Examples with ActiveMQSecurityManager org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager used on opensource projects

Search in sources :

Example 6 with ActiveMQSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager in project activemq-artemis by apache.

the class SendAckFailTest method startServer.

public ActiveMQServer startServer(boolean fail) {
    try {
        // ActiveMQServerImpl server = (ActiveMQServerImpl) createServer(true, true);
        AtomicInteger count = new AtomicInteger(0);
        ActiveMQSecurityManager securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName(), new SecurityConfiguration());
        Configuration configuration = createDefaultConfig(true);
        ActiveMQServer server = new ActiveMQServerImpl(configuration, ManagementFactory.getPlatformMBeanServer(), securityManager) {

            @Override
            public StorageManager createStorageManager() {
                StorageManager original = super.createStorageManager();
                return new StorageManagerDelegate(original) {

                    @Override
                    public void storeMessage(Message message) throws Exception {
                        if (fail) {
                            if (count.incrementAndGet() == 110) {
                                System.out.println("Failing " + message);
                                System.out.flush();
                                Thread.sleep(100);
                                Runtime.getRuntime().halt(-1);
                            }
                        }
                        super.storeMessage(message);
                    }
                };
            }
        };
        System.out.println("Location::" + server.getConfiguration().getJournalLocation().getAbsolutePath());
        server.start();
        return server;
    } catch (Exception e) {
        e.printStackTrace();
        return null;
    }
}
Also used : ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) Configuration(org.apache.activemq.artemis.core.config.Configuration) SecurityConfiguration(org.apache.activemq.artemis.core.config.impl.SecurityConfiguration) LargeServerMessage(org.apache.activemq.artemis.core.server.LargeServerMessage) PagedMessage(org.apache.activemq.artemis.core.paging.PagedMessage) ClientMessage(org.apache.activemq.artemis.api.core.client.ClientMessage) Message(org.apache.activemq.artemis.api.core.Message) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) StorageManager(org.apache.activemq.artemis.core.persistence.StorageManager) InVMLoginModule(org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule) SecurityConfiguration(org.apache.activemq.artemis.core.config.impl.SecurityConfiguration) ActiveMQServerImpl(org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl) ActiveMQSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager)

Example 7 with ActiveMQSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testCustomSecurityManager2.

@Test
public void testCustomSecurityManager2() throws Exception {
    final Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true);
    final ActiveMQSecurityManager customSecurityManager = new ActiveMQSecurityManager2() {

        @Override
        public boolean validateUser(final String username, final String password) {
            fail("Unexpected call to overridden method");
            return false;
        }

        @Override
        public boolean validateUser(final String username, final String password, final X509Certificate[] certificates) {
            return (username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate");
        }

        @Override
        public boolean validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType) {
            fail("Unexpected call to overridden method");
            return false;
        }

        @Override
        public boolean validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType, final String address, final RemotingConnection connection) {
            if (!(connection.getTransportConnection() instanceof InVMConnection)) {
                return false;
            }
            if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
                if (username.equals("all")) {
                    return true;
                } else if (username.equals("foo")) {
                    return address.equals("test.queue") && checkType == CheckType.CONSUME;
                } else if (username.equals("bar")) {
                    return address.equals("test.queue") && checkType == CheckType.SEND;
                } else {
                    return false;
                }
            } else {
                return false;
            }
        }
    };
    final ActiveMQServer server = addServer(new ActiveMQServerImpl(configuration, customSecurityManager));
    server.start();
    final ServerLocator locator = createInVMNonHALocator();
    locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
    final ClientSessionFactory factory = createSessionFactory(locator);
    ClientSession adminSession = factory.createSession("all", "frobnicate", false, true, true, false, -1);
    final String queueName = "test.queue";
    adminSession.createQueue(queueName, queueName, false);
    final String otherQueueName = "other.queue";
    adminSession.createQueue(otherQueueName, otherQueueName, false);
    // Wrong user name
    try {
        factory.createSession("baz", "frobnicate", false, true, true, false, -1);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Wrong password
    try {
        factory.createSession("foo", "xxx", false, true, true, false, -1);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Correct user and password, wrong queue for sending
    try {
        final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
        checkUserReceiveNoSend(otherQueueName, session, adminSession);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Correct user and password, wrong queue for receiving
    try {
        final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
        checkUserReceiveNoSend(otherQueueName, session, adminSession);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Correct user and password, allowed to send but not receive
    {
        final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
        checkUserReceiveNoSend(queueName, session, adminSession);
    }
    // Correct user and password, allowed to receive but not send
    {
        final ClientSession session = factory.createSession("bar", "frobnicate", false, true, true, false, -1);
        checkUserSendNoReceive(queueName, session);
    }
}
Also used : InVMConnection(org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnection) Set(java.util.Set) HashSet(java.util.HashSet) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) Configuration(org.apache.activemq.artemis.core.config.Configuration) RemotingConnection(org.apache.activemq.artemis.spi.core.protocol.RemotingConnection) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ActiveMQServerImpl(org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQSecurityManager2(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2) CheckType(org.apache.activemq.artemis.core.security.CheckType) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) ActiveMQSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager) ServerLocator(org.apache.activemq.artemis.api.core.client.ServerLocator) Test(org.junit.Test)

Example 8 with ActiveMQSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager in project activemq-artemis by apache.

the class SecurityTest method testCustomSecurityManager3.

@Test
public void testCustomSecurityManager3() throws Exception {
    final Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true);
    final ActiveMQSecurityManager customSecurityManager = new ActiveMQSecurityManager3() {

        @Override
        public boolean validateUser(final String username, final String password) {
            fail("Unexpected call to overridden method");
            return false;
        }

        @Override
        public String validateUser(final String username, final String password, final RemotingConnection remotingConnection) {
            if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
                return username;
            } else {
                return null;
            }
        }

        @Override
        public boolean validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType) {
            fail("Unexpected call to overridden method");
            return false;
        }

        @Override
        public String validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType, final String address, final RemotingConnection connection) {
            if (!(connection.getTransportConnection() instanceof InVMConnection)) {
                return null;
            }
            if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
                if (username.equals("all")) {
                    return username;
                } else if (username.equals("foo")) {
                    if (address.equals("test.queue") && checkType == CheckType.CONSUME)
                        return username;
                    else
                        return null;
                } else if (username.equals("bar")) {
                    if (address.equals("test.queue") && checkType == CheckType.SEND)
                        return username;
                    else
                        return null;
                } else {
                    return null;
                }
            } else {
                return null;
            }
        }
    };
    final ActiveMQServer server = addServer(new ActiveMQServerImpl(configuration, customSecurityManager));
    server.start();
    final ServerLocator locator = createInVMNonHALocator();
    locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
    final ClientSessionFactory factory = createSessionFactory(locator);
    ClientSession adminSession = factory.createSession("all", "frobnicate", false, true, true, false, -1);
    final String queueName = "test.queue";
    adminSession.createQueue(queueName, queueName, false);
    final String otherQueueName = "other.queue";
    adminSession.createQueue(otherQueueName, otherQueueName, false);
    // Wrong user name
    try {
        factory.createSession("baz", "frobnicate", false, true, true, false, -1);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Wrong password
    try {
        factory.createSession("foo", "xxx", false, true, true, false, -1);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Correct user and password, wrong queue for sending
    try {
        final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
        checkUserReceiveNoSend(otherQueueName, session, adminSession);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Correct user and password, wrong queue for receiving
    try {
        final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
        checkUserReceiveNoSend(otherQueueName, session, adminSession);
        Assert.fail("should throw exception");
    } catch (ActiveMQSecurityException se) {
    // ok
    } catch (ActiveMQException e) {
        fail("Invalid Exception type:" + e.getType());
    }
    // Correct user and password, allowed to send but not receive
    {
        final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
        checkUserReceiveNoSend(queueName, session, adminSession);
    }
    // Correct user and password, allowed to receive but not send
    {
        final ClientSession session = factory.createSession("bar", "frobnicate", false, true, true, false, -1);
        checkUserSendNoReceive(queueName, session);
    }
}
Also used : InVMConnection(org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnection) Set(java.util.Set) HashSet(java.util.HashSet) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) Configuration(org.apache.activemq.artemis.core.config.Configuration) RemotingConnection(org.apache.activemq.artemis.spi.core.protocol.RemotingConnection) ActiveMQSecurityManager3(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager3) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ActiveMQServerImpl(org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl) ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) CheckType(org.apache.activemq.artemis.core.security.CheckType) ClientSession(org.apache.activemq.artemis.api.core.client.ClientSession) ClientSessionFactory(org.apache.activemq.artemis.api.core.client.ClientSessionFactory) ActiveMQSecurityException(org.apache.activemq.artemis.api.core.ActiveMQSecurityException) ActiveMQSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager) ServerLocator(org.apache.activemq.artemis.api.core.client.ServerLocator) Test(org.junit.Test)

Example 9 with ActiveMQSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager in project activemq-artemis by apache.

the class CoreClientOverOneWaySSLKerb5Test method createCustomSslServer.

private void createCustomSslServer() throws Exception {
    Map<String, Object> params = new HashMap<>();
    params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
    params.put(TransportConstants.ENABLED_CIPHER_SUITES_PROP_NAME, getSuitableCipherSuite());
    params.put(TransportConstants.SSL_KRB5_CONFIG_PROP_NAME, "core-tls-krb5-server");
    ConfigurationImpl config = createBasicConfig().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params, "nettySSL"));
    // so we can verify the kerb5 id is present
    config.setPopulateValidatedUser(true);
    config.setSecurityEnabled(true);
    config.addAcceptorConfiguration(new TransportConfiguration(INVM_ACCEPTOR_FACTORY));
    ActiveMQSecurityManager securityManager = new ActiveMQJAASSecurityManager("Krb5Plus");
    server = addServer(ActiveMQServers.newActiveMQServer(config, ManagementFactory.getPlatformMBeanServer(), securityManager, false));
    HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
    final String roleName = "ALLOW_ALL";
    Role role = new Role(roleName, true, true, true, true, true, true, true, true, true, true);
    Set<Role> roles = new HashSet<>();
    roles.add(role);
    securityRepository.addMatch(QUEUE.toString(), roles);
    server.start();
    waitForServerToStart(server);
    // note kerberos user does not exist on the broker save as a role member in dual-authentication-roles.properties
    userPrincipal = CLIENT_PRINCIPAL + "@" + kdc.getRealm();
    tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
    inVMTc = new TransportConfiguration(INVM_CONNECTOR_FACTORY);
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) TransportConfiguration(org.apache.activemq.artemis.api.core.TransportConfiguration) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) Role(org.apache.activemq.artemis.core.security.Role) ConfigurationImpl(org.apache.activemq.artemis.core.config.impl.ConfigurationImpl) ActiveMQSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager) HashSet(java.util.HashSet)

Example 10 with ActiveMQSecurityManager

use of org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager in project activemq-artemis by apache.

the class ActiveMQTestBase method createColocatedInVMFailoverServer.

protected ActiveMQServer createColocatedInVMFailoverServer(final boolean realFiles, final Configuration configuration, final int pageSize, final int maxAddressSize, final Map<String, AddressSettings> settings, NodeManager liveNodeManager, NodeManager backupNodeManager, final int id) {
    ActiveMQServer server;
    ActiveMQSecurityManager securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName(), new SecurityConfiguration());
    configuration.setPersistenceEnabled(realFiles);
    server = new ColocatedActiveMQServer(configuration, ManagementFactory.getPlatformMBeanServer(), securityManager, liveNodeManager, backupNodeManager);
    try {
        server.setIdentity("Server " + id);
        for (Map.Entry<String, AddressSettings> setting : settings.entrySet()) {
            server.getAddressSettingsRepository().addMatch(setting.getKey(), setting.getValue());
        }
        AddressSettings defaultSetting = new AddressSettings();
        defaultSetting.setPageSizeBytes(pageSize);
        defaultSetting.setMaxSizeBytes(maxAddressSize);
        server.getAddressSettingsRepository().addMatch("#", defaultSetting);
        return server;
    } finally {
        addServer(server);
    }
}
Also used : ActiveMQServer(org.apache.activemq.artemis.core.server.ActiveMQServer) AddressSettings(org.apache.activemq.artemis.core.settings.impl.AddressSettings) ActiveMQJAASSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager) InVMLoginModule(org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule) SecurityConfiguration(org.apache.activemq.artemis.core.config.impl.SecurityConfiguration) SimpleString(org.apache.activemq.artemis.api.core.SimpleString) ActiveMQSecurityManager(org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager) Map(java.util.Map) HashMap(java.util.HashMap)

Aggregations

ActiveMQSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager)16 ActiveMQJAASSecurityManager (org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager)10 SecurityConfiguration (org.apache.activemq.artemis.core.config.impl.SecurityConfiguration)8 ActiveMQServer (org.apache.activemq.artemis.core.server.ActiveMQServer)8 InVMLoginModule (org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule)8 SimpleString (org.apache.activemq.artemis.api.core.SimpleString)7 Configuration (org.apache.activemq.artemis.core.config.Configuration)7 ActiveMQServerImpl (org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl)7 TransportConfiguration (org.apache.activemq.artemis.api.core.TransportConfiguration)6 HashMap (java.util.HashMap)5 HashSet (java.util.HashSet)5 Set (java.util.Set)5 Map (java.util.Map)3 ActiveMQException (org.apache.activemq.artemis.api.core.ActiveMQException)3 ActiveMQSecurityException (org.apache.activemq.artemis.api.core.ActiveMQSecurityException)3 Message (org.apache.activemq.artemis.api.core.Message)3 ClientSession (org.apache.activemq.artemis.api.core.client.ClientSession)3 ClientSessionFactory (org.apache.activemq.artemis.api.core.client.ClientSessionFactory)3 ServerLocator (org.apache.activemq.artemis.api.core.client.ServerLocator)3 CheckType (org.apache.activemq.artemis.core.security.CheckType)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial