mirror of https://github.com/apache/activemq.git
https://issues.apache.org/jira/browse/AMQ-826 - ldap based authorization - making tests work again, upgrading to apache ds 1.5.7, fixing ldif
git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1091401 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Bosanac Dejan
parent
efd4a3f723
commit
26cf6a7f26
|
|
@ -255,10 +255,19 @@
|
|||
<!-- LDAP tests -->
|
||||
<dependency>
|
||||
<groupId>org.apache.directory.server</groupId>
|
||||
<artifactId>apacheds-core</artifactId>
|
||||
<version>1.0.0</version>
|
||||
<artifactId>apacheds-core-integ</artifactId>
|
||||
<version>${directory-version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.apache.directory.server</groupId>
|
||||
<artifactId>apacheds-server-integ</artifactId>
|
||||
<version>${directory-version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
|
||||
<dependency>
|
||||
<groupId>org.jmock</groupId>
|
||||
<artifactId>jmock-junit4</artifactId>
|
||||
|
|
@ -457,10 +466,6 @@
|
|||
<!-- This test only works on machines which have ssh propertly configured -->
|
||||
<exclude>**/SSHTunnelNetworkReconnectTest.*</exclude>
|
||||
|
||||
<!-- see http://issues.apache.org/activemq/browse/AMQ-826 -->
|
||||
<!-- have not yet figured out the way to configure ApacheDS via Spring -->
|
||||
<exclude>**/LDAPAuthorizationMapTest.*</exclude>
|
||||
|
||||
<!-- http://issues.apache.org/activemq/browse/AMQ-1027 -->
|
||||
<exclude>**/FailoverConsumerTest.*</exclude>
|
||||
|
||||
|
|
|
|||
|
|
@ -99,8 +99,8 @@ public class LDAPAuthorizationMap implements AuthorizationMap {
|
|||
connectionProtocol = "s";
|
||||
authentication = "simple";
|
||||
|
||||
topicSearchMatchingFormat = new MessageFormat("uid={0},ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com");
|
||||
queueSearchMatchingFormat = new MessageFormat("uid={0},ou=queues,ou=destinations,o=ActiveMQ,dc=example,dc=com");
|
||||
topicSearchMatchingFormat = new MessageFormat("uid={0},ou=topics,ou=destinations,o=ActiveMQ,ou=system");
|
||||
queueSearchMatchingFormat = new MessageFormat("uid={0},ou=queues,ou=destinations,o=ActiveMQ,ou=system");
|
||||
|
||||
adminBase = "(cn=admin)";
|
||||
adminAttribute = "uniqueMember";
|
||||
|
|
@ -352,7 +352,8 @@ public class LDAPAuthorizationMap implements AuthorizationMap {
|
|||
}
|
||||
for (Iterator<String> iter = acls.iterator(); iter.hasNext();) {
|
||||
String roleName = iter.next();
|
||||
roles.add(new GroupPrincipal(roleName));
|
||||
String[] components = roleName.split("=", 2);
|
||||
roles.add(new GroupPrincipal(components[components.length - 1]));
|
||||
}
|
||||
return roles;
|
||||
} catch (NamingException e) {
|
||||
|
|
|
|||
|
|
@ -16,64 +16,59 @@
|
|||
*/
|
||||
package org.apache.activemq.security;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Properties;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.naming.Context;
|
||||
import javax.naming.NameClassPair;
|
||||
import javax.naming.NamingEnumeration;
|
||||
import javax.naming.directory.DirContext;
|
||||
import javax.naming.directory.InitialDirContext;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import org.apache.activemq.command.ActiveMQDestination;
|
||||
import org.apache.activemq.command.ActiveMQQueue;
|
||||
import org.apache.activemq.command.ActiveMQTopic;
|
||||
import org.apache.activemq.jaas.GroupPrincipal;
|
||||
import org.apache.directory.server.core.configuration.StartupConfiguration;
|
||||
import org.apache.directory.server.core.jndi.CoreContextFactory;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.apache.directory.server.annotations.CreateLdapServer;
|
||||
import org.apache.directory.server.annotations.CreateTransport;
|
||||
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
|
||||
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
|
||||
import org.apache.directory.server.core.integ.FrameworkRunner;
|
||||
import org.apache.directory.server.ldap.LdapServer;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
import javax.naming.NameClassPair;
|
||||
import javax.naming.NamingEnumeration;
|
||||
import javax.naming.directory.DirContext;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
/**
|
||||
* This test assumes setup like in file 'AMQauth.ldif'. Contents of this file is
|
||||
* attached below in comments.
|
||||
*
|
||||
* @author ngcutura
|
||||
*
|
||||
*
|
||||
*
|
||||
*/
|
||||
public class LDAPAuthorizationMapTest extends TestCase {
|
||||
private LDAPAuthorizationMap authMap;
|
||||
@RunWith( FrameworkRunner.class )
|
||||
@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
|
||||
@ApplyLdifFiles(
|
||||
"org/apache/activemq/security/AMQauth.ldif"
|
||||
)
|
||||
public class LDAPAuthorizationMapTest extends AbstractLdapTestUnit {
|
||||
private static LDAPAuthorizationMap authMap;
|
||||
|
||||
protected void setUp() throws Exception {
|
||||
super.setUp();
|
||||
|
||||
startLdapServer();
|
||||
public static LdapServer ldapServer;
|
||||
|
||||
@Before
|
||||
public void setup() throws Exception {
|
||||
authMap = new LDAPAuthorizationMap();
|
||||
authMap.setConnectionURL("ldap://localhost:1024");
|
||||
}
|
||||
|
||||
protected void startLdapServer() throws Exception {
|
||||
ApplicationContext factory = new ClassPathXmlApplicationContext("org/apache/activemq/security/ldap-spring.xml");
|
||||
StartupConfiguration cfg = (StartupConfiguration) factory.getBean("configuration");
|
||||
Properties env = (Properties) factory.getBean("environment");
|
||||
|
||||
env.setProperty(Context.PROVIDER_URL, "");
|
||||
env.setProperty(Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName());
|
||||
env.putAll(cfg.toJndiEnvironment());
|
||||
|
||||
new InitialDirContext(env);
|
||||
}
|
||||
|
||||
protected void tearDown() throws Exception {
|
||||
super.tearDown();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testOpen() throws Exception {
|
||||
DirContext ctx = authMap.open();
|
||||
HashSet<String> set = new HashSet<String>();
|
||||
NamingEnumeration list = ctx.list("ou=destinations,o=ActiveMQ,dc=example,dc=com");
|
||||
NamingEnumeration list = ctx.list("ou=destinations,o=ActiveMQ,ou=system");
|
||||
while (list.hasMore()) {
|
||||
NameClassPair ncp = (NameClassPair) list.next();
|
||||
set.add(ncp.getName());
|
||||
|
|
@ -86,6 +81,7 @@ public class LDAPAuthorizationMapTest extends TestCase {
|
|||
* Test method for
|
||||
* 'org.apache.activemq.security.LDAPAuthorizationMap.getAdminACLs(ActiveMQDestination)'
|
||||
*/
|
||||
@Test
|
||||
public void testGetAdminACLs() {
|
||||
ActiveMQDestination q1 = new ActiveMQQueue("queue1");
|
||||
Set aclsq1 = authMap.getAdminACLs(q1);
|
||||
|
|
@ -102,6 +98,7 @@ public class LDAPAuthorizationMapTest extends TestCase {
|
|||
* Test method for
|
||||
* 'org.apache.activemq.security.LDAPAuthorizationMap.getReadACLs(ActiveMQDestination)'
|
||||
*/
|
||||
@Test
|
||||
public void testGetReadACLs() {
|
||||
ActiveMQDestination q1 = new ActiveMQQueue("queue1");
|
||||
Set aclsq1 = authMap.getReadACLs(q1);
|
||||
|
|
@ -118,6 +115,7 @@ public class LDAPAuthorizationMapTest extends TestCase {
|
|||
* Test method for
|
||||
* 'org.apache.activemq.security.LDAPAuthorizationMap.getWriteACLs(ActiveMQDestination)'
|
||||
*/
|
||||
@Test
|
||||
public void testGetWriteACLs() {
|
||||
ActiveMQDestination q1 = new ActiveMQQueue("queue1");
|
||||
Set aclsq1 = authMap.getWriteACLs(q1);
|
||||
|
|
|
|||
|
|
@ -16,23 +16,18 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
|
||||
version: 1
|
||||
dn: dc=example,dc=com
|
||||
objectClass: top
|
||||
objectClass: domain
|
||||
objectClass: extensibleObject
|
||||
dc: example
|
||||
|
||||
dn: o=ActiveMQ,dc=example,dc=com
|
||||
dn: o=ActiveMQ,ou=system
|
||||
objectclass: organization
|
||||
objectclass: top
|
||||
o: ActiveMQ
|
||||
|
||||
dn: ou=users,o=ActiveMQ,dc=example,dc=com
|
||||
dn: ou=users,o=ActiveMQ,ou=system
|
||||
objectclass: organizationalUnit
|
||||
objectclass: top
|
||||
ou: users
|
||||
|
||||
dn: uid=ngcutura,ou=users,o=ActiveMQ,dc=example,dc=com
|
||||
dn: uid=ngcutura,ou=users,o=ActiveMQ,ou=system
|
||||
objectclass: inetOrgPerson
|
||||
objectclass: organizationalPerson
|
||||
objectclass: person
|
||||
|
|
@ -42,71 +37,75 @@ sn: Cutura
|
|||
uid: ngcutura
|
||||
userpassword:: e3NoYX0wZE9sTGxnU2ZRT3NSaFR5OGx3NUM3K1hlSkE9
|
||||
|
||||
dn: cn=roles,uid=ngcutura,ou=users,o=ActiveMQ,dc=example,dc=com
|
||||
dn: cn=roles,uid=ngcutura,ou=users,o=ActiveMQ,ou=system
|
||||
objectclass: groupOfUniqueNames
|
||||
objectclass: top
|
||||
cn: roles
|
||||
uniquemember: aa
|
||||
uniquemember: uid=ngcutura
|
||||
|
||||
dn: ou=destinations,o=ActiveMQ,dc=example,dc=com
|
||||
dn: ou=destinations,o=ActiveMQ,ou=system
|
||||
objectclass: organizationalUnit
|
||||
objectclass: top
|
||||
ou: destinations
|
||||
|
||||
dn: ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com
|
||||
dn: ou=topics,ou=destinations,o=ActiveMQ,ou=system
|
||||
objectclass: organizationalUnit
|
||||
objectclass: top
|
||||
ou: topics
|
||||
|
||||
dn: uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com
|
||||
dn: uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,ou=system
|
||||
objectclass: uidObject
|
||||
objectclass: top
|
||||
objectclass: applicationProcess
|
||||
uid: topic1
|
||||
cn: topic1
|
||||
|
||||
dn: cn=admin,uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com
|
||||
dn: cn=admin,uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,ou=system
|
||||
objectclass: groupOfUniqueNames
|
||||
objectclass: top
|
||||
cn: admin
|
||||
uniquemember: role1
|
||||
uniquemember: uid=role1
|
||||
|
||||
dn: cn=read,uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com
|
||||
dn: cn=read,uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,ou=system
|
||||
objectclass: groupOfUniqueNames
|
||||
objectclass: top
|
||||
cn: read
|
||||
uniquemember: role2
|
||||
uniquemember: uid=role2
|
||||
|
||||
dn: cn=write,uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com
|
||||
dn: cn=write,uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,ou=system
|
||||
objectclass: groupOfUniqueNames
|
||||
objectclass: top
|
||||
cn: write
|
||||
uniquemember: role3
|
||||
uniquemember: uid=role3
|
||||
|
||||
dn: ou=queues,ou=destinations,o=ActiveMQ,dc=example,dc=com
|
||||
dn: ou=queues,ou=destinations,o=ActiveMQ,ou=system
|
||||
objectclass: organizationalUnit
|
||||
objectclass: top
|
||||
ou: queues
|
||||
|
||||
dn: uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,dc=example,dc=com
|
||||
dn: uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,ou=system
|
||||
objectclass: applicationProcess
|
||||
objectclass: uidObject
|
||||
objectclass: top
|
||||
uid: queue1
|
||||
cn: queue1
|
||||
|
||||
dn: cn=read,uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,dc=example,dc=com
|
||||
dn: cn=read,uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,ou=system
|
||||
objectclass: groupOfUniqueNames
|
||||
objectclass: top
|
||||
cn: read
|
||||
uniquemember: role1
|
||||
uniquemember: uid=role1
|
||||
|
||||
dn: cn=write,uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,dc=example,dc=com
|
||||
dn: cn=write,uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,ou=system
|
||||
objectclass: groupOfUniqueNames
|
||||
objectclass: top
|
||||
cn: write
|
||||
uniquemember: role1
|
||||
uniquemember: role2
|
||||
uniquemember: uid=role1
|
||||
uniquemember: uid=role2
|
||||
|
||||
dn: cn=admin,uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,dc=example,dc=com
|
||||
dn: cn=admin,uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,ou=system
|
||||
objectclass: groupOfUniqueNames
|
||||
objectclass: top
|
||||
cn: admin
|
||||
uniquemember: role1
|
||||
uniquemember: uid=role1
|
||||
|
||||
|
|
|
|||
|
|
@ -16,47 +16,37 @@
|
|||
*/
|
||||
package org.apache.activemq.jaas;
|
||||
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.URL;
|
||||
import java.util.HashSet;
|
||||
import java.util.Hashtable;
|
||||
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
|
||||
import org.apache.directory.server.core.integ.FrameworkRunner;
|
||||
import org.apache.directory.server.integ.ServerIntegrationUtils;
|
||||
import org.apache.directory.server.ldap.LdapServer;
|
||||
import org.apache.directory.server.annotations.CreateLdapServer;
|
||||
import org.apache.directory.server.annotations.CreateTransport;
|
||||
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
import javax.naming.Context;
|
||||
import javax.naming.NameClassPair;
|
||||
import javax.naming.NamingEnumeration;
|
||||
import javax.naming.directory.DirContext;
|
||||
import javax.naming.directory.InitialDirContext;
|
||||
import javax.security.auth.callback.Callback;
|
||||
import javax.security.auth.callback.CallbackHandler;
|
||||
import javax.security.auth.callback.NameCallback;
|
||||
import javax.security.auth.callback.PasswordCallback;
|
||||
import javax.security.auth.callback.UnsupportedCallbackException;
|
||||
import javax.security.auth.callback.*;
|
||||
import javax.security.auth.login.LoginContext;
|
||||
import javax.security.auth.login.LoginException;
|
||||
import java.io.IOException;
|
||||
import java.net.URL;
|
||||
import java.util.HashSet;
|
||||
import java.util.Hashtable;
|
||||
|
||||
import org.apache.directory.server.core.integ.Level;
|
||||
import org.apache.directory.server.core.integ.annotations.ApplyLdifs;
|
||||
import org.apache.directory.server.core.integ.annotations.CleanupLevel;
|
||||
import org.apache.directory.server.integ.SiRunner;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
import org.apache.directory.server.ldap.LdapServer;
|
||||
|
||||
@RunWith ( SiRunner.class )
|
||||
@CleanupLevel ( Level.CLASS )
|
||||
@ApplyLdifs( {
|
||||
"dn: uid=first,ou=system\n" +
|
||||
"uid: first\n" +
|
||||
"userPassword: secret\n" +
|
||||
"objectClass: account\n" +
|
||||
"objectClass: simpleSecurityObject\n" +
|
||||
"objectClass: top\n"
|
||||
}
|
||||
@RunWith ( FrameworkRunner.class )
|
||||
@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
|
||||
@ApplyLdifFiles(
|
||||
"test.ldif"
|
||||
)
|
||||
public class LDAPLoginModuleTest {
|
||||
public class LDAPLoginModuleTest extends AbstractLdapTestUnit {
|
||||
|
||||
static {
|
||||
String path = System.getProperty("java.security.auth.login.config");
|
||||
|
|
@ -69,8 +59,9 @@ public class LDAPLoginModuleTest {
|
|||
}
|
||||
}
|
||||
|
||||
private static final String BASE = "ou=system";
|
||||
private static final String BASE = "o=ActiveMQ,ou=system";
|
||||
public static LdapServer ldapServer;
|
||||
|
||||
private static final String FILTER = "(objectclass=*)";
|
||||
|
||||
private static final String PRINCIPAL = "uid=admin,ou=system";
|
||||
|
|
|
|||
|
|
@ -0,0 +1,23 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
## Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
## contributor license agreements. See the NOTICE file distributed with
|
||||
## this work for additional information regarding copyright ownership.
|
||||
## The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
## (the "License"); you may not use this file except in compliance with
|
||||
## the License. You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
|
||||
dn: uid=first,ou=system
|
||||
uid: first
|
||||
userPassword: secret
|
||||
objectClass: account
|
||||
objectClass: simpleSecurityObject
|
||||
objectClass: top
|
||||
4
pom.xml
4
pom.xml
|
|
@ -57,7 +57,7 @@
|
|||
<commons-logging-version>1.1</commons-logging-version>
|
||||
<commons-pool-version>1.5.4</commons-pool-version>
|
||||
<commons-primitives-version>1.0</commons-primitives-version>
|
||||
<directory-version>1.5.5</directory-version>
|
||||
<directory-version>1.5.7</directory-version>
|
||||
<geronimo-version>1.0</geronimo-version>
|
||||
<howl-version>0.1.8</howl-version>
|
||||
<hsqldb-version>1.7.2.2</hsqldb-version>
|
||||
|
|
@ -67,7 +67,7 @@
|
|||
<jsp-version>2.1.v20100127</jsp-version>
|
||||
<jettison-version>1.2</jettison-version>
|
||||
<jmock-version>2.5.1</jmock-version>
|
||||
<junit-version>4.5</junit-version>
|
||||
<junit-version>4.8.1</junit-version>
|
||||
<jxta-version>2.0</jxta-version>
|
||||
<karaf-version>2.2.0</karaf-version>
|
||||
<log4j-version>1.2.14</log4j-version>
|
||||
|
|
|
|||
Loading…
Reference in New Issue