Repository: activemq-artemis Updated Branches: refs/heads/master b3ffac30e -> 4476b9d79
ARTEMIS-578 cert authn/z for STOMP Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/6881c1dd Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/6881c1dd Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/6881c1dd Branch: refs/heads/master Commit: 6881c1ddc32493b9f269be2638035a27b4d06eab Parents: b3ffac3 Author: jbertram <[email protected]> Authored: Tue Jun 21 12:03:16 2016 -0500 Committer: jbertram <[email protected]> Committed: Wed Jul 6 10:54:19 2016 -0500 ---------------------------------------------------------------------- .../core/protocol/stomp/StompConnection.java | 9 +- .../protocol/stomp/StompProtocolManager.java | 9 +- .../stomp/v10/StompFrameHandlerV10.java | 10 +- .../stomp/v11/StompFrameHandlerV11.java | 10 +- .../stomp/stomp-dual-authentication/pom.xml | 116 +++++++++++++++ .../stomp/stomp-dual-authentication/readme.html | 51 +++++++ .../example/StompDualAuthenticationExample.java | 141 +++++++++++++++++++ .../activemq/server0/artemis-roles.properties | 17 +++ .../activemq/server0/artemis-users.properties | 17 +++ .../resources/activemq/server0/bootstrap.xml | 26 ++++ .../main/resources/activemq/server0/broker.xml | 57 ++++++++ .../activemq/server0/cert-roles.properties | 18 +++ .../activemq/server0/cert-users.properties | 18 +++ .../activemq/server0/client-side-keystore.jks | Bin 0 -> 1303 bytes .../activemq/server0/client-side-truststore.jks | Bin 0 -> 963 bytes .../resources/activemq/server0/login.config | 30 ++++ .../activemq/server0/server-side-keystore.jks | Bin 0 -> 2253 bytes .../activemq/server0/server-side-truststore.jks | Bin 0 -> 1732 bytes .../src/main/resources/jndi.properties | 20 +++ 19 files changed, 541 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompConnection.java ---------------------------------------------------------------------- diff --git a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompConnection.java b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompConnection.java index 0812867..1cfd0a5 100644 --- a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompConnection.java +++ b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompConnection.java @@ -16,6 +16,7 @@ */ package org.apache.activemq.artemis.core.protocol.stomp; +import javax.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collections; import java.util.HashSet; @@ -504,11 +505,11 @@ public final class StompConnection implements RemotingConnection { manager.sendReply(this, frame); } - public boolean validateUser(final String login1, final String passcode1) { - this.valid = manager.validateUser(login1, passcode1); + public boolean validateUser(final String login, final String pass, final X509Certificate[] certificates) { + this.valid = manager.validateUser(login, pass, certificates); if (valid) { - this.login = login1; - this.passcode = passcode1; + this.login = login; + this.passcode = pass; } return valid; } http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompProtocolManager.java ---------------------------------------------------------------------- diff --git a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompProtocolManager.java b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompProtocolManager.java index d572cd0..7642e69 100644 --- a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompProtocolManager.java +++ b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/StompProtocolManager.java @@ -16,6 +16,7 @@ */ package org.apache.activemq.artemis.core.protocol.stomp; +import javax.security.cert.X509Certificate; import java.nio.charset.StandardCharsets; import java.util.HashMap; import java.util.Iterator; @@ -45,6 +46,7 @@ import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection; import org.apache.activemq.artemis.spi.core.remoting.Acceptor; import org.apache.activemq.artemis.spi.core.remoting.Connection; import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager; +import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2; import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager3; import org.apache.activemq.artemis.utils.UUIDGenerator; @@ -326,14 +328,17 @@ class StompProtocolManager extends AbstractProtocolManager<StompFrame,StompFrame return "activemq"; } - public boolean validateUser(String login, String passcode) { + public boolean validateUser(String login, String passcode, X509Certificate[] certificates) { boolean validated = true; ActiveMQSecurityManager sm = server.getSecurityManager(); if (sm != null && server.getConfiguration().isSecurityEnabled()) { if (sm instanceof ActiveMQSecurityManager3) { - validated = ((ActiveMQSecurityManager3) sm).validateUser(login, passcode, null) != null; + validated = ((ActiveMQSecurityManager3) sm).validateUser(login, passcode, certificates) != null; + } + else if (sm instanceof ActiveMQSecurityManager2) { + validated = ((ActiveMQSecurityManager2) sm).validateUser(login, passcode, certificates); } else { validated = sm.validateUser(login, passcode); http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v10/StompFrameHandlerV10.java ---------------------------------------------------------------------- diff --git a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v10/StompFrameHandlerV10.java b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v10/StompFrameHandlerV10.java index 1f4fea7..8c76f6f 100644 --- a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v10/StompFrameHandlerV10.java +++ b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v10/StompFrameHandlerV10.java @@ -16,6 +16,7 @@ */ package org.apache.activemq.artemis.core.protocol.stomp.v10; +import javax.security.cert.X509Certificate; import java.util.Map; import org.apache.activemq.artemis.core.protocol.stomp.FrameEventListener; @@ -26,7 +27,9 @@ import org.apache.activemq.artemis.core.protocol.stomp.StompDecoder; import org.apache.activemq.artemis.core.protocol.stomp.StompFrame; import org.apache.activemq.artemis.core.protocol.stomp.StompVersions; import org.apache.activemq.artemis.core.protocol.stomp.VersionedStompFrameHandler; +import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnection; import org.apache.activemq.artemis.core.server.ActiveMQServerLogger; +import org.apache.activemq.artemis.utils.CertificateUtil; import static org.apache.activemq.artemis.core.protocol.stomp.ActiveMQStompProtocolMessageBundle.BUNDLE; @@ -48,7 +51,12 @@ public class StompFrameHandlerV10 extends VersionedStompFrameHandler implements String clientID = headers.get(Stomp.Headers.Connect.CLIENT_ID); String requestID = headers.get(Stomp.Headers.Connect.REQUEST_ID); - if (connection.validateUser(login, passcode)) { + X509Certificate[] certificates = null; + if (connection.getTransportConnection() instanceof NettyConnection) { + certificates = CertificateUtil.getCertsFromChannel(((NettyConnection) connection.getTransportConnection()).getChannel()); + } + + if (connection.validateUser(login, passcode, certificates)) { connection.setClientID(clientID); connection.setValid(true); http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v11/StompFrameHandlerV11.java ---------------------------------------------------------------------- diff --git a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v11/StompFrameHandlerV11.java b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v11/StompFrameHandlerV11.java index 3d30ea1..7f284dd 100644 --- a/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v11/StompFrameHandlerV11.java +++ b/artemis-protocols/artemis-stomp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/stomp/v11/StompFrameHandlerV11.java @@ -16,6 +16,7 @@ */ package org.apache.activemq.artemis.core.protocol.stomp.v11; +import javax.security.cert.X509Certificate; import java.util.Map; import java.util.concurrent.atomic.AtomicLong; @@ -27,7 +28,9 @@ import org.apache.activemq.artemis.core.protocol.stomp.StompConnection; import org.apache.activemq.artemis.core.protocol.stomp.StompDecoder; import org.apache.activemq.artemis.core.protocol.stomp.StompFrame; import org.apache.activemq.artemis.core.protocol.stomp.VersionedStompFrameHandler; +import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnection; import org.apache.activemq.artemis.core.server.ActiveMQServerLogger; +import org.apache.activemq.artemis.utils.CertificateUtil; import static org.apache.activemq.artemis.core.protocol.stomp.ActiveMQStompProtocolMessageBundle.BUNDLE; @@ -53,8 +56,13 @@ public class StompFrameHandlerV11 extends VersionedStompFrameHandler implements String clientID = headers.get(Stomp.Headers.Connect.CLIENT_ID); String requestID = headers.get(Stomp.Headers.Connect.REQUEST_ID); + X509Certificate[] certificates = null; + if (connection.getTransportConnection() instanceof NettyConnection) { + certificates = CertificateUtil.getCertsFromChannel(((NettyConnection) connection.getTransportConnection()).getChannel()); + } + try { - if (connection.validateUser(login, passcode)) { + if (connection.validateUser(login, passcode, certificates)) { connection.setClientID(clientID); connection.setValid(true); http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/pom.xml ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/pom.xml b/examples/protocols/stomp/stomp-dual-authentication/pom.xml new file mode 100644 index 0000000..70ae9ff --- /dev/null +++ b/examples/protocols/stomp/stomp-dual-authentication/pom.xml @@ -0,0 +1,116 @@ +<?xml version='1.0'?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> + +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <modelVersion>4.0.0</modelVersion> + + <parent> + <groupId>org.apache.activemq.examples.stomp</groupId> + <artifactId>stomp-examples</artifactId> + <version>1.4.0-SNAPSHOT</version> + </parent> + + <artifactId>stomp-dual-authentication</artifactId> + <packaging>jar</packaging> + <name>ActiveMQ Artemis JMS Stomp Dual Authentication Example</name> + + <properties> + <activemq.basedir>${project.basedir}/../../../..</activemq.basedir> + </properties> + + <dependencies> + <dependency> + <groupId>org.apache.activemq</groupId> + <artifactId>artemis-jms-client</artifactId> + <version>${project.version}</version> + </dependency> + </dependencies> + + <build> + <plugins> + <plugin> + <groupId>org.apache.activemq</groupId> + <artifactId>artemis-maven-plugin</artifactId> + <executions> + <execution> + <id>create</id> + <goals> + <goal>create</goal> + </goals> + <configuration> + <ignore>${noServer}</ignore> + </configuration> + </execution> + <execution> + <id>start</id> + <goals> + <goal>cli</goal> + </goals> + <configuration> + <ignore>${noServer}</ignore> + <spawn>true</spawn> + <testURI>tcp://localhost:61616</testURI> + <testUser>consumer</testUser> + <testPassword>activemq</testPassword> + <args> + <param>run</param> + </args> + </configuration> + </execution> + <execution> + <id>runClient</id> + <goals> + <goal>runClient</goal> + </goals> + <configuration> + <clientClass>org.apache.activemq.artemis.jms.example.StompDualAuthenticationExample</clientClass> + <args> + <arg>${project.basedir}/target/server0/etc/client-side-keystore.jks</arg> + <arg>secureexample</arg> + <arg>${project.basedir}/target/server0/etc/client-side-truststore.jks</arg> + <arg>secureexample</arg> + </args> + </configuration> + </execution> + <execution> + <id>stop</id> + <goals> + <goal>cli</goal> + </goals> + <configuration> + <ignore>${noServer}</ignore> + <args> + <param>stop</param> + </args> + </configuration> + </execution> + </executions> + <dependencies> + <dependency> + <groupId>org.apache.activemq.examples.stomp</groupId> + <artifactId>stomp-dual-authentication</artifactId> + <version>${project.version}</version> + </dependency> + </dependencies> + </plugin> + </plugins> + </build> + +</project> http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/readme.html ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/readme.html b/examples/protocols/stomp/stomp-dual-authentication/readme.html new file mode 100644 index 0000000..5ed4a2f --- /dev/null +++ b/examples/protocols/stomp/stomp-dual-authentication/readme.html @@ -0,0 +1,51 @@ +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> + +<html> + <head> + <title>ActiveMQ Artemis Stomp Example</title> + <link rel="stylesheet" type="text/css" href="../../../common/common.css" /> + <link rel="stylesheet" type="text/css" href="../../../common/prettify.css" /> + <script type="text/javascript" src="../../../common/prettify.js"></script> + </head> + <body onload="prettyPrint()"> + <h1>Stomp Dual Authentication Example</h1> + + <pre>To run the example, simply type <b>mvn verify</b> from this directory, <br>or <b>mvn -PnoServer verify</b> if you want to start and create the server manually.</pre> + + <p>This example shows you how to configure 2-way SSL along with 2 different authentications mechanisms so that SSL and non-SSL clients can send and consume messages to/from ActiveMQ Artemis. + The non-SSL authentication mechanism simply uses username and password. The SSL authentication mechanism uses the client's certificate. The Stomp client uses SSL socket directly to send + a message. Then a JMS client will use a non-SSL connection to consume it.</p> + + <p>The various keystore files are generated using the following commands:</p> + + <p> + <pre class="prettyprint"> + <code> +keytool -genkey -keystore server-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA +keytool -export -keystore server-side-keystore.jks -file server-side-cert.cer -storepass secureexample +keytool -import -keystore client-side-truststore.jks -file server-side-cert.cer -storepass secureexample -keypass secureexample -noprompt +keytool -genkey -keystore client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA +keytool -export -keystore client-side-keystore.jks -file client-side-cert.cer -storepass secureexample +keytool -import -keystore server-side-truststore.jks -file client-side-cert.cer -storepass secureexample -keypass secureexample -noprompt + </code> + </pre> + </p> + </body> +</html> http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/java/org/apache/activemq/artemis/jms/example/StompDualAuthenticationExample.java ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/java/org/apache/activemq/artemis/jms/example/StompDualAuthenticationExample.java b/examples/protocols/stomp/stomp-dual-authentication/src/main/java/org/apache/activemq/artemis/jms/example/StompDualAuthenticationExample.java new file mode 100644 index 0000000..1694cf1 --- /dev/null +++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/java/org/apache/activemq/artemis/jms/example/StompDualAuthenticationExample.java @@ -0,0 +1,141 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.jms.example; + +import javax.jms.Connection; +import javax.jms.ConnectionFactory; +import javax.jms.MessageConsumer; +import javax.jms.Queue; +import javax.jms.Session; +import javax.jms.TextMessage; +import javax.naming.InitialContext; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.Socket; +import java.nio.charset.StandardCharsets; +import java.security.Security; + +import com.sun.net.ssl.internal.ssl.Provider; + +/** + * An example where a client will send a Stomp message on a TCP socket + * and consume it from a JMS MessageConsumer. + */ +public class StompDualAuthenticationExample { + + private static final String END_OF_FRAME = "\u0000"; + + public static void main(final String[] args) throws Exception { + // set up SSL keystores for Stomp connection + System.setProperty("javax.net.ssl.keyStore", args[0]); + System.setProperty("javax.net.ssl.keyStorePassword", args[1]); + System.setProperty("javax.net.ssl.trustStore", args[2]); + System.setProperty("javax.net.ssl.trustStorePassword", args[3]); + + Connection connection = null; + InitialContext initialContext = null; + Security.addProvider(new Provider()); + + try { + // Step 1. Create an SSL socket to connect to the broker + SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); + SSLSocket socket = (SSLSocket) sslsocketfactory.createSocket("localhost", 5500); + + // Step 2. Send a CONNECT frame to connect to the server + String connectFrame = "CONNECT\n" + + "request-id: 1\n" + + "\n" + + END_OF_FRAME; + sendFrame(socket, connectFrame); + + readFrame(socket); + + // Step 3. Send a SEND frame (a Stomp message) to the + // jms.queue.exampleQueue address with a text body + String text = "Hello, world from Stomp!"; + String message = "SEND\n" + + "destination: jms.queue.exampleQueue\n" + + "\n" + + text + + END_OF_FRAME; + sendFrame(socket, message); + System.out.println("Sent Stomp message: " + text); + + // Step 4. Send a DISCONNECT frame to disconnect from the server + String disconnectFrame = "DISCONNECT\n" + + "\n" + + END_OF_FRAME; + sendFrame(socket, disconnectFrame); + + // Step 5. Slose the TCP socket + socket.close(); + + // We will now consume from JMS the message sent with Stomp. + + // Step 6. Create an initial context to perform the JNDI lookup. + initialContext = new InitialContext(); + + // Step 7. Perform a lookup on the queue and the connection factory + Queue queue = (Queue) initialContext.lookup("queue/exampleQueue"); + ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("ConnectionFactory"); + + // Step 8.Create a JMS Connection, Session and a MessageConsumer on the queue + connection = cf.createConnection("consumer", "activemq"); + Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); + MessageConsumer consumer = session.createConsumer(queue); + + // Step 9. Start the Connection + connection.start(); + + // Step 10. Receive the message + TextMessage messageReceived = (TextMessage) consumer.receive(5000); + System.out.println("Received JMS message: " + messageReceived.getText()); + } + finally { + // Step 11. Be sure to close our JMS resources! + if (initialContext != null) { + initialContext.close(); + } + if (connection != null) { + connection.close(); + } + } + } + + private static void sendFrame(Socket socket, String data) throws Exception { + byte[] bytes = data.getBytes(StandardCharsets.UTF_8); + OutputStream outputStream = socket.getOutputStream(); + for (int i = 0; i < bytes.length; i++) { + outputStream.write(bytes[i]); + } + outputStream.flush(); + } + + private static String readFrame(Socket socket) throws Exception { + byte[] bytes = new byte[2048]; + InputStream inputStream = socket.getInputStream(); + int nbytes = inputStream.read(bytes); + byte[] data = new byte[nbytes]; + System.arraycopy(bytes, 0, data, 0, data.length); + String resp = new String(data, StandardCharsets.UTF_8); + System.out.println("Got response from server: " + resp); + return resp; + } + +} http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-roles.properties ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-roles.properties b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-roles.properties new file mode 100644 index 0000000..643dfc3 --- /dev/null +++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-roles.properties @@ -0,0 +1,17 @@ +## --------------------------------------------------------------------------- +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## --------------------------------------------------------------------------- +consumers=consumer \ No newline at end of file http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-users.properties ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-users.properties b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-users.properties new file mode 100644 index 0000000..1c68f50 --- /dev/null +++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/artemis-users.properties @@ -0,0 +1,17 @@ +## --------------------------------------------------------------------------- +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## --------------------------------------------------------------------------- +consumer=activemq \ No newline at end of file http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/bootstrap.xml ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/bootstrap.xml b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/bootstrap.xml new file mode 100644 index 0000000..2eabc51 --- /dev/null +++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/bootstrap.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + ~ Licensed to the Apache Software Foundation (ASF) under one or more + ~ contributor license agreements. See the NOTICE file distributed with + ~ this work for additional information regarding copyright ownership. + ~ The ASF licenses this file to You under the Apache License, Version 2.0 + ~ (the "License"); you may not use this file except in compliance with + ~ the License. You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> + +<broker xmlns="http://activemq.org/schema";> + + <jaas-security domain="activemq" certificate-domain="activemq-cert"/> + + <server configuration="file:${artemis.instance}/etc/broker.xml"/> + +</broker> + http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/broker.xml ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/broker.xml b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/broker.xml new file mode 100644 index 0000000..14fa849 --- /dev/null +++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/broker.xml @@ -0,0 +1,57 @@ +<?xml version='1.0'?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> + +<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns="urn:activemq" + xsi:schemaLocation="urn:activemq /schema/artemis-server.xsd"> + + <jms xmlns="urn:activemq:jms"> + <!--the queue used by the example--> + <queue name="exampleQueue"/> + </jms> + + <core xmlns="urn:activemq:core"> + + <bindings-directory>./data/messaging/bindings</bindings-directory> + + <journal-directory>./data/messaging/journal</journal-directory> + + <large-messages-directory>./data/messaging/largemessages</large-messages-directory> + + <paging-directory>./data/messaging/paging</paging-directory> + + <!-- Acceptors --> + <acceptors> + <acceptor name="netty-acceptor">tcp://localhost:61616</acceptor> + <acceptor name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;needClientAuth=true;keyStorePath=${data.dir}/../etc/server-side-keystore.jks;keyStorePassword=secureexample;trustStorePath=${data.dir}/../etc/server-side-truststore.jks;trustStorePassword=secureexample</acceptor> + </acceptors> + + <!-- Other config --> + + <security-settings> + <!--security for example queue--> + <security-setting match="jms.queue.exampleQueue"> + <permission type="consume" roles="consumers"/> + <permission type="send" roles="producers"/> + </security-setting> + </security-settings> + + </core> +</configuration> http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-roles.properties ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-roles.properties b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-roles.properties new file mode 100644 index 0000000..f52fa21 --- /dev/null +++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-roles.properties @@ -0,0 +1,18 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +producers=producer http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-users.properties ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-users.properties b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-users.properties new file mode 100644 index 0000000..06874dc --- /dev/null +++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/cert-users.properties @@ -0,0 +1,18 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +producer=CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-keystore.jks ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-keystore.jks b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-keystore.jks new file mode 100644 index 0000000..cb65a44 Binary files /dev/null and b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-keystore.jks differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-truststore.jks ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-truststore.jks b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-truststore.jks new file mode 100644 index 0000000..7eb1d56 Binary files /dev/null and b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/client-side-truststore.jks differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/login.config ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/login.config b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/login.config new file mode 100644 index 0000000..9bd479d --- /dev/null +++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/login.config @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +activemq { + org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule required + debug=false + org.apache.activemq.jaas.properties.user="artemis-users.properties" + org.apache.activemq.jaas.properties.role="artemis-roles.properties"; +}; + +activemq-cert { + org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule required + debug=true + org.apache.activemq.jaas.textfiledn.user="cert-users.properties" + org.apache.activemq.jaas.textfiledn.role="cert-roles.properties"; +}; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-keystore.jks ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-keystore.jks b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-keystore.jks new file mode 100644 index 0000000..6089c6e Binary files /dev/null and b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-keystore.jks differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-truststore.jks ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-truststore.jks b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-truststore.jks new file mode 100644 index 0000000..0b7e224 Binary files /dev/null and b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/activemq/server0/server-side-truststore.jks differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/6881c1dd/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/jndi.properties ---------------------------------------------------------------------- diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/jndi.properties b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/jndi.properties new file mode 100644 index 0000000..93537c4 --- /dev/null +++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/resources/jndi.properties @@ -0,0 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +java.naming.factory.initial=org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory +connectionFactory.ConnectionFactory=tcp://localhost:61616 +queue.queue/exampleQueue=exampleQueue
