use of org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager in project activemq-artemis by apache.
the class ActiveMQServers method newActiveMQServer.
public static ActiveMQServer newActiveMQServer(final Configuration config, final MBeanServer mbeanServer, final boolean enablePersistence) {
ActiveMQSecurityManager securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName(), new SecurityConfiguration());
ActiveMQServer server = ActiveMQServers.newActiveMQServer(config, mbeanServer, securityManager, enablePersistence);
return server;
}
use of org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager in project activemq-artemis by apache.
the class CriticalCrashTest method createServer.
ActiveMQServer createServer(String folder) throws Exception {
final AtomicBoolean blocked = new AtomicBoolean(false);
Configuration conf = createConfig(folder);
ActiveMQSecurityManager securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName(), new SecurityConfiguration());
conf.setPersistenceEnabled(true);
ActiveMQServer server = new ActiveMQServerImpl(conf, securityManager) {
@Override
protected StorageManager createStorageManager() {
JournalStorageManager storageManager = new JournalStorageManager(conf, getCriticalAnalyzer(), executorFactory, scheduledPool, ioExecutorFactory, shutdownOnCriticalIO) {
@Override
public void readLock() {
super.readLock();
if (blocked.get()) {
while (true) {
try {
System.out.println("Blocking forever");
Thread.sleep(1000);
} catch (Throwable ignored) {
}
}
}
}
@Override
public void storeMessage(Message message) throws Exception {
super.storeMessage(message);
blocked.set(true);
}
};
this.getCriticalAnalyzer().add(storageManager);
return storageManager;
}
};
return server;
}
use of org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager in project activemq-artemis by apache.
the class SecurityTest method testCustomSecurityManager.
@Test
public void testCustomSecurityManager() throws Exception {
final Configuration configuration = createDefaultInVMConfig().setSecurityEnabled(true);
final ActiveMQSecurityManager customSecurityManager = new ActiveMQSecurityManager() {
@Override
public boolean validateUser(final String username, final String password) {
return (username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate");
}
@Override
public boolean validateUserAndRole(final String username, final String password, final Set<Role> requiredRoles, final CheckType checkType) {
if ((username.equals("foo") || username.equals("bar") || username.equals("all")) && password.equals("frobnicate")) {
if (username.equals("all")) {
return true;
} else if (username.equals("foo")) {
return checkType == CheckType.CONSUME || checkType == CheckType.CREATE_NON_DURABLE_QUEUE;
} else if (username.equals("bar")) {
return checkType == CheckType.SEND || checkType == CheckType.CREATE_NON_DURABLE_QUEUE;
} else {
return false;
}
} else {
return false;
}
}
};
final ActiveMQServer server = addServer(new ActiveMQServerImpl(configuration, customSecurityManager));
server.start();
final ServerLocator locator = createInVMNonHALocator();
locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
final ClientSessionFactory factory = createSessionFactory(locator);
ClientSession adminSession = factory.createSession("all", "frobnicate", false, true, true, false, -1);
final String queueName = "test.queue";
adminSession.createQueue(queueName, queueName, false);
// Wrong user name
try {
factory.createSession("baz", "frobnicate", false, true, true, false, -1);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Wrong password
try {
factory.createSession("foo", "xxx", false, true, true, false, -1);
Assert.fail("should throw exception");
} catch (ActiveMQSecurityException se) {
// ok
} catch (ActiveMQException e) {
fail("Invalid Exception type:" + e.getType());
}
// Correct user and password, allowed to send but not receive
{
final ClientSession session = factory.createSession("foo", "frobnicate", false, true, true, false, -1);
checkUserReceiveNoSend(queueName, session, adminSession);
}
// Correct user and password, allowed to receive but not send
{
final ClientSession session = factory.createSession("bar", "frobnicate", false, true, true, false, -1);
checkUserSendNoReceive(queueName, session);
}
}
use of org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager in project activemq-artemis by apache.
the class DualAuthenticationTest method setUp.
@Override
@Before
public void setUp() throws Exception {
super.setUp();
Map<String, Object> params = new HashMap<>();
params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, SERVER_SIDE_KEYSTORE);
params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, PASSWORD);
params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, SERVER_SIDE_TRUSTSTORE);
params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, PASSWORD);
params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true);
params.put(TransportConstants.PORT_PROP_NAME, "61617");
ConfigurationImpl config = createBasicConfig();
config.addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
config.addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY));
config.setSecurityEnabled(true);
ActiveMQSecurityManager securityManager = new ActiveMQJAASSecurityManager("DualAuthenticationPropertiesLogin", "DualAuthenticationCertLogin");
server = addServer(ActiveMQServers.newActiveMQServer(config, ManagementFactory.getPlatformMBeanServer(), securityManager, false));
HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository();
Role sendRole = new Role("producers", true, false, true, false, true, false, false, false, false, false);
Role receiveRole = new Role("consumers", false, true, false, false, false, false, false, false, false, false);
Set<Role> roles = new HashSet<>();
roles.add(sendRole);
roles.add(receiveRole);
securityRepository.addMatch(DualAuthenticationTest.QUEUE.toString(), roles);
server.start();
waitForServerToStart(server);
tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
}
use of org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager in project activemq-artemis by apache.
the class ActiveMQTestBase method createInVMFailoverServer.
protected ActiveMQServer createInVMFailoverServer(final boolean realFiles, final Configuration configuration, final int pageSize, final int maxAddressSize, final Map<String, AddressSettings> settings, NodeManager nodeManager, final int id) {
ActiveMQServer server;
ActiveMQSecurityManager securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName(), new SecurityConfiguration());
configuration.setPersistenceEnabled(realFiles);
server = addServer(new InVMNodeManagerServer(configuration, ManagementFactory.getPlatformMBeanServer(), securityManager, nodeManager));
try {
server.setIdentity("Server " + id);
for (Map.Entry<String, AddressSettings> setting : settings.entrySet()) {
server.getAddressSettingsRepository().addMatch(setting.getKey(), setting.getValue());
}
AddressSettings defaultSetting = new AddressSettings();
defaultSetting.setPageSizeBytes(pageSize);
defaultSetting.setMaxSizeBytes(maxAddressSize);
server.getAddressSettingsRepository().addMatch("#", defaultSetting);
return server;
} finally {
addServer(server);
}
}
Aggregations