@Override
public Object[] getRoles() throws Exception {
clearIO();
try {
Set<Role> roles = securityRepository.getMatch(address.toString());
Object[] objRoles = new Object[roles.size()];
int i = 0;
for (Role role : roles) {
objRoles[i++] =
new Object[] {
role.getName(),
CheckType.SEND.hasRole(role),
CheckType.CONSUME.hasRole(role),
CheckType.CREATE_DURABLE_QUEUE.hasRole(role),
CheckType.DELETE_DURABLE_QUEUE.hasRole(role),
CheckType.CREATE_NON_DURABLE_QUEUE.hasRole(role),
CheckType.DELETE_NON_DURABLE_QUEUE.hasRole(role),
CheckType.MANAGE.hasRole(role)
};
}
return objRoles;
} finally {
blockOnIO();
}
}
@Test
public void testSECURITY_PERMISSION_VIOLATION() throws Exception {
SimpleString queue = RandomUtil.randomSimpleString();
SimpleString address = RandomUtil.randomSimpleString();
// guest can not create queue
Role role =
new Role(
"roleCanNotCreateQueue", true, true, false, true, false, true, true, true, true, true);
Set<Role> roles = new HashSet<>();
roles.add(role);
server.getSecurityRepository().addMatch(address.toString(), roles);
ActiveMQJAASSecurityManager securityManager =
(ActiveMQJAASSecurityManager) server.getSecurityManager();
securityManager.getConfiguration().addRole("guest", "roleCanNotCreateQueue");
SecurityNotificationTest.flush(notifConsumer);
ServerLocator locator = createInVMNonHALocator();
ClientSessionFactory sf = createSessionFactory(locator);
ClientSession guestSession = sf.createSession("guest", "guest", false, true, true, false, 1);
try {
guestSession.createQueue(address, queue, true);
Assert.fail(
"session creation must fail and a notification of security violation must be sent");
} catch (Exception e) {
}
ClientMessage[] notifications = SecurityNotificationTest.consumeMessages(1, notifConsumer);
Assert.assertEquals(
SECURITY_PERMISSION_VIOLATION.toString(),
notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString());
Assert.assertEquals(
"guest", notifications[0].getObjectProperty(ManagementHelper.HDR_USER).toString());
Assert.assertEquals(
address.toString(),
notifications[0].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString());
Assert.assertEquals(
CheckType.CREATE_DURABLE_QUEUE.toString(),
notifications[0].getObjectProperty(ManagementHelper.HDR_CHECK_TYPE).toString());
guestSession.close();
}
@Test
public void testGetRoles() throws Exception {
SimpleString address = RandomUtil.randomSimpleString();
SimpleString queue = RandomUtil.randomSimpleString();
Role role =
new Role(
RandomUtil.randomString(),
RandomUtil.randomBoolean(),
RandomUtil.randomBoolean(),
RandomUtil.randomBoolean(),
RandomUtil.randomBoolean(),
RandomUtil.randomBoolean(),
RandomUtil.randomBoolean(),
RandomUtil.randomBoolean());
session.createQueue(address, queue, true);
CoreMessagingProxy proxy = createProxy(address);
Object[] roles = (Object[]) proxy.retrieveAttributeValue("roles");
for (Object role2 : roles) {
System.out.println(((Object[]) role2)[0]);
}
Assert.assertEquals(0, roles.length);
Set<Role> newRoles = new HashSet<>();
newRoles.add(role);
server.getSecurityRepository().addMatch(address.toString(), newRoles);
roles = (Object[]) proxy.retrieveAttributeValue("roles");
Assert.assertEquals(1, roles.length);
Object[] r = (Object[]) roles[0];
Assert.assertEquals(role.getName(), r[0]);
Assert.assertEquals(CheckType.SEND.hasRole(role), r[1]);
Assert.assertEquals(CheckType.CONSUME.hasRole(role), r[2]);
Assert.assertEquals(CheckType.CREATE_DURABLE_QUEUE.hasRole(role), r[3]);
Assert.assertEquals(CheckType.DELETE_DURABLE_QUEUE.hasRole(role), r[4]);
Assert.assertEquals(CheckType.CREATE_NON_DURABLE_QUEUE.hasRole(role), r[5]);
Assert.assertEquals(CheckType.DELETE_NON_DURABLE_QUEUE.hasRole(role), r[6]);
Assert.assertEquals(CheckType.MANAGE.hasRole(role), r[7]);
session.deleteQueue(queue);
}
