Example 1 with CheckType
use of org.apache.activemq.artemis.core.security.CheckType in project activemq-artemis by apache.
the class SecurityTest method testCustomSecurityManager2.
@Test
public void testCustomSecurityManager2() throws Exception {
final Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true);
final ActiveMQSecurityManager customSecurityManager = new ActiveMQSecurityManager2() {
@Override
public boolean validateUser(final String username, final String password) {
fail("Unexpected call to overridden method");
return false;
}
@Override
public boolean validateUser(final String username, final String password, final X509Certificate[] certificates) {
return (username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate");
}
@Override
public boolean validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType) {
fail("Unexpected call to overridden method");
return false;
}
@Override
public boolean validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType, final String address, final RemotingConnection connection) {
if (!(connection.getTransportConnection() instanceof InVMConnection)) {
return false;
}
if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
if (username.equals("all")) {
return true;
} else if (username.equals("foo")) {
return address.equals("test.queue") && checkType == CheckType.CONSUME;
} else if (username.equals("bar")) {
return address.equals("test.queue") && checkType == CheckType.SEND;
} else {
return false;
}
} else {
return false;
}
}
};
final ActiveMQServer server = addServer(new ActiveMQServerImpl(configuration, customSecurityManager));
server.start();
final ServerLocator locator = createInVMNonHALocator();
locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
final ClientSessionFactory factory = createSessionFactory(locator);
ClientSession adminSession = factory.createSession("all", "frobnicate", false, true, true, false, -1);
final String queueName = "test.queue";
adminSession.createQueue(queueName, queueName, false);
final String otherQueueName = "other.queue";
adminSession.createQueue(otherQueueName, otherQueueName, false);
// Wrong user name
try {
factory.createSession("baz", "frobnicate", false, true, true, false, -1);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Wrong password
try {
factory.createSession("foo", "xxx", false, true, true, false, -1);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Correct user and password, wrong queue for sending
try {
final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
checkUserReceiveNoSend(otherQueueName, session, adminSession);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Correct user and password, wrong queue for receiving
try {
final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
checkUserReceiveNoSend(otherQueueName, session, adminSession);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Correct user and password, allowed to send but not receive
{
final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
checkUserReceiveNoSend(queueName, session, adminSession);
}
// Correct user and password, allowed to receive but not send
{
final ClientSession session = factory.createSession("bar", "frobnicate", false, true, true, false, -1);
checkUserSendNoReceive(queueName, session);
}
}
Also used :
InVMConnection(org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnection)
Set(java.util.Set)
HashSet(java.util.HashSet)
TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration)
Configuration(org.apache.activemq.artemis.core.config.Configuration)
RemotingConnection(org.apache.activemq.artemis.spi.core.protocol.RemotingConnection)
SimpleString(org.apache.activemq.artemis.api.core.SimpleString)
ActiveMQServerImpl(org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl)
ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer)
ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException)
ActiveMQSecurityManager2(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2)
CheckType(org.apache.activemq.artemis.core.security.CheckType)
ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession)
ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory)
ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException)
ActiveMQSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager)
ServerLocator(org.apache.activemq.artemis.api.core.client.ServerLocator)
Test(org.junit.Test)
Example 2 with CheckType
use of org.apache.activemq.artemis.core.security.CheckType in project activemq-artemis by apache.
the class SecurityTest method testCustomSecurityManager3.
@Test
public void testCustomSecurityManager3() throws Exception {
final Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true);
final ActiveMQSecurityManager customSecurityManager = new ActiveMQSecurityManager3() {
@Override
public boolean validateUser(final String username, final String password) {
fail("Unexpected call to overridden method");
return false;
}
@Override
public String validateUser(final String username, final String password, final RemotingConnection remotingConnection) {
if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
return username;
} else {
return null;
}
}
@Override
public boolean validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType) {
fail("Unexpected call to overridden method");
return false;
}
@Override
public String validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType, final String address, final RemotingConnection connection) {
if (!(connection.getTransportConnection() instanceof InVMConnection)) {
return null;
}
if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
if (username.equals("all")) {
return username;
} else if (username.equals("foo")) {
if (address.equals("test.queue") && checkType == CheckType.CONSUME)
return username;
else
return null;
} else if (username.equals("bar")) {
if (address.equals("test.queue") && checkType == CheckType.SEND)
return username;
else
return null;
} else {
return null;
}
} else {
return null;
}
}
};
final ActiveMQServer server = addServer(new ActiveMQServerImpl(configuration, customSecurityManager));
server.start();
final ServerLocator locator = createInVMNonHALocator();
locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
final ClientSessionFactory factory = createSessionFactory(locator);
ClientSession adminSession = factory.createSession("all", "frobnicate", false, true, true, false, -1);
final String queueName = "test.queue";
adminSession.createQueue(queueName, queueName, false);
final String otherQueueName = "other.queue";
adminSession.createQueue(otherQueueName, otherQueueName, false);
// Wrong user name
try {
factory.createSession("baz", "frobnicate", false, true, true, false, -1);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Wrong password
try {
factory.createSession("foo", "xxx", false, true, true, false, -1);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Correct user and password, wrong queue for sending
try {
final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
checkUserReceiveNoSend(otherQueueName, session, adminSession);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Correct user and password, wrong queue for receiving
try {
final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
checkUserReceiveNoSend(otherQueueName, session, adminSession);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Correct user and password, allowed to send but not receive
{
final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
checkUserReceiveNoSend(queueName, session, adminSession);
}
// Correct user and password, allowed to receive but not send
{
final ClientSession session = factory.createSession("bar", "frobnicate", false, true, true, false, -1);
checkUserSendNoReceive(queueName, session);
}
}
Also used :
InVMConnection(org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnection)
Set(java.util.Set)
HashSet(java.util.HashSet)
TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration)
Configuration(org.apache.activemq.artemis.core.config.Configuration)
RemotingConnection(org.apache.activemq.artemis.spi.core.protocol.RemotingConnection)
ActiveMQSecurityManager3(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager3)
SimpleString(org.apache.activemq.artemis.api.core.SimpleString)
ActiveMQServerImpl(org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl)
ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer)
ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException)
CheckType(org.apache.activemq.artemis.core.security.CheckType)
ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession)
ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory)
ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException)
ActiveMQSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager)
ServerLocator(org.apache.activemq.artemis.api.core.client.ServerLocator)
Test(org.junit.Test)
Example 3 with CheckType
use of org.apache.activemq.artemis.core.security.CheckType in project activemq-artemis by apache.
the class SecurityTest method testCustomSecurityManager.
@Test
public void testCustomSecurityManager() throws Exception {
final Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true);
final ActiveMQSecurityManager customSecurityManager = new ActiveMQSecurityManager() {
@Override
public boolean validateUser(final String username, final String password) {
return (username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate");
}
@Override
public boolean validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType) {
if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
if (username.equals("all")) {
return true;
} else if (username.equals("foo")) {
return checkType == CheckType.CONSUME || checkType == CheckType.CREATE_NON_DURABLE_QUEUE;
} else if (username.equals("bar")) {
return checkType == CheckType.SEND || checkType == CheckType.CREATE_NON_DURABLE_QUEUE;
} else {
return false;
}
} else {
return false;
}
}
};
final ActiveMQServer server = addServer(new ActiveMQServerImpl(configuration, customSecurityManager));
server.start();
final ServerLocator locator = createInVMNonHALocator();
locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
final ClientSessionFactory factory = createSessionFactory(locator);
ClientSession adminSession = factory.createSession("all", "frobnicate", false, true, true, false, -1);
final String queueName = "test.queue";
adminSession.createQueue(queueName, queueName, false);
// Wrong user name
try {
factory.createSession("baz", "frobnicate", false, true, true, false, -1);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Wrong password
try {
factory.createSession("foo", "xxx", false, true, true, false, -1);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Correct user and password, allowed to send but not receive
{
final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
checkUserReceiveNoSend(queueName, session, adminSession);
}
// Correct user and password, allowed to receive but not send
{
final ClientSession session = factory.createSession("bar", "frobnicate", false, true, true, false, -1);
checkUserSendNoReceive(queueName, session);
}
}
Also used :
ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer)
Set(java.util.Set)
HashSet(java.util.HashSet)
TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration)
Configuration(org.apache.activemq.artemis.core.config.Configuration)
ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException)
CheckType(org.apache.activemq.artemis.core.security.CheckType)
ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession)
SimpleString(org.apache.activemq.artemis.api.core.SimpleString)
ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory)
ActiveMQServerImpl(org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl)
ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException)
ActiveMQSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager)
ServerLocator(org.apache.activemq.artemis.api.core.client.ServerLocator)
Test(org.junit.Test)
Aggregations
HashSet (java.util.HashSet)3
Set (java.util.Set)3
ActiveMQException (org.apache.activemq.artemis.api.core.ActiveMQException)3
ActiveMQSecurityException (org.apache.activemq.artemis.api.core.ActiveMQSecurityException)3
SimpleString (org.apache.activemq.artemis.api.core.SimpleString)3
TransportConfiguration (org.apache.activemq.artemis.api.core.TransportConfiguration)3
ClientSession (org.apache.activemq.artemis.api.core.client.ClientSession)3
ClientSessionFactory (org.apache.activemq.artemis.api.core.client.ClientSessionFactory)3
ServerLocator (org.apache.activemq.artemis.api.core.client.ServerLocator)3
Configuration (org.apache.activemq.artemis.core.config.Configuration)3
CheckType (org.apache.activemq.artemis.core.security.CheckType)3
ActiveMQServer (org.apache.activemq.artemis.core.server.ActiveMQServer)3
ActiveMQServerImpl (org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl)3
ActiveMQSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager)3
Test (org.junit.Test)3
InVMConnection (org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnection)2
RemotingConnection (org.apache.activemq.artemis.spi.core.protocol.RemotingConnection)2
ActiveMQSecurityManager2 (org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2)1
ActiveMQSecurityManager3 (org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager3)1
