https://issues.apache.org/jira/browse/AMQ-826 - ldap based authorization - add support for temp destinations

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1092098 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Bosanac Dejan 2011-04-14 10:27:59 +00:00
parent d822db72f3
commit efcd57f60d
6 changed files with 126 additions and 7 deletions

View File

@ -81,6 +81,7 @@ public class LDAPAuthorizationMap implements AuthorizationMap {
private MessageFormat topicSearchMatchingFormat;
private MessageFormat queueSearchMatchingFormat;
private String advisorySearchBase = "uid=ActiveMQ.Advisory,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com";
private String tempSearchBase = "uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com";
private boolean topicSearchSubtreeBool = true;
private boolean queueSearchSubtreeBool = true;
@ -140,18 +141,39 @@ public class LDAPAuthorizationMap implements AuthorizationMap {
}
public Set<GroupPrincipal> getTempDestinationAdminACLs() {
// TODO insert implementation
return null;
try {
context = open();
} catch (NamingException e) {
LOG.error(e.toString());
return new HashSet<GroupPrincipal>();
}
SearchControls constraints = new SearchControls();
constraints.setReturningAttributes(new String[] {adminAttribute});
return getACLs(tempSearchBase, constraints, adminBase, adminAttribute);
}
public Set<GroupPrincipal> getTempDestinationReadACLs() {
// TODO insert implementation
return null;
try {
context = open();
} catch (NamingException e) {
LOG.error(e.toString());
return new HashSet<GroupPrincipal>();
}
SearchControls constraints = new SearchControls();
constraints.setReturningAttributes(new String[] {readAttribute});
return getACLs(tempSearchBase, constraints, readBase, readAttribute);
}
public Set<GroupPrincipal> getTempDestinationWriteACLs() {
// TODO insert implementation
return null;
try {
context = open();
} catch (NamingException e) {
LOG.error(e.toString());
return new HashSet<GroupPrincipal>();
}
SearchControls constraints = new SearchControls();
constraints.setReturningAttributes(new String[] {writeAttribute});
return getACLs(tempSearchBase, constraints, writeBase, writeAttribute);
}
public Set<GroupPrincipal> getAdminACLs(ActiveMQDestination destination) {
@ -330,6 +352,14 @@ public class LDAPAuthorizationMap implements AuthorizationMap {
this.advisorySearchBase = advisorySearchBase;
}
public String getTempSearchBase() {
return tempSearchBase;
}
public void setTempSearchBase(String tempSearchBase) {
this.tempSearchBase = tempSearchBase;
}
protected Set<GroupPrincipal> getCompositeACLs(ActiveMQDestination destination, String roleBase, String roleAttribute) {
ActiveMQDestination[] dests = destination.getCompositeDestinations();
Set<GroupPrincipal> acls = new HashSet<GroupPrincipal>();
@ -376,6 +406,10 @@ public class LDAPAuthorizationMap implements AuthorizationMap {
constraints.setReturningAttributes(new String[] {roleAttribute});
return getACLs(destinationBase, constraints, roleBase, roleAttribute);
}
protected Set<GroupPrincipal> getACLs(String destinationBase, SearchControls constraints, String roleBase, String roleAttribute) {
try {
Set<GroupPrincipal> roles = new HashSet<GroupPrincipal>();
Set<String> acls = new HashSet<String>();

View File

@ -20,6 +20,7 @@ import junit.framework.TestCase;
import org.apache.activemq.advisory.AdvisorySupport;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.command.ActiveMQQueue;
import org.apache.activemq.command.ActiveMQTempQueue;
import org.apache.activemq.command.ActiveMQTopic;
import org.apache.activemq.jaas.GroupPrincipal;
import org.apache.activemq.spring.ActiveMQConnectionFactory;
@ -68,6 +69,7 @@ public class LDAPAuthorizationMapTest extends AbstractLdapTestUnit {
authMap.setTopicSearchMatchingFormat(new MessageFormat("uid={0},ou=topics,ou=destinations,o=ActiveMQ,ou=system"));
authMap.setQueueSearchMatchingFormat(new MessageFormat("uid={0},ou=queues,ou=destinations,o=ActiveMQ,ou=system"));
authMap.setAdvisorySearchBase("uid=ActiveMQ.Advisory,ou=topics,ou=destinations,o=ActiveMQ,ou=system");
authMap.setTempSearchBase("uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system");
}
@Test
@ -154,5 +156,13 @@ public class LDAPAuthorizationMapTest extends AbstractLdapTestUnit {
assertTrue(acls.contains(new GroupPrincipal("role3")));
}
@Test
public void testTemp() {
Set acls = authMap.getTempDestinationAdminACLs();
assertEquals(1, acls.size());
assertTrue(acls.contains(new GroupPrincipal("role1")));
}
}

View File

@ -76,4 +76,20 @@ public class LDAPSecurityTest extends AbstractLdapTestUnit {
assertNotNull(msg);
}
@Test
public void testTempDestinations() throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
Connection conn = factory.createQueueConnection("jdoe", "sunflower");
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
conn.start();
Queue queue = sess.createTemporaryQueue();
MessageProducer producer = sess.createProducer(queue);
MessageConsumer consumer = sess.createConsumer(queue);
producer.send(sess.createTextMessage("test"));
Message msg = consumer.receive(1000);
assertNotNull(msg);
}
}

View File

@ -132,3 +132,28 @@ objectclass: top
cn: write
uniquemember: uid=role3
dn: uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system
objectclass: uidObject
objectclass: top
objectclass: applicationProcess
uid: ActiveMQ.Temp
cn: ActiveMQ.Temp
dn: cn=admin,uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system
objectclass: groupOfUniqueNames
objectclass: top
cn: admin
uniquemember: uid=role1
dn: cn=read,uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system
objectclass: groupOfUniqueNames
objectclass: top
cn: read
uniquemember: uid=role2
dn: cn=write,uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system
objectclass: groupOfUniqueNames
objectclass: top
cn: write
uniquemember: uid=role3

View File

@ -54,6 +54,8 @@
value="cn={0},ou=Queue,ou=Destination,ou=ActiveMQ,ou=system"/>
<property name="advisorySearchBase"
value="cn=ActiveMQ.Advisory,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system"/>
<property name="tempSearchBase"
value="cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system"/>
<property name="queueSearchSubtreeBool" value="true"/>
<property name="adminBase" value="(cn=admin)"/>
<property name="adminAttribute" value="member"/>

View File

@ -151,11 +151,12 @@ member: cn=admins
#######################
## Define advisories ##
#######################
dn: cn=ActiveMQ.Advisory,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: ActiveMQ.Advisory
objectClass: applicationProcess
objectClass: top
description: Advisory topic about consumers
description: Advisory topics
dn: cn=read,cn=ActiveMQ.Advisory,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: read
@ -177,3 +178,34 @@ member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
######################
## Define temporary ##
######################
dn: cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: ActiveMQ.Temp
objectClass: applicationProcess
objectClass: top
description: Temporary destinations
dn: cn=read,cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: read
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=write,cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: write
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top
dn: cn=admin,cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: admin
member: cn=admins
member: cn=users
objectClass: groupOfNames
objectClass: top