Examples with ActiveMQJAASSecurityManager org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager used on opensource projects

Search in sources :

Example 31 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testJAASSecurityManagerAuthenticationWithCerts.

protected void testJAASSecurityManagerAuthenticationWithCerts(String clientAuthPropName) throws Exception {
    ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin");
    ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
    Map<String, Object> params = new HashMap<>();
    params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
    params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks");
    params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample");
    params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks");
    params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample");
    params.put(clientAuthPropName, true);
    server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
    server.start();
    TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
    tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
    tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-side-truststore.jks");
    tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample");
    tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-side-keystore.jks");
    tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample");
    ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
    ClientSessionFactory cf = createSessionFactory(locator);
    try {
        ClientSession session = cf.createSession();
        session.close();
    } catch (ActiveMQException e) {
        e.printStackTrace();
        Assert.fail("should not throw exception");
    }
}
Also used : ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) HashMap(java.util.HashMap) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ServerLocator(org.apache.activemq.artemis.api.core.client.ServerLocator)

Example 32 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testCreateSessionWithCorrectUserCorrectPass.

@Test
public void testCreateSessionWithCorrectUserCorrectPass() throws Exception {
    ActiveMQServer server = createServer();
    ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("newuser", "apass");
    server.start();
    ClientSessionFactory cf = createSessionFactory(locator);
    try {
        ClientSession session = cf.createSession("newuser", "apass", false, true, true, false, -1);
        session.close();
    } catch (ActiveMQException e) {
        Assert.fail("should not throw exception");
    }
}
Also used : ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) Test(org.junit.Test)

Example 33 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testJAASSecurityManagerAuthenticationWithBadClientCert.

/**
 * This test requires a client-side certificate that will be trusted by the server but whose dname will be rejected
 * by the CertLogin login module. I created this cert with the follow commands:
 *
 * keytool -genkey -keystore bad-client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=Bad Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ"
 * keytool -export -keystore bad-client-side-keystore.jks -file activemq-jks.cer -storepass secureexample
 * keytool -import -keystore server-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt -alias bad
 */
@Test
public void testJAASSecurityManagerAuthenticationWithBadClientCert() throws Exception {
    ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin");
    ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
    Map<String, Object> params = new HashMap<>();
    params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
    params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks");
    params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample");
    params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks");
    params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample");
    params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true);
    server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
    server.start();
    TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
    tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
    tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-side-truststore.jks");
    tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample");
    tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "bad-client-side-keystore.jks");
    tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample");
    ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
    ClientSessionFactory cf = createSessionFactory(locator);
    try {
        cf.createSession();
        fail("Creating session here should fail due to authentication error.");
    } catch (ActiveMQException e) {
        assertTrue(e.getType() == ActiveMQExceptionType.SECURITY_EXCEPTION);
    }
}
Also used : ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) HashMap(java.util.HashMap) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ServerLocator(org.apache.activemq.artemis.api.core.client.ServerLocator) Test(org.junit.Test)

Example 34 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testJAASSecurityManagerOpenWireNegative.

/**
 * Verify role permissions are applied properly when using OpenWire
 *
 * @throws Exception
 */
@Test
public void testJAASSecurityManagerOpenWireNegative() throws Exception {
    ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin");
    ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
    Set<Role> roles = new HashSet<>();
    roles.add(new Role("programmers", false, false, false, false, false, false, false, false, false, false));
    server.getConfiguration().putSecurityRoles("#", roles);
    Map<String, Object> params = new HashMap<>();
    params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
    params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks");
    params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample");
    params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks");
    params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample");
    params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true);
    server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
    server.start();
    ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory("ssl://localhost:61616");
    factory.setUserName("test-user");
    factory.setTrustStore("client-side-truststore.jks");
    factory.setTrustStorePassword("secureexample");
    factory.setKeyStore("client-side-keystore.jks");
    factory.setKeyStorePassword("secureexample");
    try (ActiveMQConnection connection = (ActiveMQConnection) factory.createConnection()) {
        Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
        // Test queue creation permission
        try {
            session.createConsumer(session.createQueue("test.queue"));
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='CREATE_DURABLE_QUEUE' for queue test.queue on address test.queue"));
        }
        // Test non durable create permission
        try {
            session.createConsumer(session.createTopic("test.topic"));
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='CREATE_NON_DURABLE_QUEUE'"));
        }
        // Add a test queue and topic to the server
        SimpleString address = SimpleString.toSimpleString("test.queue");
        server.addAddressInfo(new AddressInfo(address, RoutingType.ANYCAST));
        server.createQueue(address, RoutingType.ANYCAST, address, null, true, false);
        SimpleString address2 = SimpleString.toSimpleString("test.topic");
        server.addAddressInfo(new AddressInfo(address2, RoutingType.MULTICAST));
        // Test queue produce permission
        try {
            MessageProducer producer = session.createProducer(session.createQueue("test.queue"));
            producer.send(session.createMessage());
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='SEND'"));
        }
        // Test queue consume permission
        try {
            session.createConsumer(session.createQueue("test.queue"));
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='CONSUME' for queue test.queue on address test.queue"));
        }
        // Test queue browse permission
        try {
            QueueBrowser browser = session.createBrowser(session.createQueue("test.queue"));
            browser.getEnumeration();
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='BROWSE' for queue test.queue on address test.queue"));
        }
        // Test queue deletion permission
        try {
            connection.destroyDestination(new ActiveMQQueue("test.queue"));
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='DELETE_DURABLE_QUEUE' for queue test.queue on address test.queue"));
        }
        // Test temp queue
        try {
            session.createTemporaryQueue();
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='CREATE_NON_DURABLE_QUEUE'"));
        }
        // Test temp topic
        try {
            session.createTemporaryTopic();
            Assert.fail("should throw exception here");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("User: test-user does not have permission='CREATE_ADDRESS'"));
        }
        session.close();
    }
}
Also used : ActiveMQSslConnectionFactory(org.apache.activemq.ActiveMQSslConnectionFactory) HashMap(java.util.HashMap) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ActiveMQConnection(org.apache.activemq.ActiveMQConnection) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) AddressInfo(org.apache.activemq.artemis.core.server.impl.AddressInfo) Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQQueue(org.apache.activemq.command.ActiveMQQueue) MessageProducer(javax.jms.MessageProducer) QueueBrowser(javax.jms.QueueBrowser) HashSet(java.util.HashSet) Session(javax.jms.Session) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) Test(org.junit.Test)

Example 35 with ActiveMQJAASSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testCreateDurableQueueWithRole.

@Test
public void testCreateDurableQueueWithRole() throws Exception {
    ActiveMQServer server = createServer();
    server.start();
    HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
    ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("auser", "pass");
    Role role = new Role("arole", false, false, true, false, false, false, false, false, false, false);
    Set<Role> roles = new HashSet<>();
    roles.add(role);
    securityRepository.addMatch(SecurityTest.addressA, roles);
    securityManager.getConfiguration().addRole("auser", "arole");
    ClientSessionFactory cf = createSessionFactory(locator);
    ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1);
    session.createQueue(SecurityTest.addressA, SecurityTest.queueA, true);
    session.close();
}
Also used : Role(org.apache.activemq.artemis.core.security.Role) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) Set(java.util.Set) HashSet(java.util.HashSet) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

ActiveMQJAASSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)91 ActiveMQServer (org.apache.activemq.artemis.core.server.ActiveMQServer)50 Role (org.apache.activemq.artemis.core.security.Role)49 Test (org.junit.Test)48 HashSet (java.util.HashSet)47 ClientSessionFactory (org.apache.activemq.artemis.api.core.client.ClientSessionFactory)42 ClientSession (org.apache.activemq.artemis.api.core.client.ClientSession)40 ActiveMQException (org.apache.activemq.artemis.api.core.ActiveMQException)30 Set (java.util.Set)27 SimpleString (org.apache.activemq.artemis.api.core.SimpleString)23 TransportConfiguration (org.apache.activemq.artemis.api.core.TransportConfiguration)23 ClientProducer (org.apache.activemq.artemis.api.core.client.ClientProducer)21 SecurityConfiguration (org.apache.activemq.artemis.core.config.impl.SecurityConfiguration)21 InVMLoginModule (org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule)19 Configuration (org.apache.activemq.artemis.core.config.Configuration)18 ActiveMQSecurityException (org.apache.activemq.artemis.api.core.ActiveMQSecurityException)16 HashMap (java.util.HashMap)14 Before (org.junit.Before)13 ActiveMQSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager)10 ActiveMQServerImpl (org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial