[jboss-cvs] JBoss Messaging SVN: r2257 - in trunk: src/main/org/jboss/jms/server/container and 5 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sat Feb 10 20:07:48 EST 2007
Author: ovidiu.feodorov at jboss.com
Date: 2007-02-10 20:07:47 -0500 (Sat, 10 Feb 2007)
New Revision: 2257
Modified:
trunk/src/main/org/jboss/jms/server/SecurityManager.java
trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java
trunk/src/main/org/jboss/jms/server/endpoint/ServerConnectionFactoryEndpoint.java
trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java
trunk/tests/build.xml
trunk/tests/src/org/jboss/test/messaging/tools/jmx/MockJBossSecurityManager.java
trunk/tests/src/org/jboss/test/thirdparty/jbosssx/SecurityAssociationTest.java
Log:
http://jira.jboss.org/jira/browse/JBMESSAGING-824
Modified: trunk/src/main/org/jboss/jms/server/SecurityManager.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/SecurityManager.java 2007-02-11 01:05:41 UTC (rev 2256)
+++ trunk/src/main/org/jboss/jms/server/SecurityManager.java 2007-02-11 01:07:47 UTC (rev 2257)
@@ -49,6 +49,11 @@
* Authenticate the specified user with the given password. Implementations are most likely to
* delegates to a JBoss AuthenticationManager.
*
+ * Successful autentication will place a new SubjectContext on thread local, which will be used
+ * in the authorization process. However, we need to make sure we clean up thread local
+ * immediately after we used the information, otherwise some other people security my be screwed
+ * up, on account of thread local security stack being corrupted.
+ *
* @throws JMSSecurityException if the user is not authenticated
*/
Subject authenticate(String user, String password) throws JMSSecurityException;
Modified: trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java 2007-02-11 01:05:41 UTC (rev 2256)
+++ trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java 2007-02-11 01:07:47 UTC (rev 2257)
@@ -39,6 +39,7 @@
import org.jboss.jms.server.endpoint.advised.SessionAdvised;
import org.jboss.jms.server.security.SecurityMetadata;
import org.jboss.logging.Logger;
+import org.jboss.security.SecurityAssociation;
/**
* This aspect enforces the JBossMessaging JMS security policy.
@@ -53,6 +54,7 @@
* milliseconds later.
*
* @author <a href="mailto:tim.fox at jboss.com">Tim Fox</a>
+ * @author <a href="mailto:ovidiu at jboss.org">Ovidiu Feodorov</a>
* @version <tt>$Revision 1.1 $</tt>
*
* $Id$
@@ -218,7 +220,7 @@
if (checkCached(dest, checkType))
{
- //Ok
+ // OK
return;
}
@@ -234,25 +236,36 @@
throw new JMSSecurityException("No security configuration avaliable for " + name);
}
- // Authenticate
+ // Authenticate. Successful autentication will place a new SubjectContext on thread local,
+ // which will be used in the authorization process. However, we need to make sure we clean up
+ // thread local immediately after we used the information, otherwise some other people
+ // security my be screwed up, on account of thread local security stack being corrupted.
+
sm.authenticate(conn.getUsername(), conn.getPassword());
// Authorize
Set principals = checkType == CheckType.READ ? securityMetadata.getReadPrincipals() :
checkType == CheckType.WRITE ? securityMetadata.getWritePrincipals() :
securityMetadata.getCreatePrincipals();
-
- if (!sm.authorize(conn.getUsername(), principals))
+ try
{
- String msg = "User: " + conn.getUsername() +
- " is not authorized to " +
- (checkType == CheckType.READ ? "read from" :
- checkType == CheckType.WRITE ? "write to" : "create durable sub on") +
- " destination " + name;
-
- throw new JMSSecurityException(msg);
+ if (!sm.authorize(conn.getUsername(), principals))
+ {
+ String msg = "User: " + conn.getUsername() +
+ " is not authorized to " +
+ (checkType == CheckType.READ ? "read from" :
+ checkType == CheckType.WRITE ? "write to" : "create durable sub on") +
+ " destination " + name;
+
+ throw new JMSSecurityException(msg);
+ }
}
-
+ finally
+ {
+ // pop the Messaging SecurityContext, it did its job
+ SecurityAssociation.popSubjectContext();
+ }
+
// if we get here we're granted, add to the cache
switch (checkType.type)
Modified: trunk/src/main/org/jboss/jms/server/endpoint/ServerConnectionFactoryEndpoint.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/endpoint/ServerConnectionFactoryEndpoint.java 2007-02-11 01:05:41 UTC (rev 2256)
+++ trunk/src/main/org/jboss/jms/server/endpoint/ServerConnectionFactoryEndpoint.java 2007-02-11 01:07:47 UTC (rev 2257)
@@ -40,6 +40,7 @@
import org.jboss.messaging.core.plugin.IDBlock;
import org.jboss.remoting.callback.Callback;
import org.jboss.remoting.callback.ServerInvokerCallbackHandler;
+import org.jboss.security.SecurityAssociation;
/**
* Concrete implementation of ConnectionFactoryEndpoint
@@ -186,9 +187,16 @@
{
log.debug("creating a new connection for user " + username);
- // authenticate the user
+ // Authenticate. Successful autentication will place a new SubjectContext on thread local,
+ // which will be used in the authorization process. However, we need to make sure we clean
+ // up thread local immediately after we used the information, otherwise some other people
+ // security my be screwed up, on account of thread local security stack being corrupted.
+
serverPeer.getSecurityManager().authenticate(username, password);
+ // We don't need the SubjectContext on thread local anymore, clean it up
+ SecurityAssociation.popSubjectContext();
+
// see if there is a preconfigured client id for the user
if (username != null)
{
Modified: trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java 2007-02-11 01:05:41 UTC (rev 2256)
+++ trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java 2007-02-11 01:07:47 UTC (rev 2257)
@@ -162,6 +162,9 @@
if (authenticationManager.isValid(principal, passwordChars, subject))
{
+ // Warning! This "taints" thread local. Make sure you pop it off the stack as soon as
+ // you're done with it.
+ SecurityActions.pushSubjectContext(principal, passwordChars, subject);
return subject;
}
else
Modified: trunk/tests/build.xml
===================================================================
--- trunk/tests/build.xml 2007-02-11 01:05:41 UTC (rev 2256)
+++ trunk/tests/build.xml 2007-02-11 01:07:47 UTC (rev 2257)
@@ -650,6 +650,7 @@
<exclude name="**/jms/manual/**/*Test.class"/>
<exclude name="**/jms/clustering/*Test.class"/>
<exclude name="**/thirdparty/remoting/ServerAddressTest.class"/>
+ <exclude name="org/jboss/test/thirdparty/jbosssx/SecurityAssociationTest.class"/>
</fileset>
</batchtest>
</junit>
Modified: trunk/tests/src/org/jboss/test/messaging/tools/jmx/MockJBossSecurityManager.java
===================================================================
--- trunk/tests/src/org/jboss/test/messaging/tools/jmx/MockJBossSecurityManager.java 2007-02-11 01:05:41 UTC (rev 2256)
+++ trunk/tests/src/org/jboss/test/messaging/tools/jmx/MockJBossSecurityManager.java 2007-02-11 01:07:47 UTC (rev 2257)
@@ -22,19 +22,28 @@
package org.jboss.test.messaging.tools.jmx;
import java.security.Principal;
+import java.security.acl.Group;
import java.util.Iterator;
import java.util.Set;
+import java.util.HashSet;
import javax.security.auth.Subject;
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.RealmMapping;
+import org.jboss.security.SecurityAssociation;
+import org.jboss.security.NobodyPrincipal;
+import org.jboss.security.AnybodyPrincipal;
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimplePrincipal;
-/* Mock Security manager for testing JMS security.
- *
- *
+
+/**
+ * Mock Security manager for testing JMS security.
+ *
* @author <a href="tim.fox at jboss.com">Tim Fox</a>
+ * @author <a href="mailto:ovidiu at jboss.org">Ovidiu Feodorov</a>
*
*/
public class MockJBossSecurityManager implements AuthenticationManager, RealmMapping
@@ -42,6 +51,8 @@
public static final String TEST_SECURITY_DOMAIN = "messaging-securitydomain";
private static final Logger log = Logger.getLogger(MockJBossSecurityManager.class);
+
+ private boolean simulateJBossJaasSecurityManager;
//Authentication Manager Implementation
@@ -55,48 +66,92 @@
throw new UnsupportedOperationException();
}
- public boolean isValid(Principal principal, Object credential,
- Subject activeSubject)
+ public boolean isValid(Principal principal, Object credential, Subject activeSubject)
{
if (log.isTraceEnabled()) { log.trace("principal:" + principal + " credential:" + credential); }
-
+
+ boolean isValid = false;
+
String username = principal == null ? null : principal.getName();
char[] passwordChars = (char[])credential;
String password = passwordChars == null ? null : new String(passwordChars);
-
+
if (username == null)
{
- return true;
- }
+ isValid = true;
+
+ if (isValid && simulateJBossJaasSecurityManager)
+ {
+ // modify the activeSubject, need to add to it its current roles
+ // TODO: this is currently impmented in a messy way, this and doesUserHaveRole()
+ // implementation must be coalesced
+ addRole(activeSubject, "guest");
+ }
+ }
else if ("guest".equals(username))
{
- return "guest".equals(password);
+ isValid = "guest".equals(password);
+
+ if (isValid && simulateJBossJaasSecurityManager)
+ {
+ // modify the activeSubject, need to add to it its current roles
+ // TODO: this is currently impmented in a messy way, this and doesUserHaveRole()
+ // implementation must be coalesced
+ addRole(activeSubject, "guest");
+ }
}
else if ("john".equals(username))
{
- return "needle".equals(password);
+ isValid = "needle".equals(password);
+
+ if (isValid && simulateJBossJaasSecurityManager)
+ {
+ // modify the activeSubject, need to add to it its current roles
+ // TODO: this is currently impmented in a messy way, this and doesUserHaveRole()
+ // implementation must be coalesced
+ addRole(activeSubject, "publisher");
+ addRole(activeSubject, "durpublisher");
+ addRole(activeSubject, "def");
+ }
}
else if ("nobody".equals(username))
{
- return "nobody".equals(password);
+ isValid = "nobody".equals(password);
+
+ if (isValid && simulateJBossJaasSecurityManager)
+ {
+ // modify the activeSubject, need to add to it its current roles
+ // TODO: this is currently impmented in a messy way, this and doesUserHaveRole()
+ // implementation must be coalesced
+ addRole(activeSubject, "noacc");
+ }
}
else if ("dynsub".equals(username))
{
- return "dynsub".equals(password);
+ isValid = "dynsub".equals(password);
+
+ if (isValid && simulateJBossJaasSecurityManager)
+ {
+ // modify the activeSubject, need to add to it its current roles
+ // TODO: this is currently impmented in a messy way, this and doesUserHaveRole()
+ // implementation must be coalesced
+ addRole(activeSubject, "publisher");
+ addRole(activeSubject, "durpublisher");
+ }
}
else
{
- return false;
+ isValid = false;
}
+
+ return isValid;
}
-
public Subject getActiveSubject()
{
throw new UnsupportedOperationException();
}
-
//RealmMapping implementation
public Principal getPrincipal(Principal principal)
@@ -118,46 +173,162 @@
return false;
}
-
public boolean doesUserHaveRole(Principal principal, Set roles)
- {
- String username = principal == null ? "guest" : principal.getName();
-
- if (log.isTraceEnabled())
+ {
+ // introduced the possiblity to "simulate" JaasSecurityManager behavior, which is ingnoring
+ // the principal passed as argument and looking at thread context for active subject; this
+ // would allow us to catch some problems earlier at functional testsuite level, and not
+ // wait for integration or smoke test. However, the "correct" place for this kind of test
+ // is at integration testsuite level.
+
+ if (simulateJBossJaasSecurityManager)
{
- log.trace("doesUserHaveRole:" + username);
- }
-
- if ("guest".equals(username))
- {
- return containsRole("guest", roles);
+ boolean hasRole = false;
+ // check that the caller is authenticated to the current thread
+ Subject subject = SecurityAssociation.getSubject();
+
+ if (subject != null)
+ {
+ // Check the caller's roles
+ Group subjectRoles = getSubjectRoles(subject);
+ if (subjectRoles != null)
+ {
+ Iterator iter = roles.iterator();
+ while (!hasRole && iter.hasNext())
+ {
+ Principal role = (Principal)iter.next();
+ hasRole = doesRoleGroupHaveRole(role, subjectRoles);
+ }
+ }
+ }
+ return hasRole;
}
- else if ("john".equals(username))
+ else
{
- return containsRole("publisher", roles) ||
- containsRole("durpublisher", roles) ||
- containsRole("def", roles);
- }
- else if ("dynsub".equals(username))
- {
- return containsRole("publisher", roles)||
+ // "alternate" MockJBossSecurityManager behavior, we actually look at 'principal' passed as
+ // parameter
+
+ String username = principal == null ? "guest" : principal.getName();
+
+ if (log.isTraceEnabled())
+ {
+ log.trace("doesUserHaveRole:" + username);
+ }
+
+ if ("guest".equals(username))
+ {
+ return containsRole("guest", roles);
+ }
+ else if ("john".equals(username))
+ {
+ return containsRole("publisher", roles) ||
+ containsRole("durpublisher", roles) ||
+ containsRole("def", roles);
+ }
+ else if ("dynsub".equals(username))
+ {
+ return containsRole("publisher", roles)||
containsRole("durpublisher", roles);
+ }
+ else if ("nobody".equals(username))
+ {
+ return containsRole("noacc", roles);
+ }
+ else
+ {
+ return false;
+ }
}
- else if ("nobody".equals(username))
+ }
+
+ public Set getUserRoles(Principal principal)
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ public void setSimulateJBossJaasSecurityManager(boolean b)
+ {
+ simulateJBossJaasSecurityManager = b;
+ }
+
+ public boolean isSimulateJBossJaasSecurityManager()
+ {
+ return simulateJBossJaasSecurityManager;
+ }
+
+ /**
+ * Copied from JaasSecurityManager.
+ */
+ private Group getSubjectRoles(Subject subject)
+ {
+ Set subjectGroups = subject.getPrincipals(Group.class);
+ Iterator iter = subjectGroups.iterator();
+ Group roles = null;
+ while (iter.hasNext())
{
- return containsRole("noacc", roles);
+ Group grp = (Group)iter.next();
+ String name = grp.getName();
+ if (name.equals("Roles"))
+ {
+ roles = grp;
+ }
}
- else
+ return roles;
+ }
+
+ /**
+ * Copied from JaasSecurityManager.
+ */
+ private boolean doesRoleGroupHaveRole(Principal role, Group userRoles)
+ {
+ // First check that role is not a NobodyPrincipal
+ if (role instanceof NobodyPrincipal)
{
return false;
}
-
+
+ // Check for inclusion in the user's role set
+ boolean isMember = userRoles.isMember(role);
+ if (!isMember)
+ {
+ // Check the AnybodyPrincipal special cases
+ isMember = (role instanceof AnybodyPrincipal);
+ }
+
+ return isMember;
}
-
- public Set getUserRoles(Principal principal)
+ private void addRole(Subject subject, String role)
{
- throw new UnsupportedOperationException();
+ Set groups = subject.getPrincipals(Group.class);
+
+ if(groups == null || groups.isEmpty())
+ {
+ Group g = new SimpleGroup("Roles");
+ subject.getPrincipals().add(g);
+ groups = new HashSet();
+ groups.add(g);
+ }
+
+ Group roles = null;
+
+ for(Iterator i = groups.iterator(); i.hasNext(); )
+ {
+ Group g = (Group)i.next();
+ if ("Roles".equals(g.getName()))
+ {
+ roles = g;
+ }
+ }
+
+ if (roles == null)
+ {
+ roles = new SimpleGroup("Roles");
+ subject.getPrincipals().add(roles);
+ }
+
+ roles.addMember(new SimplePrincipal(role));
+
}
}
\ No newline at end of file
Modified: trunk/tests/src/org/jboss/test/thirdparty/jbosssx/SecurityAssociationTest.java
===================================================================
--- trunk/tests/src/org/jboss/test/thirdparty/jbosssx/SecurityAssociationTest.java 2007-02-11 01:05:41 UTC (rev 2256)
+++ trunk/tests/src/org/jboss/test/thirdparty/jbosssx/SecurityAssociationTest.java 2007-02-11 01:07:47 UTC (rev 2257)
@@ -23,6 +23,7 @@
import org.jboss.test.messaging.MessagingTestCase;
import org.jboss.test.messaging.tools.ServerManagement;
+import org.jboss.test.messaging.tools.jmx.MockJBossSecurityManager;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SimplePrincipal;
@@ -45,6 +46,8 @@
* This is just a safety layer, full fledged security tests should be present in the integration
* test suite.
*
+ * Tests contained by this class are supposed to run only in local environment.
+ *
* @author <a href="mailto:ovidiu at jboss.org">Ovidiu Feodorov</a>
* @version <tt>$Revision$</tt>
* $Id$
@@ -73,6 +76,11 @@
*/
public void testSecurityAssociation() throws Exception
{
+ if(ServerManagement.isRemote())
+ {
+ fail("This test is supposed to be run in a local configuration");
+ }
+
ConnectionFactory cf = (ConnectionFactory)ic.lookup("/ConnectionFactory");
Queue queue = (Queue)ic.lookup("/queue/TestQueue");
@@ -134,12 +142,176 @@
}
}
+ /**
+ * Test for http://jira.jboss.org/jira/browse/JBMESSAGING-824
+ *
+ * Send a message to a queue that requires write permissions, and make sure the thread local
+ * SecurityContext stack is correctly cleaned up after that. We're using a test security
+ * manager that simulates a JBoss JaasSecurityManager.
+ *
+ */
+ public void testGuestAuthorizedSend() throws Exception
+ {
+ if(ServerManagement.isRemote())
+ {
+ fail("This test is supposed to be run in a local configuration");
+ }
+
+ MockJBossSecurityManager sm =
+ (MockJBossSecurityManager)ic.lookup(MockJBossSecurityManager.TEST_SECURITY_DOMAIN);
+ assertTrue(sm.isSimulateJBossJaasSecurityManager());
+
+ ConnectionFactory cf = (ConnectionFactory)ic.lookup("/ConnectionFactory");
+ Queue queue = (Queue)ic.lookup("/queue/SecureTestQueue");
+
+ Principal nabopolassar = new SimplePrincipal("nabopolassar");
+ Set principals = new HashSet();
+ principals.add(nabopolassar);
+ Subject subject =
+ new Subject(false, principals, Collections.EMPTY_SET, Collections.EMPTY_SET);
+ Principal nebuchadrezzar = new SimplePrincipal("nebuchadrezzar");
+
+ SecurityAssociation.pushSubjectContext(subject, nebuchadrezzar, "xexe");
+
+ Connection conn = null;
+
+ try
+ {
+ conn = cf.createConnection();
+ conn.start();
+
+ Session session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+
+ MessageProducer prod = session.createProducer(queue);
+ MessageConsumer cons = session.createConsumer(queue);
+
+ TextMessage m = session.createTextMessage("floccinaucinihilipilification");
+
+ prod.send(m);
+
+ TextMessage rm = (TextMessage)cons.receive(5000);
+
+ assertEquals("floccinaucinihilipilification", rm.getText());
+
+ SecurityAssociation.SubjectContext context = SecurityAssociation.popSubjectContext();
+
+ Subject s = context.getSubject();
+ assertNotNull(s);
+ Set ps = s.getPrincipals();
+ assertNotNull(ps);
+ assertEquals(1, ps.size());
+ Principal p = (Principal)ps.iterator().next();
+ assertTrue(p instanceof SimplePrincipal);
+ assertEquals("nabopolassar", ((SimplePrincipal)p).getName());
+
+ p = context.getPrincipal();
+ assertNotNull(p);
+ assertTrue(p instanceof SimplePrincipal);
+ assertEquals("nebuchadrezzar", ((SimplePrincipal)p).getName());
+
+ Object o = context.getCredential();
+ assertNotNull(o);
+ assertEquals("xexe", o);
+ }
+ finally
+ {
+ if (conn != null)
+ {
+ conn.close();
+ }
+ }
+ }
+
+ /**
+ * Test for http://jira.jboss.org/jira/browse/JBMESSAGING-824
+ *
+ * Send a message to a queue that requires write permissions, and make sure the thread local
+ * SecurityContext stack is correctly cleaned up after that. We're using a test security
+ * manager that simulates a JBoss JaasSecurityManager.
+ */
+ public void testAuthorizedSend() throws Exception
+ {
+ if(ServerManagement.isRemote())
+ {
+ fail("This test is supposed to be run in a local configuration");
+ }
+
+ MockJBossSecurityManager sm =
+ (MockJBossSecurityManager)ic.lookup(MockJBossSecurityManager.TEST_SECURITY_DOMAIN);
+ assertTrue(sm.isSimulateJBossJaasSecurityManager());
+
+ ConnectionFactory cf = (ConnectionFactory)ic.lookup("/ConnectionFactory");
+ Queue queue = (Queue)ic.lookup("/queue/SecureTestQueue");
+
+ Principal nabopolassar = new SimplePrincipal("nabopolassar");
+ Set principals = new HashSet();
+ principals.add(nabopolassar);
+ Subject subject =
+ new Subject(false, principals, Collections.EMPTY_SET, Collections.EMPTY_SET);
+ Principal nebuchadrezzar = new SimplePrincipal("nebuchadrezzar");
+
+ SecurityAssociation.pushSubjectContext(subject, nebuchadrezzar, "xexe");
+
+ Connection conn = null;
+
+ try
+ {
+ conn = cf.createConnection("john", "needle");
+ conn.start();
+
+ Session session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+
+ MessageProducer prod = session.createProducer(queue);
+ MessageConsumer cons = session.createConsumer(queue);
+
+ TextMessage m = session.createTextMessage("floccinaucinihilipilification");
+
+ prod.send(m);
+
+ TextMessage rm = (TextMessage)cons.receive(5000);
+
+ assertEquals("floccinaucinihilipilification", rm.getText());
+
+ SecurityAssociation.SubjectContext context = SecurityAssociation.popSubjectContext();
+
+ Subject s = context.getSubject();
+ assertNotNull(s);
+ Set ps = s.getPrincipals();
+ assertNotNull(ps);
+ assertEquals(1, ps.size());
+ Principal p = (Principal)ps.iterator().next();
+ assertTrue(p instanceof SimplePrincipal);
+ assertEquals("nabopolassar", ((SimplePrincipal)p).getName());
+
+ p = context.getPrincipal();
+ assertNotNull(p);
+ assertTrue(p instanceof SimplePrincipal);
+ assertEquals("nebuchadrezzar", ((SimplePrincipal)p).getName());
+
+ Object o = context.getCredential();
+ assertNotNull(o);
+ assertEquals("xexe", o);
+ }
+ finally
+ {
+ if (conn != null)
+ {
+ conn.close();
+ }
+ }
+ }
+
// Package protected ----------------------------------------------------------------------------
// Protected ------------------------------------------------------------------------------------
protected void setUp() throws Exception
{
+ if(ServerManagement.isRemote())
+ {
+ fail("This test is supposed to be run in a local configuration");
+ }
+
super.setUp();
ServerManagement.start("all");
@@ -148,6 +320,25 @@
ServerManagement.deployQueue("TestQueue");
+ ServerManagement.deployQueue("SecureTestQueue");
+
+ final String secureQueueConfig =
+ "<security>" +
+ "<role name=\"publisher\" read=\"true\" write=\"true\" create=\"false\"/>" +
+ "<role name=\"guest\" read=\"true\" write=\"true\" create=\"false\"/>" +
+ "</security>";
+ ServerManagement.configureSecurityForDestination("SecureTestQueue", secureQueueConfig);
+
+ // make MockSecurityManager simulate JaasSecurityManager behavior. This is the whole point
+ // of this test, to catch JBoss AS integreation failure before the integration test suite
+ // does. However, this MUST NOT be a replacement for integration tests, it's just an
+ // additional safety layer.
+
+ MockJBossSecurityManager sm =
+ (MockJBossSecurityManager)ic.lookup(MockJBossSecurityManager.TEST_SECURITY_DOMAIN);
+
+ sm.setSimulateJBossJaasSecurityManager(true);
+
log.debug("setup done");
}
@@ -155,6 +346,13 @@
{
ServerManagement.undeployQueue("TestQueue");
+ ServerManagement.undeployQueue("SecureTestQueue");
+
+ MockJBossSecurityManager sm =
+ (MockJBossSecurityManager)ic.lookup(MockJBossSecurityManager.TEST_SECURITY_DOMAIN);
+
+ sm.setSimulateJBossJaasSecurityManager(false);
+
ic.close();
super.tearDown();
More information about the jboss-cvs-commits
mailing list