Example 56 with Role
use of org.apache.activemq.artemis.core.security.Role in project activemq-artemis by apache.
the class ActiveMQSecurityManagerImplTest method testAddingRoles.
@Test
public void testAddingRoles() {
securityManager.getConfiguration().addUser("newuser1", "newpassword1");
securityManager.getConfiguration().addRole("newuser1", "role1");
securityManager.getConfiguration().addRole("newuser1", "role2");
securityManager.getConfiguration().addRole("newuser1", "role3");
securityManager.getConfiguration().addRole("newuser1", "role4");
HashSet<Role> roles = new HashSet<>();
roles.add(new Role("role1", true, true, true, true, true, true, true, true, true, true));
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
roles = new HashSet<>();
roles.add(new Role("role2", true, true, true, true, true, true, true, true, true, true));
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
roles = new HashSet<>();
roles.add(new Role("role3", true, true, true, true, true, true, true, true, true, true));
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
roles = new HashSet<>();
roles.add(new Role("role4", true, true, true, true, true, true, true, true, true, true));
Assert.assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
roles = new HashSet<>();
roles.add(new Role("role5", true, true, true, true, true, true, true, true, true, true));
Assert.assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.SEND));
}Example 57 with Role
use of org.apache.activemq.artemis.core.security.Role in project activemq-artemis by apache.
the class SecurityFormatter method createSecurity.
public static Set<Role> createSecurity(String sendRoles, String consumeRoles, String createDurableQueueRoles, String deleteDurableQueueRoles, String createNonDurableQueueRoles, String deleteNonDurableQueueRoles, String manageRoles, String browseRoles, String createAddressRoles, String deleteAddressRoles) {
List<String> createDurableQueue = toList(createDurableQueueRoles);
List<String> deleteDurableQueue = toList(deleteDurableQueueRoles);
List<String> createNonDurableQueue = toList(createNonDurableQueueRoles);
List<String> deleteNonDurableQueue = toList(deleteNonDurableQueueRoles);
List<String> send = toList(sendRoles);
List<String> consume = toList(consumeRoles);
List<String> manage = toList(manageRoles);
List<String> browse = toList(browseRoles);
List<String> createAddress = toList(createAddressRoles);
List<String> deleteAddress = toList(deleteAddressRoles);
Set<String> allRoles = new HashSet<>();
allRoles.addAll(createDurableQueue);
allRoles.addAll(deleteDurableQueue);
allRoles.addAll(createNonDurableQueue);
allRoles.addAll(deleteNonDurableQueue);
allRoles.addAll(send);
allRoles.addAll(consume);
allRoles.addAll(manage);
allRoles.addAll(browse);
allRoles.addAll(createAddress);
allRoles.addAll(deleteAddress);
Set<Role> roles = new HashSet<>(allRoles.size());
for (String role : allRoles) {
roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browse.contains(role), createAddressRoles.contains(role), deleteAddressRoles.contains(role)));
}
return roles;
}Example 58 with Role
use of org.apache.activemq.artemis.core.security.Role in project activemq-artemis by apache.
the class SecurityStoreImpl method check.
@Override
public void check(final SimpleString address, final SimpleString queue, final CheckType checkType, final SecurityAuth session) throws Exception {
if (securityEnabled) {
if (logger.isTraceEnabled()) {
logger.trace("checking access permissions to " + address);
}
String user = session.getUsername();
if (checkCached(address, user, checkType)) {
// OK
return;
}
String saddress = address.toString();
Set<Role> roles = securityRepository.getMatch(saddress);
// bypass permission checks for management cluster user
if (managementClusterUser.equals(user) && session.getPassword().equals(managementClusterPassword)) {
return;
}
final boolean validated;
if (securityManager instanceof ActiveMQSecurityManager3) {
final ActiveMQSecurityManager3 securityManager3 = (ActiveMQSecurityManager3) securityManager;
validated = securityManager3.validateUserAndRole(user, session.getPassword(), roles, checkType, saddress, session.getRemotingConnection()) != null;
} else if (securityManager instanceof ActiveMQSecurityManager2) {
final ActiveMQSecurityManager2 securityManager2 = (ActiveMQSecurityManager2) securityManager;
validated = securityManager2.validateUserAndRole(user, session.getPassword(), roles, checkType, saddress, session.getRemotingConnection());
} else {
validated = securityManager.validateUserAndRole(user, session.getPassword(), roles, checkType);
}
if (!validated) {
if (notificationService != null) {
TypedProperties props = new TypedProperties();
props.putSimpleStringProperty(ManagementHelper.HDR_ADDRESS, address);
props.putSimpleStringProperty(ManagementHelper.HDR_CHECK_TYPE, new SimpleString(checkType.toString()));
props.putSimpleStringProperty(ManagementHelper.HDR_USER, SimpleString.toSimpleString(user));
Notification notification = new Notification(null, CoreNotificationType.SECURITY_PERMISSION_VIOLATION, props);
notificationService.sendNotification(notification);
}
if (queue == null) {
throw ActiveMQMessageBundle.BUNDLE.userNoPermissions(session.getUsername(), checkType, saddress);
} else {
throw ActiveMQMessageBundle.BUNDLE.userNoPermissionsQueue(session.getUsername(), checkType, queue.toString(), saddress);
}
}
// if we get here we're granted, add to the cache
ConcurrentHashSet<SimpleString> set = new ConcurrentHashSet<>();
ConcurrentHashSet<SimpleString> act = cache.putIfAbsent(user + "." + checkType.name(), set);
if (act != null) {
set = act;
}
set.add(address);
}
}
Also used :
Role(org.apache.activemq.artemis.core.security.Role)
ActiveMQSecurityManager2(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2)
ConcurrentHashSet(org.apache.activemq.artemis.utils.collections.ConcurrentHashSet)
ActiveMQSecurityManager3(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager3)
SimpleString(org.apache.activemq.artemis.api.core.SimpleString)
SimpleString(org.apache.activemq.artemis.api.core.SimpleString)
TypedProperties(org.apache.activemq.artemis.utils.collections.TypedProperties)
Notification(org.apache.activemq.artemis.core.server.management.Notification)
Example 59 with Role
use of org.apache.activemq.artemis.core.security.Role in project activemq-artemis by apache.
the class OutgoingConnectionTest method setUp.
@Override
@Before
public void setUp() throws Exception {
super.setUp();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("testuser", "testpassword");
securityManager.getConfiguration().addUser("guest", "guest");
securityManager.getConfiguration().setDefaultUser("guest");
securityManager.getConfiguration().addRole("testuser", "arole");
securityManager.getConfiguration().addRole("guest", "arole");
Role role = new Role("arole", true, true, true, true, true, true, true, true, true, true);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getSecurityRepository().addMatch(MDBQUEUEPREFIXED, roles);
resourceAdapter = new ActiveMQResourceAdapter();
resourceAdapter.setEntries("[\"java://jmsXA\"]");
resourceAdapter.setConnectorClassName(InVMConnectorFactory.class.getName());
MyBootstrapContext ctx = new MyBootstrapContext();
resourceAdapter.start(ctx);
mcf = new ActiveMQRAManagedConnectionFactory();
mcf.setResourceAdapter(resourceAdapter);
qraConnectionFactory = new ActiveMQRAConnectionFactoryImpl(mcf, qraConnectionManager);
}
Also used :
Role(org.apache.activemq.artemis.core.security.Role)
ActiveMQRAManagedConnectionFactory(org.apache.activemq.artemis.ra.ActiveMQRAManagedConnectionFactory)
ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)
ActiveMQResourceAdapter(org.apache.activemq.artemis.ra.ActiveMQResourceAdapter)
InVMConnectorFactory(org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnectorFactory)
HashSet(java.util.HashSet)
ActiveMQRAConnectionFactoryImpl(org.apache.activemq.artemis.ra.ActiveMQRAConnectionFactoryImpl)
Before(org.junit.Before)
Example 60 with Role
use of org.apache.activemq.artemis.core.security.Role in project activemq-artemis by apache.
the class SecurityTest method testCreateConsumerWithoutRole.
@Test
public void testCreateConsumerWithoutRole() throws Exception {
ActiveMQServer server = createServer();
server.start();
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("auser", "pass");
securityManager.getConfiguration().addUser("guest", "guest");
securityManager.getConfiguration().addRole("guest", "guest");
securityManager.getConfiguration().setDefaultUser("guest");
Role role = new Role("arole", false, false, false, false, false, false, false, false, false, false);
Role sendRole = new Role("guest", true, false, true, false, false, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(sendRole);
roles.add(role);
securityRepository.addMatch(SecurityTest.addressA, roles);
securityManager.getConfiguration().addRole("auser", "arole");
ClientSessionFactory cf = createSessionFactory(locator);
ClientSession senSession = cf.createSession(false, true, true);
ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1);
senSession.createQueue(SecurityTest.addressA, SecurityTest.queueA, true);
ClientProducer cp = senSession.createProducer(SecurityTest.addressA);
cp.send(session.createMessage(false));
try {
session.createConsumer(SecurityTest.queueA);
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
session.close();
senSession.close();
}
Also used :
Role(org.apache.activemq.artemis.core.security.Role)
ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer)
Set(java.util.Set)
HashSet(java.util.HashSet)
ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException)
ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)
ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession)
ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory)
ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException)
ClientProducer(org.apache.activemq.artemis.api.core.client.ClientProducer)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Aggregations
Role (org.apache.activemq.artemis.core.security.Role)86
HashSet (java.util.HashSet)72
ActiveMQJAASSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)49
Test (org.junit.Test)46
ActiveMQServer (org.apache.activemq.artemis.core.server.ActiveMQServer)35
ClientSession (org.apache.activemq.artemis.api.core.client.ClientSession)33
ClientSessionFactory (org.apache.activemq.artemis.api.core.client.ClientSessionFactory)33
Set (java.util.Set)30
SimpleString (org.apache.activemq.artemis.api.core.SimpleString)26
ActiveMQException (org.apache.activemq.artemis.api.core.ActiveMQException)24
ClientProducer (org.apache.activemq.artemis.api.core.client.ClientProducer)20
TransportConfiguration (org.apache.activemq.artemis.api.core.TransportConfiguration)15
ActiveMQSecurityException (org.apache.activemq.artemis.api.core.ActiveMQSecurityException)14
Before (org.junit.Before)11
Configuration (org.apache.activemq.artemis.core.config.Configuration)9
HashMap (java.util.HashMap)7
ClientConsumer (org.apache.activemq.artemis.api.core.client.ClientConsumer)7
Session (javax.jms.Session)5
ActiveMQResourceAdapter (org.apache.activemq.artemis.ra.ActiveMQResourceAdapter)5
Connection (javax.jms.Connection)4
