Apache
/
activemq
mirror of https://github.com/apache/activemq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refactor of the authorization plugin to make it easier to create alternative data structures for capturing the different ACLs; such as a single tree based authorization map 

git-svn-id: https://svn.apache.org/repos/asf/incubator/activemq/trunk@377995 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
James Strachan 2006-02-15 12:38:40 +00:00
parent 4686ec5f0b
commit 9f59397aa3
9 changed files with 440 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
activemq-core/src/main/java/org/apache/activemq/filter/DefaultDestinationMapEntry.java Normal file
View File

@ -0,0 +1,37 @@
/**
*
* Copyright 2005-2006 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.filter;
/**
* A default entry in a DestinationMap which holds a single value.
*
* @org.apache.xbean.XBean element="destinationEntry"
*
* @version $Revision$
*/
public class DefaultDestinationMapEntry extends DestinationMapEntry {
private Object value;
public Object getValue() {
return value;
}
public void setValue(Object value) {
this.value = value;
}
}

27
activemq-core/src/main/java/org/apache/activemq/security/SimpleAuthorizationBroker.java → activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
View File

@ -28,7 +28,6 @@ import org.apache.activemq.command.ConsumerInfo;
import org.apache.activemq.command.Message;
import org.apache.activemq.command.ProducerInfo;
import org.apache.activemq.filter.BooleanExpression;
import org.apache.activemq.filter.DestinationMap;
import org.apache.activemq.filter.MessageEvaluationContext;
import javax.jms.JMSException;
@ -37,22 +36,18 @@ import java.util.Set;
/**
* Verifies if a authenticated user can do an operation against the broker.
* Verifies if a authenticated user can do an operation against the broker using an authorization map.
*
* @version $Revision$
*/
public class SimpleAuthorizationBroker extends BrokerFilter implements SecurityAdminMBean {
public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMBean {
private final DestinationMap writeACLs;
private final DestinationMap readACLs;
private final DestinationMap adminACLs;
private final AuthorizationMap authorizationMap;
private boolean filterReads = true;
public SimpleAuthorizationBroker(Broker next, DestinationMap writeACLs, DestinationMap readACLs, DestinationMap adminACLs) {
public AuthorizationBroker(Broker next, AuthorizationMap authorizationMap) {
super(next);
this.writeACLs = writeACLs;
this.readACLs = readACLs;
this.adminACLs = adminACLs;
this.authorizationMap = authorizationMap;
}
public Destination addDestination(ConnectionContext context, ActiveMQDestination destination) throws Throwable {
@ -64,7 +59,7 @@ public class SimpleAuthorizationBroker extends BrokerFilter implements SecurityA
if( !destination.isTemporary()
|| !((ActiveMQTempDestination)destination).getConnectionId().equals(context.getConnectionId().getValue()) ) {
Set allowedACLs = adminACLs.get(destination);
Set allowedACLs = authorizationMap.getAdminACLs(destination);
if(allowedACLs!=null && !securityContext.isInOneOf(allowedACLs))
throw new SecurityException("User "+securityContext.getUserName()+" is not authorized to create: "+destination);
}
@ -82,7 +77,7 @@ public class SimpleAuthorizationBroker extends BrokerFilter implements SecurityA
if( !destination.isTemporary()
|| !((ActiveMQTempDestination)destination).getConnectionId().equals(context.getConnectionId().getValue()) ) {
Set allowedACLs = adminACLs.get(destination);
Set allowedACLs = authorizationMap.getAdminACLs(destination);
if(allowedACLs!=null && !securityContext.isInOneOf(allowedACLs))
throw new SecurityException("User "+securityContext.getUserName()+" is not authorized to remove: "+destination);
}
@ -96,7 +91,7 @@ public class SimpleAuthorizationBroker extends BrokerFilter implements SecurityA
if( subject == null )
throw new SecurityException("User is not authenticated.");
Set allowedACLs = readACLs.get(info.getDestination());
Set allowedACLs = authorizationMap.getReadACLs(info.getDestination());
if(allowedACLs!=null && !subject.isInOneOf(allowedACLs))
throw new SecurityException("User "+subject.getUserName()+" is not authorized to read from: "+info.getDestination());
subject.getAuthorizedReadDests().put(info.getDestination(), info.getDestination());
@ -108,7 +103,7 @@ public class SimpleAuthorizationBroker extends BrokerFilter implements SecurityA
info.setAdditionalPredicate(new BooleanExpression() {
public boolean matches(MessageEvaluationContext message) throws JMSException {
if( !subject.getAuthorizedReadDests().contains(message.getDestination()) ) {
Set allowedACLs = readACLs.get(message.getDestination());
Set allowedACLs = authorizationMap.getReadACLs(message.getDestination());
if(allowedACLs!=null && !subject.isInOneOf(allowedACLs))
return false;
subject.getAuthorizedReadDests().put(message.getDestination(), message.getDestination());
@ -132,7 +127,7 @@ public class SimpleAuthorizationBroker extends BrokerFilter implements SecurityA
throw new SecurityException("User is not authenticated.");
if( info.getDestination()!=null ) {
Set allowedACLs = writeACLs.get(info.getDestination());
Set allowedACLs = authorizationMap.getWriteACLs(info.getDestination());
if(allowedACLs!=null && !subject.isInOneOf(allowedACLs))
throw new SecurityException("User "+subject.getUserName()+" is not authorized to write to: "+info.getDestination());
subject.getAuthorizedWriteDests().put(info.getDestination(), info.getDestination());
@ -147,7 +142,7 @@ public class SimpleAuthorizationBroker extends BrokerFilter implements SecurityA
throw new SecurityException("User is not authenticated.");
if( !subject.getAuthorizedWriteDests().contains(messageSend.getDestination()) ) {
Set allowedACLs = writeACLs.get(messageSend.getDestination());
Set allowedACLs = authorizationMap.getWriteACLs(messageSend.getDestination());
if(allowedACLs!=null && !subject.isInOneOf(allowedACLs))
throw new SecurityException("User "+subject.getUserName()+" is not authorized to write to: "+messageSend.getDestination());
subject.getAuthorizedWriteDests().put(messageSend.getDestination(), messageSend.getDestination());

63
activemq-core/src/main/java/org/apache/activemq/security/AuthorizationEntry.java Normal file
View File

@ -0,0 +1,63 @@
/**
*
* Copyright 2005-2006 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.security;
import org.apache.activemq.filter.DestinationMapEntry;
import java.util.Collections;
import java.util.Set;
/**
* Represents an entry in a {@link DefaultAuthorizationMap} for assigning
* different operations (read, write, admin) of user roles to a specific
* destination or a hierarchical wildcard area of destinations.
*
* @org.apache.xbean.XBean
*
* @version $Revision$
*/
public class AuthorizationEntry extends DestinationMapEntry {
private Set readACLs = Collections.EMPTY_SET;
private Set writeACLs = Collections.EMPTY_SET;
private Set adminACLs = Collections.EMPTY_SET;
public Set getAdminACLs() {
return adminACLs;
}
public void setAdminACLs(Set adminACLs) {
this.adminACLs = adminACLs;
}
public Set getReadACLs() {
return readACLs;
}
public void setReadACLs(Set readACLs) {
this.readACLs = readACLs;
}
public Set getWriteACLs() {
return writeACLs;
}
public void setWriteACLs(Set writeACLs) {
this.writeACLs = writeACLs;
}
}

44
activemq-core/src/main/java/org/apache/activemq/security/AuthorizationMap.java Normal file
View File

@ -0,0 +1,44 @@
/**
*
* Copyright 2005-2006 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.security;
import org.apache.activemq.command.ActiveMQDestination;
import java.util.Set;
/**
*
* @version $Revision$
*/
public interface AuthorizationMap {
/**
* Returns the set of all ACLs capable of administering the given destination
*/
Set getAdminACLs(ActiveMQDestination destination);
/**
* Returns the set of all ACLs capable of reading (consuming from) the given destination
*/
Set getReadACLs(ActiveMQDestination destination);
/**
* Returns the set of all ACLs capable of writing to the given destination
*/
Set getWriteACLs(ActiveMQDestination destination);
}

56
activemq-core/src/main/java/org/apache/activemq/security/AuthorizationPlugin.java Normal file
View File

@ -0,0 +1,56 @@
/**
*
* Copyright 2005-2006 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.security;
import org.apache.activemq.broker.Broker;
import org.apache.activemq.broker.BrokerPlugin;
/**
* An authorization plugin where each operation on a destination is checked
* against an authorizationMap
*
* @org.apache.xbean.XBean
*
* @version $Revision$
*/
public class AuthorizationPlugin implements BrokerPlugin {
private AuthorizationMap authorizationMap;
public AuthorizationPlugin() {
}
public AuthorizationPlugin(AuthorizationMap authorizationMap) {
this.authorizationMap = authorizationMap;
}
public Broker installPlugin(Broker broker) {
if (authorizationMap == null) {
throw new IllegalArgumentException("You must configure an 'authorizationMap'");
}
return new AuthorizationBroker(broker, authorizationMap);
}
public AuthorizationMap getAuthorizationMap() {
return authorizationMap;
}
public void setAuthorizationMap(AuthorizationMap authorizationMap) {
this.authorizationMap = authorizationMap;
}
}

115
activemq-core/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java Normal file
View File

@ -0,0 +1,115 @@
/**
*
* Copyright 2005-2006 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.security;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.filter.DestinationMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
/**
* Represents a destination based configuration of policies so that individual
* destinations or wildcard hierarchies of destinations can be configured using
* different policies. Each entry in the map represents the authorization ACLs for each operation.
*
* @org.apache.xbean.XBean element="authorizationMap"
*
* @version $Revision$
*/
public class DefaultAuthorizationMap extends DestinationMap implements AuthorizationMap {
private AuthorizationEntry defaultEntry;
public DefaultAuthorizationMap() {
}
public DefaultAuthorizationMap(List authorizationEntries) {
setAuthorizationEntries(authorizationEntries);
}
public Set getAdminACLs(ActiveMQDestination destination) {
Set answer = new HashSet();
Set entries = get(destination);
entries.add(defaultEntry);
// now lets go through each entry adding individual
for (Iterator iter = entries.iterator(); iter.hasNext();) {
AuthorizationEntry entry = (AuthorizationEntry) iter.next();
answer.addAll(entry.getAdminACLs());
}
return answer;
}
public Set getReadACLs(ActiveMQDestination destination) {
Set answer = new HashSet();
Set entries = get(destination);
entries.add(defaultEntry);
// now lets go through each entry adding individual
for (Iterator iter = entries.iterator(); iter.hasNext();) {
AuthorizationEntry entry = (AuthorizationEntry) iter.next();
answer.addAll(entry.getReadACLs());
}
return answer;
}
public Set getWriteACLs(ActiveMQDestination destination) {
Set answer = new HashSet();
Set entries = get(destination);
entries.add(defaultEntry);
// now lets go through each entry adding individual
for (Iterator iter = entries.iterator(); iter.hasNext();) {
AuthorizationEntry entry = (AuthorizationEntry) iter.next();
answer.addAll(entry.getWriteACLs());
}
return answer;
}
public AuthorizationEntry getEntryFor(ActiveMQDestination destination) {
AuthorizationEntry answer = (AuthorizationEntry) chooseValue(destination);
if (answer == null) {
answer = getDefaultEntry();
}
return answer;
}
/**
* Sets the individual entries on the authorization map
*
* @org.apache.xbean.ElementType class="org.apache.activemq.security.AuthorizationEntry"
*/
public void setAuthorizationEntries(List entries) {
super.setEntries(entries);
}
public AuthorizationEntry getDefaultEntry() {
return defaultEntry;
}
public void setDefaultEntry(AuthorizationEntry defaultEntry) {
this.defaultEntry = defaultEntry;
}
protected Class getEntryClass() {
return AuthorizationEntry.class;
}
}

36
activemq-core/src/main/java/org/apache/activemq/security/SimpleAuthorizationPlugin.java → activemq-core/src/main/java/org/apache/activemq/security/SimpleAuthorizationMap.java
View File

@ -16,26 +16,44 @@
*/
package org.apache.activemq.security;
import org.apache.activemq.broker.Broker;
import org.apache.activemq.broker.BrokerPlugin;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.filter.DestinationMap;
import java.util.Set;
/**
* A simple authorization plugin
* An AuthorizationMap which is configured with individual DestinationMaps for
* each operation.
*
* @org.apache.xbean.XBean
*
* @org.apache.xbean.XBean element="simpleAuthorizationPlugin" description="Provides a simple authorization
* plugin where each ACL is a destination map of destinations to role names"
*
* @version $Revision$
*/
public class SimpleAuthorizationPlugin implements BrokerPlugin {
public class SimpleAuthorizationMap implements AuthorizationMap {
private DestinationMap writeACLs;
private DestinationMap readACLs;
private DestinationMap adminACLs;
public Broker installPlugin(Broker broker) {
return new SimpleAuthorizationBroker(broker, writeACLs, readACLs, adminACLs);
public SimpleAuthorizationMap() {
}
public SimpleAuthorizationMap(DestinationMap writeACLs, DestinationMap readACLs, DestinationMap adminACLs) {
this.writeACLs = writeACLs;
this.readACLs = readACLs;
this.adminACLs = adminACLs;
}
public Set getAdminACLs(ActiveMQDestination destination) {
return adminACLs.get(destination);
}
public Set getReadACLs(ActiveMQDestination destination) {
return readACLs.get(destination);
}
public Set getWriteACLs(ActiveMQDestination destination) {
return writeACLs.get(destination);
}
public DestinationMap getAdminACLs() {

189
activemq-core/src/test/java/org/apache/activemq/security/SimpleSecurityBrokerSystemTest.java
View File

@ -34,7 +34,7 @@ import junit.framework.Test;
/**
* Tests that the broker allows/fails access to destinations based on the
* security policy installed on the broker.
*
*
* @version $Revision$
*/
public class SimpleSecurityBrokerSystemTest extends SecurityTestSupport {
@ -46,50 +46,43 @@ public class SimpleSecurityBrokerSystemTest extends SecurityTestSupport {
public BrokerPlugin authorizationPlugin;
public BrokerPlugin authenticationPlugin;
public AuthorizationMap createAuthorizationMap() {
DestinationMap readAccess = new DestinationMap();
readAccess.put(new ActiveMQQueue(">"), admins);
readAccess.put(new ActiveMQQueue("USERS.>"), users);
readAccess.put(new ActiveMQQueue("GUEST.>"), guests);
readAccess.put(new ActiveMQTopic(">"), admins);
readAccess.put(new ActiveMQTopic("USERS.>"), users);
readAccess.put(new ActiveMQTopic("GUEST.>"), guests);
class SimpleAuthorizationFactory implements BrokerPlugin {
public Broker installPlugin(Broker broker) {
DestinationMap writeAccess = new DestinationMap();
writeAccess.put(new ActiveMQQueue(">"), admins);
writeAccess.put(new ActiveMQQueue("USERS.>"), users);
writeAccess.put(new ActiveMQQueue("GUEST.>"), users);
writeAccess.put(new ActiveMQQueue("GUEST.>"), guests);
writeAccess.put(new ActiveMQTopic(">"), admins);
writeAccess.put(new ActiveMQTopic("USERS.>"), users);
writeAccess.put(new ActiveMQTopic("GUEST.>"), users);
writeAccess.put(new ActiveMQTopic("GUEST.>"), guests);
DestinationMap readAccess = new DestinationMap();
readAccess.put(new ActiveMQQueue(">"), admins);
readAccess.put(new ActiveMQQueue("USERS.>"), users);
readAccess.put(new ActiveMQQueue("GUEST.>"), guests);
readAccess.put(new ActiveMQTopic(">"), admins);
readAccess.put(new ActiveMQTopic("USERS.>"), users);
readAccess.put(new ActiveMQTopic("GUEST.>"), guests);
readAccess.put(new ActiveMQTopic("ActiveMQ.Advisory.>"), guests);
readAccess.put(new ActiveMQTopic("ActiveMQ.Advisory.>"), users);
writeAccess.put(new ActiveMQTopic("ActiveMQ.Advisory.>"), guests);
writeAccess.put(new ActiveMQTopic("ActiveMQ.Advisory.>"), users);
DestinationMap writeAccess = new DestinationMap();
writeAccess.put(new ActiveMQQueue(">"), admins);
writeAccess.put(new ActiveMQQueue("USERS.>"), users);
writeAccess.put(new ActiveMQQueue("GUEST.>"), users);
writeAccess.put(new ActiveMQQueue("GUEST.>"), guests);
writeAccess.put(new ActiveMQTopic(">"), admins);
writeAccess.put(new ActiveMQTopic("USERS.>"), users);
writeAccess.put(new ActiveMQTopic("GUEST.>"), users);
writeAccess.put(new ActiveMQTopic("GUEST.>"), guests);
DestinationMap adminAccess = new DestinationMap();
adminAccess.put(new ActiveMQTopic(">"), admins);
adminAccess.put(new ActiveMQTopic(">"), users);
adminAccess.put(new ActiveMQTopic(">"), guests);
adminAccess.put(new ActiveMQQueue(">"), admins);
adminAccess.put(new ActiveMQQueue(">"), users);
adminAccess.put(new ActiveMQQueue(">"), guests);
readAccess.put(new ActiveMQTopic("ActiveMQ.Advisory.>"), guests);
readAccess.put(new ActiveMQTopic("ActiveMQ.Advisory.>"), users);
writeAccess.put(new ActiveMQTopic("ActiveMQ.Advisory.>"), guests);
writeAccess.put(new ActiveMQTopic("ActiveMQ.Advisory.>"), users);
DestinationMap adminAccess = new DestinationMap();
adminAccess.put(new ActiveMQTopic(">"), admins);
adminAccess.put(new ActiveMQTopic(">"), users);
adminAccess.put(new ActiveMQTopic(">"), guests);
adminAccess.put(new ActiveMQQueue(">"), admins);
adminAccess.put(new ActiveMQQueue(">"), users);
adminAccess.put(new ActiveMQQueue(">"), guests);
return new SimpleAuthorizationBroker(broker, writeAccess, readAccess, adminAccess);
}
public String toString() {
return "SimpleAuthorizationBroker";
}
return new SimpleAuthorizationMap(writeAccess, readAccess, adminAccess);
}
class SimpleAuthenticationFactory implements BrokerPlugin {
public Broker installPlugin(Broker broker) {
public Broker installPlugin(Broker broker) {
HashMap u = new HashMap();
u.put("system", "manager");
@ -97,12 +90,13 @@ public class SimpleSecurityBrokerSystemTest extends SecurityTestSupport {
u.put("guest", "password");
HashMap groups = new HashMap();
groups.put("system", new HashSet(Arrays.asList(new Object[]{admins, users})));
groups.put("user", new HashSet(Arrays.asList(new Object[]{users})));
groups.put("guest", new HashSet(Arrays.asList(new Object[]{guests})));
groups.put("system", new HashSet(Arrays.asList(new Object[] { admins, users })));
groups.put("user", new HashSet(Arrays.asList(new Object[] { users })));
groups.put("guest", new HashSet(Arrays.asList(new Object[] { guests })));
return new SimpleAuthenticationBroker(broker, u, groups);
}
public String toString() {
return "SimpleAuthenticationBroker";
}
@ -110,14 +104,14 @@ public class SimpleSecurityBrokerSystemTest extends SecurityTestSupport {
static {
String path = System.getProperty("java.security.auth.login.config");
if( path == null ) {
if (path == null) {
URL resource = SimpleSecurityBrokerSystemTest.class.getClassLoader().getResource("login.config");
if( resource!=null ) {
if (resource != null) {
path = resource.getFile();
System.setProperty("java.security.auth.login.config", path);
}
}
System.out.println("Path to login config: "+path);
System.out.println("Path to login config: " + path);
}
public static Test suite() {
@ -129,96 +123,71 @@ public class SimpleSecurityBrokerSystemTest extends SecurityTestSupport {
}
public void initCombos() {
addCombinationValues("authorizationPlugin", new Object[] {
new SimpleAuthorizationFactory(),
});
addCombinationValues("authenticationPlugin", new Object[] {
new SimpleAuthenticationFactory(),
new JassAuthenticationPlugin(),
});
addCombinationValues("authorizationPlugin", new Object[] { new AuthorizationPlugin(createAuthorizationMap()), });
addCombinationValues("authenticationPlugin", new Object[] { new SimpleAuthenticationFactory(), new JassAuthenticationPlugin(), });
}
protected BrokerService createBroker() throws Exception {
BrokerService broker = new BrokerService();
broker.setPlugins(new BrokerPlugin[] {authorizationPlugin, authenticationPlugin});
broker.setPlugins(new BrokerPlugin[] { authorizationPlugin, authenticationPlugin });
broker.setPersistent(false);
return broker;
}
public void initCombosForTestUserReceiveFails() {
addCombinationValues("userName", new Object[] {"user"});
addCombinationValues("password", new Object[] {"password"});
addCombinationValues("destination", new Object[] {
new ActiveMQQueue("TEST"),
new ActiveMQTopic("TEST"),
new ActiveMQQueue("GUEST.BAR"),
new ActiveMQTopic("GUEST.BAR"),
});
addCombinationValues("userName", new Object[] { "user" });
addCombinationValues("password", new Object[] { "password" });
addCombinationValues("destination", new Object[] { new ActiveMQQueue("TEST"), new ActiveMQTopic("TEST"), new ActiveMQQueue("GUEST.BAR"),
new ActiveMQTopic("GUEST.BAR"), });
}
public void initCombosForTestInvalidAuthentication() {
addCombinationValues("userName", new Object[] {"user"});
addCombinationValues("password", new Object[] {"password"});
addCombinationValues("userName", new Object[] { "user" });
addCombinationValues("password", new Object[] { "password" });
}
public void initCombosForTestUserReceiveSucceeds() {
addCombinationValues("userName", new Object[] {"user"});
addCombinationValues("password", new Object[] {"password"});
addCombinationValues("destination", new Object[] {
new ActiveMQQueue("USERS.FOO"),
new ActiveMQTopic("USERS.FOO"),
});
addCombinationValues("userName", new Object[] { "user" });
addCombinationValues("password", new Object[] { "password" });
addCombinationValues("destination", new Object[] { new ActiveMQQueue("USERS.FOO"), new ActiveMQTopic("USERS.FOO"), });
}
public void initCombosForTestGuestReceiveSucceeds() {
addCombinationValues("userName", new Object[] {"guest"});
addCombinationValues("password", new Object[] {"password"});
addCombinationValues("destination", new Object[] {
new ActiveMQQueue("GUEST.BAR"),
new ActiveMQTopic("GUEST.BAR"),
});
addCombinationValues("userName", new Object[] { "guest" });
addCombinationValues("password", new Object[] { "password" });
addCombinationValues("destination", new Object[] { new ActiveMQQueue("GUEST.BAR"), new ActiveMQTopic("GUEST.BAR"), });
}
public void initCombosForTestGuestReceiveFails() {
addCombinationValues("userName", new Object[] {"guest"});
addCombinationValues("password", new Object[] {"password"});
addCombinationValues("destination", new Object[] {
new ActiveMQQueue("TEST"),
new ActiveMQTopic("TEST"),
new ActiveMQQueue("USERS.FOO"),
new ActiveMQTopic("USERS.FOO"),
});
addCombinationValues("userName", new Object[] { "guest" });
addCombinationValues("password", new Object[] { "password" });
addCombinationValues("destination", new Object[] { new ActiveMQQueue("TEST"), new ActiveMQTopic("TEST"), new ActiveMQQueue("USERS.FOO"),
new ActiveMQTopic("USERS.FOO"), });
}
public void initCombosForTestUserSendSucceeds() {
addCombinationValues("userName", new Object[] {"user"});
addCombinationValues("password", new Object[] {"password"});
addCombinationValues("destination", new Object[] {
new ActiveMQQueue("USERS.FOO"),
new ActiveMQQueue("GUEST.BAR"),
new ActiveMQTopic("USERS.FOO"),
new ActiveMQTopic("GUEST.BAR"),
});
addCombinationValues("userName", new Object[] { "user" });
addCombinationValues("password", new Object[] { "password" });
addCombinationValues("destination", new Object[] { new ActiveMQQueue("USERS.FOO"), new ActiveMQQueue("GUEST.BAR"), new ActiveMQTopic("USERS.FOO"),
new ActiveMQTopic("GUEST.BAR"), });
}
public void initCombosForTestUserSendFails() {
addCombinationValues("userName", new Object[] {"user"});
addCombinationValues("password", new Object[] {"password"});
addCombinationValues("destination", new Object[] {
new ActiveMQQueue("TEST"),
new ActiveMQTopic("TEST"),
});
addCombinationValues("userName", new Object[] { "user" });
addCombinationValues("password", new Object[] { "password" });
addCombinationValues("destination", new Object[] { new ActiveMQQueue("TEST"), new ActiveMQTopic("TEST"), });
}
public void initCombosForTestGuestSendFails() {
addCombinationValues("userName", new Object[] {"guest"});
addCombinationValues("password", new Object[] {"password"});
addCombinationValues("destination", new Object[] {
new ActiveMQQueue("TEST"),
new ActiveMQTopic("TEST"),
new ActiveMQQueue("USERS.FOO"),
new ActiveMQTopic("USERS.FOO"),
});
addCombinationValues("userName", new Object[] { "guest" });
addCombinationValues("password", new Object[] { "password" });
addCombinationValues("destination", new Object[] { new ActiveMQQueue("TEST"), new ActiveMQTopic("TEST"), new ActiveMQQueue("USERS.FOO"),
new ActiveMQTopic("USERS.FOO"), });
}
public void initCombosForTestGuestSendSucceeds() {
addCombinationValues("userName", new Object[] {"guest"});
addCombinationValues("password", new Object[] {"password"});
addCombinationValues("destination", new Object[] {
new ActiveMQQueue("GUEST.BAR"),
new ActiveMQTopic("GUEST.BAR"),
});
addCombinationValues("userName", new Object[] { "guest" });
addCombinationValues("password", new Object[] { "password" });
addCombinationValues("destination", new Object[] { new ActiveMQQueue("GUEST.BAR"), new ActiveMQTopic("GUEST.BAR"), });
}
}

8
activemq-core/src/test/resources/org/apache/activemq/security/jaas-broker.xml
View File

@ -24,6 +24,14 @@
<plugins>
<!-- use JAAS to authenticate using the login.config file on the classpath to configure JAAS -->
<jassAuthenticationPlugin configuration="activemq-domain"/>
<!-- lets configure a simple authorization mechanism -->
<authorizationPlugin>
<authorizationEntries>
<authorizationEntry topic=">" read="" write="" admin=""/>
<authorizationEntry queue=">" read="" write="" admin=""/>
</authorizationEntries>
</authorizationPlugin>
</plugins>
</broker>