private Set<Principal> getRolePrincipals(final CheckType checkType, final Set<Role> roles) { Set<Principal> principals = new HashSet<Principal>(); for (Role role : roles) { if (checkType.hasRole(role)) { principals.add(new SimplePrincipal(role.getName())); } } return principals; }
static void removeRole(ActiveMQServer server, String match, String roleName) { if (server != null) { final Set<Role> roles = server.getSecurityRepository().getMatch(match); final Set<Role> newRoles = new HashSet<Role>(); for (final Role role : roles) { if (!roleName.equals(role.getName())) { newRoles.add(role); } } server.getSecurityRepository().addMatch(match, newRoles); } }
private Set<RolePrincipal> getPrincipalsInRole(final CheckType checkType, final Set<Role> roles) { Set principals = new HashSet<>(); for (Role role : roles) { if (checkType.hasRole(role)) { try { principals.add(createGroupPrincipal(role.getName(), rolePrincipalClass)); } catch (Exception e) { ActiveMQServerLogger.LOGGER.failedAddRolePrincipal(e); } } } return principals; }
@Override public boolean validateUserAndRole(String username, String password, Set<Role> roles, CheckType checkType) { if (defaultUser.equals(username) && defaultPassword.equals(password)) return true; final SecurityIdentity identity = this.authenticate(username, password); final Set<String> filteredRoles = new HashSet<>(); for (Role role : roles) { if (checkType.hasRole(role)) { String name = role.getName(); filteredRoles.add(name); } } return identity.getRoles().containsAny(filteredRoles); }
static void removeRole(ActiveMQServer server, String match, String roleName) { if (server != null) { final Set<Role> roles = server.getSecurityRepository().getMatch(match); final Set<Role> newRoles = new HashSet<Role>(); for (final Role role : roles) { if (!roleName.equals(role.getName())) { newRoles.add(role); } } server.getSecurityRepository().addMatch(match, newRoles); } }
@Override public boolean validateUserAndRole(String username, String password, Set<Role> roles, CheckType checkType) { if (defaultUser.equals(username) && defaultPassword.equals(password)) return true; final SecurityIdentity identity = this.authenticate(username, password); final Set<String> filteredRoles = new HashSet<>(); for (Role role : roles) { if (checkType.hasRole(role)) { String name = role.getName(); filteredRoles.add(name); } } return identity.getRoles().containsAny(filteredRoles); }
@Override public boolean validateUserAndRole(final String user, final String password, final Set<Role> roles, final CheckType checkType) { if (validateUser(user, password)) { String defaultUser = configuration.getDefaultUser(); List<String> availableRoles = configuration.getRole(user == null ? defaultUser : user); if (availableRoles == null) { return false; } for (String availableRole : availableRoles) { if (roles != null) { for (Role role : roles) { if (role.getName().equals(availableRole) && checkType.hasRole(role)) { return true; } } } } } return false; }
@Override protected boolean applyUpdateToRuntime(OperationContext context, ModelNode operation, String attributeName, ModelNode newValue, ModelNode currentValue, HandbackHolder<Set<Role>> handbackHolder) throws OperationFailedException { final ActiveMQServer server = getActiveMQServer(context, operation); if(server != null) { final PathAddress address = PathAddress.pathAddress(operation.require(ModelDescriptionConstants.OP_ADDR)); final String match = address.getElement(address.size() - 2).getValue(); final String roleName = address.getLastElement().getValue(); final Set<Role> newRoles = new HashSet<Role>(); final Set<Role> roles = server.getSecurityRepository().getMatch(match); handbackHolder.setHandback(roles); for(final Role role : roles) { if(! roleName.equals(role.getName())) { newRoles.add(role); } } final Resource resource = context.readResource(PathAddress.EMPTY_ADDRESS); final ModelNode subModel = resource.getModel(); final Role updatedRole = SecurityRoleDefinition.transform(context, roleName, subModel); newRoles.add(updatedRole); server.getSecurityRepository().addMatch(match, newRoles); } return false; }
@Override protected boolean applyUpdateToRuntime(OperationContext context, ModelNode operation, String attributeName, ModelNode newValue, ModelNode currentValue, HandbackHolder<Set<Role>> handbackHolder) throws OperationFailedException { final ActiveMQServer server = getActiveMQServer(context, operation); if(server != null) { final PathAddress address = PathAddress.pathAddress(operation.require(ModelDescriptionConstants.OP_ADDR)); final String match = address.getElement(address.size() - 2).getValue(); final String roleName = address.getLastElement().getValue(); final Set<Role> newRoles = new HashSet<Role>(); final Set<Role> roles = server.getSecurityRepository().getMatch(match); handbackHolder.setHandback(roles); for(final Role role : roles) { if(! roleName.equals(role.getName())) { newRoles.add(role); } } final Resource resource = context.readResource(PathAddress.EMPTY_ADDRESS); final ModelNode subModel = resource.getModel(); final Role updatedRole = SecurityRoleDefinition.transform(context, roleName, subModel); newRoles.add(updatedRole); server.getSecurityRepository().addMatch(match, newRoles); } return false; }
@Override public Boolean run() { final SimplePrincipal principal = new SimplePrincipal(username); // push a new security context if there is not one. final SecurityContext currentSecurityContext = SecurityContextAssociation.getSecurityContext(); final SecurityContext securityContext; if (currentSecurityContext == null) { try { securityContext = SecurityContextFactory.createSecurityContext(principal, password, subject, securityDomainContext.getAuthenticationManager().getSecurityDomain()); } catch (Exception e) { throw new RuntimeException(e); } } else { securityContext = currentSecurityContext; securityContext.getUtil().createSubjectInfo(principal, password, subject); } SecurityContextAssociation.setSecurityContext(securityContext); final Set<Principal> principals = new HashSet<Principal>(); for (Role role : roles) { if (checkType.hasRole(role)) { principals.add(new SimplePrincipal(role.getName())); } } final boolean authenticated = securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(username), principals); // restore the previous security context if any SecurityContextAssociation.setSecurityContext(currentSecurityContext); return authenticated; } });
@Override public Object[] getRoles() throws Exception { clearIO(); try { Set<Role> roles = securityRepository.getMatch(addressInfo.getName().toString()); Object[] objRoles = new Object[roles.size()]; int i = 0; for (Role role : roles) { objRoles[i++] = new Object[]{role.getName(), CheckType.SEND.hasRole(role), CheckType.CONSUME.hasRole(role), CheckType.CREATE_DURABLE_QUEUE.hasRole(role), CheckType.DELETE_DURABLE_QUEUE.hasRole(role), CheckType.CREATE_NON_DURABLE_QUEUE.hasRole(role), CheckType.DELETE_NON_DURABLE_QUEUE.hasRole(role), CheckType.MANAGE.hasRole(role)}; } return objRoles; } finally { blockOnIO(); } }
@Override public Boolean run() { final SimplePrincipal principal = new SimplePrincipal(username); // push a new security context if there is not one. final SecurityContext currentSecurityContext = SecurityContextAssociation.getSecurityContext(); final SecurityContext securityContext; if (currentSecurityContext == null) { try { securityContext = SecurityContextFactory.createSecurityContext(principal, password, subject, securityDomainContext.getAuthenticationManager().getSecurityDomain()); } catch (Exception e) { throw new RuntimeException(e); } } else { securityContext = currentSecurityContext; securityContext.getUtil().createSubjectInfo(principal, password, subject); } SecurityContextAssociation.setSecurityContext(securityContext); final Set<Principal> principals = new HashSet<Principal>(); for (Role role : roles) { if (checkType.hasRole(role)) { principals.add(new SimplePrincipal(role.getName())); } } final boolean authenticated = securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(username), principals); // restore the previous security context if any SecurityContextAssociation.setSecurityContext(currentSecurityContext); return authenticated; } });
@Override public Object[] getRoles(final String addressMatch) throws Exception { checkStarted(); checkStarted(); clearIO(); try { Set<Role> roles = server.getSecurityRepository().getMatch(addressMatch); Object[] objRoles = new Object[roles.size()]; int i = 0; for (Role role : roles) { objRoles[i++] = new Object[]{role.getName(), CheckType.SEND.hasRole(role), CheckType.CONSUME.hasRole(role), CheckType.CREATE_DURABLE_QUEUE.hasRole(role), CheckType.DELETE_DURABLE_QUEUE.hasRole(role), CheckType.CREATE_NON_DURABLE_QUEUE.hasRole(role), CheckType.DELETE_NON_DURABLE_QUEUE.hasRole(role), CheckType.MANAGE.hasRole(role)}; } return objRoles; } finally { blockOnIO(); } }
Assert.assertEquals(getSecurityRoles(embeddedActiveMQ, "security_address").iterator().next().getName(), "b"); Assert.assertEquals(getSecurityRoles(embeddedActiveMQ, "security_address").iterator().next().getName(), "c"); Assert.assertEquals(getSecurityRoles(embeddedActiveMQ, "security_address").iterator().next().getName(), "c");
@Test public void testGetRoles() throws Exception { SimpleString address = RandomUtil.randomSimpleString(); SimpleString queue = RandomUtil.randomSimpleString(); Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean()); session.createQueue(address, queue, true); AddressControl addressControl = createManagementControl(address); Object[] roles = addressControl.getRoles(); Assert.assertEquals(0, roles.length); Set<Role> newRoles = new HashSet<>(); newRoles.add(role); server.getSecurityRepository().addMatch(address.toString(), newRoles); roles = addressControl.getRoles(); Assert.assertEquals(1, roles.length); Object[] r = (Object[]) roles[0]; Assert.assertEquals(role.getName(), r[0]); Assert.assertEquals(CheckType.SEND.hasRole(role), r[1]); Assert.assertEquals(CheckType.CONSUME.hasRole(role), r[2]); Assert.assertEquals(CheckType.CREATE_DURABLE_QUEUE.hasRole(role), r[3]); Assert.assertEquals(CheckType.DELETE_DURABLE_QUEUE.hasRole(role), r[4]); Assert.assertEquals(CheckType.CREATE_NON_DURABLE_QUEUE.hasRole(role), r[5]); Assert.assertEquals(CheckType.DELETE_NON_DURABLE_QUEUE.hasRole(role), r[6]); Assert.assertEquals(CheckType.MANAGE.hasRole(role), r[7]); session.deleteQueue(queue); }
@Test public void testGetRolesAsJSON() throws Exception { SimpleString address = RandomUtil.randomSimpleString(); SimpleString queue = RandomUtil.randomSimpleString(); Role role = new Role(RandomUtil.randomString(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean(), RandomUtil.randomBoolean()); session.createQueue(address, queue, true); AddressControl addressControl = createManagementControl(address); String jsonString = addressControl.getRolesAsJSON(); Assert.assertNotNull(jsonString); RoleInfo[] roles = RoleInfo.from(jsonString); Assert.assertEquals(0, roles.length); Set<Role> newRoles = new HashSet<>(); newRoles.add(role); server.getSecurityRepository().addMatch(address.toString(), newRoles); jsonString = addressControl.getRolesAsJSON(); Assert.assertNotNull(jsonString); roles = RoleInfo.from(jsonString); Assert.assertEquals(1, roles.length); RoleInfo r = roles[0]; Assert.assertEquals(role.getName(), roles[0].getName()); Assert.assertEquals(role.isSend(), r.isSend()); Assert.assertEquals(role.isConsume(), r.isConsume()); Assert.assertEquals(role.isCreateDurableQueue(), r.isCreateDurableQueue()); Assert.assertEquals(role.isDeleteDurableQueue(), r.isDeleteDurableQueue()); Assert.assertEquals(role.isCreateNonDurableQueue(), r.isCreateNonDurableQueue()); Assert.assertEquals(role.isDeleteNonDurableQueue(), r.isDeleteNonDurableQueue()); Assert.assertEquals(role.isManage(), r.isManage()); session.deleteQueue(queue); }