Search in sources :

Example 16 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class SecurityTest method testSendMessageUpdateRoleCached.

@Test
public void testSendMessageUpdateRoleCached() throws Exception {
    Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true).setSecurityInvalidationInterval(10000);
    ActiveMQServer server = createServer(false, configuration);
    server.start();
    HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
    ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("auser", "pass");
    securityManager.getConfiguration().addUser("guest", "guest");
    securityManager.getConfiguration().addRole("guest", "guest");
    securityManager.getConfiguration().setDefaultUser("guest");
    Role role = new Role("arole", false, false, false, false, false, false, false, false, false, false);
    Role sendRole = new Role("guest", true, false, true, false, false, false, false, false, false, false);
    Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false, false, false);
    Set<Role> roles = new HashSet<>();
    roles.add(sendRole);
    roles.add(role);
    roles.add(receiveRole);
    securityRepository.addMatch(SecurityTest.addressA, roles);
    securityManager.getConfiguration().addRole("auser", "arole");
    ClientSessionFactory cf = createSessionFactory(locator);
    ClientSession senSession = cf.createSession(false, true, true);
    ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1);
    senSession.createQueue(SecurityTest.addressA, SecurityTest.queueA, true);
    ClientProducer cp = senSession.createProducer(SecurityTest.addressA);
    cp.send(session.createMessage(false));
    try {
        session.createConsumer(SecurityTest.queueA);
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    securityManager.getConfiguration().addRole("auser", "receiver");
    session.createConsumer(SecurityTest.queueA);
    // Removing the Role... the check should be cached, so the next createConsumer shouldn't fail
    securityManager.getConfiguration().removeRole("auser", "receiver");
    session.createConsumer(SecurityTest.queueA);
    session.close();
    senSession.close();
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) Configuration(org.apache.activemq.artemis.core.config.Configuration) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) ClientProducer(org.apache.activemq.artemis.api.core.client.ClientProducer) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 17 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class SecurityTest method testSendMessageUpdateSender.

@Test
public void testSendMessageUpdateSender() throws Exception {
    Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true).setSecurityInvalidationInterval(-1);
    ActiveMQServer server = createServer(false, configuration);
    server.start();
    HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
    ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("auser", "pass");
    securityManager.getConfiguration().addUser("guest", "guest");
    securityManager.getConfiguration().addRole("guest", "guest");
    securityManager.getConfiguration().setDefaultUser("guest");
    Role role = new Role("arole", false, false, false, false, false, false, false, false, false, false);
    System.out.println("guest:" + role);
    Role sendRole = new Role("guest", true, false, true, false, false, false, false, false, false, false);
    System.out.println("guest:" + sendRole);
    Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false, false, false);
    System.out.println("guest:" + receiveRole);
    Set<Role> roles = new HashSet<>();
    roles.add(sendRole);
    roles.add(role);
    roles.add(receiveRole);
    securityRepository.addMatch(SecurityTest.addressA, roles);
    securityManager.getConfiguration().addRole("auser", "arole");
    ClientSessionFactory cf = createSessionFactory(locator);
    ClientSession senSession = cf.createSession(false, true, true);
    ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1);
    senSession.createQueue(SecurityTest.addressA, SecurityTest.queueA, true);
    ClientProducer cp = senSession.createProducer(SecurityTest.addressA);
    cp.send(session.createMessage(false));
    try {
        session.createConsumer(SecurityTest.queueA);
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    securityManager.getConfiguration().addRole("auser", "receiver");
    session.createConsumer(SecurityTest.queueA);
    // Removing the Role... the check should be cached... but we used
    // setSecurityInvalidationInterval(0), so the
    // next createConsumer should fail
    securityManager.getConfiguration().removeRole("auser", "guest");
    ClientSession sendingSession = cf.createSession("auser", "pass", false, false, false, false, 0);
    ClientProducer prod = sendingSession.createProducer(SecurityTest.addressA);
    prod.send(CreateMessage.createTextMessage(sendingSession, "Test", true));
    prod.send(CreateMessage.createTextMessage(sendingSession, "Test", true));
    try {
        sendingSession.commit();
        Assert.fail("Expected exception");
    } catch (ActiveMQException e) {
    // I would expect the commit to fail, since there were failures registered
    }
    sendingSession.close();
    Xid xid = newXID();
    sendingSession = cf.createSession("auser", "pass", true, false, false, false, 0);
    sendingSession.start(xid, XAResource.TMNOFLAGS);
    prod = sendingSession.createProducer(SecurityTest.addressA);
    prod.send(CreateMessage.createTextMessage(sendingSession, "Test", true));
    prod.send(CreateMessage.createTextMessage(sendingSession, "Test", true));
    sendingSession.end(xid, XAResource.TMSUCCESS);
    try {
        sendingSession.prepare(xid);
        Assert.fail("Exception was expected");
    } catch (Exception e) {
        e.printStackTrace();
    }
    // A prepare shouldn't mark any recoverable resources
    Xid[] xids = sendingSession.recover(XAResource.TMSTARTRSCAN);
    Assert.assertEquals(0, xids.length);
    session.close();
    senSession.close();
    sendingSession.close();
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) Configuration(org.apache.activemq.artemis.core.config.Configuration) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) Xid(javax.transaction.xa.Xid) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) ClientProducer(org.apache.activemq.artemis.api.core.client.ClientProducer) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 18 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class SecurityTest method testCustomSecurityManager.

@Test
public void testCustomSecurityManager() throws Exception {
    final Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true);
    final ActiveMQSecurityManager customSecurityManager = new ActiveMQSecurityManager() {

        @Override
        public boolean validateUser(final String username, final String password) {
            return (username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate");
        }

        @Override
        public boolean validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType) {
            if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
                if (username.equals("all")) {
                    return true;
                } else if (username.equals("foo")) {
                    return checkType == CheckType.CONSUME || checkType == CheckType.CREATE_NON_DURABLE_QUEUE;
                } else if (username.equals("bar")) {
                    return checkType == CheckType.SEND || checkType == CheckType.CREATE_NON_DURABLE_QUEUE;
                } else {
                    return false;
                }
            } else {
                return false;
            }
        }
    };
    final ActiveMQServer server = addServer(new ActiveMQServerImpl(configuration, customSecurityManager));
    server.start();
    final ServerLocator locator = createInVMNonHALocator();
    locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
    final ClientSessionFactory factory = createSessionFactory(locator);
    ClientSession adminSession = factory.createSession("all", "frobnicate", false, true, true, false, -1);
    final String queueName = "test.queue";
    adminSession.createQueue(queueName, queueName, false);
    // Wrong user name
    try {
        factory.createSession("baz", "frobnicate", false, true, true, false, -1);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Wrong password
    try {
        factory.createSession("foo", "xxx", false, true, true, false, -1);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Correct user and password, allowed to send but not receive
    {
        final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
        checkUserReceiveNoSend(queueName, session, adminSession);
    }
    // Correct user and password, allowed to receive but not send
    {
        final ClientSession session = factory.createSession("bar", "frobnicate", false, true, true, false, -1);
        checkUserSendNoReceive(queueName, session);
    }
}
Also used : ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) Set(java.util.Set) HashSet(java.util.HashSet) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) Configuration(org.apache.activemq.artemis.core.config.Configuration) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) CheckType(org.apache.activemq.artemis.core.security.CheckType) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ActiveMQServerImpl(org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) ActiveMQSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager) ServerLocator(org.apache.activemq.artemis.api.core.client.ServerLocator) Test(org.junit.Test)

Example 19 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class SecurityTest method testDeleteTempQueueWithoutRole.

@Test
public void testDeleteTempQueueWithoutRole() throws Exception {
    ActiveMQServer server = createServer();
    server.start();
    HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
    ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("auser", "pass");
    Role role = new Role("arole", false, false, false, false, true, false, false, false, false, false);
    Set<Role> roles = new HashSet<>();
    roles.add(role);
    securityRepository.addMatch(SecurityTest.addressA, roles);
    securityManager.getConfiguration().addRole("auser", "arole");
    ClientSessionFactory cf = createSessionFactory(locator);
    ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1);
    session.createQueue(SecurityTest.addressA, SecurityTest.queueA, false);
    try {
        session.deleteQueue(SecurityTest.queueA);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    session.close();
}
Also used : Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) Set(java.util.Set) HashSet(java.util.HashSet) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 20 with ActiveMQSecurityException

use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.

the class SecurityTest method testComplexRoles.

@Test
public void testComplexRoles() throws Exception {
    ActiveMQServer server = createServer();
    server.start();
    ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("all", "all");
    securityManager.getConfiguration().addUser("bill", "activemq");
    securityManager.getConfiguration().addUser("andrew", "activemq1");
    securityManager.getConfiguration().addUser("frank", "activemq2");
    securityManager.getConfiguration().addUser("sam", "activemq3");
    securityManager.getConfiguration().addRole("all", "all");
    securityManager.getConfiguration().addRole("bill", "user");
    securityManager.getConfiguration().addRole("andrew", "europe-user");
    securityManager.getConfiguration().addRole("andrew", "user");
    securityManager.getConfiguration().addRole("frank", "us-user");
    securityManager.getConfiguration().addRole("frank", "news-user");
    securityManager.getConfiguration().addRole("frank", "user");
    securityManager.getConfiguration().addRole("sam", "news-user");
    securityManager.getConfiguration().addRole("sam", "user");
    Role all = new Role("all", true, true, true, true, true, true, true, true, true, true);
    HierarchicalRepository<Set<Role>> repository = server.getSecurityRepository();
    Set<Role> add = new HashSet<>();
    add.add(new Role("user", true, true, true, true, true, true, false, true, true, true));
    add.add(all);
    repository.addMatch("#", add);
    Set<Role> add1 = new HashSet<>();
    add1.add(all);
    add1.add(new Role("user", false, false, true, true, true, true, false, true, true, true));
    add1.add(new Role("europe-user", true, false, false, false, false, false, false, true, true, true));
    add1.add(new Role("news-user", false, true, false, false, false, false, false, true, true, true));
    repository.addMatch("news.europe.#", add1);
    Set<Role> add2 = new HashSet<>();
    add2.add(all);
    add2.add(new Role("user", false, false, true, true, true, true, false, true, true, true));
    add2.add(new Role("us-user", true, false, false, false, false, false, false, true, true, true));
    add2.add(new Role("news-user", false, true, false, false, false, false, false, true, true, true));
    repository.addMatch("news.us.#", add2);
    ClientSession billConnection = null;
    ClientSession andrewConnection = null;
    ClientSession frankConnection = null;
    ClientSession samConnection = null;
    locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
    ClientSessionFactory factory = createSessionFactory(locator);
    ClientSession adminSession = factory.createSession("all", "all", false, true, true, false, -1);
    String genericQueueName = "genericQueue";
    adminSession.createQueue(genericQueueName, genericQueueName, false);
    String eurQueueName = "news.europe.europeQueue";
    adminSession.createQueue(eurQueueName, eurQueueName, false);
    String usQueueName = "news.us.usQueue";
    adminSession.createQueue(usQueueName, usQueueName, false);
    // Step 4. Try to create a JMS Connection without user/password. It will fail.
    try {
        factory.createSession(false, true, true);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Step 5. bill tries to make a connection using wrong password
    try {
        billConnection = factory.createSession("bill", "activemq1", false, true, true, false, -1);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Step 6. bill makes a good connection.
    billConnection = factory.createSession("bill", "activemq", false, true, true, false, -1);
    // Step 7. andrew makes a good connection.
    andrewConnection = factory.createSession("andrew", "activemq1", false, true, true, false, -1);
    // Step 8. frank makes a good connection.
    frankConnection = factory.createSession("frank", "activemq2", false, true, true, false, -1);
    // Step 9. sam makes a good connection.
    samConnection = factory.createSession("sam", "activemq3", false, true, true, false, -1);
    checkUserSendAndReceive(genericQueueName, billConnection);
    checkUserSendAndReceive(genericQueueName, andrewConnection);
    checkUserSendAndReceive(genericQueueName, frankConnection);
    checkUserSendAndReceive(genericQueueName, samConnection);
    // Step 11. Check permissions on news.europe.europeTopic for bill: can't send and can't
    // receive
    checkUserNoSendNoReceive(eurQueueName, billConnection, adminSession);
    // Step 12. Check permissions on news.europe.europeTopic for andrew: can send but can't
    // receive
    checkUserSendNoReceive(eurQueueName, andrewConnection);
    // Step 13. Check permissions on news.europe.europeTopic for frank: can't send but can
    // receive
    checkUserReceiveNoSend(eurQueueName, frankConnection, adminSession);
    // Step 14. Check permissions on news.europe.europeTopic for sam: can't send but can
    // receive
    checkUserReceiveNoSend(eurQueueName, samConnection, adminSession);
    // Step 15. Check permissions on news.us.usTopic for bill: can't send and can't receive
    checkUserNoSendNoReceive(usQueueName, billConnection, adminSession);
    // Step 16. Check permissions on news.us.usTopic for andrew: can't send and can't receive
    checkUserNoSendNoReceive(usQueueName, andrewConnection, adminSession);
    // Step 17. Check permissions on news.us.usTopic for frank: can both send and receive
    checkUserSendAndReceive(usQueueName, frankConnection);
    // Step 18. Check permissions on news.us.usTopic for same: can't send but can receive
    checkUserReceiveNoSend(usQueueName, samConnection, adminSession);
    billConnection.close();
    andrewConnection.close();
    frankConnection.close();
    samConnection.close();
    adminSession.close();
}
Also used : Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) Set(java.util.Set) HashSet(java.util.HashSet) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

ActiveMQSecurityException (org.apache.activemq.artemis.api.core.ActiveMQSecurityException)25 ActiveMQException (org.apache.activemq.artemis.api.core.ActiveMQException)20 ClientSessionFactory (org.apache.activemq.artemis.api.core.client.ClientSessionFactory)19 Test (org.junit.Test)19 ActiveMQServer (org.apache.activemq.artemis.core.server.ActiveMQServer)18 ClientSession (org.apache.activemq.artemis.api.core.client.ClientSession)17 HashSet (java.util.HashSet)16 Set (java.util.Set)16 ActiveMQJAASSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)14 Role (org.apache.activemq.artemis.core.security.Role)13 SimpleString (org.apache.activemq.artemis.api.core.SimpleString)11 ClientProducer (org.apache.activemq.artemis.api.core.client.ClientProducer)8 TransportConfiguration (org.apache.activemq.artemis.api.core.TransportConfiguration)6 Configuration (org.apache.activemq.artemis.core.config.Configuration)6 ServerLocator (org.apache.activemq.artemis.api.core.client.ServerLocator)4 CheckType (org.apache.activemq.artemis.core.security.CheckType)3 ActiveMQServerImpl (org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl)3 ActiveMQAMQPException (org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPException)3 ActiveMQAMQPInternalErrorException (org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPInternalErrorException)3 ActiveMQAMQPNotFoundException (org.apache.activemq.artemis.protocol.amqp.exceptions.ActiveMQAMQPNotFoundException)3