QPID-4292: add ACL rule to authorise access to the web management UI

* added object name MANAGEMENT to represent both JMX and Web Management layers * Change both JMX/Web entry points to permission access with an access management check * Updated examples and docbook * Made Principals serialised to avoid container warnings when Qpid principals are placed within a HttpSession. Work of Robbie Gemmell <robbie@apache.org> and myself. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1382947 13f79535-47bb-0310-9956-ffa450edef68
author: Keith Wall <kwall@apache.org> 2012-09-10 15:37:45 +0000
committer: Keith Wall <kwall@apache.org> 2012-09-10 15:37:45 +0000
commit: b0a4911fa51737570a1e9767f7fd37f50f06b3bd (patch)
tree: d3183ccd29662cd13926e529aa3f3d0f6db24ef3 /qpid/java/broker-plugins/management-http/src/test
parent: 3957c7f5aab759d2a9b2f10b38c116f0472b32fa (diff)
download: qpid-python-b0a4911fa51737570a1e9767f7fd37f50f06b3bd.tar.gz
2 files changed, 7 insertions, 0 deletions
diff --git a/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/GroupRestACLTest.java b/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/GroupRestACLTest.java
index 3d21f95f0c..f85fd02199 100644
--- a/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/GroupRestACLTest.java
+++ b/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/GroupRestACLTest.java
@@ -89,6 +89,7 @@ public class GroupRestACLTest extends QpidRestTestCase
     public void testCreateGroup() throws Exception
     {
         AbstractACLTestCase.writeACLFileUtil(this, null,
+                "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
                 "ACL ALLOW-LOG " + ALLOWED_GROUP + " CREATE GROUP",
                 "ACL DENY-LOG " + DENIED_GROUP + " CREATE GROUP");
 
@@ -116,6 +117,7 @@ public class GroupRestACLTest extends QpidRestTestCase
     public void testDeleteGroup() throws Exception
     {
         AbstractACLTestCase.writeACLFileUtil(this, null,
+                "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
                 "ACL ALLOW-LOG " + ALLOWED_GROUP + " DELETE GROUP",
                 "ACL DENY-LOG " + DENIED_GROUP + " DELETE GROUP");
 
@@ -143,6 +145,7 @@ public class GroupRestACLTest extends QpidRestTestCase
     public void testUpdateGroupAddMember() throws Exception
     {
         AbstractACLTestCase.writeACLFileUtil(this, null,
+                "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
                 "ACL ALLOW-LOG " + ALLOWED_GROUP + " UPDATE GROUP",
                 "ACL DENY-LOG " + DENIED_GROUP + " UPDATE GROUP");
 
@@ -163,6 +166,7 @@ public class GroupRestACLTest extends QpidRestTestCase
     public void testUpdateGroupDeleteMember() throws Exception
     {
         AbstractACLTestCase.writeACLFileUtil(this, null,
+                "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
                 "ACL ALLOW-LOG " + ALLOWED_GROUP + " UPDATE GROUP",
                 "ACL DENY-LOG " + DENIED_GROUP + " UPDATE GROUP");
 
diff --git a/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/UserRestACLTest.java b/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/UserRestACLTest.java
index 31286fb70b..09c82b9205 100644
--- a/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/UserRestACLTest.java
+++ b/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/UserRestACLTest.java
@@ -91,6 +91,7 @@ public class UserRestACLTest extends QpidRestTestCase
     public void testAddUser() throws Exception
     {
         AbstractACLTestCase.writeACLFileUtil(this, null,
+                "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
                 "ACL ALLOW-LOG " + ALLOWED_GROUP + " CREATE USER",
                 "ACL DENY-LOG " + DENIED_GROUP + " CREATE USER");
 
@@ -115,6 +116,7 @@ public class UserRestACLTest extends QpidRestTestCase
     public void testDeleteUser() throws Exception
     {
         AbstractACLTestCase.writeACLFileUtil(this, null,
+                "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
                 "ACL ALLOW-LOG " + ALLOWED_GROUP + " DELETE USER",
                 "ACL DENY-LOG " + DENIED_GROUP + " DELETE USER");
 
@@ -135,6 +137,7 @@ public class UserRestACLTest extends QpidRestTestCase
     public void testUpdateUser() throws Exception
     {
         AbstractACLTestCase.writeACLFileUtil(this, null,
+                "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
                 "ACL ALLOW-LOG " + ALLOWED_GROUP + " UPDATE USER",
                 "ACL DENY-LOG " + DENIED_GROUP + " UPDATE USER");
author	Keith Wall <kwall@apache.org>	2012-09-10 15:37:45 +0000
committer	Keith Wall <kwall@apache.org>	2012-09-10 15:37:45 +0000
commit	b0a4911fa51737570a1e9767f7fd37f50f06b3bd (patch)
tree	d3183ccd29662cd13926e529aa3f3d0f6db24ef3 /qpid/java/broker-plugins/management-http/src/test
parent	3957c7f5aab759d2a9b2f10b38c116f0472b32fa (diff)
download	qpid-python-b0a4911fa51737570a1e9767f7fd37f50f06b3bd.tar.gz