@Override
@Before
public void setUp() throws Exception {
super.setUp();
Configuration config = createDefaultInVMConfig().setSecurityEnabled(true);
server = addServer(ActiveMQServers.newActiveMQServer(config, false));
server.start();
notifQueue = RandomUtil.randomSimpleString();
ActiveMQJAASSecurityManager securityManager =
(ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addUser("admin", "admin");
securityManager.getConfiguration().addUser("guest", "guest");
securityManager.getConfiguration().setDefaultUser("guest");
Role role = new Role("notif", true, true, true, true, true, true, true, true, true, true);
Set<Role> roles = new HashSet<>();
roles.add(role);
server
.getSecurityRepository()
.addMatch(
ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress().toString(),
roles);
securityManager.getConfiguration().addRole("admin", "notif");
ServerLocator locator = createInVMNonHALocator();
ClientSessionFactory sf = createSessionFactory(locator);
adminSession = sf.createSession("admin", "admin", false, true, true, false, 1);
adminSession.start();
adminSession.createTemporaryQueue(
ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress(), notifQueue);
notifConsumer = adminSession.createConsumer(notifQueue);
}
@Test
public void testSECURITY_PERMISSION_VIOLATION() throws Exception {
SimpleString queue = RandomUtil.randomSimpleString();
SimpleString address = RandomUtil.randomSimpleString();
// guest can not create queue
Role role =
new Role(
"roleCanNotCreateQueue", true, true, false, true, false, true, true, true, true, true);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getSecurityRepository().addMatch(address.toString(), roles);
ActiveMQJAASSecurityManager securityManager =
(ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addRole("guest", "roleCanNotCreateQueue");
SecurityNotificationTest.flush(notifConsumer);
ServerLocator locator = createInVMNonHALocator();
ClientSessionFactory sf = createSessionFactory(locator);
ClientSession guestSession = sf.createSession("guest", "guest", false, true, true, false, 1);
try {
guestSession.createQueue(address, queue, true);
Assert.fail(
"session creation must fail and a notification of security violation must be sent");
} catch (Exception e) {
}
ClientMessage[] notifications = SecurityNotificationTest.consumeMessages(1, notifConsumer);
Assert.assertEquals(
SECURITY_PERMISSION_VIOLATION.toString(),
notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString());
Assert.assertEquals(
"guest", notifications[0].getObjectProperty(ManagementHelper.HDR_USER).toString());
Assert.assertEquals(
address.toString(),
notifications[0].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString());
Assert.assertEquals(
CheckType.CREATE_DURABLE_QUEUE.toString(),
notifications[0].getObjectProperty(ManagementHelper.HDR_CHECK_TYPE).toString());
guestSession.close();
}