use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.
the class SecurityTest method checkUserSendNoReceive.
// Check the user can send message but cannot receive message
private void checkUserSendNoReceive(final String queue, final ClientSession connection) throws Exception {
ClientProducer prod = connection.createProducer(queue);
ClientMessage m = connection.createMessage(false);
prod.send(m);
try {
connection.createConsumer(queue);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
}
use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.
the class SecurityTest method testJAASSecurityManagerAuthorizationSameAddressDifferentQueues.
@Test
public void testJAASSecurityManagerAuthorizationSameAddressDifferentQueues() throws Exception {
final SimpleString ADDRESS = new SimpleString("address");
final SimpleString QUEUE_A = new SimpleString("a");
final SimpleString QUEUE_B = new SimpleString("b");
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
Set<Role> aRoles = new HashSet<>();
aRoles.add(new Role(QUEUE_A.toString(), false, true, false, false, false, false, false, false, false, false));
server.getConfiguration().putSecurityRoles(ADDRESS.concat(".").concat(QUEUE_A).toString(), aRoles);
Set<Role> bRoles = new HashSet<>();
bRoles.add(new Role(QUEUE_B.toString(), false, true, false, false, false, false, false, false, false, false));
server.getConfiguration().putSecurityRoles(ADDRESS.concat(".").concat(QUEUE_B).toString(), bRoles);
server.start();
server.addAddressInfo(new AddressInfo(ADDRESS, RoutingType.ANYCAST));
server.createQueue(ADDRESS, RoutingType.ANYCAST, QUEUE_A, null, true, false);
server.createQueue(ADDRESS, RoutingType.ANYCAST, QUEUE_B, null, true, false);
ClientSessionFactory cf = createSessionFactory(locator);
ClientSession aSession = addClientSession(cf.createSession("a", "a", false, true, true, false, 0));
ClientSession bSession = addClientSession(cf.createSession("b", "b", false, true, true, false, 0));
// client A CONSUME from queue A
try {
ClientConsumer consumer = aSession.createConsumer(QUEUE_A);
} catch (ActiveMQException e) {
e.printStackTrace();
Assert.fail("should not throw exception here");
}
// client B CONSUME from queue A
try {
ClientConsumer consumer = bSession.createConsumer(QUEUE_A);
Assert.fail("should throw exception here");
} catch (ActiveMQException e) {
assertTrue(e instanceof ActiveMQSecurityException);
}
// client B CONSUME from queue B
try {
ClientConsumer consumer = bSession.createConsumer(QUEUE_B);
} catch (ActiveMQException e) {
e.printStackTrace();
Assert.fail("should not throw exception here");
}
// client A CONSUME from queue B
try {
ClientConsumer consumer = aSession.createConsumer(QUEUE_B);
Assert.fail("should throw exception here");
} catch (ActiveMQException e) {
assertTrue(e instanceof ActiveMQSecurityException);
}
}
use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.
the class SecurityTest method testCustomSecurityManager3.
@Test
public void testCustomSecurityManager3() throws Exception {
final Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true);
final ActiveMQSecurityManager customSecurityManager = new ActiveMQSecurityManager3() {
@Override
public boolean validateUser(final String username, final String password) {
fail("Unexpected call to overridden method");
return false;
}
@Override
public String validateUser(final String username, final String password, final RemotingConnection remotingConnection) {
if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
return username;
} else {
return null;
}
}
@Override
public boolean validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType) {
fail("Unexpected call to overridden method");
return false;
}
@Override
public String validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType, final String address, final RemotingConnection connection) {
if (!(connection.getTransportConnection() instanceof InVMConnection)) {
return null;
}
if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
if (username.equals("all")) {
return username;
} else if (username.equals("foo")) {
if (address.equals("test.queue") && checkType == CheckType.CONSUME)
return username;
else
return null;
} else if (username.equals("bar")) {
if (address.equals("test.queue") && checkType == CheckType.SEND)
return username;
else
return null;
} else {
return null;
}
} else {
return null;
}
}
};
final ActiveMQServer server = addServer(new ActiveMQServerImpl(configuration, customSecurityManager));
server.start();
final ServerLocator locator = createInVMNonHALocator();
locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
final ClientSessionFactory factory = createSessionFactory(locator);
ClientSession adminSession = factory.createSession("all", "frobnicate", false, true, true, false, -1);
final String queueName = "test.queue";
adminSession.createQueue(queueName, queueName, false);
final String otherQueueName = "other.queue";
adminSession.createQueue(otherQueueName, otherQueueName, false);
// Wrong user name
try {
factory.createSession("baz", "frobnicate", false, true, true, false, -1);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Wrong password
try {
factory.createSession("foo", "xxx", false, true, true, false, -1);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Correct user and password, wrong queue for sending
try {
final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
checkUserReceiveNoSend(otherQueueName, session, adminSession);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Correct user and password, wrong queue for receiving
try {
final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
checkUserReceiveNoSend(otherQueueName, session, adminSession);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Correct user and password, allowed to send but not receive
{
final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
checkUserReceiveNoSend(queueName, session, adminSession);
}
// Correct user and password, allowed to receive but not send
{
final ClientSession session = factory.createSession("bar", "frobnicate", false, true, true, false, -1);
checkUserSendNoReceive(queueName, session);
}
}
use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.
the class ActiveMQPacketHandler method handleCreateSession.
private void handleCreateSession(final CreateSessionMessage request) {
boolean incompatibleVersion = false;
Packet response;
try {
Version version = server.getVersion();
if (!version.isCompatible(request.getVersion())) {
throw ActiveMQMessageBundle.BUNDLE.incompatibleClientServer();
}
if (!server.isStarted()) {
throw ActiveMQMessageBundle.BUNDLE.serverNotStarted();
}
if (connection.getChannelVersion() == 0) {
connection.setChannelVersion(request.getVersion());
} else if (connection.getChannelVersion() != request.getVersion()) {
ActiveMQServerLogger.LOGGER.incompatibleVersionAfterConnect(request.getVersion(), connection.getChannelVersion());
}
Channel channel = connection.getChannel(request.getSessionChannelID(), request.getWindowSize());
ActiveMQPrincipal activeMQPrincipal = null;
if (request.getUsername() == null) {
activeMQPrincipal = connection.getDefaultActiveMQPrincipal();
}
OperationContext sessionOperationContext = server.newOperationContext();
Map<SimpleString, RoutingType> routingTypeMap = protocolManager.getPrefixes();
CoreSessionCallback sessionCallback = new CoreSessionCallback(request.getName(), protocolManager, channel, connection);
ServerSession session = server.createSession(request.getName(), activeMQPrincipal == null ? request.getUsername() : activeMQPrincipal.getUserName(), activeMQPrincipal == null ? request.getPassword() : activeMQPrincipal.getPassword(), request.getMinLargeMessageSize(), connection, request.isAutoCommitSends(), request.isAutoCommitAcks(), request.isPreAcknowledge(), request.isXA(), request.getDefaultAddress(), sessionCallback, true, sessionOperationContext, routingTypeMap);
ServerProducer serverProducer = new ServerProducerImpl(session.getName(), "CORE", request.getDefaultAddress());
session.addProducer(serverProducer);
ServerSessionPacketHandler handler = new ServerSessionPacketHandler(server, protocolManager, session, server.getStorageManager(), channel);
channel.setHandler(handler);
sessionCallback.setSessionHandler(handler);
// TODO - where is this removed?
protocolManager.addSessionHandler(request.getName(), handler);
response = new CreateSessionResponseMessage(server.getVersion().getIncrementingVersion());
} catch (ActiveMQClusterSecurityException | ActiveMQSecurityException e) {
ActiveMQServerLogger.LOGGER.securityProblemWhileCreatingSession(e.getMessage());
response = new ActiveMQExceptionMessage(e);
} catch (ActiveMQException e) {
if (e.getType() == ActiveMQExceptionType.INCOMPATIBLE_CLIENT_SERVER_VERSIONS) {
incompatibleVersion = true;
logger.debug("Sending ActiveMQException after Incompatible client", e);
} else {
ActiveMQServerLogger.LOGGER.failedToCreateSession(e);
}
response = new ActiveMQExceptionMessage(e);
} catch (Exception e) {
ActiveMQServerLogger.LOGGER.failedToCreateSession(e);
response = new ActiveMQExceptionMessage(new ActiveMQInternalErrorException());
}
// are not compatible
if (incompatibleVersion) {
channel1.sendAndFlush(response);
} else {
channel1.send(response);
}
}
use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.
the class SecurityTest method testCreateSessionWithCorrectUserWrongPass.
@Test
public void testCreateSessionWithCorrectUserWrongPass() throws Exception {
ActiveMQServer server = createServer();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("newuser", "apass");
server.start();
ClientSessionFactory cf = createSessionFactory(locator);
try {
cf.createSession("newuser", "awrongpass", false, true, true, false, -1);
Assert.fail("should not throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
}
Aggregations