Search in sources :

Example 1 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class OpenWireProtocolManager method addConnection.

public void addConnection(OpenWireConnection connection, ConnectionInfo info) throws Exception {
    String username = info.getUserName();
    String password = info.getPassword();
    try {
        validateUser(username, password, connection);
    } catch (ActiveMQSecurityException e) {
        // We need to send an exception used by the openwire
        SecurityException ex = new SecurityException("User name [" + username + "] or password is invalid.");
        ex.initCause(e);
        throw ex;
    }
    String clientId = info.getClientId();
    if (clientId == null) {
        throw new InvalidClientIDException("No clientID specified for connection request");
    }
    synchronized (clientIdSet) {
        AMQConnectionContext context;
        context = clientIdSet.get(clientId);
        if (context != null) {
            if (info.isFailoverReconnect()) {
                OpenWireConnection oldConnection = context.getConnection();
                oldConnection.disconnect(true);
                connections.remove(oldConnection);
                connection.reconnect(context, info);
            } else {
                throw new InvalidClientIDException("Broker: " + getBrokerName() + " - Client: " + clientId + " already connected from " + context.getConnection().getRemoteAddress());
            }
        } else {
            // new connection
            context = connection.initContext(info);
            clientIdSet.put(clientId, context);
        }
        connections.add(connection);
        ActiveMQTopic topic = AdvisorySupport.getConnectionAdvisoryTopic();
        // do not distribute passwords in advisory messages. usernames okay
        ConnectionInfo copy = info.copy();
        copy.setPassword("");
        fireAdvisory(context, topic, copy);
        // init the conn
        context.getConnection().addSessions(context.getConnectionState().getSessionIds());
    }
}
Also used : ActiveMQTopic(org.apache.activemq.command.ActiveMQTopic) InvalidClientIDException(javax.jms.InvalidClientIDException) AMQConnectionContext(org.apache.activemq.artemis.core.protocol.openwire.amq.AMQConnectionContext) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ConnectionInfo(org.apache.activemq.command.ConnectionInfo) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException)

Example 2 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class ProtonServerSenderContext method initialise.

/**
 * create the actual underlying ActiveMQ Artemis Server Consumer
 */
@SuppressWarnings("unchecked")
@Override
public void initialise() throws Exception {
    super.initialise();
    Source source = (Source) sender.getRemoteSource();
    SimpleString queue = null;
    String selector = null;
    final Map<Symbol, Object> supportedFilters = new HashMap<>();
    // Match the settlement mode of the remote instead of relying on the default of MIXED.
    sender.setSenderSettleMode(sender.getRemoteSenderSettleMode());
    // We don't currently support SECOND so enforce that the answer is anlways FIRST
    sender.setReceiverSettleMode(ReceiverSettleMode.FIRST);
    if (source != null) {
        // We look for message selectors on every receiver, while in other cases we might only
        // consume the filter depending on the subscription type.
        Map.Entry<Symbol, DescribedType> filter = AmqpSupport.findFilter(source.getFilter(), AmqpSupport.JMS_SELECTOR_FILTER_IDS);
        if (filter != null) {
            selector = filter.getValue().getDescribed().toString();
            // Validate the Selector.
            try {
                SelectorParser.parse(selector);
            } catch (FilterException e) {
                throw new ActiveMQAMQPException(AmqpError.INVALID_FIELD, "Invalid filter", ActiveMQExceptionType.INVALID_FILTER_EXPRESSION);
            }
            supportedFilters.put(filter.getKey(), filter.getValue());
        }
    }
    if (source == null) {
        // Attempt to recover a previous subscription happens when a link reattach happens on a
        // subscription queue
        String clientId = getClientId();
        String pubId = sender.getName();
        global = hasRemoteDesiredCapability(sender, GLOBAL);
        queue = createQueueName(connection.isUseCoreSubscriptionNaming(), clientId, pubId, true, global, false);
        QueueQueryResult result = sessionSPI.queueQuery(queue, RoutingType.MULTICAST, false);
        multicast = true;
        routingTypeToUse = RoutingType.MULTICAST;
        // the lifetime policy and capabilities of the new subscription.
        if (result.isExists()) {
            source = new org.apache.qpid.proton.amqp.messaging.Source();
            source.setAddress(queue.toString());
            source.setDurable(TerminusDurability.UNSETTLED_STATE);
            source.setExpiryPolicy(TerminusExpiryPolicy.NEVER);
            source.setDistributionMode(COPY);
            source.setCapabilities(TOPIC);
            SimpleString filterString = result.getFilterString();
            if (filterString != null) {
                selector = filterString.toString();
                boolean noLocal = false;
                String remoteContainerId = sender.getSession().getConnection().getRemoteContainer();
                String noLocalFilter = MessageUtil.CONNECTION_ID_PROPERTY_NAME.toString() + "<>'" + remoteContainerId + "'";
                if (selector.endsWith(noLocalFilter)) {
                    if (selector.length() > noLocalFilter.length()) {
                        noLocalFilter = " AND " + noLocalFilter;
                        selector = selector.substring(0, selector.length() - noLocalFilter.length());
                    } else {
                        selector = null;
                    }
                    noLocal = true;
                }
                if (noLocal) {
                    supportedFilters.put(AmqpSupport.NO_LOCAL_NAME, AmqpNoLocalFilter.NO_LOCAL);
                }
                if (selector != null && !selector.trim().isEmpty()) {
                    supportedFilters.put(AmqpSupport.JMS_SELECTOR_NAME, new AmqpJmsSelectorFilter(selector));
                }
            }
            sender.setSource(source);
        } else {
            throw new ActiveMQAMQPNotFoundException("Unknown subscription link: " + sender.getName());
        }
    } else if (source.getDynamic()) {
        // if dynamic we have to create the node (queue) and set the address on the target, the
        // node is temporary and  will be deleted on closing of the session
        queue = SimpleString.toSimpleString(java.util.UUID.randomUUID().toString());
        tempQueueName = queue;
        try {
            sessionSPI.createTemporaryQueue(queue, RoutingType.ANYCAST);
        // protonSession.getServerSession().createQueue(queue, queue, null, true, false);
        } catch (Exception e) {
            throw ActiveMQAMQPProtocolMessageBundle.BUNDLE.errorCreatingTemporaryQueue(e.getMessage());
        }
        source.setAddress(queue.toString());
    } else {
        SimpleString addressToUse;
        SimpleString queueNameToUse = null;
        shared = hasCapabilities(SHARED, source);
        global = hasCapabilities(GLOBAL, source);
        // find out if we have an address made up of the address and queue name, if yes then set queue name
        if (CompositeAddress.isFullyQualified(source.getAddress())) {
            CompositeAddress compositeAddress = CompositeAddress.getQueueName(source.getAddress());
            addressToUse = new SimpleString(compositeAddress.getAddress());
            queueNameToUse = new SimpleString(compositeAddress.getQueueName());
        } else {
            addressToUse = new SimpleString(source.getAddress());
        }
        // check to see if the client has defined how we act
        boolean clientDefined = hasCapabilities(TOPIC, source) || hasCapabilities(QUEUE, source);
        if (clientDefined) {
            multicast = hasCapabilities(TOPIC, source);
            AddressQueryResult addressQueryResult = null;
            try {
                addressQueryResult = sessionSPI.addressQuery(addressToUse, multicast ? RoutingType.MULTICAST : RoutingType.ANYCAST, true);
            } catch (ActiveMQSecurityException e) {
                throw ActiveMQAMQPProtocolMessageBundle.BUNDLE.securityErrorCreatingConsumer(e.getMessage());
            } catch (ActiveMQAMQPException e) {
                throw e;
            } catch (Exception e) {
                throw new ActiveMQAMQPInternalErrorException(e.getMessage(), e);
            }
            if (!addressQueryResult.isExists()) {
                throw ActiveMQAMQPProtocolMessageBundle.BUNDLE.sourceAddressDoesntExist();
            }
            Set<RoutingType> routingTypes = addressQueryResult.getRoutingTypes();
            // if the client defines 1 routing type and the broker another then throw an exception
            if (multicast && !routingTypes.contains(RoutingType.MULTICAST)) {
                throw new ActiveMQAMQPIllegalStateException("Address " + addressToUse + " is not configured for topic support");
            } else if (!multicast && !routingTypes.contains(RoutingType.ANYCAST)) {
                throw new ActiveMQAMQPIllegalStateException("Address " + addressToUse + " is not configured for queue support");
            }
        } else {
            // if not we look up the address
            AddressQueryResult addressQueryResult = null;
            try {
                addressQueryResult = sessionSPI.addressQuery(addressToUse, defaultRoutingType, true);
            } catch (ActiveMQSecurityException e) {
                throw ActiveMQAMQPProtocolMessageBundle.BUNDLE.securityErrorCreatingConsumer(e.getMessage());
            } catch (ActiveMQAMQPException e) {
                throw e;
            } catch (Exception e) {
                throw new ActiveMQAMQPInternalErrorException(e.getMessage(), e);
            }
            if (!addressQueryResult.isExists()) {
                throw ActiveMQAMQPProtocolMessageBundle.BUNDLE.sourceAddressDoesntExist();
            }
            Set<RoutingType> routingTypes = addressQueryResult.getRoutingTypes();
            if (routingTypes.contains(RoutingType.MULTICAST) && routingTypes.size() == 1) {
                multicast = true;
            } else {
                // todo add some checks if both routing types are supported
                multicast = false;
            }
        }
        routingTypeToUse = multicast ? RoutingType.MULTICAST : RoutingType.ANYCAST;
        // messages to, however there has to be a queue bound to it so we need to check this.
        if (multicast) {
            Map.Entry<Symbol, DescribedType> filter = AmqpSupport.findFilter(source.getFilter(), AmqpSupport.NO_LOCAL_FILTER_IDS);
            if (filter != null) {
                String remoteContainerId = sender.getSession().getConnection().getRemoteContainer();
                String noLocalFilter = MessageUtil.CONNECTION_ID_PROPERTY_NAME.toString() + "<>'" + remoteContainerId + "'";
                if (selector != null) {
                    selector += " AND " + noLocalFilter;
                } else {
                    selector = noLocalFilter;
                }
                supportedFilters.put(filter.getKey(), filter.getValue());
            }
            queue = getMatchingQueue(queueNameToUse, addressToUse, RoutingType.MULTICAST);
            SimpleString simpleStringSelector = SimpleString.toSimpleString(selector);
            // if the address specifies a broker configured queue then we always use this, treat it as a queue
            if (queue != null) {
                multicast = false;
            } else if (TerminusDurability.UNSETTLED_STATE.equals(source.getDurable()) || TerminusDurability.CONFIGURATION.equals(source.getDurable())) {
                // if we are a subscription and durable create a durable queue using the container
                // id and link name
                String clientId = getClientId();
                String pubId = sender.getName();
                queue = createQueueName(connection.isUseCoreSubscriptionNaming(), clientId, pubId, shared, global, false);
                QueueQueryResult result = sessionSPI.queueQuery(queue, routingTypeToUse, false);
                if (result.isExists()) {
                    // filter value, selector or address then we must recreate the queue (JMS semantics).
                    if (!Objects.equals(result.getFilterString(), simpleStringSelector) || (sender.getSource() != null && !sender.getSource().getAddress().equals(result.getAddress().toString()))) {
                        if (result.getConsumerCount() == 0) {
                            sessionSPI.deleteQueue(queue);
                            sessionSPI.createUnsharedDurableQueue(addressToUse, RoutingType.MULTICAST, queue, simpleStringSelector);
                        } else {
                            throw new ActiveMQAMQPIllegalStateException("Unable to recreate subscription, consumers already exist");
                        }
                    }
                } else {
                    if (shared) {
                        sessionSPI.createSharedDurableQueue(addressToUse, RoutingType.MULTICAST, queue, simpleStringSelector);
                    } else {
                        sessionSPI.createUnsharedDurableQueue(addressToUse, RoutingType.MULTICAST, queue, simpleStringSelector);
                    }
                }
            } else {
                // otherwise we are a volatile subscription
                isVolatile = true;
                if (shared && sender.getName() != null) {
                    queue = createQueueName(connection.isUseCoreSubscriptionNaming(), getClientId(), sender.getName(), shared, global, isVolatile);
                    try {
                        sessionSPI.createSharedVolatileQueue(addressToUse, RoutingType.MULTICAST, queue, simpleStringSelector);
                    } catch (ActiveMQQueueExistsException e) {
                    // this is ok, just means its shared
                    }
                } else {
                    queue = SimpleString.toSimpleString(java.util.UUID.randomUUID().toString());
                    tempQueueName = queue;
                    try {
                        sessionSPI.createTemporaryQueue(addressToUse, queue, RoutingType.MULTICAST, simpleStringSelector);
                    } catch (Exception e) {
                        throw ActiveMQAMQPProtocolMessageBundle.BUNDLE.errorCreatingTemporaryQueue(e.getMessage());
                    }
                }
            }
        } else {
            if (queueNameToUse != null) {
                SimpleString matchingAnycastQueue = getMatchingQueue(queueNameToUse, addressToUse, RoutingType.ANYCAST);
                if (matchingAnycastQueue != null) {
                    queue = matchingAnycastQueue;
                } else {
                    throw ActiveMQAMQPProtocolMessageBundle.BUNDLE.sourceAddressDoesntExist();
                }
            } else {
                SimpleString matchingAnycastQueue = sessionSPI.getMatchingQueue(addressToUse, RoutingType.ANYCAST);
                if (matchingAnycastQueue != null) {
                    queue = matchingAnycastQueue;
                } else {
                    queue = addressToUse;
                }
            }
        }
        if (queue == null) {
            throw ActiveMQAMQPProtocolMessageBundle.BUNDLE.sourceAddressNotSet();
        }
        try {
            if (!sessionSPI.queueQuery(queue, routingTypeToUse, !multicast).isExists()) {
                throw ActiveMQAMQPProtocolMessageBundle.BUNDLE.sourceAddressDoesntExist();
            }
        } catch (ActiveMQAMQPNotFoundException e) {
            throw e;
        } catch (Exception e) {
            throw new ActiveMQAMQPInternalErrorException(e.getMessage(), e);
        }
    }
    // We need to update the source with any filters we support otherwise the client
    // is free to consider the attach as having failed if we don't send back what we
    // do support or if we send something we don't support the client won't know we
    // have not honored what it asked for.
    source.setFilter(supportedFilters.isEmpty() ? null : supportedFilters);
    boolean browseOnly = !multicast && source.getDistributionMode() != null && source.getDistributionMode().equals(COPY);
    try {
        brokerConsumer = (Consumer) sessionSPI.createSender(this, queue, multicast ? null : selector, browseOnly);
    } catch (ActiveMQAMQPResourceLimitExceededException e1) {
        throw new ActiveMQAMQPResourceLimitExceededException(e1.getMessage());
    } catch (ActiveMQSecurityException e) {
        throw ActiveMQAMQPProtocolMessageBundle.BUNDLE.securityErrorCreatingConsumer(e.getMessage());
    } catch (Exception e) {
        throw ActiveMQAMQPProtocolMessageBundle.BUNDLE.errorCreatingConsumer(e.getMessage());
    }
}
Also used : ActiveMQAMQPInternalErrorException(org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPInternalErrorException) Set(java.util.Set) HashMap(java.util.HashMap) Symbol(org.apache.qpid.proton.amqp.Symbol) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) QueueQueryResult(org.apache.activemq.artemis.core.server.QueueQueryResult) Source(org.apache.qpid.proton.amqp.messaging.Source) CompositeAddress(org.apache.activemq.artemis.utils.CompositeAddress) ActiveMQAMQPResourceLimitExceededException(org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPResourceLimitExceededException) ActiveMQQueueExistsException(org.apache.activemq.artemis.api.core.ActiveMQQueueExistsException) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) ActiveMQAMQPIllegalStateException(org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPIllegalStateException) AddressQueryResult(org.apache.activemq.artemis.core.server.AddressQueryResult) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ActiveMQAMQPNotFoundException(org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPNotFoundException) ActiveMQAMQPNotFoundException(org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPNotFoundException) ActiveMQAMQPException(org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPException) FilterException(org.apache.activemq.artemis.selector.filter.FilterException) ActiveMQAMQPInternalErrorException(org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPInternalErrorException) ActiveMQQueueExistsException(org.apache.activemq.artemis.api.core.ActiveMQQueueExistsException) ActiveMQAMQPResourceLimitExceededException(org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPResourceLimitExceededException) ActiveMQAMQPIllegalStateException(org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPIllegalStateException) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) Source(org.apache.qpid.proton.amqp.messaging.Source) DescribedType(org.apache.qpid.proton.amqp.DescribedType) FilterException(org.apache.activemq.artemis.selector.filter.FilterException) ActiveMQAMQPException(org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPException) Map(java.util.Map) HashMap(java.util.HashMap)

Example 3 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class ProtonServerReceiverContext method onMessage.

/*
   * called when Proton receives a message to be delivered via a Delivery.
   *
   * This may be called more than once per deliver so we have to cache the buffer until we have received it all.
   *
   * */
@Override
public void onMessage(Delivery delivery) throws ActiveMQAMQPException {
    Receiver receiver;
    try {
        if (!delivery.isReadable()) {
            return;
        }
        if (delivery.isPartial()) {
            return;
        }
        receiver = ((Receiver) delivery.getLink());
        Transaction tx = null;
        byte[] data;
        data = new byte[delivery.available()];
        receiver.recv(data, 0, data.length);
        receiver.advance();
        if (delivery.getRemoteState() instanceof TransactionalState) {
            TransactionalState txState = (TransactionalState) delivery.getRemoteState();
            tx = this.sessionSPI.getTransaction(txState.getTxnId(), false);
        }
        sessionSPI.serverSend(this, tx, receiver, delivery, address, delivery.getMessageFormat(), data);
        flow(amqpCredits, minCreditRefresh);
    } catch (Exception e) {
        log.warn(e.getMessage(), e);
        Rejected rejected = new Rejected();
        ErrorCondition condition = new ErrorCondition();
        if (e instanceof ActiveMQSecurityException) {
            condition.setCondition(AmqpError.UNAUTHORIZED_ACCESS);
        } else {
            condition.setCondition(Symbol.valueOf("failed"));
        }
        condition.setDescription(e.getMessage());
        rejected.setError(condition);
        connection.lock();
        try {
            delivery.disposition(rejected);
            delivery.settle();
        } finally {
            connection.unlock();
        }
    }
}
Also used : Transaction(org.apache.activemq.artemis.core.transaction.Transaction) ErrorCondition(org.apache.qpid.proton.amqp.transport.ErrorCondition) Receiver(org.apache.qpid.proton.engine.Receiver) Rejected(org.apache.qpid.proton.amqp.messaging.Rejected) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) ActiveMQAMQPInternalErrorException(org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPInternalErrorException) ActiveMQAMQPNotFoundException(org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPNotFoundException) ActiveMQAMQPException(org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPException) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) TransactionalState(org.apache.qpid.proton.amqp.transaction.TransactionalState)

Example 4 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class SecurityTest method testCustomSecurityManager2.

@Test
public void testCustomSecurityManager2() throws Exception {
    final Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true);
    final ActiveMQSecurityManager customSecurityManager = new ActiveMQSecurityManager2() {

        @Override
        public boolean validateUser(final String username, final String password) {
            fail("Unexpected call to overridden method");
            return false;
        }

        @Override
        public boolean validateUser(final String username, final String password, final X509Certificate[] certificates) {
            return (username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate");
        }

        @Override
        public boolean validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType) {
            fail("Unexpected call to overridden method");
            return false;
        }

        @Override
        public boolean validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType, final String address, final RemotingConnection connection) {
            if (!(connection.getTransportConnection() instanceof InVMConnection)) {
                return false;
            }
            if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
                if (username.equals("all")) {
                    return true;
                } else if (username.equals("foo")) {
                    return address.equals("test.queue") && checkType == CheckType.CONSUME;
                } else if (username.equals("bar")) {
                    return address.equals("test.queue") && checkType == CheckType.SEND;
                } else {
                    return false;
                }
            } else {
                return false;
            }
        }
    };
    final ActiveMQServer server = addServer(new ActiveMQServerImpl(configuration, customSecurityManager));
    server.start();
    final ServerLocator locator = createInVMNonHALocator();
    locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
    final ClientSessionFactory factory = createSessionFactory(locator);
    ClientSession adminSession = factory.createSession("all", "frobnicate", false, true, true, false, -1);
    final String queueName = "test.queue";
    adminSession.createQueue(queueName, queueName, false);
    final String otherQueueName = "other.queue";
    adminSession.createQueue(otherQueueName, otherQueueName, false);
    // Wrong user name
    try {
        factory.createSession("baz", "frobnicate", false, true, true, false, -1);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Wrong password
    try {
        factory.createSession("foo", "xxx", false, true, true, false, -1);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Correct user and password, wrong queue for sending
    try {
        final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
        checkUserReceiveNoSend(otherQueueName, session, adminSession);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Correct user and password, wrong queue for receiving
    try {
        final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
        checkUserReceiveNoSend(otherQueueName, session, adminSession);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Correct user and password, allowed to send but not receive
    {
        final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
        checkUserReceiveNoSend(queueName, session, adminSession);
    }
    // Correct user and password, allowed to receive but not send
    {
        final ClientSession session = factory.createSession("bar", "frobnicate", false, true, true, false, -1);
        checkUserSendNoReceive(queueName, session);
    }
}
Also used : InVMConnection(org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnection) Set(java.util.Set) HashSet(java.util.HashSet) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) Configuration(org.apache.activemq.artemis.core.config.Configuration) RemotingConnection(org.apache.activemq.artemis.spi.core.protocol.RemotingConnection) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ActiveMQServerImpl(org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQSecurityManager2(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2) CheckType(org.apache.activemq.artemis.core.security.CheckType) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) ActiveMQSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager) ServerLocator(org.apache.activemq.artemis.api.core.client.ServerLocator) Test(org.junit.Test)

Example 5 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class SecurityTest method testSendManagementWithoutRole.

@Test
public void testSendManagementWithoutRole() throws Exception {
    ActiveMQServer server = createServer();
    server.start();
    HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
    ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("auser", "pass");
    Role role = new Role("arole", false, false, true, false, false, false, false, false, false, false);
    Set<Role> roles = new HashSet<>();
    roles.add(role);
    securityRepository.addMatch(configuration.getManagementAddress().toString(), roles);
    securityManager.getConfiguration().addRole("auser", "arole");
    ClientSessionFactory cf = createSessionFactory(locator);
    ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1);
    session.createQueue(configuration.getManagementAddress().toString(), SecurityTest.queueA, true);
    ClientProducer cp = session.createProducer(configuration.getManagementAddress());
    cp.send(session.createMessage(false));
    try {
        cp.send(session.createMessage(false));
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    session.close();
}
Also used : Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) Set(java.util.Set) HashSet(java.util.HashSet) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) ClientProducer(org.apache.activemq.artemis.api.core.client.ClientProducer) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

ActiveMQSecurityException (org.apache.activemq.artemis.api.core.ActiveMQSecurityException)25 ActiveMQException (org.apache.activemq.artemis.api.core.ActiveMQException)20 ClientSessionFactory (org.apache.activemq.artemis.api.core.client.ClientSessionFactory)19 Test (org.junit.Test)19 ActiveMQServer (org.apache.activemq.artemis.core.server.ActiveMQServer)18 ClientSession (org.apache.activemq.artemis.api.core.client.ClientSession)17 HashSet (java.util.HashSet)16 Set (java.util.Set)16 ActiveMQJAASSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)14 Role (org.apache.activemq.artemis.core.security.Role)13 SimpleString (org.apache.activemq.artemis.api.core.SimpleString)11 ClientProducer (org.apache.activemq.artemis.api.core.client.ClientProducer)8 TransportConfiguration (org.apache.activemq.artemis.api.core.TransportConfiguration)6 Configuration (org.apache.activemq.artemis.core.config.Configuration)6 ServerLocator (org.apache.activemq.artemis.api.core.client.ServerLocator)4 CheckType (org.apache.activemq.artemis.core.security.CheckType)3 ActiveMQServerImpl (org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl)3 ActiveMQAMQPException (org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPException)3 ActiveMQAMQPInternalErrorException (org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPInternalErrorException)3 ActiveMQAMQPNotFoundException (org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPNotFoundException)3