mirror of https://github.com/apache/activemq.git
[AMQ-6665] - check for peercerts is now on tcp transport such that the bridge connection info can have the correct context
This commit is contained in:
gtully
parent
0e74c52e8a
commit
57795bafce
|
|
@ -488,8 +488,8 @@ public abstract class DemandForwardingBridgeSupport implements NetworkBridge, Br
|
|||
while (originalTransport instanceof TransportFilter) {
|
||||
originalTransport = ((TransportFilter) originalTransport).getNext();
|
||||
}
|
||||
if (originalTransport instanceof SslTransport) {
|
||||
X509Certificate[] peerCerts = ((SslTransport) originalTransport).getPeerCertificates();
|
||||
if (originalTransport instanceof TcpTransport) {
|
||||
X509Certificate[] peerCerts = originalTransport.getPeerCertificates();
|
||||
localConnectionInfo.setTransportContext(peerCerts);
|
||||
}
|
||||
// sync requests that may fail
|
||||
|
|
@ -513,8 +513,8 @@ public abstract class DemandForwardingBridgeSupport implements NetworkBridge, Br
|
|||
duplexLocalConnectionInfo.setUserName(configuration.getUserName());
|
||||
duplexLocalConnectionInfo.setPassword(configuration.getPassword());
|
||||
|
||||
if (originalTransport instanceof SslTransport) {
|
||||
X509Certificate[] peerCerts = ((SslTransport) originalTransport).getPeerCertificates();
|
||||
if (originalTransport instanceof TcpTransport) {
|
||||
X509Certificate[] peerCerts = originalTransport.getPeerCertificates();
|
||||
duplexLocalConnectionInfo.setTransportContext(peerCerts);
|
||||
}
|
||||
// sync requests that may fail
|
||||
|
|
|
|||
|
|
@ -0,0 +1,25 @@
|
|||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.activemq.security;
|
||||
|
||||
public class JaasDualAuthenticationNetworkBridgeNioSslTest extends JaasDualAuthenticationNetworkBridgeTest {
|
||||
public JaasDualAuthenticationNetworkBridgeNioSslTest() {
|
||||
super();
|
||||
CONFIG_FILE="org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml";
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -32,6 +32,7 @@ import org.junit.Assert;
|
|||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import sun.nio.ch.Net;
|
||||
|
||||
|
||||
/**
|
||||
|
|
@ -50,7 +51,7 @@ import org.slf4j.LoggerFactory;
|
|||
* - ssl-domain-JaasDualAuthenticationNetworkBridgeTest.properties
|
||||
*/
|
||||
public class JaasDualAuthenticationNetworkBridgeTest {
|
||||
protected final static String CONFIG_FILE="org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml";
|
||||
protected String CONFIG_FILE="org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml";
|
||||
protected static Logger LOG = LoggerFactory.getLogger(JaasDualAuthenticationNetworkBridgeTest.class);
|
||||
private BrokerService broker1 = null;
|
||||
private BrokerService broker2 = null;
|
||||
|
|
@ -78,6 +79,9 @@ public class JaasDualAuthenticationNetworkBridgeTest {
|
|||
LOG.error("Error: " + e.getMessage());
|
||||
throw e;
|
||||
}
|
||||
|
||||
broker2.start();
|
||||
broker1.start();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -126,6 +130,9 @@ public class JaasDualAuthenticationNetworkBridgeTest {
|
|||
Collection<NetworkBridge> bridges = nc.activeBridges();
|
||||
Assert.assertFalse("Network bridge not established to broker 2", bridges.isEmpty());
|
||||
Assert.assertTrue("Network bridge not established to broker 2", bridges.size() == 1);
|
||||
for (NetworkBridge nb : bridges) {
|
||||
Assert.assertTrue(nb.getRemoteBrokerId() != null);
|
||||
}
|
||||
LOG.info("Network bridge is correctly established.");
|
||||
} catch (java.lang.InterruptedException ex) {
|
||||
LOG.warn(ex.getMessage());
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@
|
|||
|
||||
<!-- first broker instance -->
|
||||
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="broker1" id="broker1"
|
||||
dataDirectory="./target/activemq-data-broker1" persistent="false">
|
||||
dataDirectory="./target/activemq-data-broker1" persistent="false" start="false">
|
||||
|
||||
<destinationPolicy>
|
||||
<policyMap>
|
||||
|
|
@ -105,7 +105,7 @@
|
|||
|
||||
<!-- second broker instance -->
|
||||
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="broker2" id="broker2"
|
||||
dataDirectory="./target/activemq-data-broker2" persistent="false">
|
||||
dataDirectory="./target/activemq-data-broker2" persistent="false" start="false">
|
||||
|
||||
<destinationPolicy>
|
||||
<policyMap>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,178 @@
|
|||
<!--
|
||||
Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
contributor license agreements. See the NOTICE file distributed with
|
||||
this work for additional information regarding copyright ownership.
|
||||
The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
(the "License"); you may not use this file except in compliance with
|
||||
the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
<beans
|
||||
xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:amq="http://activemq.apache.org/schema/core"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://activemq.apache.org/schema/core
|
||||
http://activemq.apache.org/schema/core/activemq-core-5.4.2.xsd">
|
||||
|
||||
<!-- first broker instance -->
|
||||
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="broker1" id="broker1"
|
||||
dataDirectory="./target/activemq-data-broker1" persistent="false" start="false">
|
||||
|
||||
<destinationPolicy>
|
||||
<policyMap>
|
||||
<policyEntries>
|
||||
<policyEntry queue=">" memoryLimit="20mb">
|
||||
<deadLetterStrategy>
|
||||
<sharedDeadLetterStrategy processExpired="false" processNonPersistent="false"/>
|
||||
</deadLetterStrategy>
|
||||
</policyEntry>
|
||||
|
||||
<policyEntry topic=">" producerFlowControl="true" >
|
||||
</policyEntry>
|
||||
</policyEntries>
|
||||
</policyMap>
|
||||
</destinationPolicy>
|
||||
|
||||
<managementContext>
|
||||
<managementContext createConnector="false" />
|
||||
</managementContext>
|
||||
|
||||
<!-- network of brokers configuration -->
|
||||
<networkConnectors>
|
||||
<networkConnector decreaseNetworkConsumerPriority="true" duplex="true" dynamicOnly="true" name="to-A" networkTTL="2" uri="static://(ssl://localhost:61626)" >
|
||||
<!-- userName="admin" password="admin" -->
|
||||
<excludedDestinations>
|
||||
<queue physicalName="MyQueue"/>
|
||||
</excludedDestinations>
|
||||
</networkConnector>
|
||||
</networkConnectors>
|
||||
|
||||
|
||||
<plugins>
|
||||
<!--jaasAuthenticationPlugin configuration="activemq" /-->
|
||||
<jaasDualAuthenticationPlugin configuration="activemq-domain" sslConfiguration="activemq-ssl-domain"/>
|
||||
<authorizationPlugin>
|
||||
<map>
|
||||
<authorizationMap>
|
||||
<authorizationEntries>
|
||||
<authorizationEntry queue=">" admin="administrators" read="administrators" write="administrators"/>
|
||||
<authorizationEntry topic=">" admin="administrators" read="administrators" write="administrators"/>
|
||||
<authorizationEntry topic="ActiveMQ.Advisory.>" admin="*" read="*" write="*"/>
|
||||
<authorizationEntry queue="ActiveMQ.DLQ" admin="administrators" read="*" write="*"/>
|
||||
</authorizationEntries>
|
||||
</authorizationMap>
|
||||
</map>
|
||||
</authorizationPlugin>
|
||||
</plugins>
|
||||
|
||||
|
||||
<sslContext>
|
||||
<sslContext
|
||||
keyStore="server.keystore"
|
||||
keyStorePassword="password"
|
||||
trustStore="server.keystore"
|
||||
trustStorePassword="password"
|
||||
/>
|
||||
</sslContext>
|
||||
|
||||
<systemUsage>
|
||||
<systemUsage>
|
||||
<memoryUsage>
|
||||
<memoryUsage limit="60 mb" />
|
||||
</memoryUsage>
|
||||
<storeUsage>
|
||||
<storeUsage limit="1 mb" />
|
||||
</storeUsage>
|
||||
<tempUsage>
|
||||
<tempUsage limit="50 mb" />
|
||||
</tempUsage>
|
||||
</systemUsage>
|
||||
</systemUsage>
|
||||
|
||||
<transportConnectors>
|
||||
<transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:62626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/>
|
||||
</transportConnectors>
|
||||
</broker>
|
||||
|
||||
<!-- second broker instance -->
|
||||
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="broker2" id="broker2"
|
||||
dataDirectory="./target/activemq-data-broker2" persistent="false" start="false">
|
||||
|
||||
<destinationPolicy>
|
||||
<policyMap>
|
||||
<policyEntries>
|
||||
<policyEntry queue=">" memoryLimit="20mb">
|
||||
<deadLetterStrategy>
|
||||
<sharedDeadLetterStrategy processExpired="false" processNonPersistent="false"/>
|
||||
</deadLetterStrategy>
|
||||
</policyEntry>
|
||||
|
||||
<policyEntry topic=">" producerFlowControl="true" >
|
||||
<deadLetterStrategy>
|
||||
<sharedDeadLetterStrategy processExpired="false" processNonPersistent="false"/>
|
||||
</deadLetterStrategy>
|
||||
</policyEntry>
|
||||
</policyEntries>
|
||||
</policyMap>
|
||||
</destinationPolicy>
|
||||
|
||||
<managementContext>
|
||||
<managementContext createConnector="false" />
|
||||
</managementContext>
|
||||
|
||||
<plugins>
|
||||
<!--jaasAuthenticationPlugin configuration="activemq" /-->
|
||||
<!--jaasCertificateAuthenticationPlugin configuration="activemq-ssl-domain" /-->
|
||||
<jaasDualAuthenticationPlugin configuration="activemq-domain" sslConfiguration="activemq-ssl-domain"/>
|
||||
<authorizationPlugin>
|
||||
<map>
|
||||
<authorizationMap>
|
||||
<authorizationEntries>
|
||||
<authorizationEntry queue=">" admin="administrators" read="administrators" write="administrators"/>
|
||||
<authorizationEntry topic=">" admin="administrators" read="administrators" write="administrators"/>
|
||||
<authorizationEntry topic="ActiveMQ.Advisory.>" admin="*" read="*" write="*"/>
|
||||
<authorizationEntry queue="ActiveMQ.DLQ" admin="administrators" read="*" write="*"/>
|
||||
</authorizationEntries>
|
||||
</authorizationMap>
|
||||
</map>
|
||||
</authorizationPlugin>
|
||||
</plugins>
|
||||
|
||||
<sslContext>
|
||||
<sslContext
|
||||
keyStore="server.keystore"
|
||||
keyStorePassword="password"
|
||||
trustStore="server.keystore"
|
||||
trustStorePassword="password"
|
||||
/>
|
||||
</sslContext>
|
||||
|
||||
<systemUsage>
|
||||
<systemUsage>
|
||||
<memoryUsage>
|
||||
<memoryUsage limit="60 mb" />
|
||||
</memoryUsage>
|
||||
<storeUsage>
|
||||
<storeUsage limit="1 mb" />
|
||||
</storeUsage>
|
||||
<tempUsage>
|
||||
<tempUsage limit="50 mb" />
|
||||
</tempUsage>
|
||||
</systemUsage>
|
||||
</systemUsage>
|
||||
|
||||
<transportConnectors>
|
||||
<transportConnector name="openwire+nio-ssl-2" uri="nio+ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/>
|
||||
</transportConnectors>
|
||||
</broker>
|
||||
</beans>
|
||||
|
||||
Loading…
Reference in New Issue