Apache
/
activemq
mirror of https://github.com/apache/activemq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

https://issues.apache.org/jira/browse/AMQ-5644 - authorization map for wildcard subscriptions

This commit is contained in:
Dejan Bosanac 2015-03-06 15:33:55 +01:00
parent ad39fc00fb
commit 7777744dc2
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java
View File

@ -26,6 +26,7 @@ import java.util.List;
import java.util.Set; import java.util.Set;
import org.apache.activemq.command.ActiveMQDestination; import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.filter.DestinationFilter;
import org.apache.activemq.filter.DestinationMap; import org.apache.activemq.filter.DestinationMap;
import org.apache.activemq.filter.DestinationMapEntry; import org.apache.activemq.filter.DestinationMapEntry;
@ -170,7 +171,19 @@ public class DefaultAuthorizationMap extends DestinationMap implements Authoriza
} }
return answer; return answer;
} }
return findWildcardMatches(key);
Set answer = findWildcardMatches(key);
if (key.isPattern()) {
for (Iterator<Object> iterator = answer.iterator(); iterator.hasNext(); ) {
AuthorizationEntry entry = (AuthorizationEntry)iterator.next();
DestinationFilter filter = DestinationFilter.parseFilter(entry.getDestination());
if (!filter.matches(key)) {
iterator.remove();
}
}
}
return answer;
} }

18
activemq-unit-tests/src/test/java/org/apache/activemq/security/AuthorizationMapTest.java
View File

@ -89,6 +89,24 @@ public class AuthorizationMapTest extends TestCase {
assertTrue("Contains users group", tempAdminACLs.contains(TEMP_DESTINATION_ADMINS)); assertTrue("Contains users group", tempAdminACLs.contains(TEMP_DESTINATION_ADMINS));
} }
public void testWildcardSubscriptions() {
AuthorizationMap map = createAuthorizationMap();
Set<?> readACLs = map.getReadACLs(new ActiveMQQueue(">"));
assertEquals("set size: " + readACLs, 1, readACLs.size());
assertTrue("Contains admins group", readACLs.contains(ADMINS));
assertFalse("Contains users group", readACLs.contains(USERS));
readACLs = map.getReadACLs(new ActiveMQQueue("USERS.>"));
assertEquals("set size: " + readACLs, 2, readACLs.size());
assertTrue("Contains admins group", readACLs.contains(ADMINS));
assertTrue("Contains users group", readACLs.contains(USERS));
readACLs = map.getReadACLs(new ActiveMQQueue("USERS.FOO.>"));
assertEquals("set size: " + readACLs, 2, readACLs.size());
assertTrue("Contains admins group", readACLs.contains(ADMINS));
assertTrue("Contains users group", readACLs.contains(USERS));
}
protected AuthorizationMap createWildcardAuthorizationMap() { protected AuthorizationMap createWildcardAuthorizationMap() {
DefaultAuthorizationMap answer = new DefaultAuthorizationMap(); DefaultAuthorizationMap answer = new DefaultAuthorizationMap();