roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browse.contains(role), createAddressRoles.contains(role), deleteAddressRoles.contains(role)));
@Override public boolean hasRole(final Role role) { return role.isConsume(); } },
@Override public boolean hasRole(final Role role) { return role.isCreateDurableQueue(); } },
@Test public void testGetRolesAsJSON() throws Exception { SimpleString address = RandomUtil.randomSimpleString(); SimpleString queue = RandomUtil.randomSimpleString(); Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean()); session.createQueue(address, queue, true); AddressControl addressControl = createManagementControl(address); String jsonString = addressControl.getRolesAsJSON(); Assert.assertNotNull(jsonString); RoleInfo[] roles = RoleInfo.from(jsonString); Assert.assertEquals(0, roles.length); Set<Role> newRoles = new HashSet<>(); newRoles.add(role); server.getSecurityRepository().addMatch(address.toString(), newRoles); jsonString = addressControl.getRolesAsJSON(); Assert.assertNotNull(jsonString); roles = RoleInfo.from(jsonString); Assert.assertEquals(1, roles.length); RoleInfo r = roles[0]; Assert.assertEquals(role.getName(), roles[0].getName()); Assert.assertEquals(role.isSend(), r.isSend()); Assert.assertEquals(role.isConsume(), r.isConsume()); Assert.assertEquals(role.isCreateDurableQueue(), r.isCreateDurableQueue()); Assert.assertEquals(role.isDeleteDurableQueue(), r.isDeleteDurableQueue()); Assert.assertEquals(role.isCreateNonDurableQueue(), r.isCreateNonDurableQueue()); Assert.assertEquals(role.isDeleteNonDurableQueue(), r.isDeleteNonDurableQueue()); Assert.assertEquals(role.isManage(), r.isManage()); session.deleteQueue(queue); }
logger.debug("Removing write permission"); for (Role role : roles) { if (role.isSend()) { rolesToRemove.add(role); logger.debug("Removing read permission"); for (Role role : roles) { if (role.isConsume()) { rolesToRemove.add(role); logger.debug("Removing admin permission"); for (Role role : roles) { if (role.isCreateDurableQueue() || role.isCreateNonDurableQueue() || role.isDeleteDurableQueue() || role.isDeleteNonDurableQueue()) { rolesToRemove.add(role);
private Set<Principal> getRolePrincipals(final CheckType checkType, final Set<Role> roles) { Set<Principal> principals = new HashSet<Principal>(); for (Role role : roles) { if (checkType.hasRole(role)) { principals.add(new SimplePrincipal(role.getName())); } } return principals; }
@Test public void testGetRoles() throws Exception { SimpleString address = RandomUtil.randomSimpleString(); SimpleString queue = RandomUtil.randomSimpleString(); Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean()); session.createQueue(address, queue, true); AddressControl addressControl = createManagementControl(address); Object[] roles = addressControl.getRoles(); Assert.assertEquals(0, roles.length); Set<Role> newRoles = new HashSet<>(); newRoles.add(role); server.getSecurityRepository().addMatch(address.toString(), newRoles); roles = addressControl.getRoles(); Assert.assertEquals(1, roles.length); Object[] r = (Object[]) roles[0]; Assert.assertEquals(role.getName(), r[0]); Assert.assertEquals(CheckType.SEND.hasRole(role), r[1]); Assert.assertEquals(CheckType.CONSUME.hasRole(role), r[2]); Assert.assertEquals(CheckType.CREATE_DURABLE_QUEUE.hasRole(role), r[3]); Assert.assertEquals(CheckType.DELETE_DURABLE_QUEUE.hasRole(role), r[4]); Assert.assertEquals(CheckType.CREATE_NON_DURABLE_QUEUE.hasRole(role), r[5]); Assert.assertEquals(CheckType.DELETE_NON_DURABLE_QUEUE.hasRole(role), r[6]); Assert.assertEquals(CheckType.MANAGE.hasRole(role), r[7]); session.deleteQueue(queue); }
@Test public void testEqualsAndHashcode() throws Exception { Role role = new Role("testEquals", true, true, true, false, false, false, false, false, false, false); Role sameRole = new Role("testEquals", true, true, true, false, false, false, false, false, false, false); Role roleWithDifferentName = new Role("notEquals", true, true, true, false, false, false, false, false, false, false); Role roleWithDifferentRead = new Role("testEquals", false, true, true, false, false, false, false, false, false, false); Role roleWithDifferentWrite = new Role("testEquals", true, false, true, false, false, false, false, false, false, false); Role roleWithDifferentCreate = new Role("testEquals", true, true, false, false, false, false, false, false, false, false); Assert.assertTrue(role.equals(role)); Assert.assertTrue(role.equals(sameRole)); Assert.assertTrue(role.hashCode() == sameRole.hashCode()); Assert.assertFalse(role.equals(roleWithDifferentName)); Assert.assertFalse(role.hashCode() == roleWithDifferentName.hashCode()); Assert.assertFalse(role.equals(roleWithDifferentRead)); Assert.assertFalse(role.hashCode() == roleWithDifferentRead.hashCode()); Assert.assertFalse(role.equals(roleWithDifferentWrite)); Assert.assertFalse(role.hashCode() == roleWithDifferentWrite.hashCode()); Assert.assertFalse(role.equals(roleWithDifferentCreate)); Assert.assertFalse(role.hashCode() == roleWithDifferentCreate.hashCode()); Assert.assertFalse(role.equals(null)); }
@Override public boolean hasRole(final Role role) { return role.isDeleteNonDurableQueue(); } },
@Override public boolean hasRole(final Role role) { return role.isDeleteDurableQueue(); } },
@Override public boolean hasRole(final Role role) { return role.isCreateNonDurableQueue(); } },
assertFalse(a1Role.isSend()); assertFalse(a1Role.isConsume()); assertFalse(a1Role.isCreateDurableQueue()); assertFalse(a1Role.isDeleteDurableQueue()); assertTrue(a1Role.isCreateNonDurableQueue()); assertFalse(a1Role.isDeleteNonDurableQueue()); assertFalse(a1Role.isManage()); assertFalse(a2Role.isSend()); assertFalse(a2Role.isConsume()); assertFalse(a2Role.isCreateDurableQueue()); assertFalse(a2Role.isDeleteDurableQueue()); assertFalse(a2Role.isCreateNonDurableQueue()); assertTrue(a2Role.isDeleteNonDurableQueue()); assertFalse(a2Role.isManage()); assertEquals(1234567, conf.getGlobalMaxSize()); assertEquals(37, conf.getMaxDiskUsage());
private Set<RolePrincipal> getPrincipalsInRole(final CheckType checkType, final Set<Role> roles) { Set principals = new HashSet<>(); for (Role role : roles) { if (checkType.hasRole(role)) { try { principals.add(createGroupPrincipal(role.getName(), rolePrincipalClass)); } catch (Exception e) { ActiveMQServerLogger.LOGGER.failedAddRolePrincipal(e); } } } return principals; }
@Override public SecuritySettingPlugin init(Map<String, String> map) { this.name = map.get(NAME); if(this.name != null) { INSTANCES.put(this.name, this); } this.useGroupsFromSaslDelegation = "true".equalsIgnoreCase(map.get(USE_GROUPS_FROM_SASL_DELEGATION)); Set<Role> roles = new HashSet<>(); // "admin" (console or other internal process) can do anything roles.add(new Role(ADMIN_GROUP, true, true, true, true, true, true, true, true, true, true)); if(!useGroupsFromSaslDelegation) { // "all" users can create/delete queues (but not addresses) roles.add(new Role(ALL_GROUP, true, true, true, true, true, true, false, true, false, false)); roles.add(new Role(MANAGE_GROUP, true, true, true, true, true, true, true, true, false, false)); } this.standardRoles = Collections.unmodifiableSet(roles); return this; }
static void removeRole(ActiveMQServer server, String match, String roleName) { if (server != null) { final Set<Role> roles = server.getSecurityRepository().getMatch(match); final Set<Role> newRoles = new HashSet<Role>(); for (final Role role : roles) { if (!roleName.equals(role.getName())) { newRoles.add(role); } } server.getSecurityRepository().addMatch(match, newRoles); } }
securityRoles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browseRoles.contains(role), createAddressRoles.contains(role), deleteAddressRoles.contains(role)));
static void removeRole(ActiveMQServer server, String match, String roleName) { if (server != null) { final Set<Role> roles = server.getSecurityRepository().getMatch(match); final Set<Role> newRoles = new HashSet<Role>(); for (final Role role : roles) { if (!roleName.equals(role.getName())) { newRoles.add(role); } } server.getSecurityRepository().addMatch(match, newRoles); } }
roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browse.contains(role), createAddressRoles.contains(role), deleteAddressRoles.contains(role)));
@Override public boolean validateUserAndRole(String username, String password, Set<Role> roles, CheckType checkType) { if (defaultUser.equals(username) && defaultPassword.equals(password)) return true; final SecurityIdentity identity = this.authenticate(username, password); final Set<String> filteredRoles = new HashSet<>(); for (Role role : roles) { if (checkType.hasRole(role)) { String name = role.getName(); filteredRoles.add(name); } } return identity.getRoles().containsAny(filteredRoles); }
roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browse.contains(role), createAddressRoles.contains(role), deleteAddressRoles.contains(role)));