From c1e94c615859ee9f61c3c16d00cf87369ea40317 Mon Sep 17 00:00:00 2001
From: gtully <gary.tully@gmail.com>
Date: Wed, 5 Oct 2016 17:07:20 +0100
Subject: [PATCH] NO-JIRA - remove info logging of config mods, add sanity test
 of mod to write acl for authorization plugin

---
 .../plugin/DefaultConfigurationProcessor.java |  2 +-
 .../activemq/AbstractAuthorizationTest.java   | 21 +++++++
 .../apache/activemq/AuthorizationTest.java    | 17 ++++++
 ...uthorizationTest-users-add-write-guest.xml | 55 +++++++++++++++++++
 4 files changed, 94 insertions(+), 1 deletion(-)
 create mode 100644 activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml

diff --git a/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java b/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java
index fddfe48de9..1e539ed822 100644
--- a/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java
+++ b/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java
@@ -96,7 +96,7 @@ public class DefaultConfigurationProcessor implements ConfigurationProcessor {
             Object existing = current.get(currentIndex);
             Object candidate = modification.get(modIndex);
             if (!existing.equals(candidate)) {
-                plugin.info("modification to:" + existing + " , with: " + candidate);
+                plugin.debug("modification to:" + existing + " , with: " + candidate);
                 ConfigurationProcessor processor = findProcessor(existing);
                 if (processor != null) {
                     processor.modify(existing, candidate);
diff --git a/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java b/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java
index 286d7c1379..a394073da2 100644
--- a/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java
+++ b/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java
@@ -64,4 +64,25 @@ public abstract class AbstractAuthorizationTest extends RuntimeConfigTestSupport
         }
     }
 
+    protected void assertAllowedWrite(String userPass, String dest) throws JMSException {
+        ActiveMQConnection connection = new ActiveMQConnectionFactory("vm://localhost").createActiveMQConnection(userPass, userPass);
+        connection.start();
+        try {
+            Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+            session.createProducer(session.createQueue(dest)).send(session.createTextMessage());
+        } finally {
+            connection.close();
+        }
+    }
+
+    protected void assertDeniedWrite(String userPass, String destination) {
+        try {
+            assertAllowedWrite(userPass, destination);
+            fail("Expected not allowed exception");
+        } catch (JMSException expected) {
+            LOG.debug("got:" + expected, expected);
+        }
+    }
+
+
 }
diff --git a/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java b/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
index 0b933e9de3..3a8b7c634b 100644
--- a/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
+++ b/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java
@@ -34,6 +34,7 @@ public class AuthorizationTest extends AbstractAuthorizationTest {
 
         assertAllowed("user", "USERS.A");
         assertDenied("user", "GUESTS.A");
+        assertDenied("guest", "GUESTS.A");
 
         assertDeniedTemp("guest");
 
@@ -65,6 +66,22 @@ public class AuthorizationTest extends AbstractAuthorizationTest {
         assertDeniedTemp("guest");
     }
 
+    @Test
+    public void testModAddWrite() throws Exception {
+        final String brokerConfig = configurationSeed + "-auth-rm-broker";
+        applyNewConfig(brokerConfig, configurationSeed + "-users");
+        startBroker(brokerConfig);
+        assertTrue("broker alive", brokerService.isStarted());
+
+        assertAllowedWrite("user", "USERS.A");
+        assertDeniedWrite("guest", "USERS.A");
+
+        applyNewConfig(brokerConfig, configurationSeed + "-users-add-write-guest", SLEEP);
+
+        assertAllowedWrite("user", "USERS.A");
+        assertAllowedWrite("guest", "USERS.A");
+    }
+
     @Test
     public void testWildcard() throws Exception {
         final String brokerConfig = configurationSeed + "-auth-broker";
diff --git a/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml b/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml
new file mode 100644
index 0000000000..646f158b26
--- /dev/null
+++ b/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<beans
+        xmlns="http://www.springframework.org/schema/beans"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+  http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+
+  <broker xmlns="http://activemq.apache.org/schema/core" start="false" persistent="false">
+    <plugins>
+      <runtimeConfigurationPlugin checkPeriod="1000"/>
+
+      <!--  use JAAS to authenticate using the login.config file on the classpath to configure JAAS -->
+      <jaasAuthenticationPlugin configuration="activemq-domain"/>
+
+      <!--  lets configure a destination based authorization mechanism -->
+      <authorizationPlugin>
+        <map>
+          <authorizationMap>
+            <authorizationEntries>
+              <authorizationEntry queue=">" read="admins" write="admins" admin="admins"/>
+              <authorizationEntry queue="USERS.>" read="users" write="users,guests" admin="users"/>
+
+              <authorizationEntry topic=">" read="admins" write="admins" admin="admins"/>
+              <authorizationEntry topic="USERS.>" read="users" write="users" admin="users"/>
+
+              <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users"
+                                  admin="guests,users"/>
+            </authorizationEntries>
+
+            <tempDestinationAuthorizationEntry>
+              <tempDestinationAuthorizationEntry read="tempDestinationAdmins" write="tempDestinationAdmins"
+                                                 admin="tempDestinationAdmins"/>
+            </tempDestinationAuthorizationEntry>
+          </authorizationMap>
+        </map>
+      </authorizationPlugin>
+    </plugins>
+  </broker>
+</beans>