SecurityTest.java :  » JBoss » jboss-messaging-1.4.0 » org » jboss » test » messaging » jms » Java Open Source

Java Open Source » JBoss » jboss messaging 1.4.0 
jboss messaging 1.4.0 » org » jboss » test » messaging » jms » SecurityTest.java
/*
  * JBoss, Home of Professional Open Source
  * Copyright 2005, JBoss Inc., and individual contributors as indicated
  * by the @authors tag. See the copyright.txt in the distribution for a
  * full listing of individual contributors.
  *
  * This is free software; you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as
  * published by the Free Software Foundation; either version 2.1 of
  * the License, or (at your option) any later version.
  *
  * This software is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this software; if not, write to the Free
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
package org.jboss.test.messaging.jms;

import javax.jms.Connection;
import javax.jms.Destination;
import javax.jms.IllegalStateException;
import javax.jms.JMSSecurityException;
import javax.jms.Message;
import javax.jms.MessageConsumer;
import javax.jms.MessageProducer;
import javax.jms.Queue;
import javax.jms.Session;
import javax.jms.Topic;
import javax.jms.XAConnection;
import javax.jms.XAConnectionFactory;
import javax.jms.XASession;
import javax.management.ObjectName;
import javax.transaction.xa.XAResource;

import org.jboss.jms.exception.MessagingXAException;
import org.jboss.jms.tx.MessagingXid;
import org.jboss.logging.Logger;
import org.jboss.messaging.util.XMLUtil;
import org.jboss.test.messaging.tools.ServerManagement;

/**
 * Test JMS Security.
 * 
 * This test must be run with the Test security config. on the server
 * 
 * @author <a href="mailto:tim.fox@jboss.com">Tim Fox</a>
 * @author <a href="mailto:ovidiu@feodorov.com">Ovidiu Feodorov</a>
 * 
 * Much of the basic idea of the tests come from SecurityUnitTestCase.java in JBossMQ by:
 * @author <a href="pra@tim.se">Peter Antman</a>
 * 
 *
 * @version <tt>$Revision: 3339 $</tt>
 *
 */
public class SecurityTest extends JMSTestCase
{
   // Constants -----------------------------------------------------

   private static final Logger log = Logger.getLogger(SecurityTest.class);
   
   private static final String defConfig = "<security><role name=\"def\" read=\"true\" write=\"true\" create=\"true\"/></security>";

   // Static --------------------------------------------------------

   // Attributes ----------------------------------------------------

   private String oldDefaultConfig;
   
   // Constructors --------------------------------------------------

   public SecurityTest(String name)
   {
      super(name);
   }

   // Public --------------------------------------------------------

   /**
    * Login with no user, no password
    * Should allow login (equivalent to guest)
    */
   public void testLoginNoUserNoPassword() throws Exception
   {

      Connection conn1 = null;
      Connection conn2 = null;
      try
      {
         conn1 = cf.createConnection();
         conn2 = cf.createConnection(null, null);
      }
      finally
      {
         if (conn1 != null) conn1.close();
         if (conn2 != null) conn2.close();
      }
   }

   /**
    * Login with valid user and password
    * Should allow
    */
   public void testLoginValidUserAndPassword() throws Exception
   {
      Connection conn1 = null;
      try
      {
         conn1 = cf.createConnection("john", "needle");
      }
      finally
      {
         if (conn1 != null) conn1.close();
      }
   }

   /**
    * Login with valid user and invalid password
    * Should allow
    */
   public void testLoginValidUserInvalidPassword() throws Exception
   {
      Connection conn1 = null;
      try
      {
         conn1 = cf.createConnection("john", "blobby");
         fail();
      }
      catch (JMSSecurityException e)
      {
         //Expected
      }
      finally
      {
         if (conn1 != null) conn1.close();
      }
   }

   /**
    * Login with invalid user and invalid password
    * Should allow
    */
   public void testLoginInvalidUserInvalidPassword() throws Exception
   {
      Connection conn1 = null;
      try
      {
         conn1 = cf.createConnection("osama", "blah");
         fail();
      }
      catch (JMSSecurityException e)
      {
         //Expected
      }
      finally
      {
         if (conn1 != null) conn1.close();
      }
   }

   /* Now some client id tests */

   /**
    * user/pwd with preconfigured clientID, should return preconf
    */
    public void testPreConfClientID() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("john", "needle");
         String clientID = conn.getClientID();
         assertEquals("Invalid ClientID", "DurableSubscriberExample", clientID);
      }
      finally
      {
         if (conn != null)
            conn.close();
      }
   }

   /**
    * Try setting client ID
    */
   public void testSetClientID() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection();
         conn.setClientID("myID");
         String clientID = conn.getClientID();
         assertEquals("Invalid ClientID", "myID", clientID);
      }
      finally
      {
         if (conn != null) conn.close();
      }
   }

   /**
    * Try setting client ID on preconfigured connection - should throw exception
    */
   public void testSetClientIDPreConf() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("john", "needle");
         conn.setClientID("myID");
         fail();
      }
      catch (IllegalStateException e)
      {
         // Expected
      }
      finally
      {
         if (conn != null)
            conn.close();
      }
   }

   /*
    * Try setting client ID after an operation has been performed on the connection
    */
   public void testSetClientIDAfterOp() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection();
         conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
         conn.setClientID("myID");
         fail();
      }
      catch (IllegalStateException e)
      {
         //Expected
      }
      finally
      {
         if (conn != null) conn.close();
      }
   }

   //
   // Authorization tests
   //

   public void testAnonymousConnection() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection();
         assertTrue(canWriteDestination(conn, queue1));
      }
      finally
      {
         if (conn != null)
         {
            conn.close();
         }
      }
   }

   public void testValidTopicPublisher() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("john", "needle");
         assertTrue(canWriteDestination(conn, topic1));
      }
      finally
      {
         if (conn != null)
         {
            conn.close();
         }
      }
   }

   public void testInvalidTopicPublisher() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("nobody", "nobody");
         assertFalse(canWriteDestination(conn, topic1));
      }
      finally
      {
         if (conn != null)
         {
            conn.close();
         }
      }
   }

   public void testValidTopicSubscriber() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("john", "needle");
         assertTrue(canReadDestination(conn, topic1));
      }
      finally
      {
         if (conn != null)
         {
            conn.close();
         }
      }
   }

   public void testInvalidTopicSubscriber() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("nobody", "nobody");
         assertFalse(canReadDestination(conn, topic1));
      }
      finally
      {
         if (conn != null) conn.close();
      }
   }

   public void testValidQueueBrowser() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("john", "needle");
         Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
         sess.createBrowser(queue1);
      }
      finally
      {
         if (conn != null) conn.close();
      }
   }

   public void testInvalidQueueBrowser() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("nobody", "nobody");
         Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
         sess.createBrowser(queue1);
         fail("should throw JMSSecurityException");
      }
      catch (JMSSecurityException e)
      {
         //Expected
      }
      finally
      {
         if (conn != null) conn.close();
      }
   }

   public void testValidQueueSender() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("john", "needle");
         assertTrue(this.canWriteDestination(conn, queue1));
      }
      finally
      {
         if (conn != null) conn.close();
      }
   }

   public void testInvalidQueueSender() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("nobody", "nobody");
         assertFalse(this.canWriteDestination(conn, queue1));
      }
      finally
      {
         if (conn != null) conn.close();
      }
   }

   public void testValidQueueReceiver() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("john", "needle");
         assertTrue(this.canReadDestination(conn, queue1));
      }
      finally
      {
         if (conn != null) conn.close();
      }
   }

   public void testInvalidQueueReceiver() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("nobody", "nobody");
         assertFalse(this.canReadDestination(conn, queue1));
      }
      finally
      {
         if (conn != null) conn.close();
      }
   }

   /**
    * Test valid durable subscription creation for connection preconfigured with client id
    */
   public void testValidDurableSubscriptionCreationPreConf() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("john", "needle");
         assertTrue(this.canCreateDurableSub(conn, topic1, "sub2"));
      }
      finally
      {
         if (conn != null)
            conn.close();
      }
   }

   /*
    * Test invalid durable subscription creation for connection preconfigured with client id
    */

   public void testInvalidDurableSubscriptionCreationPreConf() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("john", "needle");
         assertFalse(this.canCreateDurableSub(conn, topic2, "sub3"));
      }
      finally
      {
         if (conn != null)
            conn.close();
      }
   }

   /*
    * Test valid durable subscription creation for connection not preconfigured with client id
    */
   public void testValidDurableSubscriptionCreationNotPreConf() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("dynsub", "dynsub");
         conn.setClientID("myID");
         assertTrue(this.canCreateDurableSub(conn, topic1, "sub4"));
      }
      finally
      {
         if (conn != null) conn.close();
      }
   }

   /*
    * Test invalid durable subscription creation for connection not preconfigured with client id
    */
   public void testInvalidDurableSubscriptionCreationNotPreConf() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("dynsub", "dynsub");
         conn.setClientID("myID2");
         assertFalse(this.canCreateDurableSub(conn, topic2, "sub5"));
      }
      finally
      {
         if (conn != null) conn.close();
      }
   }

   public void testDefaultSecurityValid() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("dilbert", "dogbert");
         conn.setClientID("myID5");
         assertTrue(this.canReadDestination(conn, topic3));
         assertTrue(this.canWriteDestination(conn, topic3));
         assertTrue(this.canCreateDurableSub(conn, topic3, "subxyz"));
      }
      finally
      {
         if (conn != null) conn.close();
      }
   }

   public void testDefaultSecurityInvalid() throws Exception
   {
      Connection conn = null;
      try
      {
         conn = cf.createConnection("nobody", "nobody");
         conn.setClientID("myID6");
         assertFalse(this.canReadDestination(conn, topic3));
         assertFalse(this.canWriteDestination(conn, topic3));
         assertFalse(this.canCreateDurableSub(conn, topic3, "subabc"));
      }
      finally
      {
         if (conn != null) conn.close();
      }
   }

   /**
    * This test makes sure that changing the default security configuration on the server has effect
    * over already deployed destinations.
    */
   public void testDefaultSecurityUpdate() throws Exception
   {
      String defSecConf = ServerManagement.getDefaultSecurityConfig();

      // Make sure it is the default security configuration I rely on
     
      XMLUtil.assertEquivalent(XMLUtil.stringToElement(defConfig),
                               XMLUtil.stringToElement(defSecConf));

      // "john" has the role def, so he should be able to create a producer and a consumer on a queue
      Connection conn = null;

      try
      {
         conn = cf.createConnection("john", "needle");
         assertTrue(canReadDestination(conn, queue2));
         assertTrue(canWriteDestination(conn, queue2));

         String newSecurityConfig =
            "<security><role name=\"someotherrole\" read=\"true\" write=\"true\" create=\"false\"/></security>";

         ServerManagement.setDefaultSecurityConfig(newSecurityConfig);

         assertFalse(canReadDestination(conn, queue2));
         // we should only look non transacted, as looking on connection would require the test
         // to wait 15s (eviction timeout)
         assertFalse(canWriteDestination(conn, queue2, false));

         newSecurityConfig =
            "<security><role name=\"def\" read=\"true\" write=\"false\" create=\"false\"/></security>";

         ServerManagement.setDefaultSecurityConfig(newSecurityConfig);

         assertTrue(canReadDestination(conn, queue2));
         // to avoid cache evict timeout
         assertFalse(canWriteDestination(conn, queue2, false));
      }
      finally
      {
         if (conn != null)
         {
            conn.close();
         }
      }
   }
   
   /**
    * This test makes sure that changing the queue security configuration on the server has effect
    * over destinations when they are stopped (this is what happens in a real deployment - the security config
    * gets set before the queue/topic is started
    * See http://jira.jboss.com/jira/browse/JBMESSAGING-976
    */
   public void testQueueSecurityUpdateStopped() throws Exception
   {
      // "john" has the role def, so he should be able to create a producer and a consumer on a queue

      ObjectName on = new ObjectName("jboss.messaging.destination:service=Queue,name=Queue2");
      
      Connection conn = null;

      try
      {
         conn = cf.createConnection("john", "needle");
         assertTrue(canReadDestination(conn, queue2));
         assertTrue(canWriteDestination(conn, queue2));

         String newSecurityConfig =
            "<security><role name=\"someotherrole\" read=\"true\" write=\"true\" create=\"false\"/></security>";

         ServerManagement.invoke(on, "stop", null, null);         
         ServerManagement.configureSecurityForDestination("Queue2", newSecurityConfig);         
         ServerManagement.invoke(on, "start", null, null);
         
         assertFalse(canReadDestination(conn, queue2));
         // non transacted to avoid evict timeout
         assertFalse(canWriteDestination(conn, queue2, false));


         newSecurityConfig =
            "<security><role name=\"def\" read=\"true\" write=\"false\" create=\"false\"/></security>";

         ServerManagement.invoke(on, "stop", null, null);         
         ServerManagement.configureSecurityForDestination("Queue2", newSecurityConfig);         
         ServerManagement.invoke(on, "start", null, null);

         assertTrue(canReadDestination(conn, queue2));
         assertFalse(canWriteDestination(conn, queue2, false));

         newSecurityConfig =
            "<security><role name=\"def\" read=\"true\" write=\"true\" create=\"false\"/></security>";

         ServerManagement.invoke(on, "stop", null, null);         
         ServerManagement.configureSecurityForDestination("Queue2", newSecurityConfig);         
         ServerManagement.invoke(on, "start", null, null);

         assertTrue(canReadDestination(conn, queue2));
         assertTrue(canWriteDestination(conn, queue2, false));
      }
      finally
      {                 
         if (conn != null)
         {
            conn.close();
         }
      }
   }
   
   /**
    * This test makes sure that changing the topic security configuration on the server has effect
    * over destinations when they are stopped (this is what happens in a real deployment - the security config
    * gets set before the queue/topic is started
    * See http://jira.jboss.com/jira/browse/JBMESSAGING-976
    */
   public void testTopicSecurityUpdateStopped() throws Exception
   {
      // "john" has the role def, so he should be able to create a producer and a consumer on a queue

      ObjectName on = new ObjectName("jboss.messaging.destination:service=Topic,name=Topic2");
      
      Connection conn = null;

      try
      {
         conn = cf.createConnection("john", "needle");
         assertTrue(canReadDestination(conn, topic2));
         assertTrue(canWriteDestination(conn, topic2));


         String newSecurityConfig =
            "<security><role name=\"someotherrole\" read=\"true\" write=\"true\" create=\"false\"/></security>";

         ServerManagement.invoke(on, "stop", null, null);         
         ServerManagement.configureSecurityForDestination("Topic2", newSecurityConfig);         
         ServerManagement.invoke(on, "start", null, null);
         
         assertFalse(canReadDestination(conn, topic2));
         assertFalse(canWriteDestination(conn, topic2, false));


         newSecurityConfig =
            "<security><role name=\"def\" read=\"true\" write=\"false\" create=\"false\"/></security>";

         ServerManagement.invoke(on, "stop", null, null);         
         ServerManagement.configureSecurityForDestination("Topic2", newSecurityConfig);         
         ServerManagement.invoke(on, "start", null, null);

         assertTrue(canReadDestination(conn, topic2));
         assertFalse(canWriteDestination(conn, topic2, false));

         newSecurityConfig =
            "<security><role name=\"def\" read=\"true\" write=\"true\" create=\"false\"/></security>";

         ServerManagement.invoke(on, "stop", null, null);         
         ServerManagement.configureSecurityForDestination("Topic2", newSecurityConfig);         
         ServerManagement.invoke(on, "start", null, null);

         assertTrue(canReadDestination(conn, topic2));
         assertTrue(canWriteDestination(conn, topic2, false));
      }
      finally
      {        
         if (conn != null)
         {
            conn.close();
         }
      }
   }
   
   /**
    * This test makes sure that changing the queue security configuration on the server has effect
    * over already deployed destinations.
    */
   public void testQueueSecurityUpdate() throws Exception
   {
      // "john" has the role def, so he should be able to create a producer and a consumer on a queue
      Connection conn = null;

      try
      {
         conn = cf.createConnection("john", "needle");
         assertTrue(canReadDestination(conn, queue2));
         assertTrue(canWriteDestination(conn, queue2));

         String newSecurityConfig =
            "<security><role name=\"someotherrole\" read=\"true\" write=\"true\" create=\"false\"/></security>";

         ServerManagement.configureSecurityForDestination("Queue2", newSecurityConfig);
         
         assertFalse(canReadDestination(conn, queue2));
         assertFalse(canWriteDestination(conn, queue2, false));


         newSecurityConfig =
            "<security><role name=\"def\" read=\"true\" write=\"false\" create=\"false\"/></security>";

         ServerManagement.configureSecurityForDestination("Queue2", newSecurityConfig);

         assertTrue(canReadDestination(conn, queue2));
         assertFalse(canWriteDestination(conn, queue2, false));

         newSecurityConfig =
            "<security><role name=\"def\" read=\"true\" write=\"true\" create=\"false\"/></security>";

         ServerManagement.configureSecurityForDestination("Queue2", newSecurityConfig);

         assertTrue(canReadDestination(conn, queue2));
         assertTrue(canWriteDestination(conn, queue2, false));
         
         //Now set to null
         
         ServerManagement.configureSecurityForDestination("Queue2", null);
         
         //Should fall back to the default config
         String lockedConf = "<security><role name=\"alien\" read=\"true\" write=\"true\" create=\"true\"/></security>";
         
         ServerManagement.setDefaultSecurityConfig(lockedConf);
         
         assertFalse(canReadDestination(conn, queue2));
         assertFalse(canWriteDestination(conn, queue2, false));
         
         ServerManagement.setDefaultSecurityConfig(defConfig);
         
         assertTrue(canReadDestination(conn, queue2));
         assertTrue(canWriteDestination(conn, queue2, false));
      }
      finally
      {         
         if (conn != null)
         {
            conn.close();
         }
      }
   }
   
   /**
    * This test makes sure that changing the topic security configuration on the server has effect
    * over already deployed destinations.
    */
   public void testTopicSecurityUpdate() throws Exception
   {
      // "john" has the role def, so he should be able to create a producer and a consumer on a queue
      Connection conn = null;

      try
      {
         conn = cf.createConnection("john", "needle");
         assertTrue(canReadDestination(conn, topic2));
         assertTrue(canWriteDestination(conn, topic2));


         String newSecurityConfig =
            "<security><role name=\"someotherrole\" read=\"true\" write=\"true\" create=\"false\"/></security>";

         ServerManagement.configureSecurityForDestination("Topic2", newSecurityConfig);
         
         assertFalse(canReadDestination(conn, topic2));
         assertFalse(canWriteDestination(conn, topic2, false));


         newSecurityConfig =
            "<security><role name=\"def\" read=\"true\" write=\"false\" create=\"false\"/></security>";

         ServerManagement.configureSecurityForDestination("Topic2", newSecurityConfig);

         assertTrue(canReadDestination(conn, topic2));
         assertFalse(canWriteDestination(conn, topic2, false));

         newSecurityConfig =
            "<security><role name=\"def\" read=\"true\" write=\"true\" create=\"false\"/></security>";

         ServerManagement.configureSecurityForDestination("Topic2", newSecurityConfig);

         assertTrue(canReadDestination(conn, topic2));
         assertTrue(canWriteDestination(conn, topic2, false));
         
         //Now set to null
         
         ServerManagement.configureSecurityForDestination("Topic2", null);
         
         //Should fall back to the default config
         String lockedConf = "<security><role name=\"alien\" read=\"true\" write=\"true\" create=\"true\"/></security>";
         
         ServerManagement.setDefaultSecurityConfig(lockedConf);
         
         assertFalse(canReadDestination(conn, topic2));
         assertFalse(canWriteDestination(conn, topic2, false));
         
         ServerManagement.setDefaultSecurityConfig(defConfig);
         
         assertTrue(canReadDestination(conn, topic2));
         assertTrue(canWriteDestination(conn, topic2, false));
      }
      finally
      {
         if (conn != null)
         {
            conn.close();
         }
      }
   }

   public void testSecurityForQueuesAndTopicsWithTheSameName() throws Exception
   {
      ServerManagement.deployQueue("Accounting");
      ServerManagement.deployTopic("Accounting");

      Connection conn = null;

      try
      {
         // configure the queue to allow "def" to read
         String config = "<security><role name=\"def\" read=\"true\" write=\"false\" create=\"false\"/></security>";
         ObjectName on = new ObjectName("jboss.messaging.destination:service=Queue,name=Accounting");
         ServerManagement.setAttribute(on, "SecurityConfig", config);

         // configure the topic to prevent "def" from reading
         config = "<security><role name=\"def\" read=\"false\" write=\"false\" create=\"false\"/></security>";
         on = new ObjectName("jboss.messaging.destination:service=Topic,name=Accounting");
         ServerManagement.setAttribute(on, "SecurityConfig", config);

         Queue queue = (Queue)ic.lookup("/queue/Accounting");
         Topic topic = (Topic)ic.lookup("/topic/Accounting");

         conn = cf.createConnection("john", "needle");

         assertTrue(canReadDestination(conn, queue));
         assertFalse(canReadDestination(conn, topic));
      }
      finally
      {
         ServerManagement.undeployQueue("Accounting");
         ServerManagement.undeployTopic("Accounting");
         if (conn != null)
         {
            conn.close();
         }
      }
   }
   
   public void testSecurityForTemporaryQueue() throws Exception
   {
      testSecurityForTemporaryDestination(true);
   }

   public void testSecurityForTemporaryTopic() throws Exception
   {
      testSecurityForTemporaryDestination(false);
   }

   // Package protected ---------------------------------------------

   // Protected -----------------------------------------------------

   protected void setUp() throws Exception
   {
      super.setUp();
      
      oldDefaultConfig = ServerManagement.getDefaultSecurityConfig();
      
      final String queueConf =
         "<security>" +
            "<role name=\"guest\" read=\"true\" write=\"true\"/>" +
            "<role name=\"publisher\" read=\"true\" write=\"true\" create=\"false\"/>" +
            "<role name=\"noacc\" read=\"false\" write=\"false\" create=\"false\"/>" +
         "</security>";

      ServerManagement.configureSecurityForDestination("Queue1", queueConf);

      final String topicConf =
         "<security>" +
            "<role name=\"guest\" read=\"true\" write=\"true\"/>" +
            "<role name=\"publisher\" read=\"true\" write=\"true\" create=\"false\"/>" +
            "<role name=\"durpublisher\" read=\"true\" write=\"true\" create=\"true\"/>" +
         "</security>";

      ServerManagement.configureSecurityForDestination("Topic1", topicConf);


      final String testSecuredTopicConf =
         "<security>" +
            "<role name=\"publisher\" read=\"true\" write=\"true\" create=\"false\"/>" +
         "</security>";

      ServerManagement.configureSecurityForDestination("Topic2", testSecuredTopicConf);

      ServerManagement.setDefaultSecurityConfig(defConfig);
   }

   protected void tearDown() throws Exception
   {
     super.tearDown();
     
      ServerManagement.setDefaultSecurityConfig(oldDefaultConfig);
      ServerManagement.configureSecurityForDestination("Queue1", null);
      ServerManagement.configureSecurityForDestination("Queue2", null);
      ServerManagement.configureSecurityForDestination("Topic1", null);
      ServerManagement.configureSecurityForDestination("Topic2", null);
   }

   // Private -------------------------------------------------------

   private boolean canReadDestination(Connection conn, Destination dest) throws Exception
   {
      Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);

      try
      {
         sess.createConsumer(dest);
         return true;
      }
      catch (JMSSecurityException e)
      {
         log.trace("Can't read destination", e);
         return false;
      }
      finally
      {
         sess.close();
      }
            
   }
   private boolean canWriteDestination(Connection conn, Destination dest) throws Exception
   {
      boolean transacted = canWriteDestination(conn, dest, true);
      boolean nonTransacted = canWriteDestination(conn, dest, false);

      return transacted || nonTransacted;
   }

   private boolean canWriteDestination(Connection conn, Destination dest, boolean transacted) throws Exception
   {
      Session sess = conn.createSession(transacted, Session.AUTO_ACKNOWLEDGE);

      try
      {
         boolean namedSucceeded = true;
         try
         {
            MessageProducer prod = sess.createProducer(dest);
            Message m = sess.createTextMessage("Kippers");
            prod.send(m);
            if (transacted)
            {
               sess.commit();
            }
         }
         catch (JMSSecurityException e)
         {
            log.trace("Can't write to destination using named producer", e);
            namedSucceeded = false;
         }

         boolean anonSucceeded = true;
         try
         {
            MessageProducer producerAnon = sess.createProducer(null);
            Message m = sess.createTextMessage("Kippers");
            producerAnon.send(dest, m);
            if (transacted)
            {
               sess.commit();
            }
         }
         catch (JMSSecurityException e)
         {
            log.trace("Can't write to destination using named producer", e);
            anonSucceeded = false;
         }

         if (namedSucceeded || anonSucceeded)
         {
            if (dest instanceof Queue)
            {
               String destName = ((Queue)dest).getQueueName();
               removeAllMessages(destName, true, 0);
            }
         }

         log.trace("namedSucceeded:" + namedSucceeded + ", anonSucceeded:" + anonSucceeded);
         return namedSucceeded || anonSucceeded;
      }
      finally
      {
         sess.close();
      }

   }

   private boolean canCreateDurableSub(Connection conn, Topic topic, String subName) throws Exception
   {

      Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);

      try
      {
         MessageConsumer cons = sess.createDurableSubscriber(topic, subName);
         cons.close();
         sess.unsubscribe(subName);
         log.trace("Successfully created and unsubscribed subscription");
         return true;
      }
      catch (JMSSecurityException e)
      {
         log.trace("Can't create durable sub", e);
         return false;
      }
      finally
      {
         sess.close();
      }
   }

   private void testSecurityForTemporaryDestination(boolean isQueue) throws Exception
   {
      Destination dest = isQueue ? (Destination) queue1 : topic1;

      Connection conn = cf.createConnection("guest", "guest");
      try
      {
         Session session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
         Destination temporaryDestination = isQueue
            ? (Destination) session.createTemporaryQueue()
            : session.createTemporaryTopic();
         Message message = session.createMessage();
         message.setJMSReplyTo(temporaryDestination);
         MessageProducer producer = session.createProducer(dest);
         
         MessageConsumer tmpConsumer = session.createConsumer(temporaryDestination);
         conn.start();
         
         Connection conn2 = cf.createConnection("john", "needle");
         try
         {
            Session session2 = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
            MessageConsumer consumer = session.createConsumer(dest);
            conn.start();
            
            producer.send(message);

            Message in = consumer.receive(1000L);
            assertNotNull(in);
            
            Message out = session2.createMessage();
            MessageProducer replyProducer = session2.createProducer(in.getJMSReplyTo());
            replyProducer.send(out);
         }
         finally
         {
            conn2.close();
         }
         
         Message reply = tmpConsumer.receive(1000L);
         assertNotNull(reply);
      }
      finally
      {
         conn.close();
      }
   }

   /**
    * This Validate sending messages on an Queue where the user don't have write authorization
    * @throws Exception
    */
   public void testSecurityOnXA() throws Exception
   {
      XAConnection xaconn = null;

      try
      {
         XAConnectionFactory xacf = (XAConnectionFactory)cf;

         xaconn = xacf.createXAConnection("nobody", "nobody");

         XASession xasession = xaconn.createXASession();

         MessagingXid xid = new MessagingXid(new byte[]{1}, 1, new byte[]{1});

         XAResource resource = xasession.getXAResource();

         resource.start(xid, XAResource.TMNOFLAGS);

         MessageProducer producer = xasession.createProducer(queue1);


         for (int i=0;i<10;i++)
         {
            producer.send(xasession.createTextMessage("Test " + i));
         }

         try
         {
            resource.end(xid, XAResource.TMSUCCESS);
            resource.prepare(xid);
            fail("Didn't throw expected exception!");
         }
         catch (MessagingXAException expected)
         {
         }
      }
      finally
      {
         try
         {
            if (xaconn != null)
            {
               xaconn.close();
            }
            ServerManagement.undeployQueue("MyQueue2");
         }
         catch (Throwable ignored)
         {
         }
      }
   }




   
   // Inner classes -------------------------------------------------

}


java2s.com  | Contact Us | Privacy Policy
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.