Examples with ActiveMQJAASSecurityManager org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager used on opensource projects

Search in sources :

Example 71 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testDeleteTempQueueWithoutRole.

@Test
public void testDeleteTempQueueWithoutRole() throws Exception {
    ActiveMQServer server = createServer();
    server.start();
    HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
    ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("auser", "pass");
    Role role = new Role("arole", false, false, false, false, true, false, false, false, false, false);
    Set<Role> roles = new HashSet<>();
    roles.add(role);
    securityRepository.addMatch(SecurityTest.addressA, roles);
    securityManager.getConfiguration().addRole("auser", "arole");
    ClientSessionFactory cf = createSessionFactory(locator);
    ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1);
    session.createQueue(SecurityTest.addressA, SecurityTest.queueA, false);
    try {
        session.deleteQueue(SecurityTest.queueA);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    session.close();
}
Also used : Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) Set(java.util.Set) HashSet(java.util.HashSet) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 72 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testComplexRoles.

@Test
public void testComplexRoles() throws Exception {
    ActiveMQServer server = createServer();
    server.start();
    ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("all", "all");
    securityManager.getConfiguration().addUser("bill", "activemq");
    securityManager.getConfiguration().addUser("andrew", "activemq1");
    securityManager.getConfiguration().addUser("frank", "activemq2");
    securityManager.getConfiguration().addUser("sam", "activemq3");
    securityManager.getConfiguration().addRole("all", "all");
    securityManager.getConfiguration().addRole("bill", "user");
    securityManager.getConfiguration().addRole("andrew", "europe-user");
    securityManager.getConfiguration().addRole("andrew", "user");
    securityManager.getConfiguration().addRole("frank", "us-user");
    securityManager.getConfiguration().addRole("frank", "news-user");
    securityManager.getConfiguration().addRole("frank", "user");
    securityManager.getConfiguration().addRole("sam", "news-user");
    securityManager.getConfiguration().addRole("sam", "user");
    Role all = new Role("all", true, true, true, true, true, true, true, true, true, true);
    HierarchicalRepository<Set<Role>> repository = server.getSecurityRepository();
    Set<Role> add = new HashSet<>();
    add.add(new Role("user", true, true, true, true, true, true, false, true, true, true));
    add.add(all);
    repository.addMatch("#", add);
    Set<Role> add1 = new HashSet<>();
    add1.add(all);
    add1.add(new Role("user", false, false, true, true, true, true, false, true, true, true));
    add1.add(new Role("europe-user", true, false, false, false, false, false, false, true, true, true));
    add1.add(new Role("news-user", false, true, false, false, false, false, false, true, true, true));
    repository.addMatch("news.europe.#", add1);
    Set<Role> add2 = new HashSet<>();
    add2.add(all);
    add2.add(new Role("user", false, false, true, true, true, true, false, true, true, true));
    add2.add(new Role("us-user", true, false, false, false, false, false, false, true, true, true));
    add2.add(new Role("news-user", false, true, false, false, false, false, false, true, true, true));
    repository.addMatch("news.us.#", add2);
    ClientSession billConnection = null;
    ClientSession andrewConnection = null;
    ClientSession frankConnection = null;
    ClientSession samConnection = null;
    locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
    ClientSessionFactory factory = createSessionFactory(locator);
    ClientSession adminSession = factory.createSession("all", "all", false, true, true, false, -1);
    String genericQueueName = "genericQueue";
    adminSession.createQueue(genericQueueName, genericQueueName, false);
    String eurQueueName = "news.europe.europeQueue";
    adminSession.createQueue(eurQueueName, eurQueueName, false);
    String usQueueName = "news.us.usQueue";
    adminSession.createQueue(usQueueName, usQueueName, false);
    // Step 4. Try to create a JMS Connection without user/password. It will fail.
    try {
        factory.createSession(false, true, true);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Step 5. bill tries to make a connection using wrong password
    try {
        billConnection = factory.createSession("bill", "activemq1", false, true, true, false, -1);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Step 6. bill makes a good connection.
    billConnection = factory.createSession("bill", "activemq", false, true, true, false, -1);
    // Step 7. andrew makes a good connection.
    andrewConnection = factory.createSession("andrew", "activemq1", false, true, true, false, -1);
    // Step 8. frank makes a good connection.
    frankConnection = factory.createSession("frank", "activemq2", false, true, true, false, -1);
    // Step 9. sam makes a good connection.
    samConnection = factory.createSession("sam", "activemq3", false, true, true, false, -1);
    checkUserSendAndReceive(genericQueueName, billConnection);
    checkUserSendAndReceive(genericQueueName, andrewConnection);
    checkUserSendAndReceive(genericQueueName, frankConnection);
    checkUserSendAndReceive(genericQueueName, samConnection);
    // Step 11. Check permissions on news.europe.europeTopic for bill: can't send and can't
    // receive
    checkUserNoSendNoReceive(eurQueueName, billConnection, adminSession);
    // Step 12. Check permissions on news.europe.europeTopic for andrew: can send but can't
    // receive
    checkUserSendNoReceive(eurQueueName, andrewConnection);
    // Step 13. Check permissions on news.europe.europeTopic for frank: can't send but can
    // receive
    checkUserReceiveNoSend(eurQueueName, frankConnection, adminSession);
    // Step 14. Check permissions on news.europe.europeTopic for sam: can't send but can
    // receive
    checkUserReceiveNoSend(eurQueueName, samConnection, adminSession);
    // Step 15. Check permissions on news.us.usTopic for bill: can't send and can't receive
    checkUserNoSendNoReceive(usQueueName, billConnection, adminSession);
    // Step 16. Check permissions on news.us.usTopic for andrew: can't send and can't receive
    checkUserNoSendNoReceive(usQueueName, andrewConnection, adminSession);
    // Step 17. Check permissions on news.us.usTopic for frank: can both send and receive
    checkUserSendAndReceive(usQueueName, frankConnection);
    // Step 18. Check permissions on news.us.usTopic for same: can't send but can receive
    checkUserReceiveNoSend(usQueueName, samConnection, adminSession);
    billConnection.close();
    andrewConnection.close();
    frankConnection.close();
    samConnection.close();
    adminSession.close();
}
Also used : Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) Set(java.util.Set) HashSet(java.util.HashSet) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 73 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testComplexRoles2.

@Test
@Ignore
public void testComplexRoles2() throws Exception {
    ActiveMQServer server = createServer();
    server.start();
    ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("all", "all");
    securityManager.getConfiguration().addUser("bill", "activemq");
    securityManager.getConfiguration().addUser("andrew", "activemq1");
    securityManager.getConfiguration().addUser("frank", "activemq2");
    securityManager.getConfiguration().addUser("sam", "activemq3");
    securityManager.getConfiguration().addRole("all", "all");
    securityManager.getConfiguration().addRole("bill", "user");
    securityManager.getConfiguration().addRole("andrew", "europe-user");
    securityManager.getConfiguration().addRole("andrew", "user");
    securityManager.getConfiguration().addRole("frank", "us-user");
    securityManager.getConfiguration().addRole("frank", "news-user");
    securityManager.getConfiguration().addRole("frank", "user");
    securityManager.getConfiguration().addRole("sam", "news-user");
    securityManager.getConfiguration().addRole("sam", "user");
    Role all = new Role("all", true, true, true, true, true, true, true, true, true, true);
    HierarchicalRepository<Set<Role>> repository = server.getSecurityRepository();
    Set<Role> add = new HashSet<>();
    add.add(new Role("user", true, true, true, true, true, true, false, true, true, true));
    add.add(all);
    repository.addMatch("#", add);
    Set<Role> add1 = new HashSet<>();
    add1.add(all);
    add1.add(new Role("user", false, false, true, true, true, true, false, true, true, true));
    add1.add(new Role("europe-user", true, false, false, false, false, false, false, true, true, true));
    add1.add(new Role("news-user", false, true, false, false, false, false, false, true, true, true));
    repository.addMatch("news.europe.#", add1);
    Set<Role> add2 = new HashSet<>();
    add2.add(all);
    add2.add(new Role("user", false, false, true, true, true, true, false, true, true, true));
    add2.add(new Role("us-user", true, false, false, false, false, false, false, true, true, true));
    add2.add(new Role("news-user", false, true, false, false, false, false, false, true, true, true));
    repository.addMatch("news.us.#", add2);
    ClientSession billConnection = null;
    ClientSession andrewConnection = null;
    ClientSession frankConnection = null;
    ClientSession samConnection = null;
    locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
    ClientSessionFactory factory = createSessionFactory(locator);
    ClientSession adminSession = factory.createSession("all", "all", false, true, true, false, -1);
    String genericQueueName = "genericQueue";
    adminSession.createQueue(genericQueueName, genericQueueName, false);
    String eurQueueName = "news.europe.europeQueue";
    adminSession.createQueue(eurQueueName, eurQueueName, false);
    String usQueueName = "news.us.usQueue";
    adminSession.createQueue(usQueueName, usQueueName, false);
    // Step 4. Try to create a JMS Connection without user/password. It will fail.
    try {
        factory.createSession(false, true, true);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Step 5. bill tries to make a connection using wrong password
    try {
        billConnection = factory.createSession("bill", "activemq1", false, true, true, false, -1);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Step 6. bill makes a good connection.
    billConnection = factory.createSession("bill", "activemq", false, true, true, false, -1);
    // Step 7. andrew makes a good connection.
    andrewConnection = factory.createSession("andrew", "activemq1", false, true, true, false, -1);
    // Step 8. frank makes a good connection.
    frankConnection = factory.createSession("frank", "activemq2", false, true, true, false, -1);
    // Step 9. sam makes a good connection.
    samConnection = factory.createSession("sam", "activemq3", false, true, true, false, -1);
    checkUserSendAndReceive(genericQueueName, billConnection);
    checkUserSendAndReceive(genericQueueName, andrewConnection);
    checkUserSendAndReceive(genericQueueName, frankConnection);
    checkUserSendAndReceive(genericQueueName, samConnection);
    // Step 11. Check permissions on news.europe.europeTopic for bill: can't send and can't
    // receive
    checkUserNoSendNoReceive(eurQueueName, billConnection, adminSession);
    // Step 12. Check permissions on news.europe.europeTopic for andrew: can send but can't
    // receive
    checkUserSendNoReceive(eurQueueName, andrewConnection);
    // Step 13. Check permissions on news.europe.europeTopic for frank: can't send but can
    // receive
    checkUserReceiveNoSend(eurQueueName, frankConnection, adminSession);
    // Step 14. Check permissions on news.europe.europeTopic for sam: can't send but can
    // receive
    checkUserReceiveNoSend(eurQueueName, samConnection, adminSession);
    // Step 15. Check permissions on news.us.usTopic for bill: can't send and can't receive
    checkUserNoSendNoReceive(usQueueName, billConnection, adminSession);
    // Step 16. Check permissions on news.us.usTopic for andrew: can't send and can't receive
    checkUserNoSendNoReceive(usQueueName, andrewConnection, adminSession);
    // Step 17. Check permissions on news.us.usTopic for frank: can both send and receive
    checkUserSendAndReceive(usQueueName, frankConnection);
    // Step 18. Check permissions on news.us.usTopic for same: can't send but can receive
    checkUserReceiveNoSend(usQueueName, samConnection, adminSession);
}
Also used : Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) Set(java.util.Set) HashSet(java.util.HashSet) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) HashSet(java.util.HashSet) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 74 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testDeleteDurableQueueWithoutRole.

@Test
public void testDeleteDurableQueueWithoutRole() throws Exception {
    ActiveMQServer server = createServer();
    server.start();
    HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
    ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("auser", "pass");
    Role role = new Role("arole", false, false, true, false, false, false, false, false, false, false);
    Set<Role> roles = new HashSet<>();
    roles.add(role);
    securityRepository.addMatch(SecurityTest.addressA, roles);
    securityManager.getConfiguration().addRole("auser", "arole");
    ClientSessionFactory cf = createSessionFactory(locator);
    ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1);
    session.createQueue(SecurityTest.addressA, SecurityTest.queueA, true);
    try {
        session.deleteQueue(SecurityTest.queueA);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    session.close();
}
Also used : Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) Set(java.util.Set) HashSet(java.util.HashSet) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 75 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testSendWithoutRole.

@Test
public void testSendWithoutRole() throws Exception {
    ActiveMQServer server = createServer();
    server.start();
    HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
    ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("auser", "pass");
    Role role = new Role("arole", false, false, true, false, false, false, false, false, false, false);
    Set<Role> roles = new HashSet<>();
    roles.add(role);
    securityRepository.addMatch(SecurityTest.addressA, roles);
    securityManager.getConfiguration().addRole("auser", "arole");
    locator.setBlockOnNonDurableSend(true);
    ClientSessionFactory cf = createSessionFactory(locator);
    ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1);
    session.createQueue(SecurityTest.addressA, SecurityTest.queueA, true);
    ClientProducer cp = session.createProducer(SecurityTest.addressA);
    try {
        cp.send(session.createMessage(false));
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    session.close();
}
Also used : Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) Set(java.util.Set) HashSet(java.util.HashSet) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) ClientProducer(org.apache.activemq.artemis.api.core.client.ClientProducer) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

ActiveMQJAASSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)91 ActiveMQServer (org.apache.activemq.artemis.core.server.ActiveMQServer)50 Role (org.apache.activemq.artemis.core.security.Role)49 Test (org.junit.Test)48 HashSet (java.util.HashSet)47 ClientSessionFactory (org.apache.activemq.artemis.api.core.client.ClientSessionFactory)42 ClientSession (org.apache.activemq.artemis.api.core.client.ClientSession)40 ActiveMQException (org.apache.activemq.artemis.api.core.ActiveMQException)30 Set (java.util.Set)27 SimpleString (org.apache.activemq.artemis.api.core.SimpleString)23 TransportConfiguration (org.apache.activemq.artemis.api.core.TransportConfiguration)23 ClientProducer (org.apache.activemq.artemis.api.core.client.ClientProducer)21 SecurityConfiguration (org.apache.activemq.artemis.core.config.impl.SecurityConfiguration)21 InVMLoginModule (org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule)19 Configuration (org.apache.activemq.artemis.core.config.Configuration)18 ActiveMQSecurityException (org.apache.activemq.artemis.api.core.ActiveMQSecurityException)16 HashMap (java.util.HashMap)14 Before (org.junit.Before)13 ActiveMQSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager)10 ActiveMQServerImpl (org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial