[prev in list] [next in list] [prev in thread] [next in thread]
List: activemq-commits
Subject: [2/4] Fix for https://issues.apache.org/jira/browse/AMQ-3621 - Integrate Apache Shiro with ActiveMQ
From: ceposta () apache ! org
Date: 2014-02-24 15:30:49
Message-ID: a0dd854ce0a44e4ba0a450f2bedd65f2 () git ! apache ! org
[Download RAW message or body]
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/authc/DefaultAuthenticationPolicyTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authc/DefaultAuthenticationPolicyTest.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authc/DefaultAuthenticationPolicyTest.java
new file mode 100644
index 0000000..0d39061
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authc/DefaultAuthenticationPolicyTest.java
@@ -0,0 +1,339 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authc;
+
+import org.apache.activemq.broker.Connection;
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.broker.Connector;
+import org.apache.activemq.broker.region.ConnectionStatistics;
+import org.apache.activemq.command.Command;
+import org.apache.activemq.command.ConnectionControl;
+import org.apache.activemq.command.ConnectionInfo;
+import org.apache.activemq.command.Response;
+import org.apache.activemq.shiro.subject.SubjectAdapter;
+import org.apache.activemq.shiro.subject.SubjectConnectionReference;
+import org.apache.shiro.env.DefaultEnvironment;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.subject.SimplePrincipalCollection;
+import org.apache.shiro.subject.Subject;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class DefaultAuthenticationPolicyTest {
+
+ private DefaultAuthenticationPolicy policy;
+
+ @Before
+ public void setUp() {
+ this.policy = new DefaultAuthenticationPolicy();
+ }
+
+ @Test
+ public void testVmConnectionAuthenticationRequired() {
+ boolean required = true;
+ policy.setVmConnectionAuthenticationRequired(required);
+ assertEquals(required, policy.isVmConnectionAuthenticationRequired());
+ }
+
+ @Test
+ public void testSystemAccountUsername() {
+ String name = "foo";
+ policy.setSystemAccountUsername(name);
+ assertEquals(name, policy.getSystemAccountUsername());
+ }
+
+ @Test
+ public void testSystemAccountRealmName() {
+ String name = "fooRealm";
+ policy.setSystemAccountRealmName(name);
+ assertEquals(name, policy.getSystemAccountRealmName());
+ }
+
+ @Test
+ public void testAnonymousAllowed() {
+ boolean allowed = true;
+ policy.setAnonymousAccessAllowed(allowed);
+ assertEquals(allowed, policy.isAnonymousAccessAllowed());
+ }
+
+ @Test
+ public void testAnonymousAccountUsername() {
+ String name = "blah";
+ policy.setAnonymousAccountUsername(name);
+ assertEquals(name, policy.getAnonymousAccountUsername());
+ }
+
+ @Test
+ public void testAnonymousAccountRealmName() {
+ String name = "blahRealm";
+ policy.setAnonymousAccountRealmName(name);
+ assertEquals(name, policy.getAnonymousAccountRealmName());
+ }
+
+ @Test
+ public void testIsAnonymousAccount() {
+ Subject subject = new SubjectAdapter() {
+ @Override
+ public PrincipalCollection getPrincipals() {
+ return new SimplePrincipalCollection("anonymous", "iniRealm");
+ }
+ };
+ assertTrue(policy.isAnonymousAccount(subject));
+ }
+
+ @Test
+ public void testIsAnonymousAccountWithNullPrincipals() {
+ assertFalse(policy.isAnonymousAccount(new SubjectAdapter()));
+ }
+
+ @Test
+ public void testIsSystemAccountWithNullPrincipals() {
+ assertFalse(policy.isSystemAccount(new SubjectAdapter()));
+ }
+
+ @Test
+ public void testIsAuthenticationRequiredWhenAlreadyRequired() {
+ Subject subject = new SubjectAdapter() {
+ @Override
+ public boolean isAuthenticated() {
+ return true;
+ }
+ };
+ SubjectConnectionReference sc = new SubjectConnectionReference(new \
ConnectionContext(), new ConnectionInfo(), + new DefaultEnvironment(), \
subject); +
+ assertFalse(policy.isAuthenticationRequired(sc));
+ }
+
+ @Test
+ public void testIsAuthenticationRequiredWhenAnonymousAllowedAnonymousSubject() {
+
+ policy.setAnonymousAccessAllowed(true);
+
+ Subject subject = new SubjectAdapter() {
+ @Override
+ public PrincipalCollection getPrincipals() {
+ return new SimplePrincipalCollection("anonymous", "iniRealm");
+ }
+ };
+ SubjectConnectionReference sc = new SubjectConnectionReference(new \
ConnectionContext(), new ConnectionInfo(), + new DefaultEnvironment(), \
subject); +
+ assertFalse(policy.isAuthenticationRequired(sc));
+ }
+
+ @Test
+ public void testIsAuthenticationRequiredWhenAnonymousAllowedAndNotAnonymousSubject() \
{ +
+ policy.setAnonymousAccessAllowed(true);
+
+ Subject subject = new SubjectAdapter() {
+ @Override
+ public PrincipalCollection getPrincipals() {
+ return new SimplePrincipalCollection("system", "iniRealm");
+ }
+ };
+ SubjectConnectionReference sc = new SubjectConnectionReference(new \
ConnectionContext(), new ConnectionInfo(), + new DefaultEnvironment(), \
subject); +
+ assertFalse(policy.isAuthenticationRequired(sc));
+ }
+
+ @Test
+ public void testIsAuthenticationRequiredWhenSystemConnectionAndSystemSubject() {
+
+ Subject subject = new SubjectAdapter() {
+ @Override
+ public PrincipalCollection getPrincipals() {
+ return new SimplePrincipalCollection("system", "iniRealm");
+ }
+ };
+ SubjectConnectionReference sc = new SubjectConnectionReference(new \
ConnectionContext(), new ConnectionInfo(), + new DefaultEnvironment(), \
subject); +
+ assertFalse(policy.isAuthenticationRequired(sc));
+ }
+
+ @Test
+ public void testIsAuthenticationRequiredWhenSystemConnectionRequiresAuthentication() \
{ +
+ policy.setVmConnectionAuthenticationRequired(true);
+
+ Subject subject = new SubjectAdapter() {
+ @Override
+ public PrincipalCollection getPrincipals() {
+ return new SimplePrincipalCollection("system", "iniRealm");
+ }
+ };
+ SubjectConnectionReference sc = new SubjectConnectionReference(new \
ConnectionContext(), new ConnectionInfo(), + new DefaultEnvironment(), \
subject); +
+ assertTrue(policy.isAuthenticationRequired(sc));
+ }
+
+ @Test
+ public void testIsAuthenticationRequiredWhenSystemConnectionDoesNotRequireAuthenticationAndNotSystemAccount() \
{ +
+ Subject subject = new SubjectAdapter() {
+ @Override
+ public PrincipalCollection getPrincipals() {
+ return new SimplePrincipalCollection("foo", "iniRealm");
+ }
+ };
+ SubjectConnectionReference sc = new SubjectConnectionReference(new \
ConnectionContext(), new ConnectionInfo(), + new DefaultEnvironment(), \
subject); +
+ assertTrue(policy.isAuthenticationRequired(sc));
+ }
+
+ @Test
+ public void testIsAssumeIdentity() {
+ policy.setAnonymousAccessAllowed(true);
+ assertTrue(policy.isAssumeIdentity(null));
+ }
+
+ @Test
+ public void testIsAssumeIdentityWithSystemConnection() {
+
+ ConnectionContext ctx = new ConnectionContext();
+ Connection connection = new Connection() {
+ @Override
+ public Connector getConnector() {
+ return null; //To change body of implemented methods use File | \
Settings | File Templates. + }
+
+ @Override
+ public void dispatchSync(Command message) {
+ //To change body of implemented methods use File | Settings | File \
Templates. + }
+
+ @Override
+ public void dispatchAsync(Command command) {
+ //To change body of implemented methods use File | Settings | File \
Templates. + }
+
+ @Override
+ public Response service(Command command) {
+ return null; //To change body of implemented methods use File | \
Settings | File Templates. + }
+
+ @Override
+ public void serviceException(Throwable error) {
+ //To change body of implemented methods use File | Settings | File \
Templates. + }
+
+ @Override
+ public boolean isSlow() {
+ return false; //To change body of implemented methods use File | \
Settings | File Templates. + }
+
+ @Override
+ public boolean isBlocked() {
+ return false; //To change body of implemented methods use File | \
Settings | File Templates. + }
+
+ @Override
+ public boolean isConnected() {
+ return false; //To change body of implemented methods use File | \
Settings | File Templates. + }
+
+ @Override
+ public boolean isActive() {
+ return false; //To change body of implemented methods use File | \
Settings | File Templates. + }
+
+ @Override
+ public int getDispatchQueueSize() {
+ return 0; //To change body of implemented methods use File | \
Settings | File Templates. + }
+
+ @Override
+ public ConnectionStatistics getStatistics() {
+ return null; //To change body of implemented methods use File | \
Settings | File Templates. + }
+
+ @Override
+ public boolean isManageable() {
+ return false; //To change body of implemented methods use File | \
Settings | File Templates. + }
+
+ @Override
+ public String getRemoteAddress() {
+ return "vm://localhost";
+ }
+
+ @Override
+ public void serviceExceptionAsync(IOException e) {
+ //To change body of implemented methods use File | Settings | File \
Templates. + }
+
+ @Override
+ public String getConnectionId() {
+ return null; //To change body of implemented methods use File | \
Settings | File Templates. + }
+
+ @Override
+ public boolean isNetworkConnection() {
+ return false; //To change body of implemented methods use File | \
Settings | File Templates. + }
+
+ @Override
+ public boolean isFaultTolerantConnection() {
+ return false; //To change body of implemented methods use File | \
Settings | File Templates. + }
+
+ @Override
+ public void updateClient(ConnectionControl control) {
+ //To change body of implemented methods use File | Settings | File \
Templates. + }
+
+ @Override
+ public void start() throws Exception {
+ //To change body of implemented methods use File | Settings | File \
Templates. + }
+
+ @Override
+ public void stop() throws Exception {
+ //To change body of implemented methods use File | Settings | File \
Templates. + }
+
+ @Override
+ public int getActiveTransactionCount() {
+ return 0; //To change body of implemented methods use File | \
Settings | File Templates. + }
+
+ @Override
+ public Long getOldestActiveTransactionDuration() {
+ return null; //To change body of implemented methods use File | \
Settings | File Templates. + }
+ };
+
+ ctx.setConnection(connection);
+
+ SubjectConnectionReference sc = new SubjectConnectionReference(ctx, new \
ConnectionInfo(), + new DefaultEnvironment(), new SubjectAdapter());
+
+ assertTrue(policy.isAssumeIdentity(sc));
+ }
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQPermissionResolverTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQPermissionResolverTest.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQPermissionResolverTest.java
new file mode 100644
index 0000000..363f60b
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQPermissionResolverTest.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authz;
+
+import org.apache.shiro.authz.Permission;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class ActiveMQPermissionResolverTest {
+
+ @Test
+ public void testDefault() {
+ ActiveMQPermissionResolver resolver = new ActiveMQPermissionResolver();
+ assertTrue(resolver.isCaseSensitive());
+ Permission p = resolver.resolvePermission("Foo:Bar");
+ assertNotNull(p);
+ assertTrue(p instanceof ActiveMQWildcardPermission);
+ assertTrue(p.implies(new ActiveMQWildcardPermission("Foo:Bar")));
+ assertFalse(p.implies(new ActiveMQWildcardPermission("foo:bar")));
+ }
+
+ @Test
+ public void testCaseInsensitive() {
+ ActiveMQPermissionResolver resolver = new ActiveMQPermissionResolver();
+ resolver.setCaseSensitive(false);
+ assertFalse(resolver.isCaseSensitive());
+ Permission p = resolver.resolvePermission("Foo:Bar");
+ assertNotNull(p);
+ assertTrue(p instanceof ActiveMQWildcardPermission);
+ assertTrue(p.implies(new ActiveMQWildcardPermission("foo:bar")));
+ assertTrue(p.implies(new ActiveMQWildcardPermission("Foo:Bar", true)));
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermissionTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermissionTest.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermissionTest.java
new file mode 100644
index 0000000..515aeeb
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermissionTest.java
@@ -0,0 +1,158 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authz;
+
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.permission.WildcardPermission;
+import org.junit.Test;
+
+import java.util.List;
+import java.util.Set;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class ActiveMQWildcardPermissionTest {
+
+ @Test
+ public void testNotWildcardPermission() {
+ ActiveMQWildcardPermission perm = new \
ActiveMQWildcardPermission("topic:TEST:*"); + Permission dummy = new \
Permission() { + @Override
+ public boolean implies(Permission p) {
+ return false;
+ }
+ };
+ assertFalse(perm.implies(dummy));
+ }
+
+ @Test
+ public void testIntrapartWildcard() {
+ ActiveMQWildcardPermission superset = new \
ActiveMQWildcardPermission("topic:ActiveMQ.Advisory.*:read"); + \
ActiveMQWildcardPermission subset = new \
ActiveMQWildcardPermission("topic:ActiveMQ.Advisory.Topic:read"); +
+ assertTrue(superset.implies(subset));
+ assertFalse(subset.implies(superset));
+ }
+
+ @Test
+ public void testMatches() {
+ assertMatch("x", "x");
+ assertNoMatch("x", "y");
+
+ assertMatch("xx", "xx");
+ assertNoMatch("xy", "xz");
+
+ assertMatch("?", "x");
+ assertMatch("x?", "xy");
+ assertMatch("?y", "xy");
+ assertMatch("x?z", "xyz");
+
+ assertMatch("*", "x");
+ assertMatch("x*", "x");
+ assertMatch("x*", "xy");
+ assertMatch("xy*", "xy");
+ assertMatch("xy*", "xyz");
+
+ assertMatch("*x", "x");
+ assertNoMatch("*x", "y");
+
+ assertMatch("*x", "wx");
+ assertNoMatch("*x", "wz");
+ assertMatch("*x", "vwx");
+
+ assertMatch("x*z", "xz");
+ assertMatch("x*z", "xyz");
+ assertMatch("x*z", "xyyz");
+
+ assertNoMatch("ab*t?z", "abz");
+ assertNoMatch("ab*d*yz", "abcdz");
+
+ assertMatch("ab**cd**ef*yz", "abcdefyz");
+ assertMatch("a*c?*z", "abcxyz");
+ assertMatch("a*cd*z", "abcdxyz");
+
+ assertMatch("*", "x:x");
+ assertMatch("*", "x:x:x");
+ assertMatch("x", "x:y");
+ assertMatch("x", "x:y:z");
+
+ assertMatch("foo?armat*", "foobarmatches");
+ assertMatch("f*", "f");
+ assertNoMatch("foo", "f");
+ assertMatch("fo*b", "foob");
+ assertNoMatch("fo*b*r", "fooba");
+ assertNoMatch("foo*", "f");
+
+ assertMatch("t*k?ou", "thankyou");
+ assertMatch("he*l*world", "helloworld");
+ assertNoMatch("foo", "foob");
+
+ assertMatch("*:ActiveMQ.Advisory", "foo:ActiveMQ.Advisory");
+ assertNoMatch("*:ActiveMQ.Advisory", "foo:ActiveMQ.Advisory.");
+ assertMatch("*:ActiveMQ.Advisory*", "foo:ActiveMQ.Advisory");
+ assertMatch("*:ActiveMQ.Advisory*", "foo:ActiveMQ.Advisory.");
+ assertMatch("*:ActiveMQ.Advisory.*", "foo:ActiveMQ.Advisory.Connection");
+ assertMatch("*:ActiveMQ.Advisory*:read", \
"foo:ActiveMQ.Advisory.Connection:read"); + \
assertNoMatch("*:ActiveMQ.Advisory*:read", "foo:ActiveMQ.Advisory.Connection:write"); \
+ assertMatch("*:ActiveMQ.Advisory*:*", \
"foo:ActiveMQ.Advisory.Connection:read"); + \
assertMatch("*:ActiveMQ.Advisory*:*", "foo:ActiveMQ.Advisory."); + \
assertMatch("topic", "topic:TEST:*"); + assertNoMatch("*:ActiveMQ*", \
"topic:TEST:*"); + assertMatch("topic:ActiveMQ.Advisory*", \
"topic:ActiveMQ.Advisory.Connection:create"); + assertMatch("foo?ar", \
"foobar"); + }
+
+ protected static void assertMatch(String pattern, String value) {
+ assertTrue(matches(pattern, value));
+ }
+
+ protected static void assertNoMatch(String pattern, String value) {
+ assertFalse(matches(pattern, value));
+ }
+
+ protected static boolean matches(String pattern, String value) {
+ ActiveMQWildcardPermission patternPerm = new \
ActiveMQWildcardPermission(pattern); + WildcardPermission valuePerm = new \
WildcardPermission(value, true); + return patternPerm.implies(valuePerm);
+ }
+
+ @Test(expected=IllegalStateException.class)
+ public void testGetPartsByReflectionThrowingException() {
+
+ ActiveMQWildcardPermission perm = new ActiveMQWildcardPermission("foo:bar") \
{ + @Override
+ protected List<Set<String>> doGetPartsByReflection(WildcardPermission \
wp) throws Exception { + throw new RuntimeException("Testing \
failure"); + }
+ };
+
+ WildcardPermission otherPerm = new WildcardPermission("foo:bar:baz");
+
+ perm.implies(otherPerm);
+ }
+
+ @Test
+ public void testImpliesWithExtraParts() {
+ ActiveMQWildcardPermission perm1 = new \
ActiveMQWildcardPermission("foo:bar:baz"); + ActiveMQWildcardPermission perm2 \
= new ActiveMQWildcardPermission("foo:bar"); + \
assertFalse(perm1.implies(perm2)); + }
+
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/AuthorizationFilterTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/AuthorizationFilterTest.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/AuthorizationFilterTest.java
new file mode 100644
index 0000000..bc63f30
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/AuthorizationFilterTest.java
@@ -0,0 +1,364 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authz;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.broker.ProducerBrokerExchange;
+import org.apache.activemq.broker.StubBroker;
+import org.apache.activemq.command.ActiveMQDestination;
+import org.apache.activemq.command.ActiveMQTextMessage;
+import org.apache.activemq.command.ActiveMQTopic;
+import org.apache.activemq.command.ConnectionInfo;
+import org.apache.activemq.command.ConsumerInfo;
+import org.apache.activemq.command.DestinationInfo;
+import org.apache.activemq.command.ProducerInfo;
+import org.apache.activemq.shiro.subject.SubjectAdapter;
+import org.apache.activemq.shiro.subject.SubjectConnectionReference;
+import org.apache.activemq.shiro.subject.SubjectSecurityContext;
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.UnauthorizedException;
+import org.apache.shiro.env.Environment;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.subject.SimplePrincipalCollection;
+import org.apache.shiro.subject.Subject;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.Collection;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class AuthorizationFilterTest {
+
+ private AuthorizationFilter filter;
+ private StubBroker nextBroker;
+
+ @Before
+ public void setUp() {
+ filter = new AuthorizationFilter();
+ nextBroker = new StubBroker();
+ filter.setNext(nextBroker);
+ }
+
+ @Test
+ public void testDefaults() {
+ ActionPermissionResolver resolver = filter.getActionPermissionResolver();
+ assertNotNull(resolver);
+ assertTrue(resolver instanceof DestinationActionPermissionResolver);
+ }
+
+ @Test
+ public void testSetActionPermissionResolver() {
+ ActionPermissionResolver resolver = new \
DestinationActionPermissionResolver(); + \
filter.setActionPermissionResolver(resolver); + assertSame(resolver, \
filter.getActionPermissionResolver()); + }
+
+ private ConnectionContext createContext(Subject subject) {
+ ConnectionContext ctx = new ConnectionContext();
+ ConnectionInfo info = new ConnectionInfo();
+ Environment environment = new Environment() {
+ @Override
+ public org.apache.shiro.mgt.SecurityManager getSecurityManager() {
+ return null; //not needed in this test.
+ }
+ };
+ SubjectConnectionReference ref = new SubjectConnectionReference(ctx, info, \
environment, subject); + SubjectSecurityContext secCtx = new \
SubjectSecurityContext(ref); + ctx.setSecurityContext(secCtx);
+ return ctx;
+ }
+
+ @Test
+ public void testSubjectToString() {
+ Subject subject = new PermsSubject() {
+ @Override
+ public PrincipalCollection getPrincipals() {
+ return null;
+ }
+ };
+ String string = filter.toString(subject);
+ assertEquals("", string);
+ }
+
+ @Test(expected=UnauthorizedException.class)
+ public void testAddDestinationInfoNotAuthorized() throws Exception {
+ String name = "myTopic";
+ ActiveMQDestination dest = new ActiveMQTopic(name);
+ DestinationInfo info = new DestinationInfo(null, \
DestinationInfo.ADD_OPERATION_TYPE, dest); +
+ Subject subject = new PermsSubject();
+ ConnectionContext context = createContext(subject);
+
+ filter.addDestinationInfo(context, info);
+ }
+
+ @Test
+ public void testAddDestinationInfoAuthorized() throws Exception {
+
+ String name = "myTopic";
+ ActiveMQDestination dest = new ActiveMQTopic(name);
+ DestinationInfo info = new DestinationInfo(null, \
DestinationInfo.ADD_OPERATION_TYPE, dest); +
+ Subject subject = new PermsSubject() {
+ @Override
+ public boolean isPermitted(Permission toCheck) {
+ Permission assigned = createPerm("topic:myTopic:create");
+ assertEquals(assigned.toString(), toCheck.toString());
+ return assigned.implies(toCheck);
+ }
+ };
+
+ ConnectionContext context = createContext(subject);
+
+ filter.addDestinationInfo(context, info);
+ }
+
+ @Test(expected=UnauthorizedException.class)
+ public void testAddDestinationNotAuthorized() throws Exception {
+ String name = "myTopic";
+ ActiveMQDestination dest = new ActiveMQTopic(name);
+
+ Subject subject = new PermsSubject();
+ ConnectionContext context = createContext(subject);
+
+ filter.addDestination(context, dest, true);
+ }
+
+ @Test
+ public void testAddDestinationAuthorized() throws Exception {
+ String name = "myTopic";
+ ActiveMQDestination dest = new ActiveMQTopic(name);
+
+ Subject subject = new PermsSubject() {
+ @Override
+ public boolean isPermitted(Permission toCheck) {
+ Permission assigned = createPerm("topic:myTopic:create");
+ assertEquals(assigned.toString(), toCheck.toString());
+ return assigned.implies(toCheck);
+ }
+ };
+
+ ConnectionContext context = createContext(subject);
+
+ filter.addDestination(context, dest, true);
+ }
+
+ @Test(expected=UnauthorizedException.class)
+ public void testRemoveDestinationInfoNotAuthorized() throws Exception {
+ String name = "myTopic";
+ ActiveMQDestination dest = new ActiveMQTopic(name);
+ DestinationInfo info = new DestinationInfo(null, \
DestinationInfo.REMOVE_OPERATION_TYPE, dest); +
+ Subject subject = new PermsSubject();
+ ConnectionContext context = createContext(subject);
+
+ filter.removeDestinationInfo(context, info);
+ }
+
+ @Test
+ public void testRemoveDestinationInfoAuthorized() throws Exception {
+
+ String name = "myTopic";
+ ActiveMQDestination dest = new ActiveMQTopic(name);
+ DestinationInfo info = new DestinationInfo(null, \
DestinationInfo.REMOVE_OPERATION_TYPE, dest); +
+ Subject subject = new PermsSubject() {
+ @Override
+ public boolean isPermitted(Permission toCheck) {
+ Permission assigned = createPerm("topic:myTopic:remove");
+ assertEquals(assigned.toString(), toCheck.toString());
+ return assigned.implies(toCheck);
+ }
+ };
+
+ ConnectionContext context = createContext(subject);
+
+ filter.removeDestinationInfo(context, info);
+ }
+
+ @Test(expected=UnauthorizedException.class)
+ public void testRemoveDestinationNotAuthorized() throws Exception {
+ String name = "myTopic";
+ ActiveMQDestination dest = new ActiveMQTopic(name);
+
+ Subject subject = new PermsSubject();
+ ConnectionContext context = createContext(subject);
+
+ filter.removeDestination(context, dest, 1000);
+ }
+
+ @Test
+ public void testRemoveDestinationAuthorized() throws Exception {
+ String name = "myTopic";
+ ActiveMQDestination dest = new ActiveMQTopic(name);
+
+ Subject subject = new PermsSubject() {
+ @Override
+ public boolean isPermitted(Permission toCheck) {
+ Permission assigned = createPerm("topic:myTopic:remove");
+ assertEquals(assigned.toString(), toCheck.toString());
+ return assigned.implies(toCheck);
+ }
+ };
+
+ ConnectionContext context = createContext(subject);
+
+ filter.removeDestination(context, dest, 1000);
+ }
+
+ @Test(expected=UnauthorizedException.class)
+ public void testAddConsumerNotAuthorized() throws Exception {
+ String name = "myTopic";
+ ActiveMQDestination dest = new ActiveMQTopic(name);
+
+ Subject subject = new PermsSubject();
+ ConnectionContext context = createContext(subject);
+ ConsumerInfo info = new ConsumerInfo(null);
+ info.setDestination(dest);
+
+ filter.addConsumer(context, info);
+ }
+
+ @Test
+ public void testAddConsumerAuthorized() throws Exception {
+ String name = "myTopic";
+ ActiveMQDestination dest = new ActiveMQTopic(name);
+
+ Subject subject = new PermsSubject() {
+ @Override
+ public boolean isPermitted(Permission toCheck) {
+ Permission assigned = createPerm("topic:myTopic:read");
+ assertEquals(assigned.toString(), toCheck.toString());
+ return assigned.implies(toCheck);
+ }
+ };
+
+ ConnectionContext context = createContext(subject);
+ ConsumerInfo info = new ConsumerInfo(null);
+ info.setDestination(dest);
+
+ filter.addConsumer(context, info);
+ }
+
+ @Test
+ public void testAddProducerWithoutDestination() throws Exception {
+ Subject subject = new PermsSubject();
+ ConnectionContext context = createContext(subject);
+ ProducerInfo info = new ProducerInfo(null);
+ filter.addProducer(context, info);
+ }
+
+ @Test(expected=UnauthorizedException.class)
+ public void testAddProducerNotAuthorized() throws Exception {
+ String name = "myTopic";
+ ActiveMQDestination dest = new ActiveMQTopic(name);
+
+ Subject subject = new PermsSubject();
+ ConnectionContext context = createContext(subject);
+ ProducerInfo info = new ProducerInfo(null);
+ info.setDestination(dest);
+
+ filter.addProducer(context, info);
+ }
+
+ @Test
+ public void testAddProducerAuthorized() throws Exception {
+ String name = "myTopic";
+ ActiveMQDestination dest = new ActiveMQTopic(name);
+
+ Subject subject = new PermsSubject() {
+ @Override
+ public boolean isPermitted(Permission toCheck) {
+ Permission assigned = createPerm("topic:myTopic:write");
+ assertEquals(assigned.toString(), toCheck.toString());
+ return assigned.implies(toCheck);
+ }
+ };
+
+ ConnectionContext context = createContext(subject);
+ ProducerInfo info = new ProducerInfo(null);
+ info.setDestination(dest);
+
+ filter.addProducer(context, info);
+ }
+
+ @Test(expected=UnauthorizedException.class)
+ public void testBrokerExchangeSendNotAuthorized() throws Exception {
+ String name = "myTopic";
+
+ ActiveMQDestination dest = new ActiveMQTopic(name);
+ ActiveMQTextMessage message = new ActiveMQTextMessage();
+ message.setDestination(dest);
+ message.setText("Hello, world!");
+
+ Subject subject = new PermsSubject();
+ ConnectionContext context = createContext(subject);
+ ProducerBrokerExchange exchange = new ProducerBrokerExchange();
+ exchange.setConnectionContext(context);
+
+ filter.send(exchange, message);
+ }
+
+ @Test
+ public void testBrokerExchangeSendAuthorized() throws Exception {
+ String name = "myTopic";
+ ActiveMQDestination dest = new ActiveMQTopic(name);
+ ActiveMQTextMessage message = new ActiveMQTextMessage();
+ message.setDestination(dest);
+ message.setText("Hello, world!");
+
+ Subject subject = new PermsSubject() {
+ @Override
+ public boolean isPermitted(Permission toCheck) {
+ Permission assigned = createPerm("topic:myTopic:write");
+ assertEquals(assigned.toString(), toCheck.toString());
+ return assigned.implies(toCheck);
+ }
+ };
+
+ ConnectionContext context = createContext(subject);
+ ProducerBrokerExchange exchange = new ProducerBrokerExchange();
+ exchange.setConnectionContext(context);
+
+ filter.send(exchange, message);
+ }
+
+
+ protected Permission createPerm(String perm) {
+ return new DestinationActionPermissionResolver().createPermission(perm);
+ }
+
+
+ private static class PermsSubject extends SubjectAdapter {
+
+ @Override
+ public PrincipalCollection getPrincipals() {
+ return new SimplePrincipalCollection("foo", "someRealm");
+ }
+
+ @Override
+ public boolean isPermittedAll(Collection<Permission> permissions) {
+ assertNotNull(permissions);
+ assertEquals(1, permissions.size());
+ return isPermitted(permissions.iterator().next());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/ \
java/org/apache/activemq/shiro/authz/DestinationActionPermissionResolverTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionPermissionResolverTest.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionPermissionResolverTest.java
new file mode 100644
index 0000000..329979f
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionPermissionResolverTest.java
@@ -0,0 +1,153 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authz;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ActiveMQDestination;
+import org.apache.activemq.command.ActiveMQQueue;
+import org.apache.activemq.command.ActiveMQTempQueue;
+import org.apache.activemq.command.ActiveMQTempTopic;
+import org.apache.activemq.command.ActiveMQTopic;
+import org.apache.activemq.filter.AnyDestination;
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.permission.WildcardPermission;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.Collection;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class DestinationActionPermissionResolverTest {
+
+ private DestinationActionPermissionResolver resolver;
+
+ @Before
+ public void setUp() {
+ this.resolver = new DestinationActionPermissionResolver();
+ }
+
+ @Test
+ public void testDefaults() {
+ assertNull(resolver.getPermissionStringPrefix());
+ //default is true to reflect ActiveMQ's case-sensitive destination names:
+ assertTrue(resolver.isPermissionStringCaseSensitive());
+ }
+
+ @Test
+ public void testPermissionStringPrefixProp() {
+ String prefix = "foo";
+ resolver.setPermissionStringPrefix(prefix);
+ assertEquals(prefix, resolver.getPermissionStringPrefix());
+ }
+
+ @Test
+ public void testCaseSensitiveProp() {
+ resolver.setPermissionStringCaseSensitive(true);
+ assertTrue(resolver.isPermissionStringCaseSensitive());
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testGetPermissionsWithNonDestinationActionInstance() {
+ resolver.getPermissions(new Action() {
+ @Override
+ public String toString() {
+ return "foo";
+ }
+ });
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testGetPermissionsWithNullArgument() {
+ resolver.getPermissions((Action)null);
+ }
+
+ void assertPermString(String perm, Collection<Permission> perms) {
+ assertEquals(1, perms.size());
+ assertEquals(perm, perms.iterator().next().toString());
+ }
+
+ @Test
+ public void testGetPermissionsWithTopic() {
+ ActiveMQTopic topic = new ActiveMQTopic("myTopic");
+ DestinationAction action = new DestinationAction(new ConnectionContext(), \
topic, "create"); + Collection<Permission> perms = \
resolver.getPermissions(action); + assertPermString("topic:myTopic:create", \
perms); + }
+
+ @Test
+ public void testGetPermissionsWithTemporaryTopic() {
+ ActiveMQTempTopic topic = new ActiveMQTempTopic("myTempTopic");
+ DestinationAction action = new DestinationAction(new ConnectionContext(), \
topic, "remove"); + Collection<Permission> perms = \
resolver.getPermissions(action); + \
assertPermString("temp-topic:myTempTopic:remove", perms); + }
+
+ @Test
+ public void testGetPermissionsWithQueue() {
+ ActiveMQQueue queue = new ActiveMQQueue("myQueue");
+ DestinationAction action = new DestinationAction(new ConnectionContext(), \
queue, "write"); + Collection<Permission> perms = \
resolver.getPermissions(action); + assertPermString("queue:myQueue:write", \
perms); + }
+
+ @Test
+ public void testGetPermissionsWithTemporaryQueue() {
+ ActiveMQTempQueue queue = new ActiveMQTempQueue("myTempQueue");
+ DestinationAction action = new DestinationAction(new ConnectionContext(), \
queue, "read"); + Collection<Permission> perms = \
resolver.getPermissions(action); + \
assertPermString("temp-queue:myTempQueue:read", perms); + }
+
+ @Test
+ public void testPermissionWithPrefix() {
+ resolver.setPermissionStringPrefix("activeMQ");
+ ActiveMQTopic topic = new ActiveMQTopic("myTopic");
+ DestinationAction action = new DestinationAction(new ConnectionContext(), \
topic, "create"); + Collection<Permission> perms = \
resolver.getPermissions(action); + \
assertPermString("activeMQ:topic:myTopic:create", perms); + }
+
+ //Ensures if they explicitly set a prefix with a colon suffix that we don't add \
another one + @Test
+ public void testPermissionWithPrefixAndExplicitColon() {
+ resolver.setPermissionStringPrefix("activeMQ:");
+ ActiveMQTopic topic = new ActiveMQTopic("myTopic");
+ DestinationAction action = new DestinationAction(new ConnectionContext(), \
topic, "create"); + Collection<Permission> perms = \
resolver.getPermissions(action); + \
assertPermString("activeMQ:topic:myTopic:create", perms); + }
+
+ @Test
+ public void testAlternateWildcardPermissionToStringWithMultipleActions() {
+ Permission perm = resolver.createPermission("foo:bar:action1,action2");
+ assertTrue(perm instanceof WildcardPermission);
+ assertEquals("foo:bar:action1,action2", perm.toString());
+
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testCreatePermissionStringWithCompositeDestination() {
+ ActiveMQTopic topicA = new ActiveMQTopic("A");
+ ActiveMQTopic topicB = new ActiveMQTopic("B");
+ ActiveMQDestination composite = new AnyDestination(new \
ActiveMQDestination[]{topicA, topicB}); + \
resolver.createPermissionString(composite, "read"); + }
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionTest.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionTest.java
new file mode 100644
index 0000000..a5a9158
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/DestinationActionTest.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.authz;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ActiveMQQueue;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class DestinationActionTest {
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testNullConnectionContext() {
+ new DestinationAction(null, new ActiveMQQueue("foo"), "create");
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testNullDestination() {
+ new DestinationAction(new ConnectionContext(), null, "create");
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testNullVerb() {
+ new DestinationAction(new ConnectionContext(), new ActiveMQQueue("foo"), \
null); + }
+
+ @Test
+ public void testDefault() {
+ ConnectionContext ctx = new ConnectionContext();
+ ActiveMQQueue queue = new ActiveMQQueue("foo");
+ String verb = "create";
+
+ DestinationAction action = new DestinationAction(ctx, queue, verb);
+ assertSame(ctx, action.getConnectionContext());
+ assertSame(queue, action.getDestination());
+ assertEquals(verb, action.getVerb());
+ assertEquals("create destination: queue://foo", action.toString());
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/EnvironmentFilterTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/EnvironmentFilterTest.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/EnvironmentFilterTest.java
new file mode 100644
index 0000000..b95c9fb
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/EnvironmentFilterTest.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.env;
+
+import org.junit.Test;
+
+/**
+ * @since 5.10.0
+ */
+public class EnvironmentFilterTest {
+
+ @Test(expected=IllegalStateException.class)
+ public void testNullEnvironment() {
+ new EnvironmentFilter(){}.getEnvironment();
+ }
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/IniEnvironmentTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/IniEnvironmentTest.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/IniEnvironmentTest.java \
new file mode 100644 index 0000000..0d7d654
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/env/IniEnvironmentTest.java
@@ -0,0 +1,121 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.env;
+
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.config.ConfigurationException;
+import org.apache.shiro.config.Ini;
+import org.apache.shiro.subject.Subject;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * @since 5.10.0
+ */
+public class IniEnvironmentTest {
+
+ IniEnvironment env;
+
+ @Before
+ public void setUp() {
+ env = new IniEnvironment();
+ }
+
+ protected void authenticate() {
+ authenticate("foo", "bar");
+ }
+
+ protected void authenticate(String username, String password) {
+ Subject subject = new \
Subject.Builder(env.getSecurityManager()).buildSubject(); + subject.login(new \
UsernamePasswordToken(username, password)); + }
+
+ @Test
+ public void testIniInstanceConstructorArg() {
+ Ini ini = new Ini();
+ ini.addSection("users").put("foo", "bar");
+ env = new IniEnvironment(ini);
+ authenticate();
+ }
+
+ @Test
+ public void testStringConstructorArg() {
+ String config =
+ "[users]\n" +
+ "foo = bar";
+
+ env = new IniEnvironment(config);
+ authenticate();
+ }
+
+ @Test
+ public void testSetIni() {
+ Ini ini = new Ini();
+ ini.addSection("users").put("foo", "bar");
+
+ env = new IniEnvironment();
+ env.setIni(ini);
+ env.init();
+
+ authenticate();
+ }
+
+ @Test
+ public void testSetIniString() {
+ String config =
+ "[users]\n" +
+ "foo = bar";
+
+ env = new IniEnvironment();
+ env.setIniConfig(config);
+ env.init();
+
+ authenticate();
+ }
+
+ @Test
+ public void testSetIniResourcePath() {
+ env = new IniEnvironment();
+ env.setIniResourcePath("classpath:minimal.shiro.ini");
+ env.init();
+
+ authenticate("system", "manager");
+ }
+
+ @Test
+ public void testDefaultClasspathIni() {
+ env = new IniEnvironment();
+ env.init();
+
+ authenticate("system", "manager");
+ }
+
+ @Test(expected = ConfigurationException.class)
+ public void testNoDefaultClasspathIni() {
+ env = new IniEnvironment() {
+ @Override
+ protected void apply(Ini ini) {
+ super.apply(ini);
+ //clear out the objects to simulate as if the ini file wasn't found:
+ this.objects.clear();
+ }
+ };
+ env.init();
+ authenticate("system", "manager");
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/session/mgt/DisabledSessionManagerTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/session/mgt/DisabledSessionManagerTest.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/session/mgt/DisabledSessionManagerTest.java
new file mode 100644
index 0000000..df02ee0
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/session/mgt/DisabledSessionManagerTest.java
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.session.mgt;
+
+import org.apache.shiro.session.mgt.DefaultSessionKey;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class DisabledSessionManagerTest {
+
+ private DisabledSessionManager mgr;
+
+ @Before
+ public void setUp() {
+ this.mgr = new DisabledSessionManager();
+ }
+
+ @Test(expected = UnsupportedOperationException.class)
+ public void testStart() {
+ mgr.start(null);
+ }
+
+ @Test
+ public void testGetSession() {
+ assertNull(mgr.getSession(null));
+ assertNull(mgr.getSession(new DefaultSessionKey("foo")));
+ }
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/ConnectionSubjectResolverTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/ConnectionSubjectResolverTest.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/ConnectionSubjectResolverTest.java
new file mode 100644
index 0000000..1404b71
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/ConnectionSubjectResolverTest.java
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ConnectionInfo;
+import org.apache.activemq.security.SecurityContext;
+import org.apache.shiro.env.DefaultEnvironment;
+import org.apache.shiro.subject.Subject;
+import org.junit.Test;
+
+import java.security.Principal;
+import java.util.Set;
+
+/**
+ * @since 5.10.0
+ */
+public class ConnectionSubjectResolverTest {
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testNullConstructorArg() {
+ new ConnectionSubjectResolver((ConnectionContext)null);
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testNullSecurityContext() {
+ SubjectConnectionReference reference =
+ new SubjectConnectionReference(new ConnectionContext(), new \
ConnectionInfo(), + new DefaultEnvironment(), new \
SubjectAdapter()); +
+ new ConnectionSubjectResolver(reference);
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testNonSubjectSecurityContext() {
+ SubjectConnectionReference reference =
+ new SubjectConnectionReference(new ConnectionContext(), new \
ConnectionInfo(), + new DefaultEnvironment(), new \
SubjectAdapter()); + reference.getConnectionContext().setSecurityContext(new \
SecurityContext("") { + @Override
+ public Set<Principal> getPrincipals() {
+ return null;
+ }
+ });
+
+ new ConnectionSubjectResolver(reference);
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testNullSubject() {
+
+ SubjectConnectionReference reference =
+ new SubjectConnectionReference(new ConnectionContext(), new \
ConnectionInfo(), + new DefaultEnvironment(), new \
SubjectAdapter()); + reference.getConnectionContext().setSecurityContext(new \
SubjectSecurityContext(reference) { + @Override
+ public Subject getSubject() {
+ return null;
+ }
+ });
+
+ ConnectionSubjectResolver resolver = new \
ConnectionSubjectResolver(reference); + resolver.getSubject();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/DefaultConnectionSubjectFactoryTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/DefaultConnectionSubjectFactoryTest.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/DefaultConnectionSubjectFactoryTest.java
new file mode 100644
index 0000000..1774f50
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/DefaultConnectionSubjectFactoryTest.java
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.shiro.ConnectionReference;
+import org.apache.activemq.shiro.authc.AuthenticationPolicy;
+import org.apache.shiro.subject.Subject;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class DefaultConnectionSubjectFactoryTest {
+
+ private DefaultConnectionSubjectFactory factory;
+
+ @Before
+ public void setUp() {
+ this.factory = new DefaultConnectionSubjectFactory();
+ }
+
+ @Test
+ public void testSetAuthenticationPolicy() {
+ AuthenticationPolicy policy = new AuthenticationPolicy() {
+ @Override
+ public void customizeSubject(Subject.Builder subjectBuilder, \
ConnectionReference ref) { + //To change body of implemented methods \
use File | Settings | File Templates. + }
+
+ @Override
+ public boolean isAuthenticationRequired(SubjectConnectionReference ref) \
{ + return false; //To change body of implemented methods use File | \
Settings | File Templates. + }
+ };
+ factory.setAuthenticationPolicy(policy);
+ assertSame(policy, factory.getAuthenticationPolicy());
+ }
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectAdapter.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectAdapter.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectAdapter.java \
new file mode 100644 index 0000000..58f25e5
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectAdapter.java
@@ -0,0 +1,185 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authz.AuthorizationException;
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.ExecutionException;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.subject.Subject;
+
+import java.util.Collection;
+import java.util.List;
+import java.util.concurrent.Callable;
+
+/**
+ * @since 5.10.0
+ */
+public class SubjectAdapter implements Subject {
+
+ @Override
+ public Object getPrincipal() {
+ return null;
+ }
+
+ @Override
+ public PrincipalCollection getPrincipals() {
+ return null;
+ }
+
+ @Override
+ public boolean isPermitted(String permission) {
+ return false;
+ }
+
+ @Override
+ public boolean isPermitted(Permission permission) {
+ return false;
+ }
+
+ @Override
+ public boolean[] isPermitted(String... permissions) {
+ return new boolean[0];
+ }
+
+ @Override
+ public boolean[] isPermitted(List<Permission> permissions) {
+ return new boolean[0];
+ }
+
+ @Override
+ public boolean isPermittedAll(String... permissions) {
+ return false;
+ }
+
+ @Override
+ public boolean isPermittedAll(Collection<Permission> permissions) {
+ return false;
+ }
+
+ @Override
+ public void checkPermission(String permission) throws AuthorizationException {
+ }
+
+ @Override
+ public void checkPermission(Permission permission) throws AuthorizationException \
{ + }
+
+ @Override
+ public void checkPermissions(String... permissions) throws \
AuthorizationException { + }
+
+ @Override
+ public void checkPermissions(Collection<Permission> permissions) throws \
AuthorizationException { + }
+
+ @Override
+ public boolean hasRole(String roleIdentifier) {
+ return false;
+ }
+
+ @Override
+ public boolean[] hasRoles(List<String> roleIdentifiers) {
+ return new boolean[0]; //To change body of implemented methods use File | \
Settings | File Templates. + }
+
+ @Override
+ public boolean hasAllRoles(Collection<String> roleIdentifiers) {
+ return false;
+ }
+
+ @Override
+ public void checkRole(String roleIdentifier) throws AuthorizationException {
+ }
+
+ @Override
+ public void checkRoles(Collection<String> roleIdentifiers) throws \
AuthorizationException { + }
+
+ @Override
+ public void checkRoles(String... roleIdentifiers) throws AuthorizationException \
{ + }
+
+ @Override
+ public void login(AuthenticationToken token) throws AuthenticationException {
+ }
+
+ @Override
+ public boolean isAuthenticated() {
+ return false;
+ }
+
+ @Override
+ public boolean isRemembered() {
+ return false;
+ }
+
+ @Override
+ public Session getSession() {
+ return null;
+ }
+
+ @Override
+ public Session getSession(boolean create) {
+ return null;
+ }
+
+ @Override
+ public void logout() {
+ }
+
+ @Override
+ public <V> V execute(Callable<V> callable) throws ExecutionException {
+ return null;
+ }
+
+ @Override
+ public void execute(Runnable runnable) {
+ }
+
+ @Override
+ public <V> Callable<V> associateWith(Callable<V> callable) {
+ return null;
+ }
+
+ @Override
+ public Runnable associateWith(Runnable runnable) {
+ return runnable;
+ }
+
+ @Override
+ public void runAs(PrincipalCollection principals) throws NullPointerException, \
IllegalStateException { + }
+
+ @Override
+ public boolean isRunAs() {
+ return false;
+ }
+
+ @Override
+ public PrincipalCollection getPreviousPrincipals() {
+ return null;
+ }
+
+ @Override
+ public PrincipalCollection releaseRunAs() {
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectConnectionReferenceTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectConnectionReferenceTest.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectConnectionReferenceTest.java
new file mode 100644
index 0000000..82b187b
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectConnectionReferenceTest.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ConnectionInfo;
+import org.apache.shiro.env.DefaultEnvironment;
+import org.junit.Test;
+
+/**
+ * @since 5.10.0
+ */
+public class SubjectConnectionReferenceTest {
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testNullSubject() {
+ new SubjectConnectionReference(new ConnectionContext(), new \
ConnectionInfo(), new DefaultEnvironment(), null); + }
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectFilterTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectFilterTest.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectFilterTest.java
new file mode 100644
index 0000000..e2cbec7
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectFilterTest.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.security.SecurityContext;
+import org.apache.activemq.shiro.SecurityContextFactory;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+/**
+ * @since 5.10.0
+ */
+public class SubjectFilterTest {
+
+ private SubjectFilter filter;
+
+ @Before
+ public void setUp() {
+ filter = new SubjectFilter();
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void setNullSubjectConnectionFactory() {
+ filter.setConnectionSubjectFactory(null);
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void setNullSecurityContextFactory() {
+ filter.setSecurityContextFactory(null);
+ }
+
+ @Test
+ public void testSetSecurityContextFactory() {
+ SecurityContextFactory factory = new SecurityContextFactory() {
+ @Override
+ public SecurityContext createSecurityContext(SubjectConnectionReference \
ref) { + return null;
+ }
+ };
+ filter.setSecurityContextFactory(factory);
+ assertSame(factory, filter.getSecurityContextFactory());
+ }
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java \
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java
new file mode 100644
index 0000000..49d70ed
--- /dev/null
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.shiro.subject;
+
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ConnectionInfo;
+import org.apache.shiro.env.DefaultEnvironment;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * @since 5.10.0
+ */
+public class SubjectSecurityContextTest {
+
+ SubjectSecurityContext ctx;
+
+ @Before
+ public void setUp() {
+ SubjectConnectionReference conn = new SubjectConnectionReference(new \
ConnectionContext(), new ConnectionInfo(), + new DefaultEnvironment(), \
new SubjectAdapter()); + ctx = new SubjectSecurityContext(conn);
+ }
+
+ @Test(expected=UnsupportedOperationException.class)
+ public void testInOneOf() {
+ ctx.isInOneOf(null);
+ }
+
+ @Test(expected=UnsupportedOperationException.class)
+ public void testGetAuthorizedReadDests() {
+ ctx.getAuthorizedReadDests();
+ }
+
+ @Test(expected=UnsupportedOperationException.class)
+ public void testGetAuthorizedWriteDests() {
+ ctx.getAuthorizedWriteDests();
+ }
+
+ @Test(expected=UnsupportedOperationException.class)
+ public void testGetPrincipals() {
+ ctx.getPrincipals();
+ }
+}
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/resources/empty.shiro.ini
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/resources/empty.shiro.ini \
b/activemq-shiro/src/test/resources/empty.shiro.ini new file mode 100644
index 0000000..abe7ae5
--- /dev/null
+++ b/activemq-shiro/src/test/resources/empty.shiro.ini
@@ -0,0 +1,20 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# This empty file will cause an error at Shiro startup (as expected). Used for \
testing purposes only. \ No newline at end of file
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/resources/minimal.shiro.ini
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/resources/minimal.shiro.ini \
b/activemq-shiro/src/test/resources/minimal.shiro.ini new file mode 100644
index 0000000..0ccfc86
--- /dev/null
+++ b/activemq-shiro/src/test/resources/minimal.shiro.ini
@@ -0,0 +1,63 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+[main]
+
+# Shiro object graph configuration here if desired/necessary
+
+[users]
+
+# users section format:
+#
+# username = password [, assignedRole1, assignedRole2, ..., assignedRoleN]
+#
+# for example:
+#
+# scott = tiger, users, administrators, advisory
+#
+# Roles and permissions assigned to roles are defined in the [roles] section
+# below. By transitive association, any user assigned a role is granted the
+# role's permissions.
+
+# ActiveMQ System User
+# needed for in-VM/local connections when authentication is enabled:
+system = manager, system
+
+[roles]
+
+# roles section format:
+#
+# roleName = wildcardPermission1, wildcardPermission2, ..., wildcardPermissionN
+
+# The 'system' role is assigned all permissions (*). Be careful when assigning
+# this to actual users other than then system user!
+system = *
+
+# Full access rights should generally be given to the ActiveMQ.Advisory.*
+# destinations because by default an ActiveMQConnection uses advisory topics to
+# get early knowledge of temp destination creation and deletion. For more info:
+#
+# http://activemq.apache.org/security.html
+#
+# So we create an 'advisory' role here with a wildcard/catch-all permissions
+# for all advisory topics. To make your life easy, ensure you assign this to
+# any/all users, e.g.
+#
+# jsmith = password, advisory, ...
+
+advisory = topic:ActiveMQ.Advisory*
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/resources/nosystem.shiro.ini
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/resources/nosystem.shiro.ini \
b/activemq-shiro/src/test/resources/nosystem.shiro.ini new file mode 100644
index 0000000..6409c7f
--- /dev/null
+++ b/activemq-shiro/src/test/resources/nosystem.shiro.ini
@@ -0,0 +1,38 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+[main]
+
+# THIS IS USED FOR TESTING PURPOSES ONLY. DO NOT BASE YOUR CONFIGURATION OFF OF \
THIS FILE. +
+# Shiro object graph configuration here if desired/necessary
+
+[users]
+# username is purposefully different than the system username:
+foo = bar, foo, advisory
+
+[roles]
+# Full access rights should generally be given to the ActiveMQ.Advisory.* \
destinations because by default an +# ActiveMQConnection uses advisory topics to get \
early knowledge of temp destination creation and deletion. +# See \
http://activemq.apache.org/security.html for more. +#
+# So we create an 'advisory' role here with a wildcard/catch-all permissions for all \
advisory topics: +advisory = topic:ActiveMQ.Advisory*
+
+# test specific roles/perms:
+foo = queue:QUEUE.org.apache.activemq.shiro.ShiroPluginTest.testRuntimeDisableEnableChanges:*
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/resources/org/apache/activemq/shiro/embedded-ini-config.xml
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/resources/org/apache/activemq/shiro/embedded-ini-config.xml \
b/activemq-shiro/src/test/resources/org/apache/activemq/shiro/embedded-ini-config.xml \
new file mode 100644 index 0000000..dfe8e68
--- /dev/null
+++ b/activemq-shiro/src/test/resources/org/apache/activemq/shiro/embedded-ini-config.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- this file can only be parsed using the xbean-spring library -->
+<!-- START SNIPPET: example -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:amq="http://activemq.apache.org/schema/core"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans \
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd + \
http://activemq.apache.org/schema/core \
http://activemq.apache.org/schema/core/activemq-core.xsd"> +
+ <broker xmlns="http://activemq.apache.org/schema/core"
+ useJmx="false" persistent="false" populateJMSXUserID="true">
+
+ <destinations>
+ <queue physicalName="TEST.Q"/>
+ </destinations>
+
+ <transportConnectors>
+ <transportConnector name="default" uri="tcp://0.0.0.0:61616"/>
+ </transportConnectors>
+
+ <plugins>
+ <bean id="shiroPlugin"
+ class="org.apache.activemq.shiro.ShiroPlugin"
+ xmlns="http://www.springframework.org/schema/beans">
+ <property name="iniConfig">
+ <value>
+ [main]
+
+ # Shiro object graph configuration here if desired/necessary
+
+ [users]
+
+ # users section format:
+ #
+ # username = password [, assignedRole1, assignedRole2, ..., \
assignedRoleN] + #
+ # for example:
+ #
+ # scott = tiger, users, administrators, advisory
+ #
+ # Roles and permissions assigned to roles are defined in the \
[roles] section + # below. By transitive association, any user \
assigned a role is granted the + # role's permissions.
+
+ # ActiveMQ System User
+ # needed for in-VM/local connections when authentication is \
enabled: + system = manager, system
+
+ [roles]
+
+ # roles section format:
+ #
+ # roleName = wildcardPermission1, wildcardPermission2, ..., \
wildcardPermissionN +
+ # The 'system' role is assigned all permissions (*). Be \
careful when assigning + # this to actual users other than \
then system user: + system = *
+
+ # Full access rights should generally be given to the \
ActiveMQ.Advisory.* + # destinations because by default an \
ActiveMQConnection uses advisory topics to + # get early \
knowledge of temp destination creation and deletion. For more info: + \
# + # http://activemq.apache.org/security.html
+ #
+ # So we create an 'advisory' role here with a \
wildcard/catch-all permissions + # for all advisory topics. To \
make your life easy, ensure you assign this to + # any/all \
users, e.g. + #
+ # jsmith = password, advisory, ...
+
+ advisory = topic:ActiveMQ.Advisory*
+ </value>
+ </property>
+ </bean>
+ </plugins>
+ </broker>
+
+</beans>
http://git-wip-us.apache.org/repos/asf/activemq/blob/f9451e56/activemq-shiro/src/test/resources/org/apache/activemq/shiro/external-ini-config.xml
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/resources/org/apache/activemq/shiro/external-ini-config.xml \
b/activemq-shiro/src/test/resources/org/apache/activemq/shiro/external-ini-config.xml \
new file mode 100644 index 0000000..b4102d6
--- /dev/null
+++ b/activemq-shiro/src/test/resources/org/apache/activemq/shiro/external-ini-config.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- this file can only be parsed using the xbean-spring library -->
+<!-- START SNIPPET: example -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:amq="http://activemq.apache.org/schema/core"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans \
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd + \
http://activemq.apache.org/schema/core \
http://activemq.apache.org/schema/core/activemq-core.xsd"> +
+ <broker xmlns="http://activemq.apache.org/schema/core"
+ useJmx="false" persistent="false" populateJMSXUserID="true">
+
+ <destinations>
+ <queue physicalName="TEST.Q"/>
+ </destinations>
+
+ <transportConnectors>
+ <transportConnector name="default" uri="tcp://0.0.0.0:61616"/>
+ </transportConnectors>
+
+ <plugins>
+ <bean id="shiroPlugin" class="org.apache.activemq.shiro.ShiroPlugin"
+ xmlns="http://www.springframework.org/schema/beans">
+
+ <!-- Reference Shiro's ini config from an external path, e.g. \
classpath: --> + <property name="iniResourcePath" \
value="classpath:org/apache/activemq/shiro/external-ini-config.xml"/> +
+ <!-- or it could be in another location, such as a URL or file:
+ <property name="iniResourcePath" \
value="url:http://config.somehost.com/mybroker/shiro.ini"/> + \
<property name="iniResourcePath" value="file:/usr/local/somewhere/shiro.ini"/> --> + \
</bean> + </plugins>
+ </broker>
+
+</beans>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic