From 7646526c0a6bf406e66751a7f1be8af353462c13 Mon Sep 17 00:00:00 2001 From: Dejan Bosanac Date: Mon, 14 Apr 2014 17:03:54 +0200 Subject: [PATCH] https://issues.apache.org/jira/browse/AMQ-5141 - send messages to dlq using broker security context --- .../activemq/broker/region/RegionBroker.java | 7 +- .../broker/policy/DeadLetterTestSupport.java | 2 +- .../activemq/broker/policy/SecureDLQTest.java | 131 ++++++++++++++++++ .../SimpleSecurityBrokerSystemTest.java | 10 +- 4 files changed, 141 insertions(+), 9 deletions(-) create mode 100644 activemq-unit-tests/src/test/java/org/apache/activemq/broker/policy/SecureDLQTest.java diff --git a/activemq-broker/src/main/java/org/apache/activemq/broker/region/RegionBroker.java b/activemq-broker/src/main/java/org/apache/activemq/broker/region/RegionBroker.java index dd0e63b605..46c6de14f5 100755 --- a/activemq-broker/src/main/java/org/apache/activemq/broker/region/RegionBroker.java +++ b/activemq-broker/src/main/java/org/apache/activemq/broker/region/RegionBroker.java @@ -742,10 +742,11 @@ public class RegionBroker extends EmptyBroker { // it is only populated if the message is routed to // another destination like the DLQ ActiveMQDestination deadLetterDestination = deadLetterStrategy.getDeadLetterQueueFor(message, subscription); - if (context.getBroker() == null) { - context.setBroker(getRoot()); + ConnectionContext adminContext = context; + if (context.getSecurityContext() == null || !context.getSecurityContext().isBrokerContext()) { + adminContext = BrokerSupport.getConnectionContext(this); } - BrokerSupport.resendNoCopy(context, message, deadLetterDestination); + BrokerSupport.resendNoCopy(adminContext, message, deadLetterDestination); return true; } } else { diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/broker/policy/DeadLetterTestSupport.java b/activemq-unit-tests/src/test/java/org/apache/activemq/broker/policy/DeadLetterTestSupport.java index 13be9dda28..b275f2ea39 100755 --- a/activemq-unit-tests/src/test/java/org/apache/activemq/broker/policy/DeadLetterTestSupport.java +++ b/activemq-unit-tests/src/test/java/org/apache/activemq/broker/policy/DeadLetterTestSupport.java @@ -111,7 +111,7 @@ public abstract class DeadLetterTestSupport extends TestSupport { } } - protected void makeDlqConsumer() throws JMSException { + protected void makeDlqConsumer() throws Exception { dlqDestination = createDlqDestination(); LOG.info("Consuming from dead letter on: " + dlqDestination); diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/broker/policy/SecureDLQTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/broker/policy/SecureDLQTest.java new file mode 100644 index 0000000000..9d656e891c --- /dev/null +++ b/activemq-unit-tests/src/test/java/org/apache/activemq/broker/policy/SecureDLQTest.java @@ -0,0 +1,131 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.broker.policy; + +import org.apache.activemq.broker.BrokerPlugin; +import org.apache.activemq.broker.BrokerService; +import org.apache.activemq.command.ActiveMQQueue; +import org.apache.activemq.command.ActiveMQTopic; +import org.apache.activemq.filter.DestinationMap; +import org.apache.activemq.security.*; + +import javax.jms.*; + +import static org.apache.activemq.security.SimpleSecurityBrokerSystemTest.*; + +public class SecureDLQTest extends DeadLetterTestSupport { + + Connection dlqConnection; + Session dlqSession; + + public static AuthorizationMap createAuthorizationMap() { + DestinationMap readAccess = new DefaultAuthorizationMap(); + readAccess.put(new ActiveMQQueue("TEST"), ADMINS); + readAccess.put(new ActiveMQQueue("TEST"), USERS); + readAccess.put(new ActiveMQQueue("ActiveMQ.DLQ"), ADMINS); + + DestinationMap writeAccess = new DefaultAuthorizationMap(); + writeAccess.put(new ActiveMQQueue("TEST"), ADMINS); + writeAccess.put(new ActiveMQQueue("TEST"), USERS); + writeAccess.put(new ActiveMQQueue("ActiveMQ.DLQ"), ADMINS); + + readAccess.put(new ActiveMQTopic("ActiveMQ.Advisory.>"), WILDCARD); + writeAccess.put(new ActiveMQTopic("ActiveMQ.Advisory.>"), WILDCARD); + + DestinationMap adminAccess = new DefaultAuthorizationMap(); + adminAccess.put(new ActiveMQQueue("TEST"), ADMINS); + adminAccess.put(new ActiveMQQueue("TEST"), USERS); + adminAccess.put(new ActiveMQQueue("ActiveMQ.DLQ"), ADMINS); + adminAccess.put(new ActiveMQTopic("ActiveMQ.Advisory.>"), WILDCARD); + + return new SimpleAuthorizationMap(writeAccess, readAccess, adminAccess); + } + + @Override + protected BrokerService createBroker() throws Exception { + BrokerService broker = super.createBroker(); + AuthorizationPlugin authorizationPlugin = new AuthorizationPlugin(createAuthorizationMap()); + + broker.setPlugins(new BrokerPlugin[] {authorizationPlugin, new SimpleSecurityBrokerSystemTest.SimpleAuthenticationFactory()}); + return broker; + } + + // lets disable the inapplicable tests + public void testTransientTopicMessage() throws Exception { + } + + public void testDurableTopicMessage() throws Exception { + } + + @Override + protected void doTest() throws Exception { + timeToLive = 1000; + acknowledgeMode = Session.CLIENT_ACKNOWLEDGE; + makeConsumer(); + sendMessages(); + Thread.sleep(1000); + consumer.close(); + + Thread.sleep(1000); + // this should try to send expired messages to dlq + makeConsumer(); + + makeDlqConsumer(); + for (int i = 0; i < messageCount; i++) { + Message msg = dlqConsumer.receive(1000); + assertMessage(msg, i); + assertNotNull("Should be a DLQ message for loop: " + i, msg); + } + + } + + @Override + public void tearDown() throws Exception { + super.tearDown(); + if (dlqSession != null) { + dlqSession.close(); + } + if (dlqConsumer != null) { + dlqConsumer.close(); + } + } + + @Override + protected Connection createConnection() throws Exception { + return getConnectionFactory().createConnection("user", "password"); + } + + @Override + protected void makeDlqConsumer() throws Exception { + dlqDestination = createDlqDestination(); + dlqConnection = getConnectionFactory().createConnection("system", "manager"); + dlqConnection.start(); + dlqSession = dlqConnection.createSession(false, Session.AUTO_ACKNOWLEDGE); + + dlqConsumer = dlqSession.createConsumer(dlqDestination); + } + + @Override + protected Destination createDlqDestination() { + return new ActiveMQQueue("ActiveMQ.DLQ"); + } + + @Override + protected String getDestinationString() { + return "TEST"; + } +} diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/security/SimpleSecurityBrokerSystemTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/security/SimpleSecurityBrokerSystemTest.java index 09d96b7ce5..d5f8b80ccb 100644 --- a/activemq-unit-tests/src/test/java/org/apache/activemq/security/SimpleSecurityBrokerSystemTest.java +++ b/activemq-unit-tests/src/test/java/org/apache/activemq/security/SimpleSecurityBrokerSystemTest.java @@ -52,10 +52,10 @@ import javax.management.openmbean.CompositeData; public class SimpleSecurityBrokerSystemTest extends SecurityTestSupport { private static final Logger LOG = LoggerFactory.getLogger(SimpleSecurityBrokerSystemTest.class); - static final GroupPrincipal GUESTS = new GroupPrincipal("guests"); - static final GroupPrincipal USERS = new GroupPrincipal("users"); - static final GroupPrincipal ADMINS = new GroupPrincipal("admins"); - static Principal WILDCARD; + public static final GroupPrincipal GUESTS = new GroupPrincipal("guests"); + public static final GroupPrincipal USERS = new GroupPrincipal("users"); + public static final GroupPrincipal ADMINS = new GroupPrincipal("admins"); + public static Principal WILDCARD; static { try { WILDCARD = (Principal) DefaultAuthorizationMap.createGroupPrincipal("*", GroupPrincipal.class.getName()); @@ -144,7 +144,7 @@ public class SimpleSecurityBrokerSystemTest extends SecurityTestSupport { return new SimpleAuthorizationMap(writeAccess, readAccess, adminAccess); } - static class SimpleAuthenticationFactory implements BrokerPlugin { + public static class SimpleAuthenticationFactory implements BrokerPlugin { public Broker installPlugin(Broker broker) { HashMap u = new HashMap();