[1/2] activemq-artemis git commit: This closes #2374

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[1/2] activemq-artemis git commit: This closes #2374

michaelpearce
Repository: activemq-artemis
Updated Branches:
  refs/heads/master 55cb2dbf4 -> bd1777799


This closes #2374


Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/bd177779
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/bd177779
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/bd177779

Branch: refs/heads/master
Commit: bd1777799a56f3256ba489ac4f1fc36c1e47dc1f
Parents: 55cb2db c2188aa
Author: Michael Andre Pearce <[hidden email]>
Authored: Thu Nov 8 23:56:51 2018 +0000
Committer: Michael Andre Pearce <[hidden email]>
Committed: Thu Nov 8 23:56:51 2018 +0000

----------------------------------------------------------------------
 .../api/core/management/ManagementHelper.java   |  2 +
 .../core/server/impl/ServerSessionImpl.java     | 12 ++++++
 docs/user-manual/en/management.md               |  4 +-
 .../management/NotificationTest.java            |  2 +
 .../management/SSLSecurityNotificationTest.java | 39 ++++++++++++++++++++
 .../management/SecurityNotificationTest.java    | 32 ++++++++++++++++
 6 files changed, 89 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


Reply | Threaded
Open this post in threaded view
|

[2/2] activemq-artemis git commit: ARTEMIS-2127 Add auth details to consumer created notification

michaelpearce
ARTEMIS-2127 Add auth details to consumer created notification


Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/c2188aa0
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/c2188aa0
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/c2188aa0

Branch: refs/heads/master
Commit: c2188aa058a2f6aae65ca2247c14c7b968faaf56
Parents: 55cb2db
Author: Justin Bertram <[hidden email]>
Authored: Tue Oct 16 08:01:45 2018 -0500
Committer: Michael Andre Pearce <[hidden email]>
Committed: Thu Nov 8 23:56:51 2018 +0000

----------------------------------------------------------------------
 .../api/core/management/ManagementHelper.java   |  2 +
 .../core/server/impl/ServerSessionImpl.java     | 12 ++++++
 docs/user-manual/en/management.md               |  4 +-
 .../management/NotificationTest.java            |  2 +
 .../management/SSLSecurityNotificationTest.java | 39 ++++++++++++++++++++
 .../management/SecurityNotificationTest.java    | 32 ++++++++++++++++
 6 files changed, 89 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c2188aa0/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ManagementHelper.java
----------------------------------------------------------------------
diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ManagementHelper.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ManagementHelper.java
index 7b6d3ff..bba8419 100644
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ManagementHelper.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ManagementHelper.java
@@ -62,6 +62,8 @@ public final class ManagementHelper {
 
    public static final SimpleString HDR_USER = new SimpleString("_AMQ_User");
 
+   public static final SimpleString HDR_VALIDATED_USER = new SimpleString("_AMQ_ValidatedUser");
+
    public static final SimpleString HDR_CERT_SUBJECT_DN = new SimpleString("_AMQ_CertSubjectDN");
 
    public static final SimpleString HDR_CHECK_TYPE = new SimpleString("_AMQ_CheckType");

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c2188aa0/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
index 7ab353a..3bc60f2 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
@@ -18,6 +18,7 @@ package org.apache.activemq.artemis.core.server.impl;
 
 import javax.json.JsonArrayBuilder;
 import javax.json.JsonObjectBuilder;
+import javax.security.cert.X509Certificate;
 import javax.transaction.xa.XAException;
 import javax.transaction.xa.Xid;
 import java.util.ArrayList;
@@ -58,6 +59,7 @@ import org.apache.activemq.artemis.core.postoffice.BindingType;
 import org.apache.activemq.artemis.core.postoffice.PostOffice;
 import org.apache.activemq.artemis.core.postoffice.QueueBinding;
 import org.apache.activemq.artemis.core.postoffice.RoutingStatus;
+import org.apache.activemq.artemis.core.remoting.CertificateUtil;
 import org.apache.activemq.artemis.core.remoting.CloseListener;
 import org.apache.activemq.artemis.core.remoting.FailureListener;
 import org.apache.activemq.artemis.core.security.CheckType;
@@ -499,6 +501,16 @@ public class ServerSessionImpl implements ServerSession, FailureListener {
          // HORNETQ-946
          props.putSimpleStringProperty(ManagementHelper.HDR_USER, SimpleString.toSimpleString(username));
 
+         props.putSimpleStringProperty(ManagementHelper.HDR_VALIDATED_USER, SimpleString.toSimpleString(validatedUser));
+
+         String certSubjectDN = "unavailable";
+         X509Certificate[] certs = CertificateUtil.getCertsFromConnection(this.remotingConnection);
+         if (certs != null && certs.length > 0 && certs[0] != null) {
+            certSubjectDN = certs[0].getSubjectDN().getName();
+         }
+
+         props.putSimpleStringProperty(ManagementHelper.HDR_CERT_SUBJECT_DN, SimpleString.toSimpleString(certSubjectDN));
+
          props.putSimpleStringProperty(ManagementHelper.HDR_REMOTE_ADDRESS, SimpleString.toSimpleString(this.remotingConnection.getRemoteAddress()));
 
          props.putSimpleStringProperty(ManagementHelper.HDR_SESSION_NAME, SimpleString.toSimpleString(name));

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c2188aa0/docs/user-manual/en/management.md
----------------------------------------------------------------------
diff --git a/docs/user-manual/en/management.md b/docs/user-manual/en/management.md
index 5cb6838..f7c8352 100644
--- a/docs/user-manual/en/management.md
+++ b/docs/user-manual/en/management.md
@@ -735,8 +735,8 @@ un-formatted result of a call to `java.lang.System.currentTimeMillis()`.
 - `CONSUMER_CREATED` (2)
 
   `_AMQ_Address`, `_AMQ_ClusterName`, `_AMQ_RoutingName`, `_AMQ_Distance`,
-  `_AMQ_ConsumerCount`, `_AMQ_User`, `_AMQ_RemoteAddress`,
-  `_AMQ_SessionName`, `_AMQ_FilterString`
+  `_AMQ_ConsumerCount`, `_AMQ_User`, `_AMQ_ValidatedUser`, `_AMQ_RemoteAddress`,
+  `_AMQ_SessionName`, `_AMQ_FilterString`, `_AMQ_CertSubjectDN`
 
 - `CONSUMER_CLOSED` (3)
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c2188aa0/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/NotificationTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/NotificationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/NotificationTest.java
index 09aec0e..ed5713e 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/NotificationTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/NotificationTest.java
@@ -175,8 +175,10 @@ public class NotificationTest extends ActiveMQTestBase {
       Assert.assertEquals(address.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString());
       Assert.assertEquals(1, notifications[0].getObjectProperty(ManagementHelper.HDR_CONSUMER_COUNT));
       Assert.assertEquals(SimpleString.toSimpleString("myUser"), notifications[0].getSimpleStringProperty(ManagementHelper.HDR_USER));
+      Assert.assertEquals(null, notifications[0].getSimpleStringProperty(ManagementHelper.HDR_VALIDATED_USER));
       Assert.assertEquals(SimpleString.toSimpleString("invm:0"), notifications[0].getSimpleStringProperty(ManagementHelper.HDR_REMOTE_ADDRESS));
       Assert.assertEquals(consumerName, notifications[0].getSimpleStringProperty(ManagementHelper.HDR_SESSION_NAME));
+      Assert.assertEquals(SimpleString.toSimpleString("unavailable"), notifications[0].getSimpleStringProperty(ManagementHelper.HDR_CERT_SUBJECT_DN));
 
       consumer.close();
       session.deleteQueue(queue);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c2188aa0/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java
index 26e0cca..d4c504c 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java
@@ -25,6 +25,7 @@ import java.util.Set;
 
 import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration;
 import org.apache.activemq.artemis.api.core.ActiveMQException;
+import org.apache.activemq.artemis.api.core.RoutingType;
 import org.apache.activemq.artemis.api.core.SimpleString;
 import org.apache.activemq.artemis.api.core.TransportConfiguration;
 import org.apache.activemq.artemis.api.core.client.ActiveMQClient;
@@ -46,6 +47,7 @@ import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 
+import static org.apache.activemq.artemis.api.core.management.CoreNotificationType.CONSUMER_CREATED;
 import static org.apache.activemq.artemis.api.core.management.CoreNotificationType.SECURITY_AUTHENTICATION_VIOLATION;
 
 public class SSLSecurityNotificationTest extends ActiveMQTestBase {
@@ -96,6 +98,43 @@ public class SSLSecurityNotificationTest extends ActiveMQTestBase {
       Assert.assertTrue(notifications[0].getObjectProperty(ManagementHelper.HDR_REMOTE_ADDRESS).toString().startsWith("/127.0.0.1"));
    }
 
+   @Test
+   public void testCONSUMER_CREATED() throws Exception {
+      SimpleString queue = RandomUtil.randomSimpleString();
+      SimpleString address = RandomUtil.randomSimpleString();
+
+      Role role = new Role("notif", true, true, true, true, false, true, true, true, true, true);
+      Set<Role> roles = new HashSet<>();
+      roles.add(role);
+
+      server.getSecurityRepository().addMatch("#", roles);
+
+      TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
+      tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
+      tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-side-truststore.jks");
+      tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample");
+      tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-side-keystore.jks");
+      tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample");
+
+      ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc));
+      ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator));
+
+      ClientSession guestSession = sf.createSession("guest", "guest", false, true, true, false, 1);
+
+      guestSession.createQueue(address, RoutingType.ANYCAST, queue, true);
+      SSLSecurityNotificationTest.flush(notifConsumer);
+      guestSession.createConsumer(queue);
+
+      ClientMessage[] notifications = SecurityNotificationTest.consumeMessages(1, notifConsumer);
+      Assert.assertEquals(CONSUMER_CREATED.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString());
+      Assert.assertEquals("guest", notifications[0].getObjectProperty(ManagementHelper.HDR_USER).toString());
+      Assert.assertEquals("first", notifications[0].getObjectProperty(ManagementHelper.HDR_VALIDATED_USER).toString());
+      Assert.assertEquals(address.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString());
+      Assert.assertEquals("CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ", notifications[0].getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN).toString());
+
+      guestSession.close();
+   }
+
    @Override
    @Before
    public void setUp() throws Exception {

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c2188aa0/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java
index 579811a..b8d5231 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java
@@ -21,6 +21,7 @@ import java.util.Set;
 
 import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration;
 import org.apache.activemq.artemis.api.core.ActiveMQException;
+import org.apache.activemq.artemis.api.core.RoutingType;
 import org.apache.activemq.artemis.api.core.SimpleString;
 import org.apache.activemq.artemis.api.core.client.ClientConsumer;
 import org.apache.activemq.artemis.api.core.client.ClientMessage;
@@ -40,6 +41,7 @@ import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 
+import static org.apache.activemq.artemis.api.core.management.CoreNotificationType.CONSUMER_CREATED;
 import static org.apache.activemq.artemis.api.core.management.CoreNotificationType.SECURITY_AUTHENTICATION_VIOLATION;
 import static org.apache.activemq.artemis.api.core.management.CoreNotificationType.SECURITY_PERMISSION_VIOLATION;
 
@@ -119,6 +121,36 @@ public class SecurityNotificationTest extends ActiveMQTestBase {
       guestSession.close();
    }
 
+   @Test
+   public void testCONSUMER_CREATED() throws Exception {
+      SimpleString queue = RandomUtil.randomSimpleString();
+      SimpleString address = RandomUtil.randomSimpleString();
+
+      Role role = new Role("role", true, true, true, true, false, true, true, true, true, true);
+      Set<Role> roles = new HashSet<>();
+      roles.add(role);
+      server.getSecurityRepository().addMatch(address.toString(), roles);
+      ActiveMQJAASSecurityManager securityManager = (ActiveMQJAASSecurityManager) server.getSecurityManager();
+      securityManager.getConfiguration().addRole("guest", "role");
+
+      ServerLocator locator = createInVMNonHALocator();
+      ClientSessionFactory sf = createSessionFactory(locator);
+      ClientSession guestSession = sf.createSession("guest", "guest", false, true, true, false, 1);
+
+      guestSession.createQueue(address, RoutingType.ANYCAST, queue, true);
+      SecurityNotificationTest.flush(notifConsumer);
+      guestSession.createConsumer(queue);
+
+      ClientMessage[] notifications = SecurityNotificationTest.consumeMessages(1, notifConsumer);
+      Assert.assertEquals(CONSUMER_CREATED.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString());
+      Assert.assertEquals("guest", notifications[0].getObjectProperty(ManagementHelper.HDR_USER).toString());
+      Assert.assertEquals("guest", notifications[0].getObjectProperty(ManagementHelper.HDR_VALIDATED_USER).toString());
+      Assert.assertEquals(address.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString());
+      Assert.assertEquals(SimpleString.toSimpleString("unavailable"), notifications[0].getSimpleStringProperty(ManagementHelper.HDR_CERT_SUBJECT_DN));
+
+      guestSession.close();
+   }
+
    // Package protected ---------------------------------------------
 
    // Protected -----------------------------------------------------