Search in sources :

Example 21 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testJAASSecurityManagerAuthorizationPositiveWithCerts.

protected void testJAASSecurityManagerAuthorizationPositiveWithCerts(String clientAuthPropName) throws Exception {
    final SimpleString ADDRESS = new SimpleString("address");
    final SimpleString DURABLE_QUEUE = new SimpleString("durableQueue");
    final SimpleString NON_DURABLE_QUEUE = new SimpleString("nonDurableQueue");
    ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin");
    ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
    Map<String, Object> params = new HashMap<>();
    params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
    params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks");
    params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample");
    params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks");
    params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample");
    params.put(clientAuthPropName, true);
    server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
    Set<Role> roles = new HashSet<>();
    roles.add(new Role("programmers", true, true, true, true, true, true, true, true, true, true));
    server.getConfiguration().putSecurityRoles("#", roles);
    server.start();
    TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
    tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
    tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-side-truststore.jks");
    tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample");
    tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-side-keystore.jks");
    tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample");
    ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
    ClientSessionFactory cf = createSessionFactory(locator);
    ClientSession session = addClientSession(cf.createSession());
    // CREATE_DURABLE_QUEUE
    try {
        session.createQueue(ADDRESS, DURABLE_QUEUE, true);
    } catch (ActiveMQException e) {
        Assert.fail("should not throw exception here");
    }
    // DELETE_DURABLE_QUEUE
    try {
        session.deleteQueue(DURABLE_QUEUE);
    } catch (ActiveMQException e) {
        Assert.fail("should not throw exception here");
    }
    // CREATE_NON_DURABLE_QUEUE
    try {
        session.createQueue(ADDRESS, NON_DURABLE_QUEUE, false);
    } catch (ActiveMQException e) {
        Assert.fail("should not throw exception here");
    }
    // DELETE_NON_DURABLE_QUEUE
    try {
        session.deleteQueue(NON_DURABLE_QUEUE);
    } catch (ActiveMQException e) {
        Assert.fail("should not throw exception here");
    }
    session.createQueue(ADDRESS, DURABLE_QUEUE, true);
    // PRODUCE
    try {
        ClientProducer producer = session.createProducer(ADDRESS);
        producer.send(session.createMessage(true));
    } catch (ActiveMQException e) {
        Assert.fail("should not throw exception here");
    }
    // CONSUME
    try {
        session.createConsumer(DURABLE_QUEUE);
    } catch (ActiveMQException e) {
        Assert.fail("should not throw exception here");
    }
    // MANAGE
    try {
        ClientProducer producer = session.createProducer(server.getConfiguration().getManagementAddress());
        producer.send(session.createMessage(true));
    } catch (ActiveMQException e) {
        Assert.fail("should not throw exception here");
    }
    // BROWSE
    try {
        session.createConsumer(DURABLE_QUEUE, true);
    } catch (ActiveMQException e) {
        Assert.fail("should not throw exception here");
    }
}
Also used : HashMap(java.util.HashMap) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ClientProducer(org.apache.activemq.artemis.api.core.client.ClientProducer) ServerLocator(org.apache.activemq.artemis.api.core.client.ServerLocator) HashSet(java.util.HashSet)

Example 22 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testJAASSecurityManagerAuthenticationBadPassword.

@Test
public void testJAASSecurityManagerAuthenticationBadPassword() throws Exception {
    ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
    ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
    server.start();
    ClientSessionFactory cf = createSessionFactory(locator);
    try {
        cf.createSession("first", "badpassword", false, true, true, false, 0);
        Assert.fail("should throw exception here");
    } catch (Exception e) {
    // ignore
    }
}
Also used : ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) Test(org.junit.Test)

Example 23 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testJAASSecurityManagerAuthorizationNegativeWithCerts.

@Test
public void testJAASSecurityManagerAuthorizationNegativeWithCerts() throws Exception {
    final SimpleString ADDRESS = new SimpleString("address");
    final SimpleString DURABLE_QUEUE = new SimpleString("durableQueue");
    final SimpleString NON_DURABLE_QUEUE = new SimpleString("nonDurableQueue");
    ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin");
    ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
    Map<String, Object> params = new HashMap<>();
    params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
    params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks");
    params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample");
    params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks");
    params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample");
    params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true);
    server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
    Set<Role> roles = new HashSet<>();
    roles.add(new Role("programmers", false, false, false, false, false, false, false, false, false, false));
    server.getConfiguration().putSecurityRoles("#", roles);
    server.start();
    TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
    tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
    tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-side-truststore.jks");
    tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample");
    tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-side-keystore.jks");
    tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample");
    ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
    ClientSessionFactory cf = createSessionFactory(locator);
    server.addAddressInfo(new AddressInfo(ADDRESS, RoutingType.ANYCAST));
    server.createQueue(ADDRESS, RoutingType.ANYCAST, DURABLE_QUEUE, null, true, false);
    server.createQueue(ADDRESS, RoutingType.ANYCAST, NON_DURABLE_QUEUE, null, false, false);
    ClientSession session = addClientSession(cf.createSession());
    // CREATE_DURABLE_QUEUE
    try {
        session.createQueue(ADDRESS, DURABLE_QUEUE, true);
        Assert.fail("should throw exception here");
    } catch (ActiveMQException e) {
    // ignore
    }
    // DELETE_DURABLE_QUEUE
    try {
        session.deleteQueue(DURABLE_QUEUE);
        Assert.fail("should throw exception here");
    } catch (ActiveMQException e) {
    // ignore
    }
    // CREATE_NON_DURABLE_QUEUE
    try {
        session.createQueue(ADDRESS, NON_DURABLE_QUEUE, false);
        Assert.fail("should throw exception here");
    } catch (ActiveMQException e) {
    // ignore
    }
    // DELETE_NON_DURABLE_QUEUE
    try {
        session.deleteQueue(NON_DURABLE_QUEUE);
        Assert.fail("should throw exception here");
    } catch (ActiveMQException e) {
    // ignore
    }
    // PRODUCE
    try {
        ClientProducer producer = session.createProducer(ADDRESS);
        producer.send(session.createMessage(true));
        Assert.fail("should throw exception here");
    } catch (ActiveMQException e) {
    // ignore
    }
    // CONSUME
    try {
        ClientConsumer consumer = session.createConsumer(DURABLE_QUEUE);
        Assert.fail("should throw exception here");
    } catch (ActiveMQException e) {
    // ignore
    }
    // MANAGE
    try {
        ClientProducer producer = session.createProducer(server.getConfiguration().getManagementAddress());
        producer.send(session.createMessage(true));
        Assert.fail("should throw exception here");
    } catch (ActiveMQException e) {
    // ignore
    }
    // BROWSE
    try {
        ClientConsumer browser = session.createConsumer(DURABLE_QUEUE, true);
        Assert.fail("should throw exception here");
    } catch (ActiveMQException e) {
    // ignore
    }
}
Also used : HashMap(java.util.HashMap) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) AddressInfo(org.apache.activemq.artemis.core.server.impl.AddressInfo) Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ClientConsumer(org.apache.activemq.artemis.api.core.client.ClientConsumer) ClientProducer(org.apache.activemq.artemis.api.core.client.ClientProducer) ServerLocator(org.apache.activemq.artemis.api.core.client.ServerLocator) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 24 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testJAASSecurityManagerAuthentication.

@Test
public void testJAASSecurityManagerAuthentication() throws Exception {
    ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("PropertiesLogin");
    ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
    server.start();
    ClientSessionFactory cf = createSessionFactory(locator);
    try {
        ClientSession session = cf.createSession("first", "secret", false, true, true, false, 0);
        session.close();
    } catch (ActiveMQException e) {
        e.printStackTrace();
        Assert.fail("should not throw exception");
    }
}
Also used : ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) Test(org.junit.Test)

Example 25 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testSendWithRole.

@Test
public void testSendWithRole() throws Exception {
    ActiveMQServer server = createServer();
    server.start();
    HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
    ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("auser", "pass");
    Role role = new Role("arole", true, true, true, false, false, false, false, false, false, false);
    Set<Role> roles = new HashSet<>();
    roles.add(role);
    securityRepository.addMatch(SecurityTest.addressA, roles);
    securityManager.getConfiguration().addRole("auser", "arole");
    locator.setBlockOnNonDurableSend(true);
    ClientSessionFactory cf = createSessionFactory(locator);
    ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1);
    session.createQueue(SecurityTest.addressA, SecurityTest.queueA, true);
    ClientProducer cp = session.createProducer(SecurityTest.addressA);
    cp.send(session.createMessage(false));
    session.start();
    ClientConsumer cons = session.createConsumer(queueA);
    ClientMessage receivedMessage = cons.receive(5000);
    assertNotNull(receivedMessage);
    receivedMessage.acknowledge();
    role = new Role("arole", false, false, true, false, false, false, false, false, false, false);
    roles = new HashSet<>();
    roles.add(role);
    // This was added to validate https://issues.jboss.org/browse/SOA-3363
    securityRepository.addMatch(SecurityTest.addressA, roles);
    boolean failed = false;
    try {
        cp.send(session.createMessage(true));
    } catch (ActiveMQException e) {
        failed = true;
    }
    // This was added to validate https://issues.jboss.org/browse/SOA-3363 ^^^^^
    assertTrue("Failure expected on send after removing the match", failed);
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientMessage(org.apache.activemq.artemis.api.core.client.ClientMessage) Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ClientConsumer(org.apache.activemq.artemis.api.core.client.ClientConsumer) ClientProducer(org.apache.activemq.artemis.api.core.client.ClientProducer) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

ActiveMQJAASSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)91 ActiveMQServer (org.apache.activemq.artemis.core.server.ActiveMQServer)50 Role (org.apache.activemq.artemis.core.security.Role)49 Test (org.junit.Test)48 HashSet (java.util.HashSet)47 ClientSessionFactory (org.apache.activemq.artemis.api.core.client.ClientSessionFactory)42 ClientSession (org.apache.activemq.artemis.api.core.client.ClientSession)40 ActiveMQException (org.apache.activemq.artemis.api.core.ActiveMQException)30 Set (java.util.Set)27 SimpleString (org.apache.activemq.artemis.api.core.SimpleString)23 TransportConfiguration (org.apache.activemq.artemis.api.core.TransportConfiguration)23 ClientProducer (org.apache.activemq.artemis.api.core.client.ClientProducer)21 SecurityConfiguration (org.apache.activemq.artemis.core.config.impl.SecurityConfiguration)21 InVMLoginModule (org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule)19 Configuration (org.apache.activemq.artemis.core.config.Configuration)18 ActiveMQSecurityException (org.apache.activemq.artemis.api.core.ActiveMQSecurityException)16 HashMap (java.util.HashMap)14 Before (org.junit.Before)13 ActiveMQSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager)10 ActiveMQServerImpl (org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl)9