Example 6 with ActiveMQJAASSecurityManager
use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.
the class JMSSaslGssapiTest method configureBrokerSecurity.
@Override
protected void configureBrokerSecurity(ActiveMQServer server) {
server.getConfiguration().setSecurityEnabled(isSecurityEnabled());
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.setConfigurationName("Krb5Plus");
securityManager.setConfiguration(null);
final String roleName = "ALLOW_ALL";
Role role = new Role(roleName, true, true, true, true, true, true, true, true, true, true);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getSecurityRepository().addMatch(getQueueName().toString(), roles);
}
Also used :
Role(org.apache.activemq.artemis.core.security.Role)
ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)
HashSet(java.util.HashSet)
Example 7 with ActiveMQJAASSecurityManager
use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.
the class SaslKrb5LDAPSecurityTest method createArtemisServer.
private void createArtemisServer(String securityConfigScope) {
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager(securityConfigScope);
HashMap<String, Object> params = new HashMap<>();
params.put(TransportConstants.PORT_PROP_NAME, String.valueOf(5672));
params.put(TransportConstants.PROTOCOLS_PROP_NAME, "AMQP");
HashMap<String, Object> amqpParams = new HashMap<>();
amqpParams.put("saslMechanisms", "GSSAPI");
amqpParams.put("saslLoginConfigScope", "amqp-sasl-gssapi");
Configuration configuration = new ConfigurationImpl().setSecurityEnabled(true).addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params, "netty-amqp", amqpParams)).setJournalDirectory(ActiveMQTestBase.getJournalDir(testDir, 0, false)).setBindingsDirectory(ActiveMQTestBase.getBindingsDir(testDir, 0, false)).setPagingDirectory(ActiveMQTestBase.getPageDir(testDir, 0, false)).setLargeMessagesDirectory(ActiveMQTestBase.getLargeMessagesDir(testDir, 0, false));
server = ActiveMQServers.newActiveMQServer(configuration, ManagementFactory.getPlatformMBeanServer(), securityManager, false);
}
Also used :
TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration)
Configuration(org.apache.activemq.artemis.core.config.Configuration)
HashMap(java.util.HashMap)
ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)
TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration)
ConfigurationImpl(org.apache.activemq.artemis.core.config.impl.ConfigurationImpl)
Example 8 with ActiveMQJAASSecurityManager
use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.
the class ArtemisBrokerWrapper method start.
@Override
public void start() throws Exception {
clearDataRecreateServerDirs();
mbeanServer = MBeanServerFactory.createMBeanServer();
server = createServer(realStore, true);
server.setMBeanServer(mbeanServer);
server.getConfiguration().getAcceptorConfigurations().clear();
Configuration serverConfig = server.getConfiguration();
serverConfig.setJMXManagementEnabled(true);
Map<String, AddressSettings> addressSettingsMap = serverConfig.getAddressesSettings();
// do policy translation
PolicyMap policyMap = this.bservice.getDestinationPolicy();
if (policyMap != null) {
translatePolicyMap(serverConfig, policyMap);
}
String match = "#";
AddressSettings commonSettings = addressSettingsMap.get(match);
if (commonSettings == null) {
commonSettings = new AddressSettings();
addressSettingsMap.put(match, commonSettings);
}
SimpleString dla = new SimpleString("ActiveMQ.DLQ");
commonSettings.setDeadLetterAddress(dla);
commonSettings.setExpiryAddress(dla);
commonSettings.setAutoCreateQueues(true);
commonSettings.setAutoCreateAddresses(true);
if (bservice.extraConnectors.size() == 0) {
serverConfig.addAcceptorConfiguration("home", "tcp://localhost:61616");
}
for (BrokerService.ConnectorInfo info : bservice.extraConnectors) {
addServerAcceptor(serverConfig, info);
}
serverConfig.setSecurityEnabled(enableSecurity);
if (enableSecurity) {
ActiveMQJAASSecurityManager sm = (ActiveMQJAASSecurityManager) server.getSecurityManager();
SecurityConfiguration securityConfig = sm.getConfiguration();
securityConfig.addRole("openwireSender", "sender");
securityConfig.addUser("openwireSender", "SeNdEr");
// sender cannot receive
Role senderRole = new Role("sender", true, false, false, false, true, true, false, false);
securityConfig.addRole("openwireReceiver", "receiver");
securityConfig.addUser("openwireReceiver", "ReCeIvEr");
// receiver cannot send
Role receiverRole = new Role("receiver", false, true, false, false, true, true, false, true);
securityConfig.addRole("openwireGuest", "guest");
securityConfig.addUser("openwireGuest", "GuEsT");
// guest cannot do anything
Role guestRole = new Role("guest", false, false, false, false, false, false, false, false);
securityConfig.addRole("openwireDestinationManager", "manager");
securityConfig.addUser("openwireDestinationManager", "DeStInAtIoN");
// manager can only manage
Role destRole = new Role("manager", false, false, false, false, true, true, false, false);
Map<String, Set<Role>> settings = server.getConfiguration().getSecurityRoles();
if (settings == null) {
settings = new HashMap<>();
server.getConfiguration().setSecurityRoles(settings);
}
Set<Role> anySet = settings.get("#");
if (anySet == null) {
anySet = new HashSet<>();
settings.put("#", anySet);
}
anySet.add(senderRole);
anySet.add(receiverRole);
anySet.add(guestRole);
anySet.add(destRole);
}
Set<TransportConfiguration> acceptors = serverConfig.getAcceptorConfigurations();
Iterator<TransportConfiguration> iter = acceptors.iterator();
while (iter.hasNext()) {
System.out.println("acceptor =>: " + iter.next());
}
jmsServer = new JMSServerManagerImpl(server);
InVMNamingContext namingContext = new InVMNamingContext();
jmsServer.setRegistry(new JndiBindingRegistry(namingContext));
jmsServer.start();
server.start();
stopped = false;
}
Also used :
AddressSettings(org.apache.activemq.artemis.core.settings.impl.AddressSettings)
HashSet(java.util.HashSet)
Set(java.util.Set)
Configuration(org.apache.activemq.artemis.core.config.Configuration)
SecurityConfiguration(org.apache.activemq.artemis.core.config.impl.SecurityConfiguration)
TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration)
ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)
SimpleString(org.apache.activemq.artemis.api.core.SimpleString)
TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration)
JndiBindingRegistry(org.apache.activemq.artemis.core.registry.JndiBindingRegistry)
SimpleString(org.apache.activemq.artemis.api.core.SimpleString)
Role(org.apache.activemq.artemis.core.security.Role)
PolicyMap(org.apache.activemq.broker.region.policy.PolicyMap)
JMSServerManagerImpl(org.apache.activemq.artemis.jms.server.impl.JMSServerManagerImpl)
SecurityConfiguration(org.apache.activemq.artemis.core.config.impl.SecurityConfiguration)
BrokerService(org.apache.activemq.broker.BrokerService)
Example 9 with ActiveMQJAASSecurityManager
use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.
the class InterceptorTest method testInterceptUsernameOnQueues.
// This is testing if it's possible to intercept usernames and do some real stuff as users want
@Test
public void testInterceptUsernameOnQueues() throws Exception {
SimpleString ANOTHER_QUEUE = QUEUE.concat("another");
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("dumb", "dumber");
securityManager.getConfiguration().addUser("an", "other");
server.getRemotingService().addIncomingInterceptor(new InterceptUserOnCreateQueue());
locator.setBlockOnDurableSend(true);
ClientSessionFactory sf = createSessionFactory(locator);
ClientSession session = sf.createSession("dumb", "dumber", false, false, false, false, 0);
ClientSession sessionAnotherUser = sf.createSession("an", "other", false, false, false, false, 0);
session.createQueue(QUEUE, QUEUE, null, true);
sessionAnotherUser.createQueue(QUEUE, ANOTHER_QUEUE, null, true);
ClientProducer prod = session.createProducer(QUEUE);
ClientProducer prodAnother = sessionAnotherUser.createProducer(QUEUE);
ClientMessage msg = session.createMessage(true);
prod.send(msg);
session.commit();
prodAnother.send(msg);
sessionAnotherUser.commit();
ClientConsumer consumer = session.createConsumer(QUEUE);
ClientConsumer consumerAnother = sessionAnotherUser.createConsumer(ANOTHER_QUEUE);
session.start();
sessionAnotherUser.start();
msg = consumer.receive(1000);
assertNotNull(msg);
assertEquals("dumb", msg.getStringProperty("userName"));
msg.acknowledge();
assertNull(consumer.receiveImmediate());
msg = consumerAnother.receive(1000);
assertNotNull(msg);
assertEquals("an", msg.getStringProperty("userName"));
msg.acknowledge();
assertNull(consumerAnother.receiveImmediate());
session.close();
sessionAnotherUser.close();
}
Also used :
ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)
ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession)
SimpleString(org.apache.activemq.artemis.api.core.SimpleString)
ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory)
ClientMessage(org.apache.activemq.artemis.api.core.client.ClientMessage)
ClientConsumer(org.apache.activemq.artemis.api.core.client.ClientConsumer)
ClientProducer(org.apache.activemq.artemis.api.core.client.ClientProducer)
Test(org.junit.Test)
Example 10 with ActiveMQJAASSecurityManager
use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.
the class InterceptorTest method testInterceptUsernameOnConsumer.
// This is testing if it's possible to intercept usernames and do some real stuff as users want
@Test
public void testInterceptUsernameOnConsumer() throws Exception {
ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("dumb", "dumber");
securityManager.getConfiguration().addUser("an", "other");
server.getRemotingService().addIncomingInterceptor(new InterceptUserOnCreateConsumer());
locator.setBlockOnDurableSend(true);
ClientSessionFactory sf = createSessionFactory(locator);
ClientSession session = sf.createSession("dumb", "dumber", false, false, false, false, 0);
ClientSession sessionAnotherUser = sf.createSession("an", "other", false, false, false, false, 0);
session.createQueue(QUEUE, QUEUE, null, true);
ClientProducer prod = session.createProducer(QUEUE);
ClientProducer prodAnother = sessionAnotherUser.createProducer(QUEUE);
ClientMessage msg = session.createMessage(true);
prod.send(msg);
session.commit();
prodAnother.send(msg);
sessionAnotherUser.commit();
ClientConsumer consumer = session.createConsumer(QUEUE);
ClientConsumer consumerAnother = sessionAnotherUser.createConsumer(QUEUE);
session.start();
sessionAnotherUser.start();
msg = consumer.receive(1000);
assertNotNull(msg);
assertEquals("dumb", msg.getStringProperty("userName"));
msg.acknowledge();
assertNull(consumer.receiveImmediate());
msg = consumerAnother.receive(1000);
assertNotNull(msg);
assertEquals("an", msg.getStringProperty("userName"));
msg.acknowledge();
assertNull(consumerAnother.receiveImmediate());
session.close();
sessionAnotherUser.close();
}
Also used :
ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)
ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession)
ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory)
ClientMessage(org.apache.activemq.artemis.api.core.client.ClientMessage)
ClientConsumer(org.apache.activemq.artemis.api.core.client.ClientConsumer)
ClientProducer(org.apache.activemq.artemis.api.core.client.ClientProducer)
Test(org.junit.Test)
Aggregations
ActiveMQJAASSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)91
ActiveMQServer (org.apache.activemq.artemis.core.server.ActiveMQServer)50
Role (org.apache.activemq.artemis.core.security.Role)49
Test (org.junit.Test)48
HashSet (java.util.HashSet)47
ClientSessionFactory (org.apache.activemq.artemis.api.core.client.ClientSessionFactory)42
ClientSession (org.apache.activemq.artemis.api.core.client.ClientSession)40
ActiveMQException (org.apache.activemq.artemis.api.core.ActiveMQException)30
Set (java.util.Set)27
SimpleString (org.apache.activemq.artemis.api.core.SimpleString)23
TransportConfiguration (org.apache.activemq.artemis.api.core.TransportConfiguration)23
ClientProducer (org.apache.activemq.artemis.api.core.client.ClientProducer)21
SecurityConfiguration (org.apache.activemq.artemis.core.config.impl.SecurityConfiguration)21
InVMLoginModule (org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule)19
Configuration (org.apache.activemq.artemis.core.config.Configuration)18
ActiveMQSecurityException (org.apache.activemq.artemis.api.core.ActiveMQSecurityException)16
HashMap (java.util.HashMap)14
Before (org.junit.Before)13
ActiveMQSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager)10
ActiveMQServerImpl (org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl)9
