public boolean validateUser(String login, String passcode, RemotingConnection remotingConnection) { boolean validated = true; ActiveMQSecurityManager sm = server.getSecurityManager(); if (sm != null && server.getConfiguration().isSecurityEnabled()) { if (sm instanceof ActiveMQSecurityManager3) { validated = ((ActiveMQSecurityManager3) sm).validateUser(login, passcode, remotingConnection) != null; } else if (sm instanceof ActiveMQSecurityManager2) { validated = ((ActiveMQSecurityManager2) sm).validateUser(login, passcode, CertificateUtil.getCertsFromConnection(remotingConnection)); } else { validated = sm.validateUser(login, passcode); } } return validated; }
@Test public void testAutoCreateOnSendToQueueSecurity() throws Exception { ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest"); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest"); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "rejectAll"); Role role = new Role("rejectAll", false, false, false, false, false, false, false, false, false, false); Set<Role> roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch("#", roles); Connection connection = cf.createConnection(); Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); javax.jms.Queue queue = ActiveMQJMSClient.createQueue(QUEUE_NAME); try { session.createProducer(queue); Assert.fail("Sending a message here should throw a JMSSecurityException"); } catch (Exception e) { Assert.assertTrue(e instanceof JMSSecurityException); } connection.close(); }
@Override protected void configureBrokerSecurity(ActiveMQServer server) { server.getConfiguration().setSecurityEnabled(isSecurityEnabled()); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.setConfigurationName("Krb5Plus"); securityManager.setConfiguration(null); final String roleName = "ALLOW_ALL"; Role role = new Role(roleName, true, true, true, true, true, true, true, true, true, true); Set<Role> roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch(getQueueName().toString(), roles); }
@Before @Override public void setUp() throws Exception { super.setUp(); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addUser("guest", "guest"); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().setDefaultUser("guest"); ((ActiveMQJAASSecurityManager) server.getSecurityManager()).getConfiguration().addRole("guest", "allowAll"); Role role = new Role("allowAll", true, true, true, true, true, true, true, true, true, true); Set<Role> roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch("#", roles); ServerLocator locator = ServerLocatorImpl.newLocator("tcp://localhost:61616"); factory = locator.createSessionFactory(); clientSession = factory.createSession(); }
@Override protected void extraServerConfig(Configuration serverConfig) { super.extraServerConfig(serverConfig); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("denyQ", "denyQ"); securityManager.getConfiguration().addRole("denyQ", "denyQ"); }
/** * @return */ protected ActiveMQJAASSecurityManager installSecurity(TestableServer server) { ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getServer().getSecurityManager(); securityManager.getConfiguration().addUser("a", "b"); Role role = new Role("arole", true, true, true, true, true, true, true, true, true, true); Set<Role> roles = new HashSet<>(); roles.add(role); server.getServer().getSecurityRepository().addMatch("#", roles); securityManager.getConfiguration().addRole("a", "arole"); return securityManager; } }
@Test public void testSecurityOnJMSContext() throws Exception { ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("IDo", "Exist"); try { JMSContext ctx = cf.createContext("Idont", "exist"); ctx.close(); } catch (JMSSecurityRuntimeException e) { // expected } JMSContext ctx = cf.createContext("IDo", "Exist"); ctx.close(); }
private void startServer() throws Exception { liveTC = new TransportConfiguration(INVM_CONNECTOR_FACTORY); Map<String, TransportConfiguration> connectors = new HashMap<>(); connectors.put(liveTC.getName(), liveTC); List<String> connectorNames = new ArrayList<>(); connectorNames.add(liveTC.getName()); Map<String, Object> params = new HashMap<>(); params.put(org.apache.activemq.artemis.core.remoting.impl.invm.TransportConstants.SERVER_ID_PROP_NAME, 1); Configuration liveConf = createBasicConfig().addAcceptorConfiguration(new TransportConfiguration(INVM_ACCEPTOR_FACTORY)).addAcceptorConfiguration(new TransportConfiguration(INVM_ACCEPTOR_FACTORY, params)).addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY)).setConnectorConfigurations(connectors).setHAPolicyConfiguration(new SharedStoreMasterPolicyConfiguration()).setSecurityEnabled(true); final long broadcastPeriod = 250; final String bcGroupName = "bc1"; final int localBindPort = 5432; BroadcastGroupConfiguration bcConfig1 = new BroadcastGroupConfiguration().setName(bcGroupName).setBroadcastPeriod(broadcastPeriod).setConnectorInfos(connectorNames).setEndpointFactory(new UDPBroadcastEndpointFactory().setGroupAddress(groupAddress).setGroupPort(groupPort).setLocalBindPort(localBindPort)); List<BroadcastGroupConfiguration> bcConfigs1 = new ArrayList<>(); bcConfigs1.add(bcConfig1); liveConf.setBroadcastGroupConfigurations(bcConfigs1); liveService = addServer(ActiveMQServers.newActiveMQServer(liveConf, false)); ((ActiveMQJAASSecurityManager) liveService.getSecurityManager()).getConfiguration().addUser("guest", "guest"); ((ActiveMQJAASSecurityManager) liveService.getSecurityManager()).getConfiguration().setDefaultUser("guest"); liveService.start(); }
@Test public void testCreateQueueConnection() throws Exception { ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("IDo", "Exist"); try { QueueConnection queueC = ((QueueConnectionFactory) cf).createQueueConnection("IDont", "Exist"); fail("supposed to throw exception"); queueC.close(); } catch (JMSSecurityException e) { // expected } JMSContext ctx = cf.createContext("IDo", "Exist"); ctx.close(); } }
@Test public void testCreateTempQueueWithRole() throws Exception { ActiveMQServer server = createServer(); server.start(); HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); Role role = new Role("arole", false, false, false, false, true, false, false, false, true, false); Set<Role> roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); securityManager.getConfiguration().addRole("auser", "arole"); ClientSessionFactory cf = createSessionFactory(locator); ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1); session.createQueue(SecurityTest.addressA, SecurityTest.queueA, false); session.close(); }
@Test public void testCreateDurableQueueWithRole() throws Exception { ActiveMQServer server = createServer(); server.start(); HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); Role role = new Role("arole", false, false, true, false, false, false, false, false, true, false); Set<Role> roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); securityManager.getConfiguration().addRole("auser", "arole"); ClientSessionFactory cf = createSessionFactory(locator); ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1); session.createQueue(SecurityTest.addressA, SecurityTest.queueA, true); session.close(); }
@Test public void testDeleteTempQueueWithRole() throws Exception { ActiveMQServer server = createServer(); server.start(); HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); Role role = new Role("arole", false, false, false, false, true, true, false, false, true, true); Set<Role> roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); securityManager.getConfiguration().addRole("auser", "arole"); ClientSessionFactory cf = createSessionFactory(locator); ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1); session.createQueue(SecurityTest.addressA, SecurityTest.queueA, false); session.deleteQueue(SecurityTest.queueA); session.close(); }
@Test public void testCreateSessionWithCorrectUserCorrectPass() throws Exception { ActiveMQServer server = createServer(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("newuser", "apass"); server.start(); ClientSessionFactory cf = createSessionFactory(locator); try { ClientSession session = cf.createSession("newuser", "apass", false, true, true, false, -1); session.close(); } catch (ActiveMQException e) { Assert.fail("should not throw exception"); } }
@Test public void testDeleteDurableQueueWithRole() throws Exception { ActiveMQServer server = createServer(); server.start(); HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); Role role = new Role("arole", false, false, true, true, false, false, false, false, true, true); Set<Role> roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); securityManager.getConfiguration().addRole("auser", "arole"); ClientSessionFactory cf = createSessionFactory(locator); ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1); session.createQueue(SecurityTest.addressA, SecurityTest.queueA, true); session.deleteQueue(SecurityTest.queueA); session.close(); }
@Test public void testCreateSessionWithCorrectUserWrongPass() throws Exception { ActiveMQServer server = createServer(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("newuser", "apass"); server.start(); ClientSessionFactory cf = createSessionFactory(locator); try { cf.createSession("newuser", "awrongpass", false, true, true, false, -1); Assert.fail("should not throw exception"); } catch (ActiveMQSecurityException se) { //ok } catch (ActiveMQException e) { fail("Invalid Exception type:" + e.getType()); } }
@Test public void testCreateSessionWithNullUserPass() throws Exception { ActiveMQServer server = createServer(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("guest", "guest"); securityManager.getConfiguration().setDefaultUser("guest"); server.start(); ClientSessionFactory cf = createSessionFactory(locator); try { ClientSession session = cf.createSession(false, true, true); session.close(); } catch (ActiveMQException e) { Assert.fail("should not throw exception"); } }
@Test public void testSendManagementWithRole() throws Exception { ActiveMQServer server = createServer(); server.start(); HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); Role role = new Role("arole", false, false, false, false, false, false, true, false, false, false); Set<Role> roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(configuration.getManagementAddress().toString(), roles); securityManager.getConfiguration().addRole("auser", "arole"); locator.setBlockOnNonDurableSend(true); ClientSessionFactory cf = createSessionFactory(locator); ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1); ClientProducer cp = session.createProducer(configuration.getManagementAddress()); cp.send(session.createMessage(false)); session.close(); }
@Override @Before public void setUp() throws Exception { super.setUp(); ResourceLimitSettings resourceLimitSettings = new ResourceLimitSettings(); resourceLimitSettings.setMatch(SimpleString.toSimpleString("myUser")); resourceLimitSettings.setMaxConnections(1); resourceLimitSettings.setMaxQueues(1); Configuration configuration = createBasicConfig().addAcceptorConfiguration(new TransportConfiguration(INVM_ACCEPTOR_FACTORY)).addResourceLimitSettings(resourceLimitSettings).setSecurityEnabled(true); server = addServer(ActiveMQServers.newActiveMQServer(configuration, false)); server.start(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("myUser", "password"); securityManager.getConfiguration().addRole("myUser", "arole"); Role role = new Role("arole", false, false, false, false, true, true, false, true, true, true); Set<Role> roles = new HashSet<>(); roles.add(role); server.getSecurityRepository().addMatch("#", roles); }
@Test public void testNonBlockSendWithoutRole() throws Exception { ActiveMQServer server = createServer(); server.start(); HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser("auser", "pass"); Role role = new Role("arole", false, false, true, false, false, false, false, false, true, false); Set<Role> roles = new HashSet<>(); roles.add(role); securityRepository.addMatch(SecurityTest.addressA, roles); securityManager.getConfiguration().addRole("auser", "arole"); ClientSessionFactory cf = createSessionFactory(locator); ClientSession session = cf.createSession("auser", "pass", false, true, true, false, -1); session.createQueue(SecurityTest.addressA, SecurityTest.queueA, true); ClientProducer cp = session.createProducer(SecurityTest.addressA); cp.send(session.createMessage(false)); session.close(); Queue binding = (Queue) server.getPostOffice().getBinding(new SimpleString(SecurityTest.queueA)).getBindable(); Assert.assertEquals(0, getMessageCount(binding)); }
@Override protected ActiveMQServer setupAndStartActiveMQServer() throws Exception { Configuration config = createDefaultInVMConfig().setSecurityEnabled(true); ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(config, false)); server.start(); HierarchicalRepository<Set<Role>> securityRepository = server.getSecurityRepository(); ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager(); securityManager.getConfiguration().addUser(validAdminUser, validAdminPassword); securityManager.getConfiguration().addUser(invalidAdminUser, invalidAdminPassword); securityManager.getConfiguration().addRole(validAdminUser, "admin"); securityManager.getConfiguration().addRole(validAdminUser, "guest"); securityManager.getConfiguration().addRole(invalidAdminUser, "guest"); Set<Role> adminRole = securityRepository.getMatch(ActiveMQDefaultConfiguration.getDefaultManagementAddress().toString()); adminRole.add(new Role("admin", true, true, true, true, true, true, true, true, true, true)); securityRepository.addMatch(ActiveMQDefaultConfiguration.getDefaultManagementAddress().toString(), adminRole); Set<Role> guestRole = securityRepository.getMatch("*"); guestRole.add(new Role("guest", true, true, true, true, true, true, false, true, true, true)); securityRepository.addMatch("*", guestRole); return server; }