use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.
the class SecurityTest method testSendMessageUpdateRoleCached.
@Test
public void testSendMessageUpdateRoleCached() throws Exception {
Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true).setSecurityInvalidationInterval(10000);
ActiveMQServer server = createServer(false, configuration);
server.start();
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
securityManager.getConfiguration().addUser("guest", "guest");
securityManager.getConfiguration().addRole("guest", "guest");
securityManager.getConfiguration().setDefaultUser("guest");
Role role = new Role("arole", false, false, false, false, false, false, false, false, false, false);
Role sendRole = new Role("guest", true, false, true, false, false, false, false, false, false, false);
Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(sendRole);
roles.add(role);
roles.add(receiveRole);
securityRepository.addMatch(SecurityTest.addressA, roles);
securityManager.getConfiguration().addRole("auser", "arole");
ClientSessionFactory cf = createSessionFactory(locator);
ClientSession senSession = cf.createSession(false, true, true);
ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1);
senSession.createQueue(SecurityTest.addressA, SecurityTest.queueA, true);
ClientProducer cp = senSession.createProducer(SecurityTest.addressA);
cp.send(session.createMessage(false));
try {
session.createConsumer(SecurityTest.queueA);
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
securityManager.getConfiguration().addRole("auser", "receiver");
session.createConsumer(SecurityTest.queueA);
// Removing the Role... the check should be cached, so the next createConsumer shouldn't fail
securityManager.getConfiguration().removeRole("auser", "receiver");
session.createConsumer(SecurityTest.queueA);
session.close();
senSession.close();
}
use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.
the class SecurityTest method testSendMessageUpdateSender.
@Test
public void testSendMessageUpdateSender() throws Exception {
Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true).setSecurityInvalidationInterval(-1);
ActiveMQServer server = createServer(false, configuration);
server.start();
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
securityManager.getConfiguration().addUser("guest", "guest");
securityManager.getConfiguration().addRole("guest", "guest");
securityManager.getConfiguration().setDefaultUser("guest");
Role role = new Role("arole", false, false, false, false, false, false, false, false, false, false);
System.out.println("guest:" + role);
Role sendRole = new Role("guest", true, false, true, false, false, false, false, false, false, false);
System.out.println("guest:" + sendRole);
Role receiveRole = new Role("receiver", false, true, false, false, false, false, false, false, false, false);
System.out.println("guest:" + receiveRole);
Set<Role> roles = new HashSet<>();
roles.add(sendRole);
roles.add(role);
roles.add(receiveRole);
securityRepository.addMatch(SecurityTest.addressA, roles);
securityManager.getConfiguration().addRole("auser", "arole");
ClientSessionFactory cf = createSessionFactory(locator);
ClientSession senSession = cf.createSession(false, true, true);
ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1);
senSession.createQueue(SecurityTest.addressA, SecurityTest.queueA, true);
ClientProducer cp = senSession.createProducer(SecurityTest.addressA);
cp.send(session.createMessage(false));
try {
session.createConsumer(SecurityTest.queueA);
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
securityManager.getConfiguration().addRole("auser", "receiver");
session.createConsumer(SecurityTest.queueA);
// Removing the Role... the check should be cached... but we used
// setSecurityInvalidationInterval(0), so the
// next createConsumer should fail
securityManager.getConfiguration().removeRole("auser", "guest");
ClientSession sendingSession = cf.createSession("auser", "pass", false, false, false, false, 0);
ClientProducer prod = sendingSession.createProducer(SecurityTest.addressA);
prod.send(CreateMessage.createTextMessage(sendingSession, "Test", true));
prod.send(CreateMessage.createTextMessage(sendingSession, "Test", true));
try {
sendingSession.commit();
Assert.fail("Expected exception");
} catch (ActiveMQException e) {
// I would expect the commit to fail, since there were failures registered
}
sendingSession.close();
Xid xid = newXID();
sendingSession = cf.createSession("auser", "pass", true, false, false, false, 0);
sendingSession.start(xid, XAResource.TMNOFLAGS);
prod = sendingSession.createProducer(SecurityTest.addressA);
prod.send(CreateMessage.createTextMessage(sendingSession, "Test", true));
prod.send(CreateMessage.createTextMessage(sendingSession, "Test", true));
sendingSession.end(xid, XAResource.TMSUCCESS);
try {
sendingSession.prepare(xid);
Assert.fail("Exception was expected");
} catch (Exception e) {
e.printStackTrace();
}
// A prepare shouldn't mark any recoverable resources
Xid[] xids = sendingSession.recover(XAResource.TMSTARTRSCAN);
Assert.assertEquals(0, xids.length);
session.close();
senSession.close();
sendingSession.close();
}
use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.
the class SecurityTest method testCustomSecurityManager.
@Test
public void testCustomSecurityManager() throws Exception {
final Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true);
final ActiveMQSecurityManager customSecurityManager = new ActiveMQSecurityManager() {
@Override
public boolean validateUser(final String username, final String password) {
return (username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate");
}
@Override
public boolean validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType) {
if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
if (username.equals("all")) {
return true;
} else if (username.equals("foo")) {
return checkType == CheckType.CONSUME || checkType == CheckType.CREATE_NON_DURABLE_QUEUE;
} else if (username.equals("bar")) {
return checkType == CheckType.SEND || checkType == CheckType.CREATE_NON_DURABLE_QUEUE;
} else {
return false;
}
} else {
return false;
}
}
};
final ActiveMQServer server = addServer(new ActiveMQServerImpl(configuration, customSecurityManager));
server.start();
final ServerLocator locator = createInVMNonHALocator();
locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
final ClientSessionFactory factory = createSessionFactory(locator);
ClientSession adminSession = factory.createSession("all", "frobnicate", false, true, true, false, -1);
final String queueName = "test.queue";
adminSession.createQueue(queueName, queueName, false);
// Wrong user name
try {
factory.createSession("baz", "frobnicate", false, true, true, false, -1);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Wrong password
try {
factory.createSession("foo", "xxx", false, true, true, false, -1);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Correct user and password, allowed to send but not receive
{
final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
checkUserReceiveNoSend(queueName, session, adminSession);
}
// Correct user and password, allowed to receive but not send
{
final ClientSession session = factory.createSession("bar", "frobnicate", false, true, true, false, -1);
checkUserSendNoReceive(queueName, session);
}
}
use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.
the class SecurityTest method testDeleteTempQueueWithoutRole.
@Test
public void testDeleteTempQueueWithoutRole() throws Exception {
ActiveMQServer server = createServer();
server.start();
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
Role role = new Role("arole", false, false, false, false, true, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(role);
securityRepository.addMatch(SecurityTest.addressA, roles);
securityManager.getConfiguration().addRole("auser", "arole");
ClientSessionFactory cf = createSessionFactory(locator);
ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1);
session.createQueue(SecurityTest.addressA, SecurityTest.queueA, false);
try {
session.deleteQueue(SecurityTest.queueA);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
session.close();
}
use of org.apache.activemq.artemis.api.core.ActiveMQSecurityException in project activemq-artemis by apache.
the class SecurityTest method testComplexRoles.
@Test
public void testComplexRoles() throws Exception {
ActiveMQServer server = createServer();
server.start();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("all", "all");
securityManager.getConfiguration().addUser("bill", "activemq");
securityManager.getConfiguration().addUser("andrew", "activemq1");
securityManager.getConfiguration().addUser("frank", "activemq2");
securityManager.getConfiguration().addUser("sam", "activemq3");
securityManager.getConfiguration().addRole("all", "all");
securityManager.getConfiguration().addRole("bill", "user");
securityManager.getConfiguration().addRole("andrew", "europe-user");
securityManager.getConfiguration().addRole("andrew", "user");
securityManager.getConfiguration().addRole("frank", "us-user");
securityManager.getConfiguration().addRole("frank", "news-user");
securityManager.getConfiguration().addRole("frank", "user");
securityManager.getConfiguration().addRole("sam", "news-user");
securityManager.getConfiguration().addRole("sam", "user");
Role all = new Role("all", true, true, true, true, true, true, true, true, true, true);
HierarchicalRepository<Set<Role>> repository = server.getSecurityRepository();
Set<Role> add = new HashSet<>();
add.add(new Role("user", true, true, true, true, true, true, false, true, true, true));
add.add(all);
repository.addMatch("#", add);
Set<Role> add1 = new HashSet<>();
add1.add(all);
add1.add(new Role("user", false, false, true, true, true, true, false, true, true, true));
add1.add(new Role("europe-user", true, false, false, false, false, false, false, true, true, true));
add1.add(new Role("news-user", false, true, false, false, false, false, false, true, true, true));
repository.addMatch("news.europe.#", add1);
Set<Role> add2 = new HashSet<>();
add2.add(all);
add2.add(new Role("user", false, false, true, true, true, true, false, true, true, true));
add2.add(new Role("us-user", true, false, false, false, false, false, false, true, true, true));
add2.add(new Role("news-user", false, true, false, false, false, false, false, true, true, true));
repository.addMatch("news.us.#", add2);
ClientSession billConnection = null;
ClientSession andrewConnection = null;
ClientSession frankConnection = null;
ClientSession samConnection = null;
locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
ClientSessionFactory factory = createSessionFactory(locator);
ClientSession adminSession = factory.createSession("all", "all", false, true, true, false, -1);
String genericQueueName = "genericQueue";
adminSession.createQueue(genericQueueName, genericQueueName, false);
String eurQueueName = "news.europe.europeQueue";
adminSession.createQueue(eurQueueName, eurQueueName, false);
String usQueueName = "news.us.usQueue";
adminSession.createQueue(usQueueName, usQueueName, false);
// Step 4. Try to create a JMS Connection without user/password. It will fail.
try {
factory.createSession(false, true, true);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Step 5. bill tries to make a connection using wrong password
try {
billConnection = factory.createSession("bill", "activemq1", false, true, true, false, -1);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Step 6. bill makes a good connection.
billConnection = factory.createSession("bill", "activemq", false, true, true, false, -1);
// Step 7. andrew makes a good connection.
andrewConnection = factory.createSession("andrew", "activemq1", false, true, true, false, -1);
// Step 8. frank makes a good connection.
frankConnection = factory.createSession("frank", "activemq2", false, true, true, false, -1);
// Step 9. sam makes a good connection.
samConnection = factory.createSession("sam", "activemq3", false, true, true, false, -1);
checkUserSendAndReceive(genericQueueName, billConnection);
checkUserSendAndReceive(genericQueueName, andrewConnection);
checkUserSendAndReceive(genericQueueName, frankConnection);
checkUserSendAndReceive(genericQueueName, samConnection);
// Step 11. Check permissions on news.europe.europeTopic for bill: can't send and can't
// receive
checkUserNoSendNoReceive(eurQueueName, billConnection, adminSession);
// Step 12. Check permissions on news.europe.europeTopic for andrew: can send but can't
// receive
checkUserSendNoReceive(eurQueueName, andrewConnection);
// Step 13. Check permissions on news.europe.europeTopic for frank: can't send but can
// receive
checkUserReceiveNoSend(eurQueueName, frankConnection, adminSession);
// Step 14. Check permissions on news.europe.europeTopic for sam: can't send but can
// receive
checkUserReceiveNoSend(eurQueueName, samConnection, adminSession);
// Step 15. Check permissions on news.us.usTopic for bill: can't send and can't receive
checkUserNoSendNoReceive(usQueueName, billConnection, adminSession);
// Step 16. Check permissions on news.us.usTopic for andrew: can't send and can't receive
checkUserNoSendNoReceive(usQueueName, andrewConnection, adminSession);
// Step 17. Check permissions on news.us.usTopic for frank: can both send and receive
checkUserSendAndReceive(usQueueName, frankConnection);
// Step 18. Check permissions on news.us.usTopic for same: can't send but can receive
checkUserReceiveNoSend(usQueueName, samConnection, adminSession);
billConnection.close();
andrewConnection.close();
frankConnection.close();
samConnection.close();
adminSession.close();
}
Aggregations