fix for https://issues.apache.org/activemq/browse/AMQ-2232 - jmx operations on secured broker

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@781022 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Bosanac Dejan 2009-06-02 12:48:47 +00:00
parent 33e05c7f67
commit c43eda363b
4 changed files with 77 additions and 6 deletions

View File

@ -253,7 +253,7 @@ public class DestinationView implements DestinationViewMBean {
}
public String sendTextMessage(String body, String user, String password) throws Exception {
return sendTextMessage(Collections.EMPTY_MAP,body,null,null);
return sendTextMessage(Collections.EMPTY_MAP,body,user,password);
}
public String sendTextMessage(Map headers, String body,String userName,String password) throws Exception {

View File

@ -87,7 +87,7 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
allowedACLs = authorizationMap.getTempDestinationAdminACLs();
}
if (allowedACLs != null && !securityContext.isInOneOf(allowedACLs)) {
if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs)) {
throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to remove: " + destination);
}
super.removeDestination(context, destination, timeout);
@ -106,7 +106,7 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
allowedACLs = authorizationMap.getTempDestinationReadACLs();
}
if (allowedACLs != null && !subject.isInOneOf(allowedACLs)) {
if (!subject.isBrokerContext() && allowedACLs != null && !subject.isInOneOf(allowedACLs)) {
throw new SecurityException("User " + subject.getUserName() + " is not authorized to read from: " + info.getDestination());
}
subject.getAuthorizedReadDests().put(info.getDestination(), info.getDestination());
@ -141,7 +141,7 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
if (subject == null) {
throw new SecurityException("User is not authenticated.");
}
if (info.getDestination() != null) {
if (!subject.isBrokerContext() && info.getDestination() != null) {
Set<?> allowedACLs = null;
if (!info.getDestination().isTemporary()) {
@ -163,7 +163,7 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
if (subject == null) {
throw new SecurityException("User is not authenticated.");
}
if (!subject.getAuthorizedWriteDests().contains(messageSend.getDestination())) {
if (!subject.isBrokerContext() && !subject.getAuthorizedWriteDests().contains(messageSend.getDestination())) {
Set<?> allowedACLs = null;
if (!messageSend.getDestination().isTemporary()) {

View File

@ -0,0 +1,71 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.security;
import java.net.URI;
import java.util.HashMap;
import javax.management.MBeanServerConnection;
import javax.management.MBeanServerInvocationHandler;
import javax.management.ObjectName;
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXServiceURL;
import junit.framework.TestCase;
import org.apache.activemq.broker.BrokerFactory;
import org.apache.activemq.broker.BrokerService;
import org.apache.activemq.broker.jmx.QueueViewMBean;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class SecurityJMXTest extends TestCase {
private static final Log LOG = LogFactory.getLog(SimpleAuthenticationPluginTest.class);
private BrokerService broker;
public void setUp() throws Exception {
broker = createBroker();
Thread.sleep(500);
}
public void tearDown() throws Exception {
}
public void testMoveMessages() throws Exception {
JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi");
JMXConnector connector = JMXConnectorFactory.connect(url, null);
connector.connect();
MBeanServerConnection connection = connector.getMBeanServerConnection();
ObjectName name = new ObjectName("org.apache.activemq:BrokerName=localhost,Type=Queue,Destination=TEST.Q");
QueueViewMBean queueMbean = (QueueViewMBean) MBeanServerInvocationHandler.newProxyInstance(connection, name, QueueViewMBean.class, true);
String msgId = queueMbean.sendTextMessage("test", "system", "manager");
queueMbean.moveMessageTo(msgId, "TEST1.Q");
}
protected BrokerService createBroker() throws Exception {
return createBroker("org/apache/activemq/security/simple-auth-broker.xml");
}
protected BrokerService createBroker(String uri) throws Exception {
LOG.info("Loading broker configuration from the classpath with URI: " + uri);
return BrokerFactory.createBroker(new URI("xbean:" + uri));
}
}

View File

@ -21,7 +21,7 @@
<beans>
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
<broker useJmx="false" persistent="false" xmlns="http://activemq.apache.org/schema/core" populateJMSXUserID="true">
<broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core" populateJMSXUserID="true">
<destinations>
<queue physicalName="TEST.Q" />