Author: dejanb
Date: Thu Apr 14 10:27:59 2011
New Revision: 1092098
URL: http://svn.apache.org/viewvc?rev=1092098&view=rev
Log:
https://issues.apache.org/jira/browse/AMQ-826 - ldap based authorization - add
support for temp destinations
Modified:
activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/LDAPAuthorizationMap.java
activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/LDAPAuthorizationMapTest.java
activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/LDAPSecurityTest.java
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/AMQauth.ldif
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/activemq-ldap.xml
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/activemq.ldif
Modified:
activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/LDAPAuthorizationMap.java
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/LDAPAuthorizationMap.java?rev=1092098&r1=1092097&r2=1092098&view=diff
==============================================================================
---
activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/LDAPAuthorizationMap.java
(original)
+++
activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/LDAPAuthorizationMap.java
Thu Apr 14 10:27:59 2011
@@ -81,6 +81,7 @@ public class LDAPAuthorizationMap implem
private MessageFormat topicSearchMatchingFormat;
private MessageFormat queueSearchMatchingFormat;
private String advisorySearchBase =
"uid=ActiveMQ.Advisory,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com";
+ private String tempSearchBase =
"uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com";
private boolean topicSearchSubtreeBool = true;
private boolean queueSearchSubtreeBool = true;
@@ -140,18 +141,39 @@ public class LDAPAuthorizationMap implem
}
public Set<GroupPrincipal> getTempDestinationAdminACLs() {
- // TODO insert implementation
- return null;
+ try {
+ context = open();
+ } catch (NamingException e) {
+ LOG.error(e.toString());
+ return new HashSet<GroupPrincipal>();
+ }
+ SearchControls constraints = new SearchControls();
+ constraints.setReturningAttributes(new String[] {adminAttribute});
+ return getACLs(tempSearchBase, constraints, adminBase, adminAttribute);
}
public Set<GroupPrincipal> getTempDestinationReadACLs() {
- // TODO insert implementation
- return null;
+ try {
+ context = open();
+ } catch (NamingException e) {
+ LOG.error(e.toString());
+ return new HashSet<GroupPrincipal>();
+ }
+ SearchControls constraints = new SearchControls();
+ constraints.setReturningAttributes(new String[] {readAttribute});
+ return getACLs(tempSearchBase, constraints, readBase, readAttribute);
}
public Set<GroupPrincipal> getTempDestinationWriteACLs() {
- // TODO insert implementation
- return null;
+ try {
+ context = open();
+ } catch (NamingException e) {
+ LOG.error(e.toString());
+ return new HashSet<GroupPrincipal>();
+ }
+ SearchControls constraints = new SearchControls();
+ constraints.setReturningAttributes(new String[] {writeAttribute});
+ return getACLs(tempSearchBase, constraints, writeBase, writeAttribute);
}
public Set<GroupPrincipal> getAdminACLs(ActiveMQDestination destination) {
@@ -330,6 +352,14 @@ public class LDAPAuthorizationMap implem
this.advisorySearchBase = advisorySearchBase;
}
+ public String getTempSearchBase() {
+ return tempSearchBase;
+ }
+
+ public void setTempSearchBase(String tempSearchBase) {
+ this.tempSearchBase = tempSearchBase;
+ }
+
protected Set<GroupPrincipal> getCompositeACLs(ActiveMQDestination
destination, String roleBase, String roleAttribute) {
ActiveMQDestination[] dests = destination.getCompositeDestinations();
Set<GroupPrincipal> acls = new HashSet<GroupPrincipal>();
@@ -376,6 +406,10 @@ public class LDAPAuthorizationMap implem
constraints.setReturningAttributes(new String[] {roleAttribute});
+ return getACLs(destinationBase, constraints, roleBase, roleAttribute);
+ }
+
+ protected Set<GroupPrincipal> getACLs(String destinationBase,
SearchControls constraints, String roleBase, String roleAttribute) {
try {
Set<GroupPrincipal> roles = new HashSet<GroupPrincipal>();
Set<String> acls = new HashSet<String>();
Modified:
activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/LDAPAuthorizationMapTest.java
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/LDAPAuthorizationMapTest.java?rev=1092098&r1=1092097&r2=1092098&view=diff
==============================================================================
---
activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/LDAPAuthorizationMapTest.java
(original)
+++
activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/LDAPAuthorizationMapTest.java
Thu Apr 14 10:27:59 2011
@@ -20,6 +20,7 @@ import junit.framework.TestCase;
import org.apache.activemq.advisory.AdvisorySupport;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.command.ActiveMQQueue;
+import org.apache.activemq.command.ActiveMQTempQueue;
import org.apache.activemq.command.ActiveMQTopic;
import org.apache.activemq.jaas.GroupPrincipal;
import org.apache.activemq.spring.ActiveMQConnectionFactory;
@@ -68,6 +69,7 @@ public class LDAPAuthorizationMapTest ex
authMap.setTopicSearchMatchingFormat(new
MessageFormat("uid={0},ou=topics,ou=destinations,o=ActiveMQ,ou=system"));
authMap.setQueueSearchMatchingFormat(new
MessageFormat("uid={0},ou=queues,ou=destinations,o=ActiveMQ,ou=system"));
authMap.setAdvisorySearchBase("uid=ActiveMQ.Advisory,ou=topics,ou=destinations,o=ActiveMQ,ou=system");
+
authMap.setTempSearchBase("uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system");
}
@Test
@@ -154,5 +156,13 @@ public class LDAPAuthorizationMapTest ex
assertTrue(acls.contains(new GroupPrincipal("role3")));
}
+ @Test
+ public void testTemp() {
+ Set acls = authMap.getTempDestinationAdminACLs();
+
+ assertEquals(1, acls.size());
+ assertTrue(acls.contains(new GroupPrincipal("role1")));
+ }
+
}
Modified:
activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/LDAPSecurityTest.java
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/LDAPSecurityTest.java?rev=1092098&r1=1092097&r2=1092098&view=diff
==============================================================================
---
activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/LDAPSecurityTest.java
(original)
+++
activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/LDAPSecurityTest.java
Thu Apr 14 10:27:59 2011
@@ -76,4 +76,20 @@ public class LDAPSecurityTest extends Ab
assertNotNull(msg);
}
+ @Test
+ public void testTempDestinations() throws Exception {
+ ActiveMQConnectionFactory factory = new
ActiveMQConnectionFactory("tcp://localhost:61616");
+ Connection conn = factory.createQueueConnection("jdoe", "sunflower");
+ Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ conn.start();
+ Queue queue = sess.createTemporaryQueue();
+
+ MessageProducer producer = sess.createProducer(queue);
+ MessageConsumer consumer = sess.createConsumer(queue);
+
+ producer.send(sess.createTextMessage("test"));
+ Message msg = consumer.receive(1000);
+ assertNotNull(msg);
+ }
+
}
Modified:
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/AMQauth.ldif
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/AMQauth.ldif?rev=1092098&r1=1092097&r2=1092098&view=diff
==============================================================================
---
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/AMQauth.ldif
(original)
+++
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/AMQauth.ldif
Thu Apr 14 10:27:59 2011
@@ -132,3 +132,28 @@ objectclass: top
cn: write
uniquemember: uid=role3
+dn: uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system
+objectclass: uidObject
+objectclass: top
+objectclass: applicationProcess
+uid: ActiveMQ.Temp
+cn: ActiveMQ.Temp
+
+dn: cn=admin,uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system
+objectclass: groupOfUniqueNames
+objectclass: top
+cn: admin
+uniquemember: uid=role1
+
+dn: cn=read,uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system
+objectclass: groupOfUniqueNames
+objectclass: top
+cn: read
+uniquemember: uid=role2
+
+dn: cn=write,uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,ou=system
+objectclass: groupOfUniqueNames
+objectclass: top
+cn: write
+uniquemember: uid=role3
+
Modified:
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/activemq-ldap.xml
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/activemq-ldap.xml?rev=1092098&r1=1092097&r2=1092098&view=diff
==============================================================================
---
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/activemq-ldap.xml
(original)
+++
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/activemq-ldap.xml
Thu Apr 14 10:27:59 2011
@@ -54,6 +54,8 @@
value="cn={0},ou=Queue,ou=Destination,ou=ActiveMQ,ou=system"/>
<property name="advisorySearchBase"
value="cn=ActiveMQ.Advisory,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system"/>
+ <property name="tempSearchBase"
+
value="cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system"/>
<property name="queueSearchSubtreeBool" value="true"/>
<property name="adminBase" value="(cn=admin)"/>
<property name="adminAttribute" value="member"/>
Modified:
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/activemq.ldif
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/activemq.ldif?rev=1092098&r1=1092097&r2=1092098&view=diff
==============================================================================
---
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/activemq.ldif
(original)
+++
activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/activemq.ldif
Thu Apr 14 10:27:59 2011
@@ -151,11 +151,12 @@ member: cn=admins
#######################
## Define advisories ##
#######################
+
dn: cn=ActiveMQ.Advisory,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: ActiveMQ.Advisory
objectClass: applicationProcess
objectClass: top
-description: Advisory topic about consumers
+description: Advisory topics
dn: cn=read,cn=ActiveMQ.Advisory,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
cn: read
@@ -176,4 +177,35 @@ cn: admin
member: cn=admins
member: cn=users
objectClass: groupOfNames
+objectClass: top
+
+######################
+## Define temporary ##
+######################
+
+dn: cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
+cn: ActiveMQ.Temp
+objectClass: applicationProcess
+objectClass: top
+description: Temporary destinations
+
+dn: cn=read,cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
+cn: read
+member: cn=admins
+member: cn=users
+objectClass: groupOfNames
+objectClass: top
+
+dn: cn=write,cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
+cn: write
+member: cn=admins
+member: cn=users
+objectClass: groupOfNames
+objectClass: top
+
+dn: cn=admin,cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system
+cn: admin
+member: cn=admins
+member: cn=users
+objectClass: groupOfNames
objectClass: top
\ No newline at end of file
