Repository: activemq Updated Branches: refs/heads/master a27f4f2ea -> c1e94c615
NO-JIRA - remove info logging of config mods, add sanity test of mod to write acl for authorization plugin Project: http://git-wip-us.apache.org/repos/asf/activemq/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/c1e94c61 Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/c1e94c61 Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/c1e94c61 Branch: refs/heads/master Commit: c1e94c615859ee9f61c3c16d00cf87369ea40317 Parents: a27f4f2 Author: gtully <[email protected]> Authored: Wed Oct 5 17:07:20 2016 +0100 Committer: gtully <[email protected]> Committed: Wed Oct 5 17:08:46 2016 +0100 ---------------------------------------------------------------------- .../plugin/DefaultConfigurationProcessor.java | 2 +- .../activemq/AbstractAuthorizationTest.java | 21 ++++++++ .../org/apache/activemq/AuthorizationTest.java | 17 ++++++ .../authorizationTest-users-add-write-guest.xml | 55 ++++++++++++++++++++ 4 files changed, 94 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq/blob/c1e94c61/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java ---------------------------------------------------------------------- diff --git a/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java b/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java index fddfe48..1e539ed 100644 --- a/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java +++ b/activemq-runtime-config/src/main/java/org/apache/activemq/plugin/DefaultConfigurationProcessor.java @@ -96,7 +96,7 @@ public class DefaultConfigurationProcessor implements ConfigurationProcessor { Object existing = current.get(currentIndex); Object candidate = modification.get(modIndex); if (!existing.equals(candidate)) { - plugin.info("modification to:" + existing + " , with: " + candidate); + plugin.debug("modification to:" + existing + " , with: " + candidate); ConfigurationProcessor processor = findProcessor(existing); if (processor != null) { processor.modify(existing, candidate); http://git-wip-us.apache.org/repos/asf/activemq/blob/c1e94c61/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java ---------------------------------------------------------------------- diff --git a/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java b/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java index 286d7c1..a394073 100644 --- a/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java +++ b/activemq-runtime-config/src/test/java/org/apache/activemq/AbstractAuthorizationTest.java @@ -64,4 +64,25 @@ public abstract class AbstractAuthorizationTest extends RuntimeConfigTestSupport } } + protected void assertAllowedWrite(String userPass, String dest) throws JMSException { + ActiveMQConnection connection = new ActiveMQConnectionFactory("vm://localhost").createActiveMQConnection(userPass, userPass); + connection.start(); + try { + Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); + session.createProducer(session.createQueue(dest)).send(session.createTextMessage()); + } finally { + connection.close(); + } + } + + protected void assertDeniedWrite(String userPass, String destination) { + try { + assertAllowedWrite(userPass, destination); + fail("Expected not allowed exception"); + } catch (JMSException expected) { + LOG.debug("got:" + expected, expected); + } + } + + } http://git-wip-us.apache.org/repos/asf/activemq/blob/c1e94c61/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java ---------------------------------------------------------------------- diff --git a/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java b/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java index 0b933e9..3a8b7c6 100644 --- a/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java +++ b/activemq-runtime-config/src/test/java/org/apache/activemq/AuthorizationTest.java @@ -34,6 +34,7 @@ public class AuthorizationTest extends AbstractAuthorizationTest { assertAllowed("user", "USERS.A"); assertDenied("user", "GUESTS.A"); + assertDenied("guest", "GUESTS.A"); assertDeniedTemp("guest"); @@ -66,6 +67,22 @@ public class AuthorizationTest extends AbstractAuthorizationTest { } @Test + public void testModAddWrite() throws Exception { + final String brokerConfig = configurationSeed + "-auth-rm-broker"; + applyNewConfig(brokerConfig, configurationSeed + "-users"); + startBroker(brokerConfig); + assertTrue("broker alive", brokerService.isStarted()); + + assertAllowedWrite("user", "USERS.A"); + assertDeniedWrite("guest", "USERS.A"); + + applyNewConfig(brokerConfig, configurationSeed + "-users-add-write-guest", SLEEP); + + assertAllowedWrite("user", "USERS.A"); + assertAllowedWrite("guest", "USERS.A"); + } + + @Test public void testWildcard() throws Exception { final String brokerConfig = configurationSeed + "-auth-broker"; applyNewConfig(brokerConfig, configurationSeed + "-wildcard-users-guests"); http://git-wip-us.apache.org/repos/asf/activemq/blob/c1e94c61/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml ---------------------------------------------------------------------- diff --git a/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml b/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml new file mode 100644 index 0000000..646f158 --- /dev/null +++ b/activemq-runtime-config/src/test/resources/org/apache/activemq/authorizationTest-users-add-write-guest.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<beans + xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd + http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd";> + + <broker xmlns="http://activemq.apache.org/schema/core"; start="false" persistent="false"> + <plugins> + <runtimeConfigurationPlugin checkPeriod="1000"/> + + <!-- use JAAS to authenticate using the login.config file on the classpath to configure JAAS --> + <jaasAuthenticationPlugin configuration="activemq-domain"/> + + <!-- lets configure a destination based authorization mechanism --> + <authorizationPlugin> + <map> + <authorizationMap> + <authorizationEntries> + <authorizationEntry queue=">" read="admins" write="admins" admin="admins"/> + <authorizationEntry queue="USERS.>" read="users" write="users,guests" admin="users"/> + + <authorizationEntry topic=">" read="admins" write="admins" admin="admins"/> + <authorizationEntry topic="USERS.>" read="users" write="users" admin="users"/> + + <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" + admin="guests,users"/> + </authorizationEntries> + + <tempDestinationAuthorizationEntry> + <tempDestinationAuthorizationEntry read="tempDestinationAdmins" write="tempDestinationAdmins" + admin="tempDestinationAdmins"/> + </tempDestinationAuthorizationEntry> + </authorizationMap> + </map> + </authorizationPlugin> + </plugins> + </broker> +</beans>
