This is an automated email from the ASF dual-hosted git repository. robbie pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/artemis.git
commit ccd3d57160c3b8c616a98e6ee9d86f1f08498e01 Author: Domenico Francesco Bruscino <[email protected]> AuthorDate: Thu Feb 19 10:12:23 2026 +0100 ARTEMIS-5905 Check alignment of console address menu items with permissions --- .../artemis-roles.properties | 1 + .../artemis-users.properties | 1 + .../console-broker-security/broker.properties | 15 ++++++++ .../servers/console/artemis-roles.properties | 3 +- .../servers/console/artemis-users.properties | 1 + .../broker.properties} | 11 ++---- .../main/resources/servers/console/management.xml | 5 ++- .../artemis/tests/smoke/console/AddressesTest.java | 42 ++++++++++++++++++++++ .../artemis/tests/smoke/console/ConsoleTest.java | 4 +-- 9 files changed, 71 insertions(+), 12 deletions(-) diff --git a/tests/smoke-tests/src/main/resources/servers/console-broker-security/artemis-roles.properties b/tests/smoke-tests/src/main/resources/servers/console-broker-security/artemis-roles.properties index 1de7fa72db..ee633e8f36 100644 --- a/tests/smoke-tests/src/main/resources/servers/console-broker-security/artemis-roles.properties +++ b/tests/smoke-tests/src/main/resources/servers/console-broker-security/artemis-roles.properties @@ -23,3 +23,4 @@ producers=producers addresses=addresses,deleteAddresses deleteAddresses=deleteAddresses queues=queues +testers=tester diff --git a/tests/smoke-tests/src/main/resources/servers/console-broker-security/artemis-users.properties b/tests/smoke-tests/src/main/resources/servers/console-broker-security/artemis-users.properties index 67b3843956..fe33d0a8a6 100644 --- a/tests/smoke-tests/src/main/resources/servers/console-broker-security/artemis-users.properties +++ b/tests/smoke-tests/src/main/resources/servers/console-broker-security/artemis-users.properties @@ -23,3 +23,4 @@ producers=producers addresses=addresses deleteAddresses=deleteAddresses queues=queues +tester=tester diff --git a/tests/smoke-tests/src/main/resources/servers/console-broker-security/broker.properties b/tests/smoke-tests/src/main/resources/servers/console-broker-security/broker.properties index 593526fb10..419ce34221 100644 --- a/tests/smoke-tests/src/main/resources/servers/console-broker-security/broker.properties +++ b/tests/smoke-tests/src/main/resources/servers/console-broker-security/broker.properties @@ -16,6 +16,10 @@ # +# Addresses +addressConfigurations.RESTRICTED.routingTypes=ANYCAST + + # The hawtio roles need the VIEW permission for mops.broker because apache-artemis-console uses jolokia search # that invokes "javax.management.MBeanServer.queryNames with the argument "org.apache.activemq.artemis:broker=*" # to find the ActiveMQServerControl MBean instance @@ -26,6 +30,7 @@ securityRoles."mops.mbeanserver.queryNames".consumers.view=true securityRoles."mops.mbeanserver.queryNames".producers.view=true securityRoles."mops.mbeanserver.queryNames".addresses.view=true securityRoles."mops.mbeanserver.queryNames".queues.view=true +securityRoles."mops.mbeanserver.queryNames".testers.view=true securityRoles."mops.mbeanserver.queryMBeans".amq.view=true securityRoles."mops.mbeanserver.queryMBeans".connections.view=true @@ -34,6 +39,7 @@ securityRoles."mops.mbeanserver.queryMBeans".consumers.view=true securityRoles."mops.mbeanserver.queryMBeans".producers.view=true securityRoles."mops.mbeanserver.queryMBeans".addresses.view=true securityRoles."mops.mbeanserver.queryMBeans".queues.view=true +securityRoles."mops.mbeanserver.queryMBeans".testers.view=true securityRoles."mops.broker".amq.view=true securityRoles."mops.broker".connections.view=true @@ -42,6 +48,7 @@ securityRoles."mops.broker".consumers.view=true securityRoles."mops.broker".producers.view=true securityRoles."mops.broker".addresses.view=true securityRoles."mops.broker".queues.view=true +securityRoles."mops.broker".testers.view=true # Global view permissions @@ -113,8 +120,16 @@ securityRoles."mops.broker.listQueues".queues.view=true # Addresses view permissions securityRoles."mops.broker.listAddresses".amq.view=true securityRoles."mops.broker.listAddresses".addresses.view=true +securityRoles."mops.broker.listAddresses".testers.view=true # DeleteAddress view permissions securityRoles."mops.broker.deleteAddress".amq.edit=true securityRoles."mops.broker.deleteAddress".deleteAddresses.edit=true + + +# Foo address permissions +securityRoles."mops.address.RESTRICTED.#".amq.view=true +securityRoles."mops.address.RESTRICTED.#".amq.edit=true +securityRoles."mops.address.RESTRICTED.#".testers.view=true +securityRoles."mops.address.RESTRICTED.#".testers.edit=true diff --git a/tests/smoke-tests/src/main/resources/servers/console/artemis-roles.properties b/tests/smoke-tests/src/main/resources/servers/console/artemis-roles.properties index 55d0128b08..4272c8b3db 100644 --- a/tests/smoke-tests/src/main/resources/servers/console/artemis-roles.properties +++ b/tests/smoke-tests/src/main/resources/servers/console/artemis-roles.properties @@ -22,4 +22,5 @@ consumers=consumers producers=producers addresses=addresses,deleteAddresses deleteAddresses=deleteAddresses -queues=queues \ No newline at end of file +queues=queues +testers=tester \ No newline at end of file diff --git a/tests/smoke-tests/src/main/resources/servers/console/artemis-users.properties b/tests/smoke-tests/src/main/resources/servers/console/artemis-users.properties index 67b3843956..fe33d0a8a6 100644 --- a/tests/smoke-tests/src/main/resources/servers/console/artemis-users.properties +++ b/tests/smoke-tests/src/main/resources/servers/console/artemis-users.properties @@ -23,3 +23,4 @@ producers=producers addresses=addresses deleteAddresses=deleteAddresses queues=queues +tester=tester diff --git a/tests/smoke-tests/src/main/resources/servers/console-broker-security/artemis-users.properties b/tests/smoke-tests/src/main/resources/servers/console/broker.properties similarity index 83% copy from tests/smoke-tests/src/main/resources/servers/console-broker-security/artemis-users.properties copy to tests/smoke-tests/src/main/resources/servers/console/broker.properties index 67b3843956..4cf76629d4 100644 --- a/tests/smoke-tests/src/main/resources/servers/console-broker-security/artemis-users.properties +++ b/tests/smoke-tests/src/main/resources/servers/console/broker.properties @@ -15,11 +15,6 @@ # limitations under the License. # -admin=admin -connections=connections -sessions=sessions -consumers=consumers -producers=producers -addresses=addresses -deleteAddresses=deleteAddresses -queues=queues + +# Addresses +addressConfigurations.RESTRICTED.routingTypes=ANYCAST \ No newline at end of file diff --git a/tests/smoke-tests/src/main/resources/servers/console/management.xml b/tests/smoke-tests/src/main/resources/servers/console/management.xml index 6aae9cb5be..1cae695a3c 100644 --- a/tests/smoke-tests/src/main/resources/servers/console/management.xml +++ b/tests/smoke-tests/src/main/resources/servers/console/management.xml @@ -43,7 +43,7 @@ <access method="listConsumers" roles="consumers,amq"/> <access method="listProducers" roles="producers,amq"/> <access method="listQueues" roles="queues,amq"/> - <access method="listAddresses" roles="addresses,amq"/> + <access method="listAddresses" roles="addresses,testers,amq"/> <access method="deleteAddress" roles="deleteAddresses,amq"/> <access method="list*" roles="amq"/> <access method="get*" roles="amq"/> @@ -51,6 +51,9 @@ <access method="set*" roles="amq"/> <access method="*" roles="amq"/> </match> + <match domain="org.apache.activemq.artemis" key="address=RESTRICTED"> + <access method="*" roles="testers,amq"/> + </match> </role-access> </authorisation> </management-context> \ No newline at end of file diff --git a/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/console/AddressesTest.java b/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/console/AddressesTest.java index d8fb684b84..b0fee98713 100644 --- a/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/console/AddressesTest.java +++ b/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/console/AddressesTest.java @@ -50,6 +50,11 @@ public class AddressesTest extends ArtemisTest { testDefaultAddresses("deleteAddresses", "deleteAddresses", true, true, false, false); } + @TestTemplate + public void testDefaultAddressesWithTesterUser() throws Exception { + testDefaultAddresses("tester", "tester", true, false, false, false); + } + private void testDefaultAddresses(String username, String password, boolean isAlertExpected, boolean canDeleteAddress, boolean canSendMessage, boolean canCreateQueue) throws Exception { loadLandingPage(); LoginPage loginPage = new LoginPage(driver); @@ -72,6 +77,43 @@ public class AddressesTest extends ArtemisTest { testAddressContextMenu(addressesPage, "ExpiryQueue", canDeleteAddress, canSendMessage, canCreateQueue); } + @TestTemplate + public void testRestrictedAddress() throws Exception { + testRestrictedAddress(SERVER_ADMIN_USERNAME, SERVER_ADMIN_PASSWORD, false, true, true, true); + } + + @TestTemplate + public void testRestrictedAddressWithViewUser() throws Exception { + testRestrictedAddress("addresses", "addresses", true, false, false, false); + } + + @TestTemplate + public void testRestrictedAddressWithDeleteUser() throws Exception { + testRestrictedAddress("deleteAddresses", "deleteAddresses", true, true, false, false); + } + + @TestTemplate + public void testRestrictedAddressWithTesterUser() throws Exception { + testRestrictedAddress("tester", "tester", true, false, true, false); + } + + public void testRestrictedAddress(String username, String password, boolean isAlertExpected, boolean canDeleteAddress, boolean canSendMessage, boolean canCreateQueue) throws Exception { + loadLandingPage(); + LoginPage loginPage = new LoginPage(driver); + org.apache.activemq.artemis.tests.smoke.console.pages.StatusPage statusPage = loginPage.loginValidUser( + username, password, DEFAULT_TIMEOUT); + + assertEquals(isAlertExpected, statusPage.countAlerts() > 0); + statusPage.closeAlerts(); + + AddressesPage addressesPage = statusPage.getAddressesPage(DEFAULT_TIMEOUT); + + Wait.assertEquals(1, () -> addressesPage.countAddress("RESTRICTED")); + assertEquals(0, addressesPage.getMessagesCount("RESTRICTED")); + + testAddressContextMenu(addressesPage, "RESTRICTED", canDeleteAddress, canSendMessage, canCreateQueue); + } + private void testAddressContextMenu(AddressesPage addressesPage, String addressName, boolean canDeleteAddress, boolean canSendMessage, boolean canCreateQueue) { addressesPage.toggleContextMenu(addressName); WebElement addressContextMenu = driver.findElement(DATA_ROW_CONTEXT_MENU); diff --git a/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/console/ConsoleTest.java b/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/console/ConsoleTest.java index 6012c10192..2728ad8d16 100644 --- a/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/console/ConsoleTest.java +++ b/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/console/ConsoleTest.java @@ -84,7 +84,7 @@ public abstract class ConsoleTest extends SmokeTestBase { { String httpHost = System.getProperty("sts-http-host", "localhost"); HelperCreate cliCreateServer = helperCreate(); - cliCreateServer.setRole("amq,connections,sessions,consumers,producers,addresses,queues,deleteAddresses") + cliCreateServer.setRole("amq,connections,sessions,consumers,producers,addresses,queues,deleteAddresses,testers") .setUser(SERVER_ADMIN_USERNAME).setPassword(SERVER_ADMIN_PASSWORD) .setAllowAnonymous(false).setNoWeb(false).setArtemisInstance(consoleServerLocation) .setConfiguration("./src/main/resources/servers/" + SERVER_NAME_CONSOLE) @@ -98,7 +98,7 @@ public abstract class ConsoleTest extends SmokeTestBase { { String httpHost = System.getProperty("sts-http-host", "localhost"); HelperCreate cliCreateServer = helperCreate(); - cliCreateServer.setRole("amq,connections,sessions,consumers,producers,addresses,queues,deleteAddresses") + cliCreateServer.setRole("amq,connections,sessions,consumers,producers,addresses,queues,deleteAddresses,testers") .setUser(SERVER_ADMIN_USERNAME).setPassword(SERVER_ADMIN_PASSWORD) .setAllowAnonymous(false).setNoWeb(false).setArtemisInstance(consoleBrokerSecurityServerLocation) .setConfiguration("./src/main/resources/servers/" + SERVER_NAME_CONSOLE_BROKER_SECURITY) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
