMQ.Advisory.$
|
||||
objectClass: applicationProcess
|
||||
objectClass: top
|
||||
description: Advisory topics
|
||||
|
||||
dn: cn=read,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: read
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: write
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: admin
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
######################
|
||||
## Define temporary ##
|
||||
######################
|
||||
|
||||
dn: ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: Temp
|
||||
|
||||
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: read
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: write
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: admin
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
|
@ -0,0 +1,49 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
contributor license agreements. See the NOTICE file distributed with
|
||||
this work for additional information regarding copyright ownership.
|
||||
The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
(the "License"); you may not use this file except in compliance with
|
||||
the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
<!-- START SNIPPET: xbean -->
|
||||
<beans
|
||||
xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:amq="http://activemq.apache.org/schema/core"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
|
||||
|
||||
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
|
||||
|
||||
<broker useJmx="false" xmlns="http://activemq.apache.org/schema/core" persistent="false">
|
||||
|
||||
<plugins>
|
||||
<simpleAuthenticationPlugin>
|
||||
<users>
|
||||
<authenticationUser username="jdoe" password="sunflower"
|
||||
groups="users"/>
|
||||
<authenticationUser username="admin" password="sunflower"
|
||||
groups="admin"/>
|
||||
</users>
|
||||
</simpleAuthenticationPlugin>
|
||||
|
||||
<authorizationPlugin>
|
||||
<map>
|
||||
<cachedLDAPAuthorizationMap connectionURL="ldap://localhost:${ldapPort}"/>
|
||||
</map>
|
||||
</authorizationPlugin>
|
||||
</plugins>
|
||||
</broker>
|
||||
|
||||
</beans>
|
||||
<!-- END SNIPPET: xbean -->
|
|
@ -20,12 +20,6 @@
|
|||
## Define basic objects ##
|
||||
##########################
|
||||
|
||||
# Uncomment if adding to open ldap
|
||||
# dn: ou=system
|
||||
# objectclass: organizationalUnit
|
||||
# objectclass: top
|
||||
# ou: system
|
||||
|
||||
dn: ou=ActiveMQ,ou=system
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
|
@ -57,13 +51,13 @@ ou: Group
|
|||
|
||||
dn: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
cn: admins
|
||||
member: uid=admin
|
||||
member: uid=admin,ou=User,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
cn: users
|
||||
member: uid=jdoe
|
||||
member: uid=jdoe,ou=User,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
|
@ -127,15 +121,15 @@ objectClass: top
|
|||
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: read
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
|
@ -143,9 +137,41 @@ dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
|||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
|
||||
## TEST.FOOBAR
|
||||
|
||||
dn: cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: TEST.BAR
|
||||
description: A queue
|
||||
objectClass: applicationProcess
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: read
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: uid=jdoe,ou=User,ou=ActiveMQ,ou=system
|
||||
member: cn=notthere,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: uid=jdoe,ou=User,ou=ActiveMQ,ou=system
|
||||
|
||||
## FOO.>
|
||||
|
||||
|
@ -158,15 +184,15 @@ objectClass: top
|
|||
dn: cn=admin,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: read
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
|
@ -174,9 +200,8 @@ dn: cn=write,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
|||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
|
||||
## BAR.*
|
||||
|
||||
|
@ -189,15 +214,15 @@ objectClass: top
|
|||
dn: cn=admin,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: read
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
|
@ -205,8 +230,8 @@ dn: cn=write,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,ou=system
|
|||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
|
||||
#######################
|
||||
## Define advisories ##
|
||||
|
@ -220,22 +245,22 @@ description: Advisory topics
|
|||
|
||||
dn: cn=read,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: read
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: write
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: admin
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
|
@ -250,21 +275,21 @@ ou: Temp
|
|||
|
||||
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: read
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: write
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,ou=system
|
||||
cn: admin
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,ou=system
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,ou=system
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
|
@ -39,16 +39,10 @@
|
|||
|
||||
<authorizationPlugin>
|
||||
<map>
|
||||
<cachedLDAPAuthorizationMap/>
|
||||
<cachedLDAPAuthorizationMap legacyGroupMapping="false" connectionURL="ldap://localhost:${ldapPort}"/>
|
||||
</map>
|
||||
</authorizationPlugin>
|
||||
</plugins>
|
||||
|
||||
|
||||
<transportConnectors>
|
||||
<transportConnector uri="tcp://localhost:61616"/>
|
||||
</transportConnectors>
|
||||
|
||||
</broker>
|
||||
|
||||
</beans>
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
<bean id="lDAPAuthorizationMap" class="org.apache.activemq.security.LDAPAuthorizationMap"
|
||||
xmlns="http://www.springframework.org/schema/beans">
|
||||
<property name="initialContextFactory" value="com.sun.jndi.ldap.LdapCtxFactory"/>
|
||||
<property name="connectionURL" value="ldap://localhost:1024"/>
|
||||
<property name="connectionURL" value="ldap://localhost:${ldapPort}"/>
|
||||
<property name="authentication" value="simple"/>
|
||||
<property name="connectionUsername" value="uid=admin,ou=system"/>
|
||||
<property name="connectionPassword" value="secret"/>
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
## Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
## contributor license agreements. See the NOTICE file distributed with
|
||||
## this work for additional information regarding copyright ownership.
|
||||
## The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
## (the "License"); you may not use this file except in compliance with
|
||||
## the License. You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
## FAILED
|
||||
|
||||
dn: cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: FAILED
|
||||
description: New queue
|
||||
objectClass: applicationProcess
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: read
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
|
@ -0,0 +1,38 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
## Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
## contributor license agreements. See the NOTICE file distributed with
|
||||
## this work for additional information regarding copyright ownership.
|
||||
## The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
## (the "License"); you may not use this file except in compliance with
|
||||
## the License. You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
|
||||
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
changetype: delete
|
||||
|
||||
dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
changetype: delete
|
||||
|
||||
dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
changetype: delete
|
||||
|
||||
dn: cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
changetype: delete
|
||||
|
||||
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
changetype: delete
|
||||
|
||||
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
changetype: delete
|
||||
|
||||
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
changetype: delete
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
## Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
## contributor license agreements. See the NOTICE file distributed with
|
||||
## this work for additional information regarding copyright ownership.
|
||||
## The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
## (the "License"); you may not use this file except in compliance with
|
||||
## the License. You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
## FAILED
|
||||
|
||||
dn: cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: FAILED
|
||||
description: New queue
|
||||
objectClass: applicationProcess
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: read
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=FAILED,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users
|
||||
member: cn=admins
|
|
@ -0,0 +1,38 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
## Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
## contributor license agreements. See the NOTICE file distributed with
|
||||
## this work for additional information regarding copyright ownership.
|
||||
## The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
## (the "License"); you may not use this file except in compliance with
|
||||
## the License. You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
|
||||
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
changetype: delete
|
||||
|
||||
dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
changetype: delete
|
||||
|
||||
dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
changetype: delete
|
||||
|
||||
dn: cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
changetype: delete
|
||||
|
||||
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
changetype: delete
|
||||
|
||||
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
changetype: delete
|
||||
|
||||
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
changetype: delete
|
||||
|
|
@ -0,0 +1,281 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
## Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
## contributor license agreements. See the NOTICE file distributed with
|
||||
## this work for additional information regarding copyright ownership.
|
||||
## The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
## (the "License"); you may not use this file except in compliance with
|
||||
## the License. You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
##########################
|
||||
## Define basic objects ##
|
||||
##########################
|
||||
|
||||
dn: dc=apache,dc=org
|
||||
objectClass: dcObject
|
||||
objectClass: organization
|
||||
dc: apache
|
||||
o: Apache
|
||||
|
||||
dn: dc=activemq,dc=apache,dc=org
|
||||
objectClass: dcObject
|
||||
objectClass: container
|
||||
objectClass: top
|
||||
cn: activemq
|
||||
dc: activemq
|
||||
|
||||
dn: ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: ActiveMQ
|
||||
|
||||
dn: ou=Services,dc=activemq,dc=apache,dc=org
|
||||
ou: Services
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
|
||||
dn: cn=mqbroker,ou=Services,dc=activemq,dc=apache,dc=org
|
||||
cn: mqbroker
|
||||
objectClass: organizationalRole
|
||||
objectClass: top
|
||||
objectClass: simpleSecurityObject
|
||||
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
|
||||
description: Bind user for MQ broker
|
||||
|
||||
|
||||
###################
|
||||
## Define groups ##
|
||||
###################
|
||||
|
||||
|
||||
dn: ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: Group
|
||||
|
||||
dn: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: admins
|
||||
member: uid=admin
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: users
|
||||
member: uid=jdoe
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
|
||||
##################
|
||||
## Define users ##
|
||||
##################
|
||||
|
||||
|
||||
dn: ou=User,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: User
|
||||
|
||||
dn: uid=admin,ou=User,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
uid: admin
|
||||
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
|
||||
objectclass: uidObject
|
||||
objectclass: organizationalPerson
|
||||
objectclass: person
|
||||
objectclass: top
|
||||
cn: Admin
|
||||
sn: Admin
|
||||
|
||||
|
||||
dn: uid=jdoe,ou=User,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
uid: jdoe
|
||||
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
|
||||
objectclass: uidObject
|
||||
objectclass: organizationalPerson
|
||||
objectclass: person
|
||||
objectclass: top
|
||||
cn: Jane Doe
|
||||
sn: Doe
|
||||
|
||||
|
||||
#########################
|
||||
## Define destinations ##
|
||||
#########################
|
||||
|
||||
dn: ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: Destination
|
||||
|
||||
dn: ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: Topic
|
||||
|
||||
dn: ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: Queue
|
||||
|
||||
## TEST.FOO
|
||||
|
||||
dn: cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: TEST.FOO
|
||||
description: A queue
|
||||
objectClass: applicationProcess
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: read
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
|
||||
|
||||
## FOO.>
|
||||
|
||||
dn: cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: FOO.$
|
||||
description: A queue
|
||||
objectClass: applicationProcess
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: read
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
|
||||
|
||||
## BAR.*
|
||||
|
||||
dn: cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: BAR.*
|
||||
description: A queue
|
||||
objectClass: applicationProcess
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: read
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
|
||||
#######################
|
||||
## Define advisories ##
|
||||
#######################
|
||||
|
||||
dn: cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: ActiveMQ.Advisory.$
|
||||
objectClass: applicationProcess
|
||||
objectClass: top
|
||||
description: Advisory topics
|
||||
|
||||
dn: cn=read,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: read
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: write
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: admin
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
######################
|
||||
## Define temporary ##
|
||||
######################
|
||||
|
||||
dn: ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: Temp
|
||||
|
||||
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: read
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: write
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: admin
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
|
@ -20,11 +20,18 @@
|
|||
## Define basic objects ##
|
||||
##########################
|
||||
|
||||
# Uncomment if adding to open ldap
|
||||
dn: dc=apache,dc=org
|
||||
objectClass: dcObject
|
||||
objectClass: organization
|
||||
dc: apache
|
||||
o: Apache
|
||||
|
||||
dn: dc=activemq,dc=apache,dc=org
|
||||
dc: activemq
|
||||
objectClass: domain
|
||||
objectClass: dcObject
|
||||
objectClass: container
|
||||
objectClass: top
|
||||
cn: activemq
|
||||
dc: activemq
|
||||
|
||||
dn: ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: organizationalUnit
|
||||
|
@ -81,15 +88,18 @@ ou: User
|
|||
dn: uid=admin,ou=User,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
uid: admin
|
||||
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
|
||||
objectClass: account
|
||||
objectClass: simpleSecurityObject
|
||||
objectClass: top
|
||||
objectclass: uidObject
|
||||
objectclass: organizationalPerson
|
||||
objectclass: person
|
||||
objectclass: top
|
||||
cn: Admin
|
||||
sn: Admin
|
||||
|
||||
|
||||
dn: uid=jdoe,ou=User,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
uid: jdoe
|
||||
userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0
|
||||
objectclass: inetOrgPerson
|
||||
objectclass: uidObject
|
||||
objectclass: organizationalPerson
|
||||
objectclass: person
|
||||
objectclass: top
|
||||
|
@ -127,15 +137,15 @@ objectClass: top
|
|||
dn: cn=admin,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: read
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
|
@ -143,9 +153,41 @@ dn: cn=write,cn=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apac
|
|||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
|
||||
## TEST.FOOBAR
|
||||
|
||||
dn: cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: TEST.BAR
|
||||
description: A queue
|
||||
objectClass: applicationProcess
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: read
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: uid=jdoe,ou=User,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=notthere,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: uid=jdoe,ou=User,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
|
||||
## FOO.>
|
||||
|
||||
|
@ -158,15 +200,15 @@ objectClass: top
|
|||
dn: cn=admin,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: read
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
|
@ -174,9 +216,8 @@ dn: cn=write,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,
|
|||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
|
||||
## BAR.*
|
||||
|
||||
|
@ -189,15 +230,15 @@ objectClass: top
|
|||
dn: cn=admin,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: admin
|
||||
description: Admin privilege group, members are roles
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=read,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: read
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
|
@ -205,8 +246,8 @@ dn: cn=write,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,
|
|||
cn: write
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
member: cn=users
|
||||
member: cn=admins
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
|
||||
#######################
|
||||
## Define advisories ##
|
||||
|
@ -220,22 +261,22 @@ description: Advisory topics
|
|||
|
||||
dn: cn=read,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: read
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: write
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: admin
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
|
@ -250,21 +291,22 @@ ou: Temp
|
|||
|
||||
dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: read
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: write
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
cn: admin
|
||||
member: cn=admins
|
||||
member: cn=users
|
||||
member: cn=admins,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
member: cn=users,ou=Group,ou=ActiveMQ,dc=activemq,dc=apache,dc=org
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
|
||||
|
|
|
@ -41,11 +41,10 @@
|
|||
<map>
|
||||
<cachedLDAPAuthorizationMap
|
||||
connectionURL="ldap://localhost:389"
|
||||
connectionUsername="cn=admin,dc=activemq,dc=apache,dc=org"
|
||||
connectionUsername="cn=mqbroker,ou=Services,dc=activemq,dc=apache,dc=org"
|
||||
connectionPassword="sunflower"
|
||||
baseDn="dc=activemq,dc=apache,dc=org"
|
||||
refreshInterval="300000"
|
||||
/>
|
||||
refreshInterval="300000" />
|
||||
</map>
|
||||
</authorizationPlugin>
|
||||
</plugins>
|
||||
|
|
2
pom.xml
2
pom.xml
|
@ -60,7 +60,7 @@
|
|||
<commons-pool-version>1.5.6</commons-pool-version>
|
||||
<commons-primitives-version>1.0</commons-primitives-version>
|
||||
<commons-net-version>2.2</commons-net-version>
|
||||
<directory-version>1.5.7</directory-version>
|
||||
<directory-version>2.0.0-M6</directory-version>
|
||||
<fusemq-leveldb-version>1.2</fusemq-leveldb-version>
|
||||
<geronimo-version>1.0</geronimo-version>
|
||||
<howl-version>0.1.8</howl-version>
|
||||
|
|
Loading…
Reference in New Issue