https://issues.apache.org/jira/browse/AMQ-826 - ldap based authorization - add support for temp destinations

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1092098 13f79535-47bb-0310-9956-ffa450edef68
2011-04-14 10:27:59 +00:00 · 2011-04-14 10:27:59 +00:00 · efcd57f60d
parent d822db72f3
commit efcd57f60d
6 changed files with 126 additions and 7 deletions
--- a/activemq-core/src/main/java/org/apache/activemq/security/LDAPAuthorizationMap.java
+++ b/activemq-core/src/main/java/org/apache/activemq/security/LDAPAuthorizationMap.java
@ -81,6 +81,7 @@ public class LDAPAuthorizationMap implements AuthorizationMap {
    private MessageFormat topicSearchMatchingFormat;
    private MessageFormat queueSearchMatchingFormat;
    private String advisorySearchBase = "uid=ActiveMQ.Advisory,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com";
+    private String tempSearchBase = "uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com";

    private boolean topicSearchSubtreeBool = true;
    private boolean queueSearchSubtreeBool = true;
@ -140,18 +141,39 @@ public class LDAPAuthorizationMap implements AuthorizationMap {
    }

    public Set<GroupPrincipal> getTempDestinationAdminACLs() {
-        // TODO insert implementation
-        return null;
+        try {
+            context = open();
+        } catch (NamingException e) {
+            LOG.error(e.toString());
+            return new HashSet<GroupPrincipal>();
+        }
+        SearchControls constraints = new SearchControls();
+        constraints.setReturningAttributes(new String[] {adminAttribute});
+        return getACLs(tempSearchBase, constraints, adminBase, adminAttribute);
    }

    public Set<GroupPrincipal> getTempDestinationReadACLs() {
-        // TODO insert implementation
-        return null;
+        try {
+            context = open();
+        } catch (NamingException e) {
+            LOG.error(e.toString());
+            return new HashSet<GroupPrincipal>();
+        }
+        SearchControls constraints = new SearchControls();
+        constraints.setReturningAttributes(new String[] {readAttribute});
+        return getACLs(tempSearchBase, constraints, readBase, readAttribute);
    }

    public Set<GroupPrincipal> getTempDestinationWriteACLs() {
-        // TODO insert implementation
-        return null;
+        try {
+            context = open();
+        } catch (NamingException e) {
+            LOG.error(e.toString());
+            return new HashSet<GroupPrincipal>();
+        }
+        SearchControls constraints = new SearchControls();
+        constraints.setReturningAttributes(new String[] {writeAttribute});
+        return getACLs(tempSearchBase, constraints, writeBase, writeAttribute);
    }

    public Set<GroupPrincipal> getAdminACLs(ActiveMQDestination destination) {
@ -330,6 +352,14 @@ public class LDAPAuthorizationMap implements AuthorizationMap {
        this.advisorySearchBase = advisorySearchBase;
    }

+    public String getTempSearchBase() {
+        return tempSearchBase;
+    }
+
+    public void setTempSearchBase(String tempSearchBase) {
+        this.tempSearchBase = tempSearchBase;
+    }
+
    protected Set<GroupPrincipal> getCompositeACLs(ActiveMQDestination destination, String roleBase, String roleAttribute) {
        ActiveMQDestination[] dests = destination.getCompositeDestinations();
        Set<GroupPrincipal> acls = new HashSet<GroupPrincipal>();
@ -376,6 +406,10 @@ public class LDAPAuthorizationMap implements AuthorizationMap {

        constraints.setReturningAttributes(new String[] {roleAttribute});

+        return getACLs(destinationBase, constraints, roleBase, roleAttribute);
+    }
+
+    protected Set<GroupPrincipal> getACLs(String destinationBase, SearchControls constraints, String roleBase, String roleAttribute) {
        try {
            Set<GroupPrincipal> roles = new HashSet<GroupPrincipal>();
            Set<String> acls = new HashSet<String>();
--- a/activemq-core/src/test/java/org/apache/activemq/security/LDAPAuthorizationMapTest.java
+++ b/activemq-core/src/test/java/org/apache/activemq/security/LDAPAuthorizationMapTest.java
@ -20,6 +20,7 @@ import junit.framework.TestCase;
 import org.apache.activemq.advisory.AdvisorySupport;
 import org.apache.activemq.command.ActiveMQDestination;
 import org.apache.activemq.command.ActiveMQQueue;
+import org.apache.activemq.command.ActiveMQTempQueue;
 import org.apache.activemq.command.ActiveMQTopic;
 import org.apache.activemq.jaas.GroupPrincipal;
 import org.apache.activemq.spring.ActiveMQConnectionFactory;
@ -68,6 +69,7 @@ public class LDAPAuthorizationMapTest extends AbstractLdapTestUnit {
        authMap.setTopicSearchMatchingFormat(new MessageFormat("uid={0},ou=topics,ou=destinations,o=ActiveMQ,ou=system"));
        authMap.setQueueSearchMatchingFormat(new MessageFormat("uid={0},ou=queues,ou=destinations,o=ActiveMQ,ou=system"));
        authMap.setAdvisorySearchBase("uid=ActiveMQ.Advisory,ou=topics,ou=destinations,o=ActiveMQ,ou=system");
+        authMap.setTempSearchBase("uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system");
    }

    @Test
@ -154,5 +156,13 @@ public class LDAPAuthorizationMapTest extends AbstractLdapTestUnit {
        assertTrue(acls.contains(new GroupPrincipal("role3")));
    }

+        @Test
+    public void testTemp() {
+        Set acls = authMap.getTempDestinationAdminACLs();
+
+        assertEquals(1, acls.size());
+        assertTrue(acls.contains(new GroupPrincipal("role1")));
+    }
+

 }
--- a/activemq-core/src/test/java/org/apache/activemq/security/LDAPSecurityTest.java
+++ b/activemq-core/src/test/java/org/apache/activemq/security/LDAPSecurityTest.java
@ -76,4 +76,20 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
        assertNotNull(msg);
    }

+    @Test
+    public void testTempDestinations() throws Exception {
+        ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
+        Connection conn = factory.createQueueConnection("jdoe", "sunflower");
+        Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+        conn.start();
+        Queue queue = sess.createTemporaryQueue();
+
+        MessageProducer producer = sess.createProducer(queue);
+        MessageConsumer consumer = sess.createConsumer(queue);
+
+        producer.send(sess.createTextMessage("test"));
+        Message msg = consumer.receive(1000);
+        assertNotNull(msg);
+    }
+
 }
--- a/activemq-core/src/test/resources/org/apache/activemq/security/AMQauth.ldif
+++ b/activemq-core/src/test/resources/org/apache/activemq/security/AMQauth.ldif
@ -132,3 +132,28 @@ objectclass: top
 cn: write
 uniquemember: uid=role3

+dn: uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system
+objectclass: uidObject
+objectclass: top
+objectclass: applicationProcess
+uid: ActiveMQ.Temp
+cn: ActiveMQ.Temp
+
+dn: cn=admin,uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system
+objectclass: groupOfUniqueNames
+objectclass: top
+cn: admin
+uniquemember: uid=role1
+
+dn: cn=read,uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system
+objectclass: groupOfUniqueNames
+objectclass: top
+cn: read
+uniquemember: uid=role2
+
+dn: cn=write,uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system
+objectclass: groupOfUniqueNames
+objectclass: top
+cn: write
+uniquemember: uid=role3
+
--- a/activemq-core/src/test/resources/org/apache/activemq/security/activemq-ldap.xml
+++ b/activemq-core/src/test/resources/org/apache/activemq/security/activemq-ldap.xml
@ -54,6 +54,8 @@
                                value="cn={0},ou=Queue,ou=Destination,ou=ActiveMQ,ou=system"/>
                      <property name="advisorySearchBase"
                                value="cn=ActiveMQ.Advisory,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system"/>
+                      <property name="tempSearchBase"
+                                value="cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system"/>
                      <property name="queueSearchSubtreeBool" value="true"/>
                      <property name="adminBase" value="(cn=admin)"/>
                      <property name="adminAttribute" value="member"/>
--- a/activemq-core/src/test/resources/org/apache/activemq/security/activemq.ldif
+++ b/activemq-core/src/test/resources/org/apache/activemq/security/activemq.ldif
@ -151,11 +151,12 @@ member: cn=admins
 #######################
 ## Define advisories ##
 #######################
+
 dn: cn=ActiveMQ.Advisory,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
 cn: ActiveMQ.Advisory
 objectClass: applicationProcess
 objectClass: top
-description: Advisory topic about consumers
+description: Advisory topics

 dn: cn=read,cn=ActiveMQ.Advisory,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
 cn: read
@ -176,4 +177,35 @@ cn: admin
 member: cn=admins
 member: cn=users
 objectClass: groupOfNames
+objectClass: top
+
+######################
+## Define temporary ##
+######################
+
+dn: cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
+cn: ActiveMQ.Temp
+objectClass: applicationProcess
+objectClass: top
+description: Temporary destinations
+
+dn: cn=read,cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
+cn: read
+member: cn=admins
+member: cn=users
+objectClass: groupOfNames
+objectClass: top
+
+dn: cn=write,cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
+cn: write
+member: cn=admins
+member: cn=users
+objectClass: groupOfNames
+objectClass: top
+
+dn: cn=admin,cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
+cn: admin
+member: cn=admins
+member: cn=users
+objectClass: groupOfNames
 objectClass: top