http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/ca7197b5/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslGssapiTest.java
----------------------------------------------------------------------
diff --git 
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslGssapiTest.java
 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslGssapiTest.java
new file mode 100644
index 0000000..a4f9476
--- /dev/null
+++ 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslGssapiTest.java
@@ -0,0 +1,151 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.tests.integration.amqp;
+
+import org.apache.activemq.artemis.core.security.Role;
+import org.apache.activemq.artemis.core.server.ActiveMQServer;
+import 
org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
+import org.apache.activemq.artemis.utils.RandomUtil;
+import org.apache.hadoop.minikdc.MiniKdc;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import javax.jms.Connection;
+import javax.jms.MessageConsumer;
+import javax.jms.MessageProducer;
+import javax.jms.Session;
+import javax.jms.TextMessage;
+import java.io.File;
+import java.net.URI;
+import java.net.URL;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+public class JMSSaslGssapiTest extends JMSClientTestSupport {
+
+   static {
+      String path = System.getProperty("java.security.auth.login.config");
+      if (path == null) {
+         URL resource = 
JMSSaslGssapiTest.class.getClassLoader().getResource("login.config");
+         if (resource != null) {
+            path = resource.getFile();
+            System.setProperty("java.security.auth.login.config", path);
+         }
+      }
+   }
+   MiniKdc kdc = null;
+
+   @Before
+   public void setUpKerberos() throws Exception {
+      kdc = new MiniKdc(MiniKdc.createConf(), 
temporaryFolder.newFolder("kdc"));
+      kdc.start();
+
+      // hard coded match, default_keytab_name in minikdc-krb5.conf template
+      File userKeyTab = new File("target/test.krb5.keytab");
+      kdc.createPrincipal(userKeyTab, "client", "amqp/localhost");
+
+      java.util.logging.Logger logger = 
java.util.logging.Logger.getLogger("javax.security.sasl");
+      logger.setLevel(java.util.logging.Level.FINEST);
+      logger.addHandler(new java.util.logging.ConsoleHandler());
+      for (java.util.logging.Handler handler: logger.getHandlers()) {
+         handler.setLevel(java.util.logging.Level.FINEST);
+      }
+
+   }
+
+   @After
+   public void stopKerberos() throws Exception {
+      if (kdc != null) {
+         kdc.stop();
+      }
+   }
+
+   @Override
+   protected boolean isSecurityEnabled() {
+      return true;
+   }
+
+   @Override
+   protected void configureBrokerSecurity(ActiveMQServer server) {
+      server.getConfiguration().setSecurityEnabled(isSecurityEnabled());
+      ActiveMQJAASSecurityManager securityManager = 
(ActiveMQJAASSecurityManager) server.getSecurityManager();
+      securityManager.setConfigurationName("Krb5SslPlus");
+      securityManager.setConfiguration(null);
+
+      final String roleName = "ALLOW_ALL";
+      Role role = new Role(roleName, true, true, true, true, true, true, true, 
true, true, true);
+      Set<Role> roles = new HashSet<>();
+      roles.add(role);
+      server.getSecurityRepository().addMatch(getQueueName().toString(), 
roles);
+
+   }
+
+   @Override
+   protected String getJmsConnectionURIOptions() {
+      return "amqp.saslMechanisms=GSSAPI";
+   }
+
+   @Override
+   protected URI getBrokerQpidJMSConnectionURI() {
+
+      try {
+         int port = AMQP_PORT;
+
+         // match the sasl.service <the host name>
+         String uri = "amqp://localhost:" + port;
+
+         if (!getJmsConnectionURIOptions().isEmpty()) {
+            uri = uri + "?" + getJmsConnectionURIOptions();
+         }
+
+         return new URI(uri);
+      } catch (Exception e) {
+         throw new RuntimeException();
+      }
+   }
+
+   @Override
+   protected void configureAMQPAcceptorParameters(Map<String, Object> params) {
+      params.put("saslMechanisms", "GSSAPI");
+      params.put("saslLoginConfigScope", "amqp-sasl-gssapi");
+   }
+
+   @Test(timeout = 600000)
+   public void testConnection() throws Exception {
+      Connection connection = createConnection("client", null);
+      connection.start();
+
+      try {
+         Session session = connection.createSession(false, 
Session.AUTO_ACKNOWLEDGE);
+         javax.jms.Queue queue = session.createQueue(getQueueName());
+         MessageConsumer consumer = session.createConsumer(queue);
+         MessageProducer producer = session.createProducer(queue);
+
+         final String text = RandomUtil.randomString();
+         producer.send(session.createTextMessage(text));
+
+         TextMessage m = (TextMessage) consumer.receive(1000);
+         assertNotNull(m);
+         assertEquals(text, m.getText());
+
+      } finally {
+         connection.close();
+      }
+   }
+}

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/ca7197b5/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
----------------------------------------------------------------------
diff --git 
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
index 31acfca..3f814e4 100644
--- 
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
+++ 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
@@ -54,7 +54,6 @@ import 
org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl;
 import org.apache.activemq.artemis.core.server.impl.AddressInfo;
 import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
 import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
-import org.apache.activemq.artemis.spi.core.remoting.Connection;
 import 
org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
 import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
 import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2;
@@ -1936,7 +1935,7 @@ public class SecurityTest extends ActiveMQTestBase {
          @Override
          public String validateUser(final String username,
                                     final String password,
-                                    final Connection connection) {
+                                    final RemotingConnection 
remotingConnection) {
             if ((username.equals("foo") || username.equals("bar") || 
username.equals("all")) && password.equals("frobnicate")) {
                return username;
             } else {
@@ -1960,9 +1959,9 @@ public class SecurityTest extends ActiveMQTestBase {
                                            final Set<Role> requiredRoles,
                                            final CheckType checkType,
                                            final String address,
-                                           final Connection connection) {
+                                           final RemotingConnection 
connection) {
 
-            if (!(connection instanceof InVMConnection)) {
+            if (!(connection.getTransportConnection() instanceof 
InVMConnection)) {
                return null;
             }
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/ca7197b5/tests/integration-tests/src/test/resources/login.config
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/resources/login.config 
b/tests/integration-tests/src/test/resources/login.config
index a8ce3e0..5c0e2eb 100644
--- a/tests/integration-tests/src/test/resources/login.config
+++ b/tests/integration-tests/src/test/resources/login.config
@@ -140,7 +140,7 @@ DualAuthenticationPropertiesLogin {
 
 Krb5SslPlus {
 
-    org.apache.activemq.artemis.spi.core.security.jaas.Krb5SslLoginModule 
optional
+    org.apache.activemq.artemis.spi.core.security.jaas.Krb5LoginModule optional
         debug=true;
 
     org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule 
optional
@@ -148,3 +148,17 @@ Krb5SslPlus {
         
org.apache.activemq.jaas.properties.user="dual-authentication-users.properties"
         
org.apache.activemq.jaas.properties.role="dual-authentication-roles.properties";
 };
+
+amqp-sasl-gssapi {
+    com.sun.security.auth.module.Krb5LoginModule required
+    isInitiator=false
+    storeKey=true
+    useKeyTab=true
+    principal="amqp/localhost"
+    debug=true;
+};
+
+amqp-jms-client {
+    com.sun.security.auth.module.Krb5LoginModule required
+    useKeyTab=true;
+};

Reply via email to