Search in sources :

Example 6 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class SecurityTest method checkUserSendNoReceive.

// Check the user can send message but cannot receive message
private void checkUserSendNoReceive(final String queue, final ClientSession connection) throws Exception {
    ClientProducer prod = connection.createProducer(queue);
    ClientMessage m = connection.createMessage(false);
    prod.send(m);
    try {
        connection.createConsumer(queue);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
}
Also used : ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ClientMessage(org.apache.activemq.artemis.api.core.client.ClientMessage) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) ClientProducer(org.apache.activemq.artemis.api.core.client.ClientProducer)

Example 7 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class SecurityTest method testJAASSecurityManagerAuthorizationSameAddressDifferentQueues.

@Test
public void testJAASSecurityManagerAuthorizationSameAddressDifferentQueues() throws Exception {
    final SimpleString ADDRESS = new SimpleString("address");
    final SimpleString QUEUE_A = new SimpleString("a");
    final SimpleString QUEUE_B = new SimpleString("b");
    ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
    ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
    Set<Role> aRoles = new HashSet<>();
    aRoles.add(new Role(QUEUE_A.toString(), false, true, false, false, false, false, false, false, false, false));
    server.getConfiguration().putSecurityRoles(ADDRESS.concat(".").concat(QUEUE_A).toString(), aRoles);
    Set<Role> bRoles = new HashSet<>();
    bRoles.add(new Role(QUEUE_B.toString(), false, true, false, false, false, false, false, false, false, false));
    server.getConfiguration().putSecurityRoles(ADDRESS.concat(".").concat(QUEUE_B).toString(), bRoles);
    server.start();
    server.addAddressInfo(new AddressInfo(ADDRESS, RoutingType.ANYCAST));
    server.createQueue(ADDRESS, RoutingType.ANYCAST, QUEUE_A, null, true, false);
    server.createQueue(ADDRESS, RoutingType.ANYCAST, QUEUE_B, null, true, false);
    ClientSessionFactory cf = createSessionFactory(locator);
    ClientSession aSession = addClientSession(cf.createSession("a", "a", false, true, true, false, 0));
    ClientSession bSession = addClientSession(cf.createSession("b", "b", false, true, true, false, 0));
    // client A CONSUME from queue A
    try {
        ClientConsumer consumer = aSession.createConsumer(QUEUE_A);
    } catch (ActiveMQException e) {
        e.printStackTrace();
        Assert.fail("should not throw exception here");
    }
    // client B CONSUME from queue A
    try {
        ClientConsumer consumer = bSession.createConsumer(QUEUE_A);
        Assert.fail("should throw exception here");
    } catch (ActiveMQException e) {
        assertTrue(e instanceof ActiveMQSecurityException);
    }
    // client B CONSUME from queue B
    try {
        ClientConsumer consumer = bSession.createConsumer(QUEUE_B);
    } catch (ActiveMQException e) {
        e.printStackTrace();
        Assert.fail("should not throw exception here");
    }
    // client A CONSUME from queue B
    try {
        ClientConsumer consumer = aSession.createConsumer(QUEUE_B);
        Assert.fail("should throw exception here");
    } catch (ActiveMQException e) {
        assertTrue(e instanceof ActiveMQSecurityException);
    }
}
Also used : Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ClientConsumer(org.apache.activemq.artemis.api.core.client.ClientConsumer) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) HashSet(java.util.HashSet) AddressInfo(org.apache.activemq.artemis.core.server.impl.AddressInfo) Test(org.junit.Test)

Example 8 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class SecurityTest method testCustomSecurityManager3.

@Test
public void testCustomSecurityManager3() throws Exception {
    final Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true);
    final ActiveMQSecurityManager customSecurityManager = new ActiveMQSecurityManager3() {

        @Override
        public boolean validateUser(final String username, final String password) {
            fail("Unexpected call to overridden method");
            return false;
        }

        @Override
        public String validateUser(final String username, final String password, final RemotingConnection remotingConnection) {
            if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
                return username;
            } else {
                return null;
            }
        }

        @Override
        public boolean validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType) {
            fail("Unexpected call to overridden method");
            return false;
        }

        @Override
        public String validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType, final String address, final RemotingConnection connection) {
            if (!(connection.getTransportConnection() instanceof InVMConnection)) {
                return null;
            }
            if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
                if (username.equals("all")) {
                    return username;
                } else if (username.equals("foo")) {
                    if (address.equals("test.queue") && checkType == CheckType.CONSUME)
                        return username;
                    else
                        return null;
                } else if (username.equals("bar")) {
                    if (address.equals("test.queue") && checkType == CheckType.SEND)
                        return username;
                    else
                        return null;
                } else {
                    return null;
                }
            } else {
                return null;
            }
        }
    };
    final ActiveMQServer server = addServer(new ActiveMQServerImpl(configuration, customSecurityManager));
    server.start();
    final ServerLocator locator = createInVMNonHALocator();
    locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
    final ClientSessionFactory factory = createSessionFactory(locator);
    ClientSession adminSession = factory.createSession("all", "frobnicate", false, true, true, false, -1);
    final String queueName = "test.queue";
    adminSession.createQueue(queueName, queueName, false);
    final String otherQueueName = "other.queue";
    adminSession.createQueue(otherQueueName, otherQueueName, false);
    // Wrong user name
    try {
        factory.createSession("baz", "frobnicate", false, true, true, false, -1);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Wrong password
    try {
        factory.createSession("foo", "xxx", false, true, true, false, -1);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Correct user and password, wrong queue for sending
    try {
        final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
        checkUserReceiveNoSend(otherQueueName, session, adminSession);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Correct user and password, wrong queue for receiving
    try {
        final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
        checkUserReceiveNoSend(otherQueueName, session, adminSession);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Correct user and password, allowed to send but not receive
    {
        final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
        checkUserReceiveNoSend(queueName, session, adminSession);
    }
    // Correct user and password, allowed to receive but not send
    {
        final ClientSession session = factory.createSession("bar", "frobnicate", false, true, true, false, -1);
        checkUserSendNoReceive(queueName, session);
    }
}
Also used : InVMConnection(org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnection) Set(java.util.Set) HashSet(java.util.HashSet) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) Configuration(org.apache.activemq.artemis.core.config.Configuration) RemotingConnection(org.apache.activemq.artemis.spi.core.protocol.RemotingConnection) ActiveMQSecurityManager3(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager3) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ActiveMQServerImpl(org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) CheckType(org.apache.activemq.artemis.core.security.CheckType) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) ActiveMQSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager) ServerLocator(org.apache.activemq.artemis.api.core.client.ServerLocator) Test(org.junit.Test)

Example 9 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class ActiveMQPacketHandler method handleCreateSession.

private void handleCreateSession(final CreateSessionMessage request) {
    boolean incompatibleVersion = false;
    Packet response;
    try {
        Version version = server.getVersion();
        if (!version.isCompatible(request.getVersion())) {
            throw ActiveMQMessageBundle.BUNDLE.incompatibleClientServer();
        }
        if (!server.isStarted()) {
            throw ActiveMQMessageBundle.BUNDLE.serverNotStarted();
        }
        if (connection.getChannelVersion() == 0) {
            connection.setChannelVersion(request.getVersion());
        } else if (connection.getChannelVersion() != request.getVersion()) {
            ActiveMQServerLogger.LOGGER.incompatibleVersionAfterConnect(request.getVersion(), connection.getChannelVersion());
        }
        Channel channel = connection.getChannel(request.getSessionChannelID(), request.getWindowSize());
        ActiveMQPrincipal activeMQPrincipal = null;
        if (request.getUsername() == null) {
            activeMQPrincipal = connection.getDefaultActiveMQPrincipal();
        }
        OperationContext sessionOperationContext = server.newOperationContext();
        Map<SimpleString, RoutingType> routingTypeMap = protocolManager.getPrefixes();
        CoreSessionCallback sessionCallback = new CoreSessionCallback(request.getName(), protocolManager, channel, connection);
        ServerSession session = server.createSession(request.getName(), activeMQPrincipal == null ? request.getUsername() : activeMQPrincipal.getUserName(), activeMQPrincipal == null ? request.getPassword() : activeMQPrincipal.getPassword(), request.getMinLargeMessageSize(), connection, request.isAutoCommitSends(), request.isAutoCommitAcks(), request.isPreAcknowledge(), request.isXA(), request.getDefaultAddress(), sessionCallback, true, sessionOperationContext, routingTypeMap);
        ServerProducer serverProducer = new ServerProducerImpl(session.getName(), "CORE", request.getDefaultAddress());
        session.addProducer(serverProducer);
        ServerSessionPacketHandler handler = new ServerSessionPacketHandler(server, protocolManager, session, server.getStorageManager(), channel);
        channel.setHandler(handler);
        sessionCallback.setSessionHandler(handler);
        // TODO - where is this removed?
        protocolManager.addSessionHandler(request.getName(), handler);
        response = new CreateSessionResponseMessage(server.getVersion().getIncrementingVersion());
    } catch (ActiveMQClusterSecurityException | ActiveMQSecurityException e) {
        ActiveMQServerLogger.LOGGER.securityProblemWhileCreatingSession(e.getMessage());
        response = new ActiveMQExceptionMessage(e);
    } catch (ActiveMQException e) {
        if (e.getType() == ActiveMQExceptionType.INCOMPATIBLE_CLIENT_SERVER_VERSIONS) {
            incompatibleVersion = true;
            logger.debug("Sending ActiveMQException after Incompatible client", e);
        } else {
            ActiveMQServerLogger.LOGGER.failedToCreateSession(e);
        }
        response = new ActiveMQExceptionMessage(e);
    } catch (Exception e) {
        ActiveMQServerLogger.LOGGER.failedToCreateSession(e);
        response = new ActiveMQExceptionMessage(new ActiveMQInternalErrorException());
    }
    // are not compatible
    if (incompatibleVersion) {
        channel1.sendAndFlush(response);
    } else {
        channel1.send(response);
    }
}
Also used : OperationContext(org.apache.activemq.artemis.core.persistence.OperationContext) ServerSessionPacketHandler(org.apache.activemq.artemis.core.protocol.core.ServerSessionPacketHandler) Packet(org.apache.activemq.artemis.core.protocol.core.Packet) ServerSession(org.apache.activemq.artemis.core.server.ServerSession) ActiveMQPrincipal(org.apache.activemq.artemis.core.security.ActiveMQPrincipal) CreateSessionResponseMessage(org.apache.activemq.artemis.core.protocol.core.impl.wireformat.CreateSessionResponseMessage) Channel(org.apache.activemq.artemis.core.protocol.core.Channel) ActiveMQExceptionMessage(org.apache.activemq.artemis.core.protocol.core.impl.wireformat.ActiveMQExceptionMessage) ActiveMQClusterSecurityException(org.apache.activemq.artemis.api.core.ActiveMQClusterSecurityException) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ActiveMQInternalErrorException(org.apache.activemq.artemis.api.core.ActiveMQInternalErrorException) ServerProducer(org.apache.activemq.artemis.core.server.ServerProducer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQClusterSecurityException(org.apache.activemq.artemis.api.core.ActiveMQClusterSecurityException) ActiveMQInternalErrorException(org.apache.activemq.artemis.api.core.ActiveMQInternalErrorException) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) ServerProducerImpl(org.apache.activemq.artemis.core.server.impl.ServerProducerImpl) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) Version(org.apache.activemq.artemis.core.version.Version) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) RoutingType(org.apache.activemq.artemis.api.core.RoutingType)

Example 10 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class SecurityTest method testCreateSessionWithCorrectUserWrongPass.

@Test
public void testCreateSessionWithCorrectUserWrongPass() throws Exception {
    ActiveMQServer server = createServer();
    ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("newuser", "apass");
    server.start();
    ClientSessionFactory cf = createSessionFactory(locator);
    try {
        cf.createSession("newuser", "awrongpass", false, true, true, false, -1);
        Assert.fail("should not throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
}
Also used : ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) Test(org.junit.Test)

Aggregations

ActiveMQSecurityException (org.apache.activemq.artemis.api.core.ActiveMQSecurityException)25 ActiveMQException (org.apache.activemq.artemis.api.core.ActiveMQException)20 ClientSessionFactory (org.apache.activemq.artemis.api.core.client.ClientSessionFactory)19 Test (org.junit.Test)19 ActiveMQServer (org.apache.activemq.artemis.core.server.ActiveMQServer)18 ClientSession (org.apache.activemq.artemis.api.core.client.ClientSession)17 HashSet (java.util.HashSet)16 Set (java.util.Set)16 ActiveMQJAASSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)14 Role (org.apache.activemq.artemis.core.security.Role)13 SimpleString (org.apache.activemq.artemis.api.core.SimpleString)11 ClientProducer (org.apache.activemq.artemis.api.core.client.ClientProducer)8 TransportConfiguration (org.apache.activemq.artemis.api.core.TransportConfiguration)6 Configuration (org.apache.activemq.artemis.core.config.Configuration)6 ServerLocator (org.apache.activemq.artemis.api.core.client.ServerLocator)4 CheckType (org.apache.activemq.artemis.core.security.CheckType)3 ActiveMQServerImpl (org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl)3 ActiveMQAMQPException (org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPException)3 ActiveMQAMQPInternalErrorException (org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPInternalErrorException)3 ActiveMQAMQPNotFoundException (org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPNotFoundException)3