mirror of https://github.com/apache/activemq.git
fix for https://issues.apache.org/activemq/browse/AMQ-2232 - jmx operations on secured broker
git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@781022 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
33e05c7f67
commit
c43eda363b
|
@ -253,7 +253,7 @@ public class DestinationView implements DestinationViewMBean {
|
|||
}
|
||||
|
||||
public String sendTextMessage(String body, String user, String password) throws Exception {
|
||||
return sendTextMessage(Collections.EMPTY_MAP,body,null,null);
|
||||
return sendTextMessage(Collections.EMPTY_MAP,body,user,password);
|
||||
}
|
||||
|
||||
public String sendTextMessage(Map headers, String body,String userName,String password) throws Exception {
|
||||
|
|
|
@ -87,7 +87,7 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
|
|||
allowedACLs = authorizationMap.getTempDestinationAdminACLs();
|
||||
}
|
||||
|
||||
if (allowedACLs != null && !securityContext.isInOneOf(allowedACLs)) {
|
||||
if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs)) {
|
||||
throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to remove: " + destination);
|
||||
}
|
||||
super.removeDestination(context, destination, timeout);
|
||||
|
@ -106,7 +106,7 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
|
|||
allowedACLs = authorizationMap.getTempDestinationReadACLs();
|
||||
}
|
||||
|
||||
if (allowedACLs != null && !subject.isInOneOf(allowedACLs)) {
|
||||
if (!subject.isBrokerContext() && allowedACLs != null && !subject.isInOneOf(allowedACLs)) {
|
||||
throw new SecurityException("User " + subject.getUserName() + " is not authorized to read from: " + info.getDestination());
|
||||
}
|
||||
subject.getAuthorizedReadDests().put(info.getDestination(), info.getDestination());
|
||||
|
@ -141,7 +141,7 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
|
|||
if (subject == null) {
|
||||
throw new SecurityException("User is not authenticated.");
|
||||
}
|
||||
if (info.getDestination() != null) {
|
||||
if (!subject.isBrokerContext() && info.getDestination() != null) {
|
||||
|
||||
Set<?> allowedACLs = null;
|
||||
if (!info.getDestination().isTemporary()) {
|
||||
|
@ -163,7 +163,7 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
|
|||
if (subject == null) {
|
||||
throw new SecurityException("User is not authenticated.");
|
||||
}
|
||||
if (!subject.getAuthorizedWriteDests().contains(messageSend.getDestination())) {
|
||||
if (!subject.isBrokerContext() && !subject.getAuthorizedWriteDests().contains(messageSend.getDestination())) {
|
||||
|
||||
Set<?> allowedACLs = null;
|
||||
if (!messageSend.getDestination().isTemporary()) {
|
||||
|
|
|
@ -0,0 +1,71 @@
|
|||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.activemq.security;
|
||||
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.HashMap;
|
||||
|
||||
import javax.management.MBeanServerConnection;
|
||||
import javax.management.MBeanServerInvocationHandler;
|
||||
import javax.management.ObjectName;
|
||||
import javax.management.remote.JMXConnector;
|
||||
import javax.management.remote.JMXConnectorFactory;
|
||||
import javax.management.remote.JMXServiceURL;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.apache.activemq.broker.BrokerFactory;
|
||||
import org.apache.activemq.broker.BrokerService;
|
||||
import org.apache.activemq.broker.jmx.QueueViewMBean;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
public class SecurityJMXTest extends TestCase {
|
||||
|
||||
private static final Log LOG = LogFactory.getLog(SimpleAuthenticationPluginTest.class);
|
||||
private BrokerService broker;
|
||||
|
||||
public void setUp() throws Exception {
|
||||
broker = createBroker();
|
||||
Thread.sleep(500);
|
||||
}
|
||||
|
||||
public void tearDown() throws Exception {
|
||||
}
|
||||
|
||||
public void testMoveMessages() throws Exception {
|
||||
JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi");
|
||||
JMXConnector connector = JMXConnectorFactory.connect(url, null);
|
||||
connector.connect();
|
||||
MBeanServerConnection connection = connector.getMBeanServerConnection();
|
||||
ObjectName name = new ObjectName("org.apache.activemq:BrokerName=localhost,Type=Queue,Destination=TEST.Q");
|
||||
QueueViewMBean queueMbean = (QueueViewMBean) MBeanServerInvocationHandler.newProxyInstance(connection, name, QueueViewMBean.class, true);
|
||||
String msgId = queueMbean.sendTextMessage("test", "system", "manager");
|
||||
queueMbean.moveMessageTo(msgId, "TEST1.Q");
|
||||
}
|
||||
|
||||
protected BrokerService createBroker() throws Exception {
|
||||
return createBroker("org/apache/activemq/security/simple-auth-broker.xml");
|
||||
}
|
||||
|
||||
protected BrokerService createBroker(String uri) throws Exception {
|
||||
LOG.info("Loading broker configuration from the classpath with URI: " + uri);
|
||||
return BrokerFactory.createBroker(new URI("xbean:" + uri));
|
||||
}
|
||||
|
||||
}
|
|
@ -21,7 +21,7 @@
|
|||
<beans>
|
||||
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
|
||||
|
||||
<broker useJmx="false" persistent="false" xmlns="http://activemq.apache.org/schema/core" populateJMSXUserID="true">
|
||||
<broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core" populateJMSXUserID="true">
|
||||
|
||||
<destinations>
|
||||
<queue physicalName="TEST.Q" />
|
||||
|
|
Loading…
Reference in New Issue