QPID-2184: make sure global security plugins are reconfigured properly

ServerConfigurationTest: add test for reloading firewall config in main section, not just as a combined file FirewallConfigTest: add a systest for firewalls with real broker QpidTestCase: add a reloadBroker() method git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@835115 13f79535-47bb-0310-9956-ffa450edef68
author: Aidan Skinner <aidan@apache.org> 2009-11-11 22:59:29 +0000
committer: Aidan Skinner <aidan@apache.org> 2009-11-11 22:59:29 +0000
commit: de286e9b8c27a7c0f89b9beaf04b80a6dd928801 (patch)
tree: 5cf3b054397d9647b2836362362314504b297ffb /java/systests
parent: 9a35dac76fd9a782f51825453ca3de43cc06932c (diff)
download: qpid-python-de286e9b8c27a7c0f89b9beaf04b80a6dd928801.tar.gz
4 files changed, 246 insertions, 0 deletions
diff --git a/java/systests/etc/config-systests-firewall-settings.xml b/java/systests/etc/config-systests-firewall-settings.xml
new file mode 100644
index 0000000000..d115e74663
--- /dev/null
+++ b/java/systests/etc/config-systests-firewall-settings.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ -
+ - Licensed to the Apache Software Foundation (ASF) under one
+ - or more contributor license agreements.  See the NOTICE file
+ - distributed with this work for additional information
+ - regarding copyright ownership.  The ASF licenses this file
+ - to you under the Apache License, Version 2.0 (the
+ - "License"); you may not use this file except in compliance
+ - with the License.  You may obtain a copy of the License at
+ -
+ -   http://www.apache.org/licenses/LICENSE-2.0
+ -
+ - Unless required by applicable law or agreed to in writing,
+ - software distributed under the License is distributed on an
+ - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ - KIND, either express or implied.  See the License for the
+ - specific language governing permissions and limitations
+ - under the License.
+ -
+ -->
+<broker>
+    <security>
+    <firewall>
+        <rule access="allow" network="127.0.0.1"/>
+    </firewall>
+    </security>
+</broker>
diff --git a/java/systests/etc/config-systests-firewall.xml b/java/systests/etc/config-systests-firewall.xml
new file mode 100644
index 0000000000..90773f5cc2
--- /dev/null
+++ b/java/systests/etc/config-systests-firewall.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ -
+ - Licensed to the Apache Software Foundation (ASF) under one
+ - or more contributor license agreements.  See the NOTICE file
+ - distributed with this work for additional information
+ - regarding copyright ownership.  The ASF licenses this file
+ - to you under the Apache License, Version 2.0 (the
+ - "License"); you may not use this file except in compliance
+ - with the License.  You may obtain a copy of the License at
+ -
+ -   http://www.apache.org/licenses/LICENSE-2.0
+ -
+ - Unless required by applicable law or agreed to in writing,
+ - software distributed under the License is distributed on an
+ - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ - KIND, either express or implied.  See the License for the
+ - specific language governing permissions and limitations
+ - under the License.
+ -
+ -->
+<configuration>
+    <system/>
+    <override>
+        <xml fileName="${test.config}" config-optional="true"/>
+        <xml fileName="${QPID_FIREWALL_SETTINGS}"/>
+        <xml fileName="${QPID_HOME}/etc/config-systests-settings.xml"/>
+        <xml fileName="${QPID_HOME}/etc/config.xml"/>                
+    </override>
+</configuration>
diff --git a/java/systests/src/main/java/org/apache/qpid/server/security/firewall/FirewallConfigTest.java b/java/systests/src/main/java/org/apache/qpid/server/security/firewall/FirewallConfigTest.java
new file mode 100644
index 0000000000..94bacea2f4
--- /dev/null
+++ b/java/systests/src/main/java/org/apache/qpid/server/security/firewall/FirewallConfigTest.java
@@ -0,0 +1,164 @@
+package org.apache.qpid.server.security.firewall;
+
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+
+import javax.jms.Connection;
+import javax.jms.JMSException;
+
+import org.apache.qpid.test.utils.QpidTestCase;
+
+public class FirewallConfigTest extends QpidTestCase 
+{
+
+    private File tmpFile = null;
+    @Override
+    protected void setUp() throws Exception
+    {
+        // do setup
+        final String QPID_HOME = System.getProperty("QPID_HOME");
+
+        if (QPID_HOME == null)
+        {
+            fail("QPID_HOME not set");
+        }
+
+        // Setup initial config.
+        _configFile = new File(QPID_HOME, "etc/config-systests-firewall.xml");
+        tmpFile = File.createTempFile("config-systests-firewall", ".xml");
+        setSystemProperty("QPID_FIREWALL_SETTINGS", tmpFile.getAbsolutePath());
+        tmpFile.deleteOnExit();
+    }
+
+    private void writeFirewallFile(boolean allow, boolean inVhost) throws IOException
+    {
+        FileWriter out = new FileWriter(tmpFile);
+        String ipAddr = "127.0.0.1"; // FIXME: get this from InetAddress.getLocalHost().getAddress() ?
+        out.write("<broker>");
+        if (inVhost) 
+        {
+            out.write("<virtualhosts><virtualhost><test>");
+        }
+        out.write("<security><firewall>");
+        out.write("<rule access=\""+((allow) ? "allow" : "deny")+"\" network=\""+ipAddr +"\"/>");
+        out.write("</firewall></security>");
+        if (inVhost)
+        {
+            out.write("</test></virtualhost></virtualhosts>");
+        }
+        out.write("</broker>");
+        out.close();
+    }
+ 
+    public void testDenyOnRestart() throws Exception
+    {
+        testDeny(false, new Runnable() {
+
+            public void run()
+            {
+                try
+                {
+                    restartBroker();
+                } catch (Exception e)
+                {
+                    fail(e.getMessage());
+                }
+            }
+        });
+    }
+    
+    public void testDenyOnRestartInVhost() throws Exception
+    {
+        testDeny(true, new Runnable() {
+
+            public void run()
+            {
+                try
+                {
+                    reloadBroker();
+                } catch (Exception e)
+                {
+                    fail(e.getMessage());
+                }
+            }
+        });
+    }
+    
+    public void testDenyOnReload() throws Exception
+    {
+        testDeny(false, new Runnable() {
+
+            public void run()
+            {
+                try
+                {
+                    reloadBroker();
+                } catch (Exception e)
+                {
+                    fail(e.getMessage());
+                }
+            }
+        }
+        );
+    }
+    
+    public void testDenyOnReloadInVhost() throws Exception
+    {
+        testDeny(true, new Runnable() {
+
+            public void run()
+            {
+                try
+                {
+                    reloadBroker();
+                } catch (Exception e)
+                {
+                   fail(e.getMessage());
+                }
+            }
+        }
+        );
+       
+    }
+    
+    private void testDeny(boolean inVhost, Runnable restartOrReload) throws Exception
+    {
+        if (_broker.equals(VM))
+        {
+            // No point running this test in a vm broker
+            return;
+        }
+        
+        writeFirewallFile(false, inVhost);        
+        super.setUp();
+        
+        Exception exception  = null;
+        Connection conn = null;
+        try 
+        {
+            conn = getConnection();
+        } 
+        catch (JMSException e)
+        {
+            exception = e;
+        }
+        assertNotNull(exception);
+        
+        // Check we can get a connection
+
+        writeFirewallFile(true, inVhost);
+        restartOrReload.run();
+        
+        exception = null;
+        try 
+        {
+            conn = getConnection();
+        } 
+        catch (JMSException e)
+        {
+            exception = e;
+        }
+        assertNull(exception);
+    }    
+}
diff --git a/java/systests/src/main/java/org/apache/qpid/test/utils/QpidTestCase.java b/java/systests/src/main/java/org/apache/qpid/test/utils/QpidTestCase.java
index a1fa2c1a0c..886612b9d9 100644
--- a/java/systests/src/main/java/org/apache/qpid/test/utils/QpidTestCase.java
+++ b/java/systests/src/main/java/org/apache/qpid/test/utils/QpidTestCase.java
@@ -57,6 +57,7 @@ import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.LineNumberReader;
 import java.io.PrintStream;
+import java.io.Reader;
 import java.net.MalformedURLException;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -1241,4 +1242,27 @@ public class QpidTestCase extends TestCase
         return null;
     }
 
+    public void reloadBroker() throws ConfigurationException, IOException
+    {
+        reloadBroker(0);
+    }
+    
+    public void reloadBroker(int port) throws ConfigurationException, IOException
+    {
+        if (_broker.equals(VM))
+        {
+            ApplicationRegistry.getInstance().getConfiguration().reparseConfigFile();
+        } 
+        else // FIXME: should really use the JMX interface to do this
+        {
+            /*
+             * Sigh, this is going to get messy. grep for BRKR and the port number
+             */
+
+            Process p = Runtime.getRuntime().exec("/usr/bin/pgrep -f " + getPort(port));
+            BufferedReader reader = new BufferedReader (new InputStreamReader(p.getInputStream()));
+            String cmd = "/bin/kill -SIGHUP " + reader.readLine();
+            p = Runtime.getRuntime().exec(cmd);
+        }
+    }
 }
author	Aidan Skinner <aidan@apache.org>	2009-11-11 22:59:29 +0000
committer	Aidan Skinner <aidan@apache.org>	2009-11-11 22:59:29 +0000
commit	de286e9b8c27a7c0f89b9beaf04b80a6dd928801 (patch)
tree	5cf3b054397d9647b2836362362314504b297ffb /java/systests
parent	9a35dac76fd9a782f51825453ca3de43cc06932c (diff)
download	qpid-python-de286e9b8c27a7c0f89b9beaf04b80a6dd928801.tar.gz