Repository: activemq Updated Branches: refs/heads/master 101b7123f -> 1406d40ac
AMQ-5608: dont NPE during authentication attempt if no users were defined for the SimpleAuthenticationPlugin https://issues.apache.org/jira/browse/AMQ-5608 Project: http://git-wip-us.apache.org/repos/asf/activemq/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/1406d40a Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/1406d40a Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/1406d40a Branch: refs/heads/master Commit: 1406d40ac34fedb0be2e5bc5998844a46ff15760 Parents: 101b712 Author: Robert Gemmell <rob...@apache.org> Authored: Mon Feb 23 17:32:10 2015 +0000 Committer: Robert Gemmell <rob...@apache.org> Committed: Mon Feb 23 17:42:17 2015 +0000 ---------------------------------------------------------------------- .../security/SimpleAuthenticationPlugin.java | 8 +-- .../SimpleAuthenticationPluginNoUsersTest.java | 59 +++++++++++++++++ .../security/simple-auth-broker-no-users.xml | 69 ++++++++++++++++++++ 3 files changed, 132 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq/blob/1406d40a/activemq-broker/src/main/java/org/apache/activemq/security/SimpleAuthenticationPlugin.java ---------------------------------------------------------------------- diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/SimpleAuthenticationPlugin.java b/activemq-broker/src/main/java/org/apache/activemq/security/SimpleAuthenticationPlugin.java index a334a98..fb0d2e8 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/security/SimpleAuthenticationPlugin.java +++ b/activemq-broker/src/main/java/org/apache/activemq/security/SimpleAuthenticationPlugin.java @@ -40,8 +40,8 @@ import org.apache.activemq.jaas.GroupPrincipal; * */ public class SimpleAuthenticationPlugin implements BrokerPlugin { - private Map<String, String> userPasswords; - private Map<String, Set<Principal>> userGroups; + private Map<String, String> userPasswords = new HashMap<String, String>(); + private Map<String, Set<Principal>> userGroups = new HashMap<String, Set<Principal>>(); private static final String DEFAULT_ANONYMOUS_USER = "anonymous"; private static final String DEFAULT_ANONYMOUS_GROUP = "anonymous"; private String anonymousUser = DEFAULT_ANONYMOUS_USER; @@ -73,8 +73,8 @@ public class SimpleAuthenticationPlugin implements BrokerPlugin { * @org.apache.xbean.ElementType class="org.apache.activemq.security.AuthenticationUser" */ public void setUsers(List<?> users) { - userPasswords = new HashMap<String, String>(); - userGroups = new HashMap<String, Set<Principal>>(); + userPasswords.clear(); + userGroups.clear(); for (Iterator<?> it = users.iterator(); it.hasNext();) { AuthenticationUser user = (AuthenticationUser)it.next(); userPasswords.put(user.getUsername(), user.getPassword()); http://git-wip-us.apache.org/repos/asf/activemq/blob/1406d40a/activemq-unit-tests/src/test/java/org/apache/activemq/security/SimpleAuthenticationPluginNoUsersTest.java ---------------------------------------------------------------------- diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/security/SimpleAuthenticationPluginNoUsersTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/security/SimpleAuthenticationPluginNoUsersTest.java new file mode 100644 index 0000000..dc35cc1 --- /dev/null +++ b/activemq-unit-tests/src/test/java/org/apache/activemq/security/SimpleAuthenticationPluginNoUsersTest.java @@ -0,0 +1,59 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.security; + +import java.net.URI; + +import javax.jms.Connection; +import javax.jms.JMSSecurityException; + +import org.apache.activemq.broker.BrokerFactory; +import org.apache.activemq.broker.BrokerService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class SimpleAuthenticationPluginNoUsersTest extends SecurityTestSupport { + + private static final Logger LOG = LoggerFactory.getLogger(SimpleAuthenticationPluginNoUsersTest.class); + + @Override + protected void setUp() throws Exception { + setAutoFail(true); + super.setUp(); + } + + @Override + protected BrokerService createBroker() throws Exception { + return createBroker("org/apache/activemq/security/simple-auth-broker-no-users.xml"); + } + + protected BrokerService createBroker(String uri) throws Exception { + LOG.info("Loading broker configuration from the classpath with URI: " + uri); + return BrokerFactory.createBroker(new URI("xbean:" + uri)); + } + + public void testConnectionStartThrowsJMSSecurityException() throws Exception { + + Connection connection = factory.createConnection("user", "password"); + try { + connection.start(); + fail("Should throw JMSSecurityException"); + } catch (JMSSecurityException jmsEx) { + //expected + } + } +} http://git-wip-us.apache.org/repos/asf/activemq/blob/1406d40a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-broker-no-users.xml ---------------------------------------------------------------------- diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-broker-no-users.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-broker-no-users.xml new file mode 100644 index 0000000..b4485f0 --- /dev/null +++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-broker-no-users.xml @@ -0,0 +1,69 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<!-- this file can only be parsed using the xbean-spring library --> +<!-- START SNIPPET: example --> +<beans + xmlns="http://www.springframework.org/schema/beans" + xmlns:amq="http://activemq.apache.org/schema/core" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd + http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd"> + + <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> + <property name="algorithm" value="PBEWithMD5AndDES"/> + <property name="password" value="activemq"/> + </bean> + + <bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer"> + <constructor-arg ref="configurationEncryptor" /> + <property name="location" value="classpath:credentials.properties"/> + </bean> + + <broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core" populateJMSXUserID="true" schedulePeriodForDestinationPurge="2000"> + + <destinations> + <queue physicalName="TEST.Q" /> + </destinations> + + <!-- Use a non-default port in case the default port is in use --> + <managementContext> + <managementContext connectorPort="1199"/> + </managementContext> + + <destinationPolicy> + <policyMap> + <policyEntries> + <policyEntry queue="USERS.PURGE.>" gcInactiveDestinations="true" inactiveTimoutBeforeGC="500" /> + </policyEntries> + </policyMap> + </destinationPolicy> + + <transportConnectors> + <transportConnector uri="tcp://0.0.0.0:0" /> + </transportConnectors> + + <plugins> + <!-- Defining a SimpleAuthenticationPlugin + with no nested 'users'. Should deny all + login attempts rather than NPE --> + <simpleAuthenticationPlugin /> + </plugins> + </broker> + +</beans>