fix for https://issues.apache.org/activemq/browse/AMQ-2232 - jmx operations on secured broker

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@781022 13f79535-47bb-0310-9956-ffa450edef68

activemq-core/src/main/java/org/apache/activemq/broker/jmx/DestinationView.java

@@ -253,7 +253,7 @@ public class DestinationView implements DestinationViewMBean {
     }
 
     public String sendTextMessage(String body, String user, String password) throws Exception {
-        return sendTextMessage(Collections.EMPTY_MAP,body,null,null);
+        return sendTextMessage(Collections.EMPTY_MAP,body,user,password);
     }
 
     public String sendTextMessage(Map headers, String body,String userName,String password) throws Exception {

activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java

@@ -87,7 +87,7 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
             allowedACLs = authorizationMap.getTempDestinationAdminACLs();
         }
 
-        if (allowedACLs != null && !securityContext.isInOneOf(allowedACLs)) {
+        if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs)) {
             throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to remove: " + destination);
         }
         super.removeDestination(context, destination, timeout);
@@ -106,7 +106,7 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
             allowedACLs = authorizationMap.getTempDestinationReadACLs();
         }
 
-        if (allowedACLs != null && !subject.isInOneOf(allowedACLs)) {
+        if (!subject.isBrokerContext() && allowedACLs != null && !subject.isInOneOf(allowedACLs)) {
             throw new SecurityException("User " + subject.getUserName() + " is not authorized to read from: " + info.getDestination());
         }
         subject.getAuthorizedReadDests().put(info.getDestination(), info.getDestination());
@@ -141,7 +141,7 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
         if (subject == null) {
             throw new SecurityException("User is not authenticated.");
         }
-        if (info.getDestination() != null) {
+        if (!subject.isBrokerContext() && info.getDestination() != null) {
 
             Set<?> allowedACLs = null;
             if (!info.getDestination().isTemporary()) {
@@ -163,7 +163,7 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
         if (subject == null) {
             throw new SecurityException("User is not authenticated.");
         }
-        if (!subject.getAuthorizedWriteDests().contains(messageSend.getDestination())) {
+        if (!subject.isBrokerContext() && !subject.getAuthorizedWriteDests().contains(messageSend.getDestination())) {
 
             Set<?> allowedACLs = null;
             if (!messageSend.getDestination().isTemporary()) {

activemq-core/src/test/java/org/apache/activemq/security/SecurityJMXTest.java

@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.security;
+
+
+import java.net.URI;
+import java.util.HashMap;
+
+import javax.management.MBeanServerConnection;
+import javax.management.MBeanServerInvocationHandler;
+import javax.management.ObjectName;
+import javax.management.remote.JMXConnector;
+import javax.management.remote.JMXConnectorFactory;
+import javax.management.remote.JMXServiceURL;
+
+import junit.framework.TestCase;
+
+import org.apache.activemq.broker.BrokerFactory;
+import org.apache.activemq.broker.BrokerService;
+import org.apache.activemq.broker.jmx.QueueViewMBean;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class SecurityJMXTest extends TestCase {
+	
+	private static final Log LOG = LogFactory.getLog(SimpleAuthenticationPluginTest.class);
+	private BrokerService broker; 
+	
+	public void setUp() throws Exception {
+		broker = createBroker();
+		Thread.sleep(500);
+	}
+
+	public void tearDown() throws Exception {
+	}
+
+	public void testMoveMessages() throws Exception {
+		JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi");
+		JMXConnector connector = JMXConnectorFactory.connect(url, null);
+		connector.connect();
+		MBeanServerConnection connection = connector.getMBeanServerConnection();
+		ObjectName name = new ObjectName("org.apache.activemq:BrokerName=localhost,Type=Queue,Destination=TEST.Q");
+		QueueViewMBean queueMbean = (QueueViewMBean) MBeanServerInvocationHandler.newProxyInstance(connection, name, QueueViewMBean.class, true);
+		String msgId = queueMbean.sendTextMessage("test", "system", "manager");
+		queueMbean.moveMessageTo(msgId, "TEST1.Q");
+	}
+	
+    protected BrokerService createBroker() throws Exception {
+        return createBroker("org/apache/activemq/security/simple-auth-broker.xml");
+    }
+
+    protected BrokerService createBroker(String uri) throws Exception {
+        LOG.info("Loading broker configuration from the classpath with URI: " + uri);
+        return BrokerFactory.createBroker(new URI("xbean:" + uri));
+    }
+	
+}

activemq-core/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml

@@ -21,7 +21,7 @@
 <beans>
   <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
 
-  <broker useJmx="false" persistent="false" xmlns="http://activemq.apache.org/schema/core" populateJMSXUserID="true">
+  <broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core" populateJMSXUserID="true">
 
     <destinations>
       <queue physicalName="TEST.Q" />