[jboss-cvs] JBoss Messaging SVN: r5833 - in trunk: tests/src/org/jboss/messaging/tests/integration/management and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Feb 6 06:09:48 EST 2009
Author: jmesnil
Date: 2009-02-06 06:09:48 -0500 (Fri, 06 Feb 2009)
New Revision: 5833
Added:
trunk/tests/src/org/jboss/messaging/tests/integration/management/SecurityManagementTest.java
Modified:
trunk/src/config/jbm-queues.xml
Log:
added "admin" role to send management message
* in jbm-queues.xml, added a 'admin' role for the 'admin.management' message.
only users with this role are allowed to send management messages
* added SecurityManagementTest to check security permission when sending managmenet messages
Modified: trunk/src/config/jbm-queues.xml
===================================================================
--- trunk/src/config/jbm-queues.xml 2009-02-06 09:26:46 UTC (rev 5832)
+++ trunk/src/config/jbm-queues.xml 2009-02-06 11:09:48 UTC (rev 5833)
@@ -2,6 +2,13 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:jboss:messaging ../schemas/jbm-queues.xsd ">
+ <!-- manangement address -->
+ <security match="admin.management">
+ <!-- only the admin role can interact with the admin.management address -->
+ <permission type="read" roles="admin"/>
+ <permission type="write" roles="admin"/>
+ </security>
+
<security match="topicjms.testTopic">
<permission type="create" roles="durpublisher"/>
<permission type="read" roles="guest,publisher,durpublisher"/>
Added: trunk/tests/src/org/jboss/messaging/tests/integration/management/SecurityManagementTest.java
===================================================================
--- trunk/tests/src/org/jboss/messaging/tests/integration/management/SecurityManagementTest.java (rev 0)
+++ trunk/tests/src/org/jboss/messaging/tests/integration/management/SecurityManagementTest.java 2009-02-06 11:09:48 UTC (rev 5833)
@@ -0,0 +1,168 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005-2009, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.messaging.tests.integration.management;
+
+import static org.jboss.messaging.core.config.impl.ConfigurationImpl.DEFAULT_MANAGEMENT_ADDRESS;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import junit.framework.TestCase;
+
+import org.jboss.messaging.core.client.ClientMessage;
+import org.jboss.messaging.core.client.ClientRequestor;
+import org.jboss.messaging.core.client.ClientSession;
+import org.jboss.messaging.core.client.ClientSessionFactory;
+import org.jboss.messaging.core.client.impl.ClientSessionFactoryImpl;
+import org.jboss.messaging.core.client.management.impl.ManagementHelper;
+import org.jboss.messaging.core.config.Configuration;
+import org.jboss.messaging.core.config.TransportConfiguration;
+import org.jboss.messaging.core.config.impl.ConfigurationImpl;
+import org.jboss.messaging.core.management.impl.ManagementServiceImpl;
+import org.jboss.messaging.core.remoting.impl.invm.InVMAcceptorFactory;
+import org.jboss.messaging.core.remoting.impl.invm.InVMConnectorFactory;
+import org.jboss.messaging.core.security.Role;
+import org.jboss.messaging.core.security.impl.JBMSecurityManagerImpl;
+import org.jboss.messaging.core.server.Messaging;
+import org.jboss.messaging.core.server.MessagingService;
+import org.jboss.messaging.core.settings.HierarchicalRepository;
+import org.jboss.messaging.util.SimpleString;
+
+/**
+ * A SecurityManagementTest
+ *
+ * @author jmesnil
+ *
+ * Created 6 fŽvr. 2009 11:04:21
+ *
+ *
+ */
+public class SecurityManagementTest extends TestCase
+{
+
+ // Constants -----------------------------------------------------
+
+ // Attributes ----------------------------------------------------
+
+ private MessagingService service;
+
+ private final String validAdminUser = "validAdminUser";
+
+ private final String validAdminPassword = "validAdminPassword";
+
+ private final String invalidAdminUser = "invalidAdminUser";
+
+ private final String invalidAdminPassword = "invalidAdminPassword";
+
+ // Static --------------------------------------------------------
+
+ // Constructors --------------------------------------------------
+
+ // Public --------------------------------------------------------
+
+ public void testSendManagementMessageWithAdminRole() throws Exception
+ {
+ doSendManagementMessage(validAdminUser, validAdminPassword, true);
+ }
+
+ public void testSendManagementMessageWithoutAdminRole() throws Exception
+ {
+ doSendManagementMessage(invalidAdminUser, invalidAdminPassword, false);
+ }
+
+ public void testSendManagementMessageWithoutUserCredentials() throws Exception
+ {
+ doSendManagementMessage(null, null, false);
+ }
+
+ // Package protected ---------------------------------------------
+
+ // Protected -----------------------------------------------------
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ Configuration conf = new ConfigurationImpl();
+ conf.setSecurityEnabled(true);
+ conf.getAcceptorConfigurations().add(new TransportConfiguration(InVMAcceptorFactory.class.getName()));
+ service = Messaging.newNullStorageMessagingService(conf);
+ service.start();
+ HierarchicalRepository<Set<Role>> securityRepository = service.getServer().getSecurityRepository();
+ JBMSecurityManagerImpl securityManager = (JBMSecurityManagerImpl)service.getServer().getSecurityManager();
+ securityManager.addUser(validAdminUser, validAdminPassword);
+ securityManager.addUser(invalidAdminUser, invalidAdminPassword);
+ securityManager.addRole(validAdminUser, "admin");
+ securityManager.addRole(validAdminUser, "guest");
+ securityManager.addRole(invalidAdminUser, "guest");
+
+ Set<Role> adminRole = new HashSet<Role>();
+ adminRole.add(new Role("admin", true, true, false));
+ securityRepository.addMatch(DEFAULT_MANAGEMENT_ADDRESS.toString(), adminRole);
+ Set<Role> guestRole = new HashSet<Role>();
+ guestRole.add(new Role("guest", true, true, true));
+ securityRepository.addMatch("*", guestRole);
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ service.stop();
+
+ super.tearDown();
+ }
+
+ // Private -------------------------------------------------------
+
+ public void doSendManagementMessage(String user, String password, boolean expectReply) throws Exception
+ {
+ ClientSessionFactory sf = new ClientSessionFactoryImpl(new TransportConfiguration(InVMConnectorFactory.class.getName()));
+ ClientSession session = null;
+ if (user == null)
+ {
+ session = sf.createSession(false, true, true);
+ }
+ else
+ {
+ session = sf.createSession(user, password, false, true, true, false, 1);
+ }
+ session.start();
+
+ ClientRequestor requestor = new ClientRequestor(session, DEFAULT_MANAGEMENT_ADDRESS);
+
+ ClientMessage mngmntMessage = session.createClientMessage(false);
+ ManagementHelper.putAttributes(mngmntMessage, ManagementServiceImpl.getMessagingServerObjectName(), "Started");
+ ClientMessage reply = requestor.request(mngmntMessage, 500);
+ if (expectReply)
+ {
+ assertNotNull(reply);
+ assertTrue((Boolean)reply.getProperty(new SimpleString("Started")));
+ }
+ else
+ {
+ assertNull(reply);
+ }
+ }
+
+ // Inner classes -------------------------------------------------
+
+}
More information about the jboss-cvs-commits
mailing list