Repository: activemq Updated Branches: refs/heads/master 0e74c52e8 -> 57795bafc
[AMQ-6665] - check for peercerts is now on tcp transport such that the bridge connection info can have the correct context Project: http://git-wip-us.apache.org/repos/asf/activemq/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/57795baf Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/57795baf Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/57795baf Branch: refs/heads/master Commit: 57795bafcea290c6879bb288822435c480a9212d Parents: 0e74c52 Author: gtully <[email protected]> Authored: Thu Apr 27 12:07:12 2017 +0100 Committer: gtully <[email protected]> Committed: Thu Apr 27 12:07:12 2017 +0100 ---------------------------------------------------------------------- .../network/DemandForwardingBridgeSupport.java | 8 +- ...alAuthenticationNetworkBridgeNioSslTest.java | 25 +++ ...JaasDualAuthenticationNetworkBridgeTest.java | 9 +- .../JaasDualAuthenticationNetworkBridge.xml | 4 +- ...aasDualAuthenticationNetworkBridgeNioSsl.xml | 178 +++++++++++++++++++ 5 files changed, 217 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq/blob/57795baf/activemq-broker/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java ---------------------------------------------------------------------- diff --git a/activemq-broker/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java b/activemq-broker/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java index e343ad6..5070266 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java +++ b/activemq-broker/src/main/java/org/apache/activemq/network/DemandForwardingBridgeSupport.java @@ -488,8 +488,8 @@ public abstract class DemandForwardingBridgeSupport implements NetworkBridge, Br while (originalTransport instanceof TransportFilter) { originalTransport = ((TransportFilter) originalTransport).getNext(); } - if (originalTransport instanceof SslTransport) { - X509Certificate[] peerCerts = ((SslTransport) originalTransport).getPeerCertificates(); + if (originalTransport instanceof TcpTransport) { + X509Certificate[] peerCerts = originalTransport.getPeerCertificates(); localConnectionInfo.setTransportContext(peerCerts); } // sync requests that may fail @@ -513,8 +513,8 @@ public abstract class DemandForwardingBridgeSupport implements NetworkBridge, Br duplexLocalConnectionInfo.setUserName(configuration.getUserName()); duplexLocalConnectionInfo.setPassword(configuration.getPassword()); - if (originalTransport instanceof SslTransport) { - X509Certificate[] peerCerts = ((SslTransport) originalTransport).getPeerCertificates(); + if (originalTransport instanceof TcpTransport) { + X509Certificate[] peerCerts = originalTransport.getPeerCertificates(); duplexLocalConnectionInfo.setTransportContext(peerCerts); } // sync requests that may fail http://git-wip-us.apache.org/repos/asf/activemq/blob/57795baf/activemq-unit-tests/src/test/java/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSslTest.java ---------------------------------------------------------------------- diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSslTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSslTest.java new file mode 100644 index 0000000..9653433 --- /dev/null +++ b/activemq-unit-tests/src/test/java/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSslTest.java @@ -0,0 +1,25 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.security; + +public class JaasDualAuthenticationNetworkBridgeNioSslTest extends JaasDualAuthenticationNetworkBridgeTest { + public JaasDualAuthenticationNetworkBridgeNioSslTest() { + super(); + CONFIG_FILE="org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml"; + } +} + http://git-wip-us.apache.org/repos/asf/activemq/blob/57795baf/activemq-unit-tests/src/test/java/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.java ---------------------------------------------------------------------- diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.java index e6dd562..633c40f 100644 --- a/activemq-unit-tests/src/test/java/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.java +++ b/activemq-unit-tests/src/test/java/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeTest.java @@ -32,6 +32,7 @@ import org.junit.Assert; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import sun.nio.ch.Net; /** @@ -50,7 +51,7 @@ import org.slf4j.LoggerFactory; * - ssl-domain-JaasDualAuthenticationNetworkBridgeTest.properties */ public class JaasDualAuthenticationNetworkBridgeTest { - protected final static String CONFIG_FILE="org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml"; + protected String CONFIG_FILE="org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml"; protected static Logger LOG = LoggerFactory.getLogger(JaasDualAuthenticationNetworkBridgeTest.class); private BrokerService broker1 = null; private BrokerService broker2 = null; @@ -78,6 +79,9 @@ public class JaasDualAuthenticationNetworkBridgeTest { LOG.error("Error: " + e.getMessage()); throw e; } + + broker2.start(); + broker1.start(); } /** @@ -126,6 +130,9 @@ public class JaasDualAuthenticationNetworkBridgeTest { Collection<NetworkBridge> bridges = nc.activeBridges(); Assert.assertFalse("Network bridge not established to broker 2", bridges.isEmpty()); Assert.assertTrue("Network bridge not established to broker 2", bridges.size() == 1); + for (NetworkBridge nb : bridges) { + Assert.assertTrue(nb.getRemoteBrokerId() != null); + } LOG.info("Network bridge is correctly established."); } catch (java.lang.InterruptedException ex) { LOG.warn(ex.getMessage()); http://git-wip-us.apache.org/repos/asf/activemq/blob/57795baf/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml ---------------------------------------------------------------------- diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml index 7b81018..faae4db 100644 --- a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml +++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml @@ -25,7 +25,7 @@ <!-- first broker instance --> <broker xmlns="http://activemq.apache.org/schema/core"; brokerName="broker1" id="broker1" - dataDirectory="./target/activemq-data-broker1" persistent="false"> + dataDirectory="./target/activemq-data-broker1" persistent="false" start="false"> <destinationPolicy> <policyMap> @@ -105,7 +105,7 @@ <!-- second broker instance --> <broker xmlns="http://activemq.apache.org/schema/core"; brokerName="broker2" id="broker2" - dataDirectory="./target/activemq-data-broker2" persistent="false"> + dataDirectory="./target/activemq-data-broker2" persistent="false" start="false"> <destinationPolicy> <policyMap> http://git-wip-us.apache.org/repos/asf/activemq/blob/57795baf/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml ---------------------------------------------------------------------- diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml new file mode 100644 index 0000000..9e5e7d1 --- /dev/null +++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml @@ -0,0 +1,178 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<beans + xmlns="http://www.springframework.org/schema/beans"; + xmlns:amq="http://activemq.apache.org/schema/core"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-2.0.xsd + http://activemq.apache.org/schema/core + http://activemq.apache.org/schema/core/activemq-core-5.4.2.xsd";> + + <!-- first broker instance --> + <broker xmlns="http://activemq.apache.org/schema/core"; brokerName="broker1" id="broker1" + dataDirectory="./target/activemq-data-broker1" persistent="false" start="false"> + + <destinationPolicy> + <policyMap> + <policyEntries> + <policyEntry queue=">" memoryLimit="20mb"> + <deadLetterStrategy> + <sharedDeadLetterStrategy processExpired="false" processNonPersistent="false"/> + </deadLetterStrategy> + </policyEntry> + + <policyEntry topic=">" producerFlowControl="true" > + </policyEntry> + </policyEntries> + </policyMap> + </destinationPolicy> + + <managementContext> + <managementContext createConnector="false" /> + </managementContext> + + <!-- network of brokers configuration --> + <networkConnectors> + <networkConnector decreaseNetworkConsumerPriority="true" duplex="true" dynamicOnly="true" name="to-A" networkTTL="2" uri="static://(ssl://localhost:61626)" > + <!-- userName="admin" password="admin" --> + <excludedDestinations> + <queue physicalName="MyQueue"/> + </excludedDestinations> + </networkConnector> + </networkConnectors> + + + <plugins> + <!--jaasAuthenticationPlugin configuration="activemq" /--> + <jaasDualAuthenticationPlugin configuration="activemq-domain" sslConfiguration="activemq-ssl-domain"/> + <authorizationPlugin> + <map> + <authorizationMap> + <authorizationEntries> + <authorizationEntry queue=">" admin="administrators" read="administrators" write="administrators"/> + <authorizationEntry topic=">" admin="administrators" read="administrators" write="administrators"/> + <authorizationEntry topic="ActiveMQ.Advisory.>" admin="*" read="*" write="*"/> + <authorizationEntry queue="ActiveMQ.DLQ" admin="administrators" read="*" write="*"/> + </authorizationEntries> + </authorizationMap> + </map> + </authorizationPlugin> + </plugins> + + + <sslContext> + <sslContext + keyStore="server.keystore" + keyStorePassword="password" + trustStore="server.keystore" + trustStorePassword="password" + /> + </sslContext> + + <systemUsage> + <systemUsage> + <memoryUsage> + <memoryUsage limit="60 mb" /> + </memoryUsage> + <storeUsage> + <storeUsage limit="1 mb" /> + </storeUsage> + <tempUsage> + <tempUsage limit="50 mb" /> + </tempUsage> + </systemUsage> + </systemUsage> + + <transportConnectors> + <transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:62626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/> + </transportConnectors> + </broker> + + <!-- second broker instance --> + <broker xmlns="http://activemq.apache.org/schema/core"; brokerName="broker2" id="broker2" + dataDirectory="./target/activemq-data-broker2" persistent="false" start="false"> + + <destinationPolicy> + <policyMap> + <policyEntries> + <policyEntry queue=">" memoryLimit="20mb"> + <deadLetterStrategy> + <sharedDeadLetterStrategy processExpired="false" processNonPersistent="false"/> + </deadLetterStrategy> + </policyEntry> + + <policyEntry topic=">" producerFlowControl="true" > + <deadLetterStrategy> + <sharedDeadLetterStrategy processExpired="false" processNonPersistent="false"/> + </deadLetterStrategy> + </policyEntry> + </policyEntries> + </policyMap> + </destinationPolicy> + + <managementContext> + <managementContext createConnector="false" /> + </managementContext> + + <plugins> + <!--jaasAuthenticationPlugin configuration="activemq" /--> + <!--jaasCertificateAuthenticationPlugin configuration="activemq-ssl-domain" /--> + <jaasDualAuthenticationPlugin configuration="activemq-domain" sslConfiguration="activemq-ssl-domain"/> + <authorizationPlugin> + <map> + <authorizationMap> + <authorizationEntries> + <authorizationEntry queue=">" admin="administrators" read="administrators" write="administrators"/> + <authorizationEntry topic=">" admin="administrators" read="administrators" write="administrators"/> + <authorizationEntry topic="ActiveMQ.Advisory.>" admin="*" read="*" write="*"/> + <authorizationEntry queue="ActiveMQ.DLQ" admin="administrators" read="*" write="*"/> + </authorizationEntries> + </authorizationMap> + </map> + </authorizationPlugin> + </plugins> + + <sslContext> + <sslContext + keyStore="server.keystore" + keyStorePassword="password" + trustStore="server.keystore" + trustStorePassword="password" + /> + </sslContext> + + <systemUsage> + <systemUsage> + <memoryUsage> + <memoryUsage limit="60 mb" /> + </memoryUsage> + <storeUsage> + <storeUsage limit="1 mb" /> + </storeUsage> + <tempUsage> + <tempUsage limit="50 mb" /> + </tempUsage> + </systemUsage> + </systemUsage> + + <transportConnectors> + <transportConnector name="openwire+nio-ssl-2" uri="nio+ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/> + </transportConnectors> + </broker> +</beans> +
