From efcd57f60d634c6027a2244e61fe66bba080d342 Mon Sep 17 00:00:00 2001 From: Bosanac Dejan Date: Thu, 14 Apr 2011 10:27:59 +0000 Subject: [PATCH] https://issues.apache.org/jira/browse/AMQ-826 - ldap based authorization - add support for temp destinations git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1092098 13f79535-47bb-0310-9956-ffa450edef68 --- .../security/LDAPAuthorizationMap.java | 46 ++++++++++++++++--- .../security/LDAPAuthorizationMapTest.java | 10 ++++ .../activemq/security/LDAPSecurityTest.java | 16 +++++++ .../org/apache/activemq/security/AMQauth.ldif | 25 ++++++++++ .../activemq/security/activemq-ldap.xml | 2 + .../apache/activemq/security/activemq.ldif | 34 +++++++++++++- 6 files changed, 126 insertions(+), 7 deletions(-) diff --git a/activemq-core/src/main/java/org/apache/activemq/security/LDAPAuthorizationMap.java b/activemq-core/src/main/java/org/apache/activemq/security/LDAPAuthorizationMap.java index e8fe7e1b05..3ba6faf514 100755 --- a/activemq-core/src/main/java/org/apache/activemq/security/LDAPAuthorizationMap.java +++ b/activemq-core/src/main/java/org/apache/activemq/security/LDAPAuthorizationMap.java @@ -81,6 +81,7 @@ public class LDAPAuthorizationMap implements AuthorizationMap { private MessageFormat topicSearchMatchingFormat; private MessageFormat queueSearchMatchingFormat; private String advisorySearchBase = "uid=ActiveMQ.Advisory,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com"; + private String tempSearchBase = "uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com"; private boolean topicSearchSubtreeBool = true; private boolean queueSearchSubtreeBool = true; @@ -140,18 +141,39 @@ public class LDAPAuthorizationMap implements AuthorizationMap { } public Set getTempDestinationAdminACLs() { - // TODO insert implementation - return null; + try { + context = open(); + } catch (NamingException e) { + LOG.error(e.toString()); + return new HashSet(); + } + SearchControls constraints = new SearchControls(); + constraints.setReturningAttributes(new String[] {adminAttribute}); + return getACLs(tempSearchBase, constraints, adminBase, adminAttribute); } public Set getTempDestinationReadACLs() { - // TODO insert implementation - return null; + try { + context = open(); + } catch (NamingException e) { + LOG.error(e.toString()); + return new HashSet(); + } + SearchControls constraints = new SearchControls(); + constraints.setReturningAttributes(new String[] {readAttribute}); + return getACLs(tempSearchBase, constraints, readBase, readAttribute); } public Set getTempDestinationWriteACLs() { - // TODO insert implementation - return null; + try { + context = open(); + } catch (NamingException e) { + LOG.error(e.toString()); + return new HashSet(); + } + SearchControls constraints = new SearchControls(); + constraints.setReturningAttributes(new String[] {writeAttribute}); + return getACLs(tempSearchBase, constraints, writeBase, writeAttribute); } public Set getAdminACLs(ActiveMQDestination destination) { @@ -330,6 +352,14 @@ public class LDAPAuthorizationMap implements AuthorizationMap { this.advisorySearchBase = advisorySearchBase; } + public String getTempSearchBase() { + return tempSearchBase; + } + + public void setTempSearchBase(String tempSearchBase) { + this.tempSearchBase = tempSearchBase; + } + protected Set getCompositeACLs(ActiveMQDestination destination, String roleBase, String roleAttribute) { ActiveMQDestination[] dests = destination.getCompositeDestinations(); Set acls = new HashSet(); @@ -376,6 +406,10 @@ public class LDAPAuthorizationMap implements AuthorizationMap { constraints.setReturningAttributes(new String[] {roleAttribute}); + return getACLs(destinationBase, constraints, roleBase, roleAttribute); + } + + protected Set getACLs(String destinationBase, SearchControls constraints, String roleBase, String roleAttribute) { try { Set roles = new HashSet(); Set acls = new HashSet(); diff --git a/activemq-core/src/test/java/org/apache/activemq/security/LDAPAuthorizationMapTest.java b/activemq-core/src/test/java/org/apache/activemq/security/LDAPAuthorizationMapTest.java index d62d9e50f4..6cc3c8b35b 100755 --- a/activemq-core/src/test/java/org/apache/activemq/security/LDAPAuthorizationMapTest.java +++ b/activemq-core/src/test/java/org/apache/activemq/security/LDAPAuthorizationMapTest.java @@ -20,6 +20,7 @@ import junit.framework.TestCase; import org.apache.activemq.advisory.AdvisorySupport; import org.apache.activemq.command.ActiveMQDestination; import org.apache.activemq.command.ActiveMQQueue; +import org.apache.activemq.command.ActiveMQTempQueue; import org.apache.activemq.command.ActiveMQTopic; import org.apache.activemq.jaas.GroupPrincipal; import org.apache.activemq.spring.ActiveMQConnectionFactory; @@ -68,6 +69,7 @@ public class LDAPAuthorizationMapTest extends AbstractLdapTestUnit { authMap.setTopicSearchMatchingFormat(new MessageFormat("uid={0},ou=topics,ou=destinations,o=ActiveMQ,ou=system")); authMap.setQueueSearchMatchingFormat(new MessageFormat("uid={0},ou=queues,ou=destinations,o=ActiveMQ,ou=system")); authMap.setAdvisorySearchBase("uid=ActiveMQ.Advisory,ou=topics,ou=destinations,o=ActiveMQ,ou=system"); + authMap.setTempSearchBase("uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system"); } @Test @@ -154,5 +156,13 @@ public class LDAPAuthorizationMapTest extends AbstractLdapTestUnit { assertTrue(acls.contains(new GroupPrincipal("role3"))); } + @Test + public void testTemp() { + Set acls = authMap.getTempDestinationAdminACLs(); + + assertEquals(1, acls.size()); + assertTrue(acls.contains(new GroupPrincipal("role1"))); + } + } diff --git a/activemq-core/src/test/java/org/apache/activemq/security/LDAPSecurityTest.java b/activemq-core/src/test/java/org/apache/activemq/security/LDAPSecurityTest.java index 386cb12d54..bdfd836a82 100644 --- a/activemq-core/src/test/java/org/apache/activemq/security/LDAPSecurityTest.java +++ b/activemq-core/src/test/java/org/apache/activemq/security/LDAPSecurityTest.java @@ -76,4 +76,20 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit { assertNotNull(msg); } + @Test + public void testTempDestinations() throws Exception { + ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616"); + Connection conn = factory.createQueueConnection("jdoe", "sunflower"); + Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE); + conn.start(); + Queue queue = sess.createTemporaryQueue(); + + MessageProducer producer = sess.createProducer(queue); + MessageConsumer consumer = sess.createConsumer(queue); + + producer.send(sess.createTextMessage("test")); + Message msg = consumer.receive(1000); + assertNotNull(msg); + } + } diff --git a/activemq-core/src/test/resources/org/apache/activemq/security/AMQauth.ldif b/activemq-core/src/test/resources/org/apache/activemq/security/AMQauth.ldif index 55620d6b89..45d8ae0ce5 100755 --- a/activemq-core/src/test/resources/org/apache/activemq/security/AMQauth.ldif +++ b/activemq-core/src/test/resources/org/apache/activemq/security/AMQauth.ldif @@ -132,3 +132,28 @@ objectclass: top cn: write uniquemember: uid=role3 +dn: uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system +objectclass: uidObject +objectclass: top +objectclass: applicationProcess +uid: ActiveMQ.Temp +cn: ActiveMQ.Temp + +dn: cn=admin,uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system +objectclass: groupOfUniqueNames +objectclass: top +cn: admin +uniquemember: uid=role1 + +dn: cn=read,uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system +objectclass: groupOfUniqueNames +objectclass: top +cn: read +uniquemember: uid=role2 + +dn: cn=write,uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system +objectclass: groupOfUniqueNames +objectclass: top +cn: write +uniquemember: uid=role3 + diff --git a/activemq-core/src/test/resources/org/apache/activemq/security/activemq-ldap.xml b/activemq-core/src/test/resources/org/apache/activemq/security/activemq-ldap.xml index 5f9187a04e..b36fac1f14 100644 --- a/activemq-core/src/test/resources/org/apache/activemq/security/activemq-ldap.xml +++ b/activemq-core/src/test/resources/org/apache/activemq/security/activemq-ldap.xml @@ -54,6 +54,8 @@ value="cn={0},ou=Queue,ou=Destination,ou=ActiveMQ,ou=system"/> + diff --git a/activemq-core/src/test/resources/org/apache/activemq/security/activemq.ldif b/activemq-core/src/test/resources/org/apache/activemq/security/activemq.ldif index 12d111d99e..563818eab6 100644 --- a/activemq-core/src/test/resources/org/apache/activemq/security/activemq.ldif +++ b/activemq-core/src/test/resources/org/apache/activemq/security/activemq.ldif @@ -151,11 +151,12 @@ member: cn=admins ####################### ## Define advisories ## ####################### + dn: cn=ActiveMQ.Advisory,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system cn: ActiveMQ.Advisory objectClass: applicationProcess objectClass: top -description: Advisory topic about consumers +description: Advisory topics dn: cn=read,cn=ActiveMQ.Advisory,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system cn: read @@ -176,4 +177,35 @@ cn: admin member: cn=admins member: cn=users objectClass: groupOfNames +objectClass: top + +###################### +## Define temporary ## +###################### + +dn: cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system +cn: ActiveMQ.Temp +objectClass: applicationProcess +objectClass: top +description: Temporary destinations + +dn: cn=read,cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system +cn: read +member: cn=admins +member: cn=users +objectClass: groupOfNames +objectClass: top + +dn: cn=write,cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system +cn: write +member: cn=admins +member: cn=users +objectClass: groupOfNames +objectClass: top + +dn: cn=admin,cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system +cn: admin +member: cn=admins +member: cn=users +objectClass: groupOfNames objectClass: top \ No newline at end of file