mirror of https://github.com/apache/activemq.git
AMQ-6471 - map groupClass attribute on mod to authorization map. fix and test
This commit is contained in:
parent
338a74dfa4
commit
52ab6ba09b
|
@ -57,6 +57,7 @@ public class AuthorizationPluginProcessor extends DefaultConfigurationProcessor
|
|||
}
|
||||
}
|
||||
xBeanAuthorizationMap.setAuthorizationEntries(entries);
|
||||
xBeanAuthorizationMap.setGroupClass(dtoMap.getAuthorizationMap().getGroupClass());
|
||||
try {
|
||||
xBeanAuthorizationMap.afterPropertiesSet();
|
||||
} catch (Exception e) {
|
||||
|
|
|
@ -82,6 +82,21 @@ public class AuthorizationTest extends AbstractAuthorizationTest {
|
|||
assertAllowedWrite("guest", "USERS.A");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testModWithGroupClass() throws Exception {
|
||||
final String brokerConfig = configurationSeed + "-auth-add-guest-broker";
|
||||
applyNewConfig(brokerConfig, configurationSeed + "-users");
|
||||
startBroker(brokerConfig);
|
||||
assertTrue("broker alive", brokerService.isStarted());
|
||||
|
||||
assertAllowed("user", "USERS.A");
|
||||
applyNewConfig(brokerConfig, configurationSeed + "-users-dud-groupClass", SLEEP);
|
||||
assertDenied("user", "USERS.A");
|
||||
|
||||
applyNewConfig(brokerConfig, configurationSeed + "-users", SLEEP);
|
||||
assertAllowed("user", "USERS.A");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWildcard() throws Exception {
|
||||
final String brokerConfig = configurationSeed + "-auth-broker";
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
contributor license agreements. See the NOTICE file distributed with
|
||||
this work for additional information regarding copyright ownership.
|
||||
The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
(the "License"); you may not use this file except in compliance with
|
||||
the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
<beans
|
||||
xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
|
||||
|
||||
<broker xmlns="http://activemq.apache.org/schema/core" start="false" persistent="false">
|
||||
<destinations>
|
||||
<queue physicalName="FOO.BAR" />
|
||||
</destinations>
|
||||
<plugins>
|
||||
<runtimeConfigurationPlugin checkPeriod="1000"/>
|
||||
|
||||
<!-- use JAAS to authenticate using the login.config file on the classpath to configure JAAS -->
|
||||
<jaasAuthenticationPlugin configuration="activemq-domain"/>
|
||||
|
||||
<!-- lets configure a destination based authorization mechanism -->
|
||||
<authorizationPlugin>
|
||||
<map>
|
||||
<authorizationMap groupClass="org.apache.activemq.jaas.UserPrincipal">
|
||||
<authorizationEntries>
|
||||
<authorizationEntry queue=">" read="admins" write="admins" admin="admins"/>
|
||||
<authorizationEntry queue="USERS.>" read="users" write="users" admin="users"/>
|
||||
|
||||
<authorizationEntry topic=">" read="admins" write="admins" admin="admins"/>
|
||||
<authorizationEntry topic="USERS.>" read="users" write="users" admin="users"/>
|
||||
|
||||
<authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users"
|
||||
admin="guests,users"/>
|
||||
</authorizationEntries>
|
||||
</authorizationMap>
|
||||
</map>
|
||||
</authorizationPlugin>
|
||||
</plugins>
|
||||
</broker>
|
||||
</beans>
|
Loading…
Reference in New Issue