AMQ-6471 - map groupClass attribute on mod to authorization map. fix and test

This commit is contained in:
gtully 2016-10-20 12:32:33 +01:00
parent 338a74dfa4
commit 52ab6ba09b
3 changed files with 69 additions and 0 deletions

View File

@ -57,6 +57,7 @@ public class AuthorizationPluginProcessor extends DefaultConfigurationProcessor
}
}
xBeanAuthorizationMap.setAuthorizationEntries(entries);
xBeanAuthorizationMap.setGroupClass(dtoMap.getAuthorizationMap().getGroupClass());
try {
xBeanAuthorizationMap.afterPropertiesSet();
} catch (Exception e) {

View File

@ -82,6 +82,21 @@ public class AuthorizationTest extends AbstractAuthorizationTest {
assertAllowedWrite("guest", "USERS.A");
}
@Test
public void testModWithGroupClass() throws Exception {
final String brokerConfig = configurationSeed + "-auth-add-guest-broker";
applyNewConfig(brokerConfig, configurationSeed + "-users");
startBroker(brokerConfig);
assertTrue("broker alive", brokerService.isStarted());
assertAllowed("user", "USERS.A");
applyNewConfig(brokerConfig, configurationSeed + "-users-dud-groupClass", SLEEP);
assertDenied("user", "USERS.A");
applyNewConfig(brokerConfig, configurationSeed + "-users", SLEEP);
assertAllowed("user", "USERS.A");
}
@Test
public void testWildcard() throws Exception {
final String brokerConfig = configurationSeed + "-auth-broker";

View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
<broker xmlns="http://activemq.apache.org/schema/core" start="false" persistent="false">
<destinations>
<queue physicalName="FOO.BAR" />
</destinations>
<plugins>
<runtimeConfigurationPlugin checkPeriod="1000"/>
<!-- use JAAS to authenticate using the login.config file on the classpath to configure JAAS -->
<jaasAuthenticationPlugin configuration="activemq-domain"/>
<!-- lets configure a destination based authorization mechanism -->
<authorizationPlugin>
<map>
<authorizationMap groupClass="org.apache.activemq.jaas.UserPrincipal">
<authorizationEntries>
<authorizationEntry queue=">" read="admins" write="admins" admin="admins"/>
<authorizationEntry queue="USERS.>" read="users" write="users" admin="users"/>
<authorizationEntry topic=">" read="admins" write="admins" admin="admins"/>
<authorizationEntry topic="USERS.>" read="users" write="users" admin="users"/>
<authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users"
admin="guests,users"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
</broker>
</beans>