[jboss-cvs] JBoss Messaging SVN: r3989 - in trunk: src/etc/server/default/deploy and 14 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Apr 2 08:52:58 EDT 2008
Author: ataylor
Date: 2008-04-02 08:52:57 -0400 (Wed, 02 Apr 2008)
New Revision: 3989
Added:
trunk/src/etc/server/default/deploy/jbm-security.xml
trunk/src/main/org/jboss/messaging/core/deployers/impl/SecurityManagerDeployer.java
trunk/src/main/org/jboss/messaging/core/security/JBMSecurityManager.java
trunk/src/main/org/jboss/messaging/core/security/JBMUpdateableSecurityManager.java
trunk/src/main/org/jboss/messaging/core/security/impl/JAASSecurityManager.java
trunk/src/main/org/jboss/messaging/core/security/impl/JBMSecurityManagerImpl.java
trunk/tests/src/org/jboss/messaging/core/deployers/impl/test/unit/SecurityManagerDeployerTest.java
trunk/tests/src/org/jboss/messaging/core/security/
trunk/tests/src/org/jboss/messaging/core/security/impl/
trunk/tests/src/org/jboss/messaging/core/security/impl/test/
trunk/tests/src/org/jboss/messaging/core/security/impl/test/unit/
trunk/tests/src/org/jboss/messaging/core/security/impl/test/unit/JAASSecurityManagerTest.java
trunk/tests/src/org/jboss/messaging/core/security/impl/test/unit/JBMSecurityManagerImplTest.java
trunk/tests/src/org/jboss/messaging/core/security/impl/test/unit/SecurityStoreImplTest.java
Removed:
trunk/src/main/org/jboss/messaging/core/security/impl/NullAuthenticationManager.java
trunk/src/main/org/jboss/messaging/microcontainer/ServiceLocator.java
trunk/tests/etc/container-qalab.xml
trunk/tests/etc/container.xml
trunk/tests/etc/persistencemanager.xml
Modified:
trunk/build-messaging.xml
trunk/src/etc/server/default/deploy/jbm-beans.xml
trunk/src/main/org/jboss/messaging/core/security/SecurityStore.java
trunk/src/main/org/jboss/messaging/core/security/impl/SecurityStoreImpl.java
trunk/src/main/org/jboss/messaging/core/server/impl/MessagingServerImpl.java
trunk/tests/src/org/jboss/test/messaging/JBMServerTestCase.java
trunk/tests/src/org/jboss/test/messaging/tools/container/MockJBossSecurityManager.java
trunk/tests/src/org/jboss/test/messaging/tools/container/ServiceContainer.java
Log:
new security manager to abstract away the JAAS Authentication Manager and allow us to use a simple file security if needed. also tidied up some files.
Modified: trunk/build-messaging.xml
===================================================================
--- trunk/build-messaging.xml 2008-04-02 10:14:56 UTC (rev 3988)
+++ trunk/build-messaging.xml 2008-04-02 12:52:57 UTC (rev 3989)
@@ -287,6 +287,8 @@
todir="${jboss.home}/server/${jboss.config}/conf"/>
<copy file="${source.etc}/server/default/deploy/queues.xml"
todir="${jboss.home}/server/${jboss.config}/conf"/>
+ <copy file="${source.etc}/server/default/deploy/jbm-security.xml"
+ todir="${jboss.home}/server/${jboss.config}/conf"/>
<copy
todir="${jboss.home}/server/${jboss.config}/deploy/messaging.sar">
<fileset dir="${build.sar}"/>
@@ -337,7 +339,7 @@
<!--<copy todir="${build.sar}" file="${source.etc}/server/default/deploy/jbm-configuration.xml"/>-->
<copy todir="${build.sar}">
<fileset dir="${project.thirdparty}/apache-mina/lib">
- <include name="mina-core.jar"/>
+ <include name="mina-core-2.0.0-M1.jar"/>
</fileset>
<fileset dir="${project.thirdparty}/slf4j/api/lib">
<include name="**.jar"/>
@@ -480,6 +482,7 @@
<include name="org/jboss/jms/wireformat/*.class"/>
<include name="org/jboss/messaging/util/**/*.class"/>
<include name="org/jboss/messaging/core/impl/message/**/*.class"/>
+ <include name="org/jboss/messaging/jms/**/*.class"/>
<include name="org/jboss/messaging/core/contract/**/*.class"/>
<include name="org/jboss/messaging/core/remoting/**/*.class"/>
<include name="org/jboss/messaging/core/**/*.class"/>
Modified: trunk/src/etc/server/default/deploy/jbm-beans.xml
===================================================================
--- trunk/src/etc/server/default/deploy/jbm-beans.xml 2008-04-02 10:14:56 UTC (rev 3988)
+++ trunk/src/etc/server/default/deploy/jbm-beans.xml 2008-04-02 12:52:57 UTC (rev 3989)
@@ -4,8 +4,23 @@
<bean name="Configuration" class="org.jboss.messaging.core.config.impl.FileConfiguration"/>
- <bean name="ServiceLocator" class="org.jboss.messaging.microcontainer.ServiceLocator"/>
+ <bean name="JBMSecurityManager" class="org.jboss.messaging.core.security.impl.JAASSecurityManager"/>
+ <!-- <bean name="JBMSecurityManager" class="org.jboss.messaging.core.security.impl.JBMSecurityManagerImpl">
+ <constructor>
+ <parameter>false</parameter>
+ </constructor>
+ </bean>
+
+ <bean name="SecurityManagerDeployer" class="org.jboss.messaging.core.deployers.impl.SecurityManagerDeployer">
+ <property name="jbmSecurityManager">
+ <inject bean="JBMSecurityManager"/>
+ </property>
+ <property name="messagingServer">
+ <inject bean="MessagingServer"/>
+ </property>
+ </bean>-->
+
<bean name="MessagingServerManagement" class="org.jboss.messaging.core.management.impl.MessagingServerManagementImpl">
<annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss.messaging:service=MessagingServerManagement", exposedInterface=org.jboss.messaging.core.management.MessagingServerManagement.class)</annotation>
<property name="messagingServer">
@@ -23,8 +38,8 @@
<property name="configuration">
<inject bean="Configuration"/>
</property>
- <property name="authenticationManager">
- <inject bean="ServiceLocator" property="authenticationManager"/>
+ <property name="securityManager">
+ <inject bean="JBMSecurityManager"/>
</property>
</bean>
Added: trunk/src/etc/server/default/deploy/jbm-security.xml
===================================================================
--- trunk/src/etc/server/default/deploy/jbm-security.xml (rev 0)
+++ trunk/src/etc/server/default/deploy/jbm-security.xml 2008-04-02 12:52:57 UTC (rev 3989)
@@ -0,0 +1,5 @@
+<deployment>
+ <user name="guest" password="guest">
+ <role name="guest"/>
+ </user>
+</deployment>
\ No newline at end of file
Added: trunk/src/main/org/jboss/messaging/core/deployers/impl/SecurityManagerDeployer.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/deployers/impl/SecurityManagerDeployer.java (rev 0)
+++ trunk/src/main/org/jboss/messaging/core/deployers/impl/SecurityManagerDeployer.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -0,0 +1,100 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.messaging.core.deployers.impl;
+
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.jboss.messaging.core.security.JBMSecurityManager;
+import org.jboss.messaging.core.security.JBMUpdateableSecurityManager;
+import org.jboss.messaging.core.security.impl.JBMSecurityManagerImpl;
+import org.jboss.messaging.core.server.MessagingServer;
+
+/**
+ * deployer for adding security loaded from the file "jbm-security.xml"
+ * @author <a href="ataylor at redhat.com">Andy Taylor</a>
+ */
+public class SecurityManagerDeployer extends XmlDeployer
+{
+ private JBMUpdateableSecurityManager jbmSecurityManager;
+ private MessagingServer messagingServer;
+ private static final String PASSWORD_ATTRIBUTE = "password";
+ private static final String ROLES_NODE = "role";
+ private static final String ROLE_ATTR_NAME = "name";
+
+ public String[] getElementTagName()
+ {
+ return new String[]{"user"};
+ }
+
+ public void deploy(Node node) throws Exception
+ {
+ String username = node.getAttributes().getNamedItem(getKeyAttribute()).getNodeValue();
+ String password = node.getAttributes().getNamedItem(PASSWORD_ATTRIBUTE).getNodeValue();
+ //add the user
+ jbmSecurityManager.addUser(username, password);
+ NodeList children = node.getChildNodes();
+ for (int i = 0; i < children.getLength(); i++)
+ {
+ Node child = children.item(i);
+ //and add any roles
+ if (ROLES_NODE.equalsIgnoreCase(child.getNodeName()))
+ {
+ String role = child.getAttributes().getNamedItem(ROLE_ATTR_NAME).getNodeValue();
+ jbmSecurityManager.addRole(username, role);
+ }
+ }
+ }
+
+ public void undeploy(Node node) throws Exception
+ {
+ String username = node.getAttributes().getNamedItem(getKeyAttribute()).getNodeValue();
+ jbmSecurityManager.removeUser(username);
+ }
+
+ public String getConfigFileName()
+ {
+ return "jbm-security.xml";
+ }
+
+ public void setJbmSecurityManager(JBMUpdateableSecurityManager jbmSecurityManager)
+ {
+ this.jbmSecurityManager = jbmSecurityManager;
+ }
+
+ public void setMessagingServer(MessagingServer messagingServer)
+ {
+ this.messagingServer = messagingServer;
+ }
+
+ //register with the deploymenmt manager
+ public void start() throws Exception
+ {
+ super.start();
+ messagingServer.getDeploymentManager().registerDeployer(this);
+ }
+
+ public void stop() throws Exception
+ {
+ super.stop();
+ messagingServer.getDeploymentManager().unregisterDeployer(this);
+ }
+}
Added: trunk/src/main/org/jboss/messaging/core/security/JBMSecurityManager.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/security/JBMSecurityManager.java (rev 0)
+++ trunk/src/main/org/jboss/messaging/core/security/JBMSecurityManager.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -0,0 +1,31 @@
+package org.jboss.messaging.core.security;
+
+import org.jboss.messaging.core.exception.MessagingException;
+
+import java.util.HashSet;
+
+/**
+ * USe to validate whether a user has is valid to connect to the server and perform certain functions
+ * @author <a href="ataylor at redhat.com">Andy Taylor</a>
+ */
+public interface JBMSecurityManager
+{
+ /**
+ * is this a valid user.
+ * @param user the user
+ * @param password the users password
+ * @return true if a valid user
+ */
+ boolean validateUser(String user, String password);
+
+ /**
+ * is this a valid user and do they have the correct role
+ *
+ * @param user the user
+ * @param password the users password
+ * @param roles the roles the user has
+ * @param checkType the type of check to perform
+ * @return true if the user is valid and they have the correct roles
+ */
+ boolean validateUserAndRole(String user, String password,HashSet<Role> roles, CheckType checkType);
+}
Added: trunk/src/main/org/jboss/messaging/core/security/JBMUpdateableSecurityManager.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/security/JBMUpdateableSecurityManager.java (rev 0)
+++ trunk/src/main/org/jboss/messaging/core/security/JBMUpdateableSecurityManager.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -0,0 +1,36 @@
+package org.jboss.messaging.core.security;
+
+/**
+ * extends JBMSecurityManager to allow the addition and removal of users and roles.
+ *
+ * @author <a href="ataylor at redhat.com">Andy Taylor</a>
+ */
+public interface JBMUpdateableSecurityManager extends JBMSecurityManager
+{
+ /**
+ * adds a new user
+ * @param user the user to add
+ * @param password theusers password
+ */
+ void addUser(String user, String password);
+
+ /**
+ * removes a user and any roles they may have.
+ * @param user the user to remove
+ */
+ void removeUser(String user);
+
+ /**
+ * adds a new role for a user.
+ * @param user the user
+ * @param role the role to add
+ */
+ void addRole(String user, String role);
+
+ /**
+ * removes a role from a user
+ * @param user the user
+ * @param role the role to remove
+ */
+ void removeRole(String user, String role);
+}
Modified: trunk/src/main/org/jboss/messaging/core/security/SecurityStore.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/security/SecurityStore.java 2008-04-02 10:14:56 UTC (rev 3988)
+++ trunk/src/main/org/jboss/messaging/core/security/SecurityStore.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -37,7 +37,7 @@
*/
public interface SecurityStore
{
- Subject authenticate(String user, String password) throws Exception;
+ void authenticate(String user, String password) throws Exception;
void check(String address, CheckType checkType, ServerConnection conn) throws Exception;
Added: trunk/src/main/org/jboss/messaging/core/security/impl/JAASSecurityManager.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/security/impl/JAASSecurityManager.java (rev 0)
+++ trunk/src/main/org/jboss/messaging/core/security/impl/JAASSecurityManager.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -0,0 +1,157 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.messaging.core.security.impl;
+
+import org.jboss.messaging.core.security.JBMSecurityManager;
+import org.jboss.messaging.core.security.Role;
+import org.jboss.messaging.core.security.CheckType;
+import org.jboss.messaging.core.logging.Logger;
+import org.jboss.messaging.core.exception.MessagingException;
+import org.jboss.security.RealmMapping;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.AuthenticationManager;
+
+import javax.security.auth.Subject;
+import javax.naming.InitialContext;
+import java.util.HashSet;
+import java.util.Set;
+import java.security.Principal;
+
+/**
+ * This implementation delegates to the a real JAAS Authentication Manager and will typically be used within an appserver
+ * and it up via jndi.
+ *
+ * @author <a href="ataylor at redhat.com">Andy Taylor</a>
+ */
+public class JAASSecurityManager implements JBMSecurityManager
+{
+ private static final Logger log = Logger.getLogger(JAASSecurityManager.class);
+
+ // Static --------------------------------------------------------
+
+ // Attributes ----------------------------------------------------
+
+ private boolean trace = log.isTraceEnabled();
+
+ /**
+ * the realmmapping
+ */
+ RealmMapping realmMapping;
+
+ /**
+ * the JAAS Authentication Manager
+ */
+ AuthenticationManager authenticationManager;
+
+ /**
+ * The JNDI name of the AuthenticationManager(and RealmMapping since they are the same object).
+ */
+ private String securityDomainName = "java:/jaas/messaging";
+
+ public boolean validateUser(String user, String password)
+ {
+ SimplePrincipal principal = new SimplePrincipal(user);
+
+ char[] passwordChars = null;
+
+ if (password != null)
+ {
+ passwordChars = password.toCharArray();
+ }
+
+ Subject subject = new Subject();
+
+ return authenticationManager.isValid(principal, passwordChars, subject);
+ }
+
+ public boolean validateUserAndRole(String user, String password, HashSet<Role> roles, CheckType checkType)
+ {
+ SimplePrincipal principal = user == null? null:new SimplePrincipal(user);
+
+ char[] passwordChars = null;
+
+ if (password != null)
+ {
+ passwordChars = password.toCharArray();
+ }
+
+ Subject subject = new Subject();
+
+ boolean authenticated = authenticationManager.isValid(principal, passwordChars, subject);
+ // Authenticate. Successful authentication will place a new SubjectContext on thread local,
+ // which will be used in the authorization process. However, we need to make sure we clean up
+ // thread local immediately after we used the information, otherwise some other people
+ // security my be screwed up, on account of thread local security stack being corrupted.
+ if(authenticated)
+ {
+ SecurityActions.pushSubjectContext(principal, passwordChars, subject);
+ Set rolePrincipals = getRolePrincipals(checkType, roles);
+
+ authenticated = realmMapping.doesUserHaveRole(principal, rolePrincipals);
+
+ if (trace) { log.trace("user " + user + (authenticated ? " is " : " is NOT ") + "authorized"); }
+ SecurityActions.popSubjectContext();
+ }
+ return authenticated;
+ }
+
+ private Set getRolePrincipals(CheckType checkType, HashSet<Role> roles)
+ {
+ Set<SimplePrincipal> principals = new HashSet<SimplePrincipal>();
+ for (Role role : roles)
+ {
+ if((checkType.equals(CheckType.CREATE) && role.isCreate()) ||
+ (checkType.equals(CheckType.WRITE) && role.isWrite()) ||
+ (checkType.equals(CheckType.READ) && role.isRead()))
+ {
+ principals.add(new SimplePrincipal(role.getName()));
+ }
+ }
+ return principals;
+ }
+
+ public void setRealmMapping(RealmMapping realmMapping)
+ {
+ this.realmMapping = realmMapping;
+ }
+
+ public void setAuthenticationManager(AuthenticationManager authenticationManager)
+ {
+ this.authenticationManager = authenticationManager;
+ }
+
+ /**
+ * lifecycle method, needs to be called
+ * @throws Exception
+ */
+ public void start() throws Exception
+ {
+ InitialContext ic = new InitialContext();
+ authenticationManager = (AuthenticationManager)ic.lookup(securityDomainName);
+ realmMapping = (RealmMapping) authenticationManager;
+ }
+
+ public void setSecurityDomainName(String securityDomainName)
+ {
+ this.securityDomainName = securityDomainName;
+ }
+}
Added: trunk/src/main/org/jboss/messaging/core/security/impl/JBMSecurityManagerImpl.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/security/impl/JBMSecurityManagerImpl.java (rev 0)
+++ trunk/src/main/org/jboss/messaging/core/security/impl/JBMSecurityManagerImpl.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -0,0 +1,186 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.messaging.core.security.impl;
+
+import org.jboss.messaging.core.security.JBMSecurityManager;
+import org.jboss.messaging.core.security.Role;
+import org.jboss.messaging.core.security.CheckType;
+import org.jboss.messaging.core.security.JBMUpdateableSecurityManager;
+import org.jboss.messaging.core.logging.Logger;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.HashSet;
+import java.util.ArrayList;
+
+/**
+ * A basic implementation of the JBMUpdateableSecurityManager. This can be used within an appserver and be deployed by
+ * SecurityManagerDeployer or used standalone or embedded.
+ *
+ * @author <a href="ataylor at redhat.com">Andy Taylor</a>
+ */
+public class JBMSecurityManagerImpl implements JBMUpdateableSecurityManager
+{
+ private static final Logger log = Logger.getLogger(JBMSecurityManagerImpl.class);
+
+ // Static --------------------------------------------------------
+
+ // Attributes ----------------------------------------------------
+
+ private boolean trace = log.isTraceEnabled();
+
+ /**
+ * the current valid users
+ */
+ HashMap<String, User> users = new HashMap<String, User>();
+
+ /**
+ * the roles for the users
+ */
+ HashMap<String, List<String>> roles = new HashMap<String, List<String>>();
+
+ public JBMSecurityManagerImpl(boolean addGuestRole)
+ {
+ if (addGuestRole)
+ {
+ //add some default roles!!
+ users.put("guest", new User("guest", "guest"));
+ ArrayList<String> roles = new ArrayList<String>();
+ roles.add("guest");
+ this.roles.put("guest", roles);
+ }
+ }
+
+ public boolean validateUser(String user, String password)
+ {
+ User theUser = users.get(user == null?"guest":user);
+ return theUser != null && theUser.getPassword().equals(password == null?"guest":password);
+ }
+
+ public boolean validateUserAndRole(String user, String password, HashSet<Role> roles, CheckType checkType)
+ {
+ if(validateUser(user, password))
+ {
+ List<String> availableRoles = this.roles.get(user == null?"guest":user);
+ for (String availableRole : availableRoles)
+ {
+ if (roles != null)
+ {
+ for (Role role : roles)
+ {
+ if(role.getName().equals(availableRole) && role.isCheckType(checkType))
+ {
+ return true;
+ }
+ }
+ }
+ }
+ }
+ return false;
+ }
+
+ public void addUser(String user, String password)
+ {
+ if(user == null)
+ {
+ throw new IllegalArgumentException("User cannot be null");
+ }
+ if(password == null)
+ {
+ throw new IllegalArgumentException("password cannot be null");
+ }
+ users.put(user, new User(user,password));
+ }
+
+ public void removeUser(String user)
+ {
+ users.remove(user);
+ roles.remove(user);
+ }
+
+ public void addRole(String user, String role)
+ {
+ if(roles.get(user) == null)
+ {
+ roles.put(user, new ArrayList<String>());
+ }
+ roles.get(user).add(role);
+ }
+
+ public void removeRole(String user, String role)
+ {
+ if(roles.get(user) == null)
+ {
+ return;
+ }
+ roles.get(user).remove(role);
+ }
+
+ class User
+ {
+ String user;
+ String password;
+
+ User(String user, String password)
+ {
+ this.user = user;
+ this.password = password;
+ }
+
+ public boolean equals(Object o)
+ {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ User user1 = (User) o;
+
+ if (!user.equals(user1.user)) return false;
+
+ return true;
+ }
+
+ public int hashCode()
+ {
+ return user.hashCode();
+ }
+
+ public String getUser()
+ {
+ return user;
+ }
+
+ public void setUser(String user)
+ {
+ this.user = user;
+ }
+
+ public String getPassword()
+ {
+ return password;
+ }
+
+ public void setPassword(String password)
+ {
+ this.password = password;
+ }
+ }
+}
Deleted: trunk/src/main/org/jboss/messaging/core/security/impl/NullAuthenticationManager.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/security/impl/NullAuthenticationManager.java 2008-04-02 10:14:56 UTC (rev 3988)
+++ trunk/src/main/org/jboss/messaging/core/security/impl/NullAuthenticationManager.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -1,84 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.messaging.core.security.impl;
-
-import java.security.Principal;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
-import org.jboss.security.RealmMapping;
-
-/**
- * This is an implementation of AuthenticationManager and RealmMapping to use when we run embedded. The one we use when in jBoss
- * is not available. currently this does not have any functionality. A user can
- * provide their own implementation if security is needed
- * @author <a href="ataylor at redhat.com">Andy Taylor</a>
- */
-public class NullAuthenticationManager implements org.jboss.security.AuthenticationManager, RealmMapping
-{
- public String getSecurityDomain()
- {
- return "messaging";
- }
-
- public boolean isValid(Principal principal, Object object)
- {
- return true;
- }
-
- public boolean isValid(Principal principal, Object object, Subject subject)
- {
- return true;
- }
-
- public Subject getActiveSubject()
- {
- return null;
- }
-
- public Principal getPrincipal(Principal principal)
- {
- return null;
- }
-
- public boolean doesUserHaveRole(Principal principal, Set set)
- {
- return true;
- }
-
- public Set getUserRoles(Principal principal)
- {
- return null;
- }
-
- public boolean isValid(javax.security.auth.message.MessageInfo messageInfo, Subject subject, String string)
- {
- return false; //To change body of implemented methods use File | Settings | File Templates.
- }
-
- public Principal getTargetPrincipal(Principal principal, Map<String, Object> map)
- {
- return null; //To change body of implemented methods use File | Settings | File Templates.
- }
-}
Modified: trunk/src/main/org/jboss/messaging/core/security/impl/SecurityStoreImpl.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/security/impl/SecurityStoreImpl.java 2008-04-02 10:14:56 UTC (rev 3988)
+++ trunk/src/main/org/jboss/messaging/core/security/impl/SecurityStoreImpl.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -21,24 +21,19 @@
*/
package org.jboss.messaging.core.security.impl;
-import java.security.Principal;
import java.util.HashSet;
import java.util.Set;
-import javax.security.auth.Subject;
-
import org.jboss.messaging.core.exception.MessagingException;
import org.jboss.messaging.core.logging.Logger;
import org.jboss.messaging.core.security.CheckType;
import org.jboss.messaging.core.security.Role;
import org.jboss.messaging.core.security.SecurityStore;
+import org.jboss.messaging.core.security.JBMSecurityManager;
import org.jboss.messaging.core.server.ServerConnection;
import org.jboss.messaging.core.settings.HierarchicalRepository;
import org.jboss.messaging.core.settings.HierarchicalRepositoryChangeListener;
import org.jboss.messaging.util.ConcurrentHashSet;
-import org.jboss.security.AuthenticationManager;
-import org.jboss.security.RealmMapping;
-import org.jboss.security.SimplePrincipal;
/**
* The JBM SecurityStore implementation
@@ -70,10 +65,8 @@
private HierarchicalRepository<HashSet<Role>> securityRepository;
- private AuthenticationManager authenticationManager;
+ JBMSecurityManager securityManager;
- private RealmMapping realmMapping;
-
private final Set<String> readCache = new ConcurrentHashSet<String>();
private final Set<String> writeCache = new ConcurrentHashSet<String>();
@@ -93,35 +86,12 @@
// SecurityManager implementation --------------------------------
- public Subject authenticate(String user, String password) throws Exception
+ public void authenticate(String user, String password) throws Exception
{
- if (trace) { log.trace("authenticating user " + user); }
-
- SimplePrincipal principal = new SimplePrincipal(user);
-
- char[] passwordChars = null;
-
- if (password != null)
+ if(!securityManager.validateUser(user, password))
{
- passwordChars = password.toCharArray();
+ throw new MessagingException(MessagingException.SECURITY_EXCEPTION, "Unable to validate user: " + user);
}
-
- Subject subject = new Subject();
-
- boolean authenticated = authenticationManager.isValid(principal, passwordChars, subject);
-
- if (authenticated)
- {
- // Warning! This "taints" thread local. Make sure you pop it off the stack as soon as
- // you're done with it.
- SecurityActions.pushSubjectContext(principal, passwordChars, subject);
-
- return subject;
- }
- else
- {
- throw new MessagingException(MessagingException.SECURITY_EXCEPTION, "User " + user + " is NOT authenticated");
- }
}
public void check(String address, CheckType checkType, ServerConnection conn) throws Exception
@@ -134,33 +104,11 @@
return;
}
- // Authenticate. Successful autentication will place a new SubjectContext on thread local,
- // which will be used in the authorization process. However, we need to make sure we clean up
- // thread local immediately after we used the information, otherwise some other people
- // security my be screwed up, on account of thread local security stack being corrupted.
-
- authenticate(conn.getUsername(), conn.getPassword());
-
- // Authorize
- try
+ HashSet<Role> roles = securityRepository.getMatch(address);
+ if(!securityManager.validateUserAndRole(conn.getUsername(), conn.getPassword(), roles, checkType))
{
- if (!authorize(conn.getUsername(), address, checkType))
- {
- String msg = "User: " + conn.getUsername() +
- " is not authorized to " +
- (checkType == CheckType.READ ? "read from" :
- checkType == CheckType.WRITE ? "write to" : "create durable sub on") +
- " destination " + address;
-
- throw new MessagingException(MessagingException.SECURITY_EXCEPTION, msg);
- }
+ throw new MessagingException(MessagingException.SECURITY_EXCEPTION, "Unable to validate user: " + conn.getUsername());
}
- finally
- {
- // pop the Messaging SecurityContext, it did its job
- SecurityActions.popSubjectContext();
- }
-
// if we get here we're granted, add to the cache
switch (checkType.type)
@@ -192,15 +140,8 @@
invalidateCache();
}
- private void invalidateCache()
- {
- readCache.clear();
- writeCache.clear();
- createCache.clear();
- }
-
// Public --------------------------------------------------------
public void setSecurityRepository(HierarchicalRepository<HashSet<Role>> securityRepository)
@@ -209,11 +150,10 @@
securityRepository.registerListener(this);
}
- public void setAuthenticationManager(AuthenticationManager authenticationManager)
- {
- this.authenticationManager = authenticationManager;
- this.realmMapping = (RealmMapping) authenticationManager;
+ public void setSecurityManager(JBMSecurityManager securityManager)
+ {
+ this.securityManager = securityManager;
}
// Protected -----------------------------------------------------
@@ -221,7 +161,15 @@
// Package Private -----------------------------------------------
// Private -------------------------------------------------------
+ private void invalidateCache()
+ {
+ readCache.clear();
+ writeCache.clear();
+
+ createCache.clear();
+ }
+
private boolean checkCached(String dest, CheckType checkType)
{
long now = System.currentTimeMillis();
@@ -263,37 +211,6 @@
return granted;
}
- private boolean authorize(String user, String destination, CheckType checkType)
- {
- if (trace) { log.trace("authorizing user " + user + " for destination " + destination); }
-
- HashSet<Role> roles = securityRepository.getMatch(destination);
-
- Principal principal = user == null ? null : new SimplePrincipal(user);
-
- Set rolePrincipals = getRolePrincipals(checkType, roles);
-
- boolean hasRole = realmMapping.doesUserHaveRole(principal, rolePrincipals);
-
- if (trace) { log.trace("user " + user + (hasRole ? " is " : " is NOT ") + "authorized"); }
-
- return hasRole;
- }
-
- private Set getRolePrincipals(CheckType checkType, HashSet<Role> roles)
- {
- Set<SimplePrincipal> principals = new HashSet<SimplePrincipal>();
- for (Role role : roles)
- {
- if((checkType.equals(CheckType.CREATE) && role.isCreate()) ||
- (checkType.equals(CheckType.WRITE) && role.isWrite()) ||
- (checkType.equals(CheckType.READ) && role.isRead()))
- {
- principals.add(new SimplePrincipal(role.getName()));
- }
- }
- return principals;
- }
-
// Inner class ---------------------------------------------------
+
}
Modified: trunk/src/main/org/jboss/messaging/core/server/impl/MessagingServerImpl.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/server/impl/MessagingServerImpl.java 2008-04-02 10:14:56 UTC (rev 3988)
+++ trunk/src/main/org/jboss/messaging/core/server/impl/MessagingServerImpl.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -44,8 +44,9 @@
import org.jboss.messaging.core.remoting.impl.wireformat.CreateConnectionResponse;
import org.jboss.messaging.core.security.Role;
import org.jboss.messaging.core.security.SecurityStore;
-import org.jboss.messaging.core.security.impl.NullAuthenticationManager;
+import org.jboss.messaging.core.security.JBMSecurityManager;
import org.jboss.messaging.core.security.impl.SecurityStoreImpl;
+import org.jboss.messaging.core.security.impl.JBMSecurityManagerImpl;
import org.jboss.messaging.core.server.Configuration;
import org.jboss.messaging.core.server.ConnectionManager;
import org.jboss.messaging.core.server.MessagingServer;
@@ -58,7 +59,7 @@
import org.jboss.messaging.core.transaction.impl.ResourceManagerImpl;
import org.jboss.messaging.core.version.Version;
import org.jboss.messaging.core.version.impl.VersionImpl;
-import org.jboss.security.AuthenticationManager;
+import org.jboss.messaging.core.exception.MessagingException;
/**
* A Messaging Server
@@ -94,7 +95,7 @@
private PostOffice postOffice;
private Deployer securityDeployer;
private Deployer queueSettingsDeployer;
- private AuthenticationManager authenticationManager = new NullAuthenticationManager();
+ private JBMSecurityManager securityManager = new JBMSecurityManagerImpl(true);
private DeploymentManager deploymentManager = new FileDeploymentManager();
// plugins
@@ -158,7 +159,7 @@
securityStore = new SecurityStoreImpl(configuration.getSecurityInvalidationInterval());
securityRepository.setDefault(new HashSet<Role>());
securityStore.setSecurityRepository(securityRepository);
- securityStore.setAuthenticationManager(authenticationManager);
+ securityStore.setSecurityManager(securityManager);
securityDeployer = new SecurityDeployer(securityRepository);
queueSettingsRepository.setDefault(new QueueSettings());
scheduledExecutor = new ScheduledThreadPoolExecutor(configuration.getScheduledThreadPoolMaxSize());
@@ -310,9 +311,10 @@
return securityStore;
}
- public void setAuthenticationManager(AuthenticationManager authenticationManager)
+
+ public void setSecurityManager(JBMSecurityManager securityManager)
{
- this.authenticationManager = authenticationManager;
+ this.securityManager = securityManager;
}
public String toString()
@@ -333,7 +335,7 @@
// security my be screwed up, on account of thread local security stack being corrupted.
securityStore.authenticate(username, password);
-
+
final ServerConnection connection =
new ServerConnectionImpl(username, password,
remotingClientSessionID, clientVMID, clientAddress,
Deleted: trunk/src/main/org/jboss/messaging/microcontainer/ServiceLocator.java
===================================================================
--- trunk/src/main/org/jboss/messaging/microcontainer/ServiceLocator.java 2008-04-02 10:14:56 UTC (rev 3988)
+++ trunk/src/main/org/jboss/messaging/microcontainer/ServiceLocator.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -1,86 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.messaging.microcontainer;
-
-import org.jboss.dependency.spi.ControllerContext;
-import org.jboss.kernel.spi.dependency.KernelControllerContext;
-import org.jboss.kernel.spi.dependency.KernelControllerContextAware;
-import org.jboss.security.AuthenticationManager;
-import org.jboss.tm.TransactionManagerLocator;
-
-import javax.management.ObjectName;
-import javax.naming.InitialContext;
-import javax.naming.NamingException;
-import javax.sql.DataSource;
-import javax.transaction.TransactionManager;
-
-/**
- * This is a layer that is used for injecting services into other objects. depending on the configuration we are running
- * we can get these from more than one place or even inject them.
- *
- * @author <a href="ataylor at redhat.com">Andy Taylor</a>
- */
-public class ServiceLocator implements KernelControllerContextAware
-{
- private org.jboss.security.AuthenticationManager authenticationManager;
- private KernelControllerContext kernelControllerContext;
-
- public void setKernelControllerContext(KernelControllerContext kernelControllerContext) throws Exception
- {
- this.kernelControllerContext = kernelControllerContext;
- }
-
- public void unsetKernelControllerContext(KernelControllerContext kernelControllerContext) throws Exception
- {
- kernelControllerContext = null;
- }
-
- public AuthenticationManager getAuthenticationManager() throws Exception
- {
- if(authenticationManager == null)
- {
- ControllerContext controllerContext = kernelControllerContext.getController().getInstalledContext("jbm:AuthenticationManager");
- if(controllerContext != null)
- {
- authenticationManager = (AuthenticationManager) controllerContext.getTarget();
- }
- else
- {
- try
- {
- InitialContext ic = new InitialContext();
- authenticationManager = (AuthenticationManager)ic.lookup("java:/jaas/messaging");
- }
- catch (NamingException e)
- {
- throw new Exception("AuthenticationManager unavailable", e);
- }
- }
- }
- return authenticationManager;
- }
-
- public void setAuthenticationManager(AuthenticationManager authenticationManager)
- {
- this.authenticationManager = authenticationManager;
- }
-}
Deleted: trunk/tests/etc/container-qalab.xml
===================================================================
--- trunk/tests/etc/container-qalab.xml 2008-04-02 10:14:56 UTC (rev 3988)
+++ trunk/tests/etc/container-qalab.xml 2008-04-02 12:52:57 UTC (rev 3989)
@@ -1,99 +0,0 @@
-<!--
- Service Container persistence configuration file
-
- $Id: container.xml 3065 2007-08-28 20:37:48Z clebert.suconic at jboss.com $
--->
-
-<container>
-
- <!--
- The value of "test.database" system property, if set, takes precedence.
- -->
- <database>mysql</database>
-
- <database-configurations>
-
- <database-configuration name="hsqldb">
- <url>jdbc:hsqldb:mem:test</url>
- <driver>org.hsqldb.jdbcDriver</driver>
- <username>sa</username>
- </database-configuration>
-
- <database-configuration name="hsqldb2">
- <url>jdbc:hsqldb:mem:test2</url>
- <driver>org.hsqldb.jdbcDriver</driver>
- <username>sa</username>
- </database-configuration>
-
- <database-configuration name="mysql">
- <url>jdbc:mysql://dev02:3306/messaging</url>
- <driver>com.mysql.jdbc.Driver</driver>
- <isolation>TRANSACTION_READ_COMMITTED</isolation>
- <username>messaging</username>
- <password>messaging</password>
- </database-configuration>
-
-
- <database-configuration name="oracle">
- <url>jdbc:oracle:thin:@dev01.qa.atl.jboss.com:1521/qadb01.dev01</url>
- <driver>oracle.jdbc.driver.OracleDriver</driver>
- <isolation>TRANSACTION_READ_COMMITTED</isolation>
- <username>messaging</username>
- <password>messaging</password>
- </database-configuration>
-
- <database-configuration name="postgresql">
- <url>jdbc:postgresql://localhost:5432/messaging</url>
- <driver>org.postgresql.Driver</driver>
- <isolation>TRANSACTION_READ_COMMITTED</isolation>
- <username>messaging</username>
- <password>messaging</password>
- </database-configuration>
-
- <database-configuration name="db2">
- <url>jdbc:db2://dev32.qa.atl.jboss.com:50000/jbossqa</url>
- <driver>com.ibm.db2.jcc.DB2Driver</driver>
- <isolation>TRANSACTION_READ_COMMITTED</isolation>
- <username>msgcc</username>
- <password>msgcc</password>
- </database-configuration>
-
- <database-configuration name="mssql">
- <url>jdbc:jtds:sqlserver://dev30.qa.atl.jboss.com:3918/messaging</url>
- <driver>net.sourceforge.jtds.jdbc.Driver</driver>
- <isolation>TRANSACTION_READ_COMMITTED</isolation>
- <username>messaging</username>
- <password>messaging</password>
- </database-configuration>
-
- <database-configuration name="sybase">
- <url>jdbc:sybase:Tds:dev01.qa.atl.jboss.com:4100/msgci</url>
- <driver>com.sybase.jdbc3.jdbc.SybDriver</driver>
- <isolation>TRANSACTION_READ_COMMITTED</isolation>
- <username>msgci</username>
- <password>msgcimsgci</password>
- </database-configuration>
-
- </database-configurations>
-
- <!--
- Supported values: "bisocket", "sslbisocket", "socket", "sslsocket", "http"
- -->
- <remoting-transport>bisocket</remoting-transport>
-
- <!--
- Specifies whether to start a clustered messaging server or not. If "test.clustered" is set,
- the value of the system property takes precedence. Supported values are "true" or "false".
-
- Setting "clustered" to "true" doesn't guarantee that the test will be actually run in
- clustered mode, the test database must be also permitting sharing over a LAN. "mysql" allows
- this, "hsqldb" doesn't. The test will quickly fail in such a situation.
- -->
-
- <!--
- <clustered>true</clustered>
- -->
-
-</container>
-
-
Deleted: trunk/tests/etc/container.xml
===================================================================
--- trunk/tests/etc/container.xml 2008-04-02 10:14:56 UTC (rev 3988)
+++ trunk/tests/etc/container.xml 2008-04-02 12:52:57 UTC (rev 3989)
@@ -1,90 +0,0 @@
-<!--
- Service Container persistence configuration file
-
- $Id$
--->
-
-<container>
-
- <!--
- The value of "test.database" system property, if set, takes precedence.
- -->
- <database>mysql</database>
-
- <database-configurations>
-
- <database-configuration name="hsqldb">
- <url>jdbc:hsqldb:mem:test</url>
- <driver>org.hsqldb.jdbcDriver</driver>
- <username>sa</username>
- </database-configuration>
-
- <database-configuration name="hsqldb2">
- <url>jdbc:hsqldb:mem:test2</url>
- <driver>org.hsqldb.jdbcDriver</driver>
- <username>sa</username>
- </database-configuration>
-
- <database-configuration name="mysql">
- <url>jdbc:mysql://localhost/messaging</url>
- <driver>com.mysql.jdbc.Driver</driver>
- <isolation>TRANSACTION_READ_COMMITTED</isolation>
- <username>sa</username>
- </database-configuration>
-
-
- <database-configuration name="oracle">
- <url>jdbc:oracle:thin:@localhost:1521/XE</url>
- <driver>oracle.jdbc.driver.OracleDriver</driver>
- <isolation>TRANSACTION_READ_COMMITTED</isolation>
- <username>messaging</username>
- <password>messaging</password>
- </database-configuration>
-
- <database-configuration name="postgresql">
- <url>jdbc:postgresql://localhost:5432/messaging</url>
- <driver>org.postgresql.Driver</driver>
- <isolation>TRANSACTION_READ_COMMITTED</isolation>
- <username>messaging</username>
- <password>messaging</password>
- </database-configuration>
-
- <database-configuration name="mssql">
- <url>jdbc:jtds:sqlserver://dev30.qa.atl.jboss.com:3918/messaging</url>
- <driver>net.sourceforge.jtds.jdbc.Driver</driver>
- <isolation>TRANSACTION_READ_COMMITTED</isolation>
- <username>messaging</username>
- <password>messaging</password>
- </database-configuration>
-
- <database-configuration name="sybase">
- <url>jdbc:sybase:Tds:dev01-priv:4100/messaging</url>
- <driver>com.sybase.jdbc3.jdbc.SybDriver</driver>
- <isolation>TRANSACTION_READ_COMMITTED</isolation>
- <username>messaging</username>
- <password>messaging</password>
- </database-configuration>
-
- </database-configurations>
-
- <!--
- Supported values: "bisocket", "sslbisocket", "socket", "sslsocket", "http"
- -->
- <remoting-transport>bisocket</remoting-transport>
-
- <!--
- Specifies whether to start a clustered messaging server or not. If "test.clustered" is set,
- the value of the system property takes precedence. Supported values are "true" or "false".
-
- Setting "clustered" to "true" doesn't guarantee that the test will be actually run in
- clustered mode, the test database must be also permitting sharing over a LAN. "mysql" allows
- this, "hsqldb" doesn't. The test will quickly fail in such a situation.
- -->
-
- <!--
- <clustered>true</clustered>
- -->
-
-</container>
-
-
Deleted: trunk/tests/etc/persistencemanager.xml
===================================================================
--- trunk/tests/etc/persistencemanager.xml 2008-04-02 10:14:56 UTC (rev 3988)
+++ trunk/tests/etc/persistencemanager.xml 2008-04-02 12:52:57 UTC (rev 3989)
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<deployment xmlns="urn:jboss:bean-deployer:2.0">
- <bean name="Configuration" class="org.jboss.messaging.jms.server.ConfigurationImpl"/>
-
- <bean name="ServiceLocator" class="org.jboss.messaging.microcontainer.ServiceLocator">
- <demand>jboss.jca:name=DefaultDS,service=DataSourceBinding</demand>
- <depends>jboss:service=TransactionManager</depends>
- <!-- <depends>jboss.jca:service=DataSourceBinding,name=DefaultDS</depends>-->
- </bean>
-
- <!--
-
- <bean name="PersistenceManager" class="org.jboss.messaging.core.impl.JDBCPersistenceManager">
- <property name="tm">
- <inject bean="ServiceLocator" property="transactionManager"/>
- </property>
- <property name="ds">
- <inject bean="ServiceLocator" property="dataSource"/>
- </property>
- <property name="createTablesOnStartup">true</property>
- <property name="maxParams">500</property>
- </bean>
-
- -->
-</deployment>
Added: trunk/tests/src/org/jboss/messaging/core/deployers/impl/test/unit/SecurityManagerDeployerTest.java
===================================================================
--- trunk/tests/src/org/jboss/messaging/core/deployers/impl/test/unit/SecurityManagerDeployerTest.java (rev 0)
+++ trunk/tests/src/org/jboss/messaging/core/deployers/impl/test/unit/SecurityManagerDeployerTest.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -0,0 +1,141 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.messaging.core.deployers.impl.test.unit;
+
+import junit.framework.TestCase;
+import org.jboss.messaging.core.deployers.impl.SecurityManagerDeployer;
+import org.jboss.messaging.core.security.impl.JBMSecurityManagerImpl;
+import org.jboss.messaging.core.security.JBMUpdateableSecurityManager;
+import org.jboss.messaging.util.XMLUtil;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.Node;
+import org.easymock.EasyMock;
+
+/**
+ * tests SecurityManagerDeployer
+ * @author <a href="ataylor at redhat.com">Andy Taylor</a>
+ */
+public class SecurityManagerDeployerTest extends TestCase
+{
+ SecurityManagerDeployer deployer;
+ String simpleSecurityXml = "<deployment>\n" +
+ "</deployment>";
+
+ String singleUserXml = "<deployment>\n" +
+ " <user name=\"guest\" password=\"guest\">\n" +
+ " <role name=\"guest\"/>\n" +
+ " </user>\n" +
+ "</deployment>";
+
+ String multipleUserXml = "<deployment>\n" +
+ " <user name=\"guest\" password=\"guest\">\n" +
+ " <role name=\"guest\"/>\n" +
+ " <role name=\"foo\"/>\n" +
+ " </user>\n" +
+ " <user name=\"anotherguest\" password=\"anotherguest\">\n" +
+ " <role name=\"anotherguest\"/>\n" +
+ " <role name=\"foo\"/>\n" +
+ " <role name=\"bar\"/>\n" +
+ " </user>\n" +
+ "</deployment>";
+
+ protected void setUp() throws Exception
+ {
+ deployer = new SecurityManagerDeployer();
+ }
+
+ protected void tearDown() throws Exception
+ {
+ deployer = null;
+ }
+
+ private void deploy(String xml) throws Exception
+ {
+ NodeList children = XMLUtil.stringToElement(xml).getChildNodes();
+ for (int i = 0; i < children.getLength(); i++)
+ {
+ Node node = children.item(i);
+ if(node.getNodeName().equals("user"))
+ {
+ deployer.deploy(node);
+ }
+ }
+ }
+
+ private void undeploy(String xml) throws Exception
+ {
+ NodeList children = XMLUtil.stringToElement(xml).getChildNodes();
+ for (int i = 0; i < children.getLength(); i++)
+ {
+ Node node = children.item(i);
+ if(node.getNodeName().equals("user"))
+ {
+ deployer.undeploy(node);
+ }
+ }
+ }
+
+ public void testSimpleDefaultSecurity() throws Exception
+ {
+ JBMUpdateableSecurityManager securityManager = EasyMock.createStrictMock(JBMUpdateableSecurityManager.class);
+ deployer.setJbmSecurityManager(securityManager);
+ EasyMock.replay(securityManager);
+ deploy(simpleSecurityXml);
+ }
+
+ public void testSingleUserDeploySecurity() throws Exception
+ {
+ JBMUpdateableSecurityManager securityManager = EasyMock.createStrictMock(JBMUpdateableSecurityManager.class);
+ deployer.setJbmSecurityManager(securityManager);
+ securityManager.addUser("guest", "guest");
+ securityManager.addRole("guest", "guest");
+ EasyMock.replay(securityManager);
+ deploy(singleUserXml);
+ }
+
+ public void testMultipleUserDeploySecurity() throws Exception
+ {
+ JBMUpdateableSecurityManager securityManager = EasyMock.createStrictMock(JBMUpdateableSecurityManager.class);
+ deployer.setJbmSecurityManager(securityManager);
+ securityManager.addUser("guest", "guest");
+ securityManager.addRole("guest", "guest");
+ securityManager.addRole("guest", "foo");
+ securityManager.addUser("anotherguest", "anotherguest");
+ securityManager.addRole("anotherguest", "anotherguest");
+ securityManager.addRole("anotherguest", "foo");
+ securityManager.addRole("anotherguest", "bar");
+
+ EasyMock.replay(securityManager);
+ deploy(multipleUserXml);
+ }
+
+ public void testUndeploy() throws Exception
+ {
+ JBMUpdateableSecurityManager securityManager = EasyMock.createStrictMock(JBMUpdateableSecurityManager.class);
+ deployer.setJbmSecurityManager(securityManager);
+ securityManager.removeUser("guest");
+ securityManager.removeUser("anotherguest");
+
+ EasyMock.replay(securityManager);
+ undeploy(multipleUserXml);
+ }
+}
Added: trunk/tests/src/org/jboss/messaging/core/security/impl/test/unit/JAASSecurityManagerTest.java
===================================================================
--- trunk/tests/src/org/jboss/messaging/core/security/impl/test/unit/JAASSecurityManagerTest.java (rev 0)
+++ trunk/tests/src/org/jboss/messaging/core/security/impl/test/unit/JAASSecurityManagerTest.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -0,0 +1,145 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.messaging.core.security.impl.test.unit;
+
+import junit.framework.TestCase;
+import org.jboss.messaging.core.security.impl.JAASSecurityManager;
+import org.jboss.messaging.core.security.Role;
+import org.jboss.messaging.core.security.CheckType;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.RealmMapping;
+import org.easymock.EasyMock;
+import org.easymock.IArgumentMatcher;
+
+import javax.security.auth.Subject;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * tests the JAASSecurityManager
+ * @author <a href="ataylor at redhat.com">Andy Taylor</a>
+ */
+public class JAASSecurityManagerTest extends TestCase
+{
+ JAASSecurityManager securityManager;
+ protected void setUp() throws Exception
+ {
+ securityManager = new JAASSecurityManager();
+ }
+
+ protected void tearDown() throws Exception
+ {
+ securityManager = null;
+ }
+
+ public void testValidatingUser()
+ {
+ AuthenticationManager authenticationManager = EasyMock.createStrictMock(AuthenticationManager.class);
+ securityManager.setAuthenticationManager(authenticationManager);
+ SimplePrincipal principal = new SimplePrincipal("newuser1");
+ char[] passwordChars = "newpassword1".toCharArray();
+ Subject subject = new Subject();
+ EasyMock.expect(authenticationManager.isValid(principal(principal), EasyMock.aryEq(passwordChars), subject(subject))).andReturn(true);
+ EasyMock.replay(authenticationManager);
+
+ securityManager.validateUser("newuser1", "newpassword1");
+ }
+
+ public void testValidatingUserAndRole()
+ {
+ AuthenticationManager authenticationManager = EasyMock.createStrictMock(AuthenticationManager.class);
+ securityManager.setAuthenticationManager(authenticationManager);
+ RealmMapping realmMapping = EasyMock.createStrictMock(RealmMapping.class);
+ securityManager.setRealmMapping(realmMapping);
+ SimplePrincipal principal = new SimplePrincipal("newuser1");
+ char[] passwordChars = "newpassword1".toCharArray();
+ Subject subject = new Subject();
+ EasyMock.expect(authenticationManager.isValid(principal(principal), EasyMock.aryEq(passwordChars), subject(subject))).andReturn(true);
+ EasyMock.replay(authenticationManager);
+ EasyMock.expect(realmMapping.doesUserHaveRole(principal(principal), EasyMock.isA(Set.class))).andReturn(true);
+ EasyMock.replay(realmMapping);
+ securityManager.validateUserAndRole("newuser1", "newpassword1", new HashSet<Role>(), CheckType.CREATE );
+ }
+
+ public static SimplePrincipal principal(SimplePrincipal principal)
+ {
+ EasyMock.reportMatcher(new SimplePrincipalMatcher(principal));
+ return principal;
+ }
+
+ public static Subject subject(Subject subject)
+ {
+ EasyMock.reportMatcher(new SubjectMatcher(subject));
+ return subject;
+ }
+
+ static class SimplePrincipalMatcher implements IArgumentMatcher
+ {
+ SimplePrincipal principal;
+
+ public SimplePrincipalMatcher(SimplePrincipal principal)
+ {
+ this.principal = principal;
+ }
+
+ public boolean matches(Object o)
+ {
+ if(o instanceof SimplePrincipal)
+ {
+ SimplePrincipal that = (SimplePrincipal) o;
+ return that.getName().equals(principal.getName());
+ }
+ return false;
+ }
+
+ public void appendTo(StringBuffer stringBuffer)
+ {
+ stringBuffer.append("Invalid Principal created");
+ }
+ }
+
+ static class SubjectMatcher implements IArgumentMatcher
+ {
+ Subject subject;
+
+ public SubjectMatcher(Subject subject)
+ {
+ this.subject = subject;
+ }
+
+ public boolean matches(Object o)
+ {
+ if(o instanceof Subject)
+ {
+ Subject that = (Subject) o;
+ return true;
+ }
+ return false;
+ }
+
+ public void appendTo(StringBuffer stringBuffer)
+ {
+ stringBuffer.append("Invalid Subject created");
+ }
+ }
+}
Added: trunk/tests/src/org/jboss/messaging/core/security/impl/test/unit/JBMSecurityManagerImplTest.java
===================================================================
--- trunk/tests/src/org/jboss/messaging/core/security/impl/test/unit/JBMSecurityManagerImplTest.java (rev 0)
+++ trunk/tests/src/org/jboss/messaging/core/security/impl/test/unit/JBMSecurityManagerImplTest.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -0,0 +1,158 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.messaging.core.security.impl.test.unit;
+
+import junit.framework.TestCase;
+import org.jboss.messaging.core.security.impl.JBMSecurityManagerImpl;
+import org.jboss.messaging.core.security.CheckType;
+import org.jboss.messaging.core.security.Role;
+
+import java.util.HashSet;
+
+/**
+ * tests JBMSecurityManagerImpl
+ * @author <a href="ataylor at redhat.com">Andy Taylor</a>
+ */
+public class JBMSecurityManagerImplTest extends TestCase
+{
+ private JBMSecurityManagerImpl securityManager;
+
+ protected void setUp() throws Exception
+ {
+ securityManager = new JBMSecurityManagerImpl(true);
+ }
+
+ protected void tearDown() throws Exception
+ {
+ securityManager = null;
+ }
+
+ public void testDefaultSecurity()
+ {
+ assertTrue(securityManager.validateUser(null, null));
+ assertTrue(securityManager.validateUser("guest", "guest"));
+ HashSet<Role> roles = new HashSet<Role>();
+ roles.add(new Role("guest", true, true, true));
+ assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE));
+ assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.WRITE));
+ assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.READ));
+ roles = new HashSet<Role>();
+ roles.add(new Role("guest", true, true, false));
+ assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE));
+ assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.WRITE));
+ assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.READ));
+ roles = new HashSet<Role>();
+ roles.add(new Role("guest", true, false, false));
+ assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE));
+ assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.WRITE));
+ assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.READ));
+ roles = new HashSet<Role>();
+ roles.add(new Role("guest", false, false, false));
+ assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE));
+ assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.WRITE));
+ assertFalse(securityManager.validateUserAndRole(null, null, roles, CheckType.READ));
+ }
+
+ public void testAddingUsers()
+ {
+ securityManager.addUser("newuser1", "newpassword1");
+ assertTrue(securityManager.validateUser("newuser1", "newpassword1"));
+ assertFalse(securityManager.validateUser("newuser1", "guest"));
+ assertFalse(securityManager.validateUser("newuser1", null));
+ try
+ {
+ securityManager.addUser("newuser2", null);
+ fail("password cannot be null");
+ }
+ catch (IllegalArgumentException e)
+ {
+ //pass
+ }
+ try
+ {
+ securityManager.addUser(null, "newpassword2");
+ fail("password cannot be null");
+ }
+ catch (IllegalArgumentException e)
+ {
+ //pass
+ }
+ }
+
+ public void testRemovingUsers()
+ {
+ securityManager.addUser("newuser1", "newpassword1");
+ assertTrue(securityManager.validateUser("newuser1", "newpassword1"));
+ securityManager.removeUser("newuser1");
+ assertFalse(securityManager.validateUser("newuser1", "newpassword1"));
+ }
+
+ public void testAddingRoles()
+ {
+ securityManager.addUser("newuser1", "newpassword1");
+ securityManager.addRole("newuser1", "role1");
+ securityManager.addRole("newuser1", "role2");
+ securityManager.addRole("newuser1", "role3");
+ securityManager.addRole("newuser1", "role4");
+ HashSet<Role> roles = new HashSet<Role>();
+ roles.add(new Role("role1", true, true, true));
+ assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.WRITE));
+ roles = new HashSet<Role>();
+ roles.add(new Role("role2", true, true, true));
+ assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.WRITE));
+ roles = new HashSet<Role>();
+ roles.add(new Role("role3", true, true, true));
+ assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.WRITE));
+ roles = new HashSet<Role>();
+ roles.add(new Role("role4", true, true, true));
+ assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.WRITE));
+ roles = new HashSet<Role>();
+ roles.add(new Role("role5", true, true, true));
+ assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.WRITE));
+ }
+
+ public void testRemovingRoles()
+ {
+ securityManager.addUser("newuser1", "newpassword1");
+ securityManager.addRole("newuser1", "role1");
+ securityManager.addRole("newuser1", "role2");
+ securityManager.addRole("newuser1", "role3");
+ securityManager.addRole("newuser1", "role4");
+ securityManager.removeRole("newuser1", "role2");
+ securityManager.removeRole("newuser1", "role4");
+ HashSet<Role> roles = new HashSet<Role>();
+ roles.add(new Role("role1", true, true, true));
+ assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.WRITE));
+ roles = new HashSet<Role>();
+ roles.add(new Role("role2", true, true, true));
+ assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.WRITE));
+ roles = new HashSet<Role>();
+ roles.add(new Role("role3", true, true, true));
+ assertTrue(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.WRITE));
+ roles = new HashSet<Role>();
+ roles.add(new Role("role4", true, true, true));
+ assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.WRITE));
+ roles = new HashSet<Role>();
+ roles.add(new Role("role5", true, true, true));
+ assertFalse(securityManager.validateUserAndRole("newuser1", "newpassword1", roles, CheckType.WRITE));
+ }
+}
Added: trunk/tests/src/org/jboss/messaging/core/security/impl/test/unit/SecurityStoreImplTest.java
===================================================================
--- trunk/tests/src/org/jboss/messaging/core/security/impl/test/unit/SecurityStoreImplTest.java (rev 0)
+++ trunk/tests/src/org/jboss/messaging/core/security/impl/test/unit/SecurityStoreImplTest.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -0,0 +1,202 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.messaging.core.security.impl.test.unit;
+
+import junit.framework.TestCase;
+import org.jboss.messaging.core.security.impl.SecurityStoreImpl;
+import org.jboss.messaging.core.security.JBMSecurityManager;
+import org.jboss.messaging.core.security.Role;
+import org.jboss.messaging.core.security.CheckType;
+import org.jboss.messaging.core.settings.impl.HierarchicalObjectRepository;
+import org.jboss.messaging.core.settings.HierarchicalRepository;
+import org.jboss.messaging.core.server.ServerConnection;
+import org.jboss.messaging.core.server.impl.ServerConnectionImpl;
+import org.easymock.EasyMock;
+
+import java.util.HashSet;
+
+/**
+ * tests SecurityStoreImpl
+ * @author <a href="ataylor at redhat.com">Andy Taylor</a>
+ */
+public class SecurityStoreImplTest extends TestCase
+{
+ SecurityStoreImpl securityStore;
+
+ protected void setUp() throws Exception
+ {
+ securityStore = new SecurityStoreImpl(1000000000);
+ }
+
+ protected void tearDown() throws Exception
+ {
+ securityStore = null;
+ }
+
+ public void testSuccessfulAuthentication() throws Exception
+ {
+ JBMSecurityManager securityManager = EasyMock.createStrictMock(JBMSecurityManager.class);
+ securityStore.setSecurityManager(securityManager);
+ EasyMock.expect(securityManager.validateUser("user", "password")).andReturn(true);
+ EasyMock.replay(securityManager);
+ securityStore.authenticate("user", "password");
+ }
+
+ public void testFailedAuthentication() throws Exception
+ {
+ JBMSecurityManager securityManager = EasyMock.createStrictMock(JBMSecurityManager.class);
+ securityStore.setSecurityManager(securityManager);
+ EasyMock.expect(securityManager.validateUser("user", "password")).andReturn(false);
+ EasyMock.replay(securityManager);
+ try
+ {
+ securityStore.authenticate("user", "password");
+ fail("should throw exception");
+ }
+ catch (Exception e)
+ {
+ //pass
+ }
+ }
+
+ public void testSuccessfulCheck() throws Exception
+ {
+ JBMSecurityManager securityManager = EasyMock.createStrictMock(JBMSecurityManager.class);
+ securityStore.setSecurityManager(securityManager);
+ //noinspection unchecked
+ HierarchicalRepository<HashSet<Role>> repository = EasyMock.createStrictMock(HierarchicalRepository.class);
+
+ String address = "anaddress";
+ HashSet<Role> roles = new HashSet<Role>();
+ roles.add(new Role("user", false, false, true));
+ repository.registerListener(securityStore);
+ EasyMock.expect(repository.getMatch(address)).andReturn(roles);
+ ServerConnection serverConnection = EasyMock.createNiceMock(ServerConnection.class);
+ EasyMock.expect(serverConnection.getUsername()).andReturn("user");
+ EasyMock.expect(serverConnection.getPassword()).andReturn("password");
+ EasyMock.expect(securityManager.validateUserAndRole("user", "password", roles, CheckType.CREATE)).andReturn(true);
+ EasyMock.replay(repository);
+ EasyMock.replay(securityManager);
+ EasyMock.replay(serverConnection);
+ securityStore.setSecurityRepository(repository);
+ securityStore.check(address, CheckType.CREATE, serverConnection );
+ //now checked its cached
+ EasyMock.reset(repository);
+ EasyMock.reset(securityManager);
+ EasyMock.reset(serverConnection);
+ EasyMock.replay(repository);
+ EasyMock.replay(securityManager);
+ securityStore.check(address, CheckType.CREATE, serverConnection );
+
+ }
+
+ public void testUnsuccessfulCheck() throws Exception
+ {
+ JBMSecurityManager securityManager = EasyMock.createStrictMock(JBMSecurityManager.class);
+ securityStore.setSecurityManager(securityManager);
+ //noinspection unchecked
+ HierarchicalRepository<HashSet<Role>> repository = EasyMock.createStrictMock(HierarchicalRepository.class);
+
+ String address = "anaddress";
+ HashSet<Role> roles = new HashSet<Role>();
+ roles.add(new Role("user", false, false, true));
+ repository.registerListener(securityStore);
+ EasyMock.expect(repository.getMatch(address)).andReturn(roles);
+ ServerConnection serverConnection = EasyMock.createNiceMock(ServerConnection.class);
+ EasyMock.expect(serverConnection.getUsername()).andReturn("user");
+ EasyMock.expect(serverConnection.getPassword()).andReturn("password");
+ EasyMock.expect(securityManager.validateUserAndRole("user", "password", roles, CheckType.CREATE)).andReturn(false);
+ EasyMock.replay(repository);
+ EasyMock.replay(securityManager);
+ EasyMock.replay(serverConnection);
+ securityStore.setSecurityRepository(repository);
+ try
+ {
+ securityStore.check(address, CheckType.CREATE, serverConnection );
+ fail("should throw exception");
+ }
+ catch (Exception e)
+ {
+ //pass
+ }
+ }
+
+ public void testSuccessfulCheckInvalidateCache() throws Exception
+ {
+ JBMSecurityManager securityManager = EasyMock.createStrictMock(JBMSecurityManager.class);
+ securityStore.setSecurityManager(securityManager);
+ //noinspection unchecked
+ HierarchicalRepository<HashSet<Role>> repository = EasyMock.createStrictMock(HierarchicalRepository.class);
+
+ String address = "anaddress";
+ HashSet<Role> roles = new HashSet<Role>();
+ roles.add(new Role("user", false, false, true));
+ repository.registerListener(securityStore);
+ EasyMock.expect(repository.getMatch(address)).andReturn(roles);
+ ServerConnection serverConnection = EasyMock.createNiceMock(ServerConnection.class);
+ EasyMock.expect(serverConnection.getUsername()).andReturn("user");
+ EasyMock.expect(serverConnection.getPassword()).andReturn("password");
+ EasyMock.expect(securityManager.validateUserAndRole("user", "password", roles, CheckType.CREATE)).andReturn(true);
+ EasyMock.expect(repository.getMatch(address)).andReturn(roles);
+ EasyMock.expect(serverConnection.getUsername()).andReturn("user");
+ EasyMock.expect(serverConnection.getPassword()).andReturn("password");
+ EasyMock.expect(securityManager.validateUserAndRole("user", "password", roles, CheckType.CREATE)).andReturn(true);
+ EasyMock.replay(repository);
+ EasyMock.replay(securityManager);
+ EasyMock.replay(serverConnection);
+ securityStore.setSecurityRepository(repository);
+ securityStore.check(address, CheckType.CREATE, serverConnection );
+ securityStore.onChange();
+ securityStore.check(address, CheckType.CREATE, serverConnection );
+
+ }
+ public void testSuccessfulCheckTimeoutCache() throws Exception
+ {
+ securityStore = new SecurityStoreImpl(2000);
+ JBMSecurityManager securityManager = EasyMock.createStrictMock(JBMSecurityManager.class);
+ securityStore.setSecurityManager(securityManager);
+ //noinspection unchecked
+ HierarchicalRepository<HashSet<Role>> repository = EasyMock.createStrictMock(HierarchicalRepository.class);
+
+ String address = "anaddress";
+ HashSet<Role> roles = new HashSet<Role>();
+ roles.add(new Role("user", false, false, true));
+ repository.registerListener(securityStore);
+ EasyMock.expect(repository.getMatch(address)).andReturn(roles);
+ ServerConnection serverConnection = EasyMock.createNiceMock(ServerConnection.class);
+ EasyMock.expect(serverConnection.getUsername()).andReturn("user");
+ EasyMock.expect(serverConnection.getPassword()).andReturn("password");
+ EasyMock.expect(securityManager.validateUserAndRole("user", "password", roles, CheckType.CREATE)).andReturn(true);
+ EasyMock.expect(repository.getMatch(address)).andReturn(roles);
+ EasyMock.expect(serverConnection.getUsername()).andReturn("user");
+ EasyMock.expect(serverConnection.getPassword()).andReturn("password");
+ EasyMock.expect(securityManager.validateUserAndRole("user", "password", roles, CheckType.CREATE)).andReturn(true);
+ EasyMock.replay(repository);
+ EasyMock.replay(securityManager);
+ EasyMock.replay(serverConnection);
+ securityStore.setSecurityRepository(repository);
+ securityStore.check(address, CheckType.CREATE, serverConnection );
+ Thread.sleep(2000);
+ securityStore.check(address, CheckType.CREATE, serverConnection );
+
+ }
+}
Modified: trunk/tests/src/org/jboss/test/messaging/JBMServerTestCase.java
===================================================================
--- trunk/tests/src/org/jboss/test/messaging/JBMServerTestCase.java 2008-04-02 10:14:56 UTC (rev 3988)
+++ trunk/tests/src/org/jboss/test/messaging/JBMServerTestCase.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -315,7 +315,7 @@
public String[] getContainerConfig()
{
- return new String[]{"datasource.xml", "transaction-manager.xml", "invm-beans.xml", "jbm-beans.xml"};
+ return new String[]{ "invm-beans.xml", "jbm-beans.xml"};
}
protected MessagingServer getJmsServer() throws Exception
Modified: trunk/tests/src/org/jboss/test/messaging/tools/container/MockJBossSecurityManager.java
===================================================================
--- trunk/tests/src/org/jboss/test/messaging/tools/container/MockJBossSecurityManager.java 2008-04-02 10:14:56 UTC (rev 3988)
+++ trunk/tests/src/org/jboss/test/messaging/tools/container/MockJBossSecurityManager.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -30,8 +30,13 @@
import javax.security.auth.Subject;
import javax.security.auth.message.MessageInfo;
+import javax.naming.InitialContext;
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.InitialDirContext;
import org.jboss.messaging.core.logging.Logger;
+import org.jboss.messaging.util.JNDIUtil;
import org.jboss.security.AnybodyPrincipal;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.NobodyPrincipal;
@@ -362,4 +367,41 @@
}
+ public void start() throws Exception
+ {
+ bindToJndi("java:/jaas/messaging", this);
+ }
+
+ private boolean bindToJndi(final String jndiName, final Object objectToBind) throws NamingException
+ {
+ InitialContext initialContext = new InitialContext();
+ String parentContext;
+ String jndiNameInContext;
+ int sepIndex = jndiName.lastIndexOf('/');
+ if (sepIndex == -1)
+ {
+ parentContext = "";
+ }
+ else
+ {
+ parentContext = jndiName.substring(0, sepIndex);
+ }
+ jndiNameInContext = jndiName.substring(sepIndex + 1);
+ try
+ {
+ initialContext.lookup(jndiName);
+
+ log.warn("Binding for " + jndiName + " already exists");
+ return false;
+ }
+ catch (Throwable e)
+ {
+ // OK
+ }
+
+ Context c = JNDIUtil.createContext(initialContext, parentContext);
+
+ c.rebind(jndiNameInContext, objectToBind);
+ return true;
+ }
}
\ No newline at end of file
Modified: trunk/tests/src/org/jboss/test/messaging/tools/container/ServiceContainer.java
===================================================================
--- trunk/tests/src/org/jboss/test/messaging/tools/container/ServiceContainer.java 2008-04-02 10:14:56 UTC (rev 3988)
+++ trunk/tests/src/org/jboss/test/messaging/tools/container/ServiceContainer.java 2008-04-02 12:52:57 UTC (rev 3989)
@@ -41,7 +41,6 @@
//private static final Logger log = Logger.getLogger(ServiceContainer.class);
- private static final String CONFIGURATION_FILE_NAME = "container.xml";
public static final String DO_NOT_USE_MESSAGING_MARSHALLERS = "DO_NOT_USE_MESSAGING_MARSHALLERS";
More information about the jboss-cvs-commits
mailing list