roles.add(new Role(role, send.contains(role), consume.contains(role), createDurableQueue.contains(role), deleteDurableQueue.contains(role), createNonDurableQueue.contains(role), deleteNonDurableQueue.contains(role), manageRoles.contains(role), browse.contains(role), createAddressRoles.contains(role), deleteAddressRoles.contains(role)));
@Override public SecuritySettingPlugin init(Map<String, String> map) { this.name = map.get(NAME); if(this.name != null) { INSTANCES.put(this.name, this); } this.useGroupsFromSaslDelegation = "true".equalsIgnoreCase(map.get(USE_GROUPS_FROM_SASL_DELEGATION)); Set<Role> roles = new HashSet<>(); // "admin" (console or other internal process) can do anything roles.add(new Role(ADMIN_GROUP, true, true, true, true, true, true, true, true, true, true)); if(!useGroupsFromSaslDelegation) { // "all" users can create/delete queues (but not addresses) roles.add(new Role(ALL_GROUP, true, true, true, true, true, true, false, true, false, false)); roles.add(new Role(MANAGE_GROUP, true, true, true, true, true, true, true, true, false, false)); } this.standardRoles = Collections.unmodifiableSet(roles); return this; }
@Test public void testSingletwo() { securityRepository.addMatch("queues.another.aq.*", new HashSet<Role>()); HashSet<Role> roles = new HashSet<>(2); roles.add(new Role("test1", true, true, true, true, true, true, true, true, true, true)); roles.add(new Role("test2", true, true, true, true, true, true, true, true, true, true)); securityRepository.addMatch("queues.aq", roles); HashSet<Role> roles2 = new HashSet<>(2); roles2.add(new Role("test1", true, true, true, true, true, true, true, true, true, true)); roles2.add(new Role("test2", true, true, true, true, true, true, true, true, true, true)); roles2.add(new Role("test3", true, true, true, true, true, true, true, true, true, true)); securityRepository.addMatch("queues.another.andanother", roles2); HashSet<Role> hashSet = securityRepository.getMatch("queues.another.andanother"); Assert.assertEquals(hashSet.size(), 3); }
@Test public void testWithoutWildcard() { securityRepository.addMatch("queues.1.*", new HashSet<Role>()); HashSet<Role> roles = new HashSet<>(2); roles.add(new Role("test1", true, true, true, true, true, true, true, true, true, true)); roles.add(new Role("test2", true, true, true, true, true, true, true, true, true, true)); securityRepository.addMatch("queues.2.aq", roles); HashSet<Role> hashSet = securityRepository.getMatch("queues.2.aq"); Assert.assertEquals(hashSet.size(), 2); }
@Override protected void configureBrokerSecurity(ActiveMQServer server) { server.getConfiguration().setSecurityEnabled(isSecurityEnabled()); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.setConfigurationName("Krb5Plus"); securityManager.setConfiguration(null); final String roleName = "ALLOW_ALL"; Role role = new Role(roleName, true, true, true, true, true, true, true, true, true, true); Set<Role> roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch(getQueueName().toString(), roles); }
/** * @return */ protected ActiveMQJAASSecurityManager installSecurity(TestableServer server) { ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getServer().getSecurityManager(); securityManager.getConfiguration().addUser("a", "b"); Role role = new Role("arole", true, true, true, true, true, true, true, true, true, true); Set<Role> roles = new HashSet<>(); roles.add(role); server.getServer().getSecurityRepository().addMatch("#", roles); securityManager.getConfiguration().addRole("a", "arole"); return securityManager; } }
@Test public void testAutoCreateOnSendToQueueSecurity() throws Exception { ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest"); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest"); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "rejectAll"); Role role = new Role("rejectAll", false, false, false, false, false, false, false, false, false, false); Set<Role> roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch("#", roles); Connection connection = cf.createConnection(); Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); javax.jms.Queue queue = ActiveMQJMSClient.createQueue(QUEUE_NAME); try { session.createProducer(queue); Assert.fail("Sending a message here should throw a JMSSecurityException"); } catch (Exception e) { Assert.assertTrue(e instanceof JMSSecurityException); } connection.close(); }
static Role transform(final OperationContext context, final String name, final ModelNode node) throws OperationFailedException { final boolean send = SEND.resolveModelAttribute(context, node).asBoolean(); final boolean consume = CONSUME.resolveModelAttribute(context, node).asBoolean(); final boolean createDurableQueue = CREATE_DURABLE_QUEUE.resolveModelAttribute(context, node).asBoolean(); final boolean deleteDurableQueue = DELETE_DURABLE_QUEUE.resolveModelAttribute(context, node).asBoolean(); final boolean createNonDurableQueue = CREATE_NON_DURABLE_QUEUE.resolveModelAttribute(context, node).asBoolean(); final boolean deleteNonDurableQueue = DELETE_NON_DURABLE_QUEUE.resolveModelAttribute(context, node).asBoolean(); final boolean manage = MANAGE.resolveModelAttribute(context, node).asBoolean(); return new Role(name, send, consume, createDurableQueue, deleteDurableQueue, createNonDurableQueue, deleteNonDurableQueue, manage); }
static Role transform(final OperationContext context, final String name, final ModelNode node) throws OperationFailedException { final boolean send = SEND.resolveModelAttribute(context, node).asBoolean(); final boolean consume = CONSUME.resolveModelAttribute(context, node).asBoolean(); final boolean createDurableQueue = CREATE_DURABLE_QUEUE.resolveModelAttribute(context, node).asBoolean(); final boolean deleteDurableQueue = DELETE_DURABLE_QUEUE.resolveModelAttribute(context, node).asBoolean(); final boolean createNonDurableQueue = CREATE_NON_DURABLE_QUEUE.resolveModelAttribute(context, node).asBoolean(); final boolean deleteNonDurableQueue = DELETE_NON_DURABLE_QUEUE.resolveModelAttribute(context, node).asBoolean(); final boolean manage = MANAGE.resolveModelAttribute(context, node).asBoolean(); return new Role(name, send, consume, createDurableQueue, deleteDurableQueue, createNonDurableQueue, deleteNonDurableQueue, manage); }
@Test public void testCreateTempQueueWithRole() throws Exception { ActiveMQServer server = createServer(); server.start(); HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); Role role = new Role("arole", false, false, false, false, true, false, false, false, true, false); Set<Role> roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); securityManager.getConfiguration().addRole("auser", "arole"); ClientSessionFactory cf = createSessionFactory(locator); ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1); session.createQueue(SecurityTest.addressA, SecurityTest.queueA, false); session.close(); }
@Test public void testCreateDurableQueueWithRole() throws Exception { ActiveMQServer server = createServer(); server.start(); HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); Role role = new Role("arole", false, false, true, false, false, false, false, false, true, false); Set<Role> roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); securityManager.getConfiguration().addRole("auser", "arole"); ClientSessionFactory cf = createSessionFactory(locator); ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1); session.createQueue(SecurityTest.addressA, SecurityTest.queueA, true); session.close(); }
@Before @Override public void setUp() throws Exception { super.setUp(); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest"); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest"); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "allowAll"); Role role = new Role("allowAll", true, true, true, true, true, true, true, true, true, true); Set<Role> roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch("#", roles); ServerLocator locator = ServerLocatorImpl.newLocator("tcp://localhost:61616"); factory = locator.createSessionFactory(); clientSession = factory.createSession(); }
@Test public void testDeleteTempQueueWithRole() throws Exception { ActiveMQServer server = createServer(); server.start(); HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); Role role = new Role("arole", false, false, false, false, true, true, false, false, true, true); Set<Role> roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); securityManager.getConfiguration().addRole("auser", "arole"); ClientSessionFactory cf = createSessionFactory(locator); ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1); session.createQueue(SecurityTest.addressA, SecurityTest.queueA, false); session.deleteQueue(SecurityTest.queueA); session.close(); }
@Test public void testDeleteDurableQueueWithRole() throws Exception { ActiveMQServer server = createServer(); server.start(); HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); Role role = new Role("arole", false, false, true, true, false, false, false, false, true, true); Set<Role> roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); securityManager.getConfiguration().addRole("auser", "arole"); ClientSessionFactory cf = createSessionFactory(locator); ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1); session.createQueue(SecurityTest.addressA, SecurityTest.queueA, true); session.deleteQueue(SecurityTest.queueA); session.close(); }
@Test public void testSendManagementWithRole() throws Exception { ActiveMQServer server = createServer(); server.start(); HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); Role role = new Role("arole", false, false, false, false, false, false, true, false, false, false); Set<Role> roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(configuration.getManagementAddress().toString(), roles); securityManager.getConfiguration().addRole("auser", "arole"); locator.setBlockOnNonDurableSend(true); ClientSessionFactory cf = createSessionFactory(locator); ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1); ClientProducer cp = session.createProducer(configuration.getManagementAddress()); cp.send(session.createMessage(false)); session.close(); }
@Override @Before public void setUp() throws Exception { super.setUp(); ResourceLimitSettings resourceLimitSettings = new ResourceLimitSettings(); resourceLimitSettings.setMatch(SimpleString.toSimpleString("myUser")); resourceLimitSettings.setMaxConnections(1); resourceLimitSettings.setMaxQueues(1); Configuration configuration = createBasicConfig().addAcceptorConfiguration(new TransportConfiguration(INVM_ACCEPTOR_FACTORY)).addResourceLimitSettings(resourceLimitSettings).setSecurityEnabled(true); server = addServer(ActiveMQServers.newActiveMQServer(configuration, false)); server.start(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("myUser", "password"); securityManager.getConfiguration().addRole("myUser", "arole"); Role role = new Role("arole", false, false, false, false, true, true, false, true, true, true); Set<Role> roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch("#", roles); }
@Test public void testWriteRole() throws Exception { Role role = new Role("testWriteRole", true, false, false, false, false, false, false, false, false, false); Assert.assertTrue(SEND.hasRole(role)); Assert.assertFalse(CONSUME.hasRole(role)); Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(MANAGE.hasRole(role)); Assert.assertFalse(BROWSE.hasRole(role)); Assert.assertFalse(CREATE_ADDRESS.hasRole(role)); }
@Test public void testReadRole() throws Exception { Role role = new Role("testReadRole", false, true, false, false, false, false, false, true, false, false); Assert.assertFalse(SEND.hasRole(role)); Assert.assertTrue(CONSUME.hasRole(role)); Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(MANAGE.hasRole(role)); Assert.assertTrue(BROWSE.hasRole(role)); Assert.assertFalse(CREATE_ADDRESS.hasRole(role)); }
@Test public void testCreateRole() throws Exception { Role role = new Role("testCreateRole", false, false, true, false, false, false, false, false, false, false); Assert.assertFalse(SEND.hasRole(role)); Assert.assertFalse(CONSUME.hasRole(role)); Assert.assertTrue(CREATE_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(MANAGE.hasRole(role)); Assert.assertFalse(BROWSE.hasRole(role)); Assert.assertFalse(CREATE_ADDRESS.hasRole(role)); }
@Test public void testManageRole() throws Exception { Role role = new Role("testManageRole", false, false, false, false, false, false, true, false, false, false); Assert.assertFalse(SEND.hasRole(role)); Assert.assertFalse(CONSUME.hasRole(role)); Assert.assertFalse(CREATE_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(CREATE_NON_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(DELETE_DURABLE_QUEUE.hasRole(role)); Assert.assertFalse(DELETE_NON_DURABLE_QUEUE.hasRole(role)); Assert.assertTrue(MANAGE.hasRole(role)); Assert.assertFalse(BROWSE.hasRole(role)); Assert.assertFalse(CREATE_ADDRESS.hasRole(role)); }