diff options
| author | Robert Gemmell <robbie@apache.org> | 2012-08-24 15:33:00 +0000 |
|---|---|---|
| committer | Robert Gemmell <robbie@apache.org> | 2012-08-24 15:33:00 +0000 |
| commit | 881f4a51e4b9e44f888366fc06f6070f47921b90 (patch) | |
| tree | c081e6cd763dde58e1f9254cdddbba872be619b6 /qpid/java/systests/src | |
| parent | 3196cc6e0e4f6c537ab7f3694d7b2e454cd97fbc (diff) | |
| download | qpid-python-881f4a51e4b9e44f888366fc06f6070f47921b90.tar.gz | |
QPID-4236, QPID-4237, QPID-4245: Added group management functionality, and exposed it via the web management interface. Removed group definition functionality from the ACL plugin. The ACL plugin uses groups but no longer defines them.
Introduced SubjectCreator as a facade to AuthenticationManager and group
management classes.
Applied access control to user and group management.
Fixed bug in choosing between update and creation in RestServlet.
Moved lots of RestTest helper methods to RestTestHelper.
Fixed authentication, authorisation, and status logging when using the web ui.
Applied patch from Philip Harvey <phil@philharveyonline.com>, Keith Wall and myself.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1376968 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/java/systests/src')
3 files changed, 32 insertions, 27 deletions
diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/server/logging/AccessControlLoggingTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/server/logging/AccessControlLoggingTest.java index 4b7b3f0cf0..37f960a65a 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/server/logging/AccessControlLoggingTest.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/server/logging/AccessControlLoggingTest.java @@ -31,10 +31,10 @@ import java.util.List; /** * ACL version 2/3 file testing to verify that ACL actor logging works correctly. - * + * * This suite of tests validate that the AccessControl messages occur correctly * and according to the following format: - * + * * <pre> * ACL-1001 : Allowed Operation Object {PROPERTIES} * ACL-1002 : Denied Operation Object {PROPERTIES} @@ -83,12 +83,12 @@ public class AccessControlLoggingTest extends AbstractTestLogging Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE); conn.start(); ((AMQSession<?, ?>) sess).createQueue(new AMQShortString("allow"), false, false, false); - + List<String> matches = findMatches(ACL_LOG_PREFIX); - + assertTrue("Should be no ACL log messages", matches.isEmpty()); } - + /** * Test that {@code allow-log} ACL entries log correctly. */ @@ -98,25 +98,25 @@ public class AccessControlLoggingTest extends AbstractTestLogging Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE); conn.start(); ((AMQSession<?, ?>) sess).createQueue(new AMQShortString("allow-log"), false, false, false); - + List<String> matches = findMatches(ACL_LOG_PREFIX); - + assertEquals("Should only be one ACL log message", 1, matches.size()); - + String log = getLogMessage(matches, 0); String actor = fromActor(log); String subject = fromSubject(log); String message = getMessageString(fromMessage(log)); - + validateMessageID(ACL_LOG_PREFIX + 1001, log); - - assertTrue("Actor should contain the user identity", actor.contains(USER)); + + assertTrue("Actor " + actor + " should contain the user identity: " + USER, actor.contains(USER)); assertTrue("Subject should be empty", subject.length() == 0); assertTrue("Message should start with 'Allowed'", message.startsWith("Allowed")); assertTrue("Message should contain 'Create Queue'", message.contains("Create Queue")); assertTrue("Message should have contained the queue name", message.contains("allow-log")); } - + /** * Test that {@code deny-log} ACL entries log correctly. */ @@ -134,25 +134,25 @@ public class AccessControlLoggingTest extends AbstractTestLogging // Denied, so exception thrown assertEquals("Expected ACCESS_REFUSED error code", AMQConstant.ACCESS_REFUSED, amqe.getErrorCode()); } - + List<String> matches = findMatches(ACL_LOG_PREFIX); - + assertEquals("Should only be one ACL log message", 1, matches.size()); - + String log = getLogMessage(matches, 0); String actor = fromActor(log); String subject = fromSubject(log); String message = getMessageString(fromMessage(log)); - + validateMessageID(ACL_LOG_PREFIX + 1002, log); - - assertTrue("Actor should contain the user identity", actor.contains(USER)); + + assertTrue("Actor " + actor + " should contain the user identity: " + USER, actor.contains(USER)); assertTrue("Subject should be empty", subject.length() == 0); assertTrue("Message should start with 'Denied'", message.startsWith("Denied")); assertTrue("Message should contain 'Create Queue'", message.contains("Create Queue")); assertTrue("Message should have contained the queue name", message.contains("deny-log")); } - + /** * Test that {@code deny} ACL entries do not log anything. */ @@ -170,9 +170,9 @@ public class AccessControlLoggingTest extends AbstractTestLogging // Denied, so exception thrown assertEquals("Expected ACCESS_REFUSED error code", AMQConstant.ACCESS_REFUSED, amqe.getErrorCode()); } - + List<String> matches = findMatches(ACL_LOG_PREFIX); - + assertTrue("Should be no ACL log messages", matches.isEmpty()); } } diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java b/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java index 8ccf74a22b..7b50749f5f 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java @@ -45,7 +45,7 @@ import java.util.concurrent.TimeUnit; /** * Abstract test case for ACLs. * - * This base class contains convenience methods to mange ACL files and implements a mechanism that allows each + * This base class contains convenience methods to manage ACL files and implements a mechanism that allows each * test method to run its own setup code before the broker starts. * * TODO move the pre broker-startup setup method invocation code to {@link QpidBrokerTestCase} diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLTest.java index 0e45ca9493..400464b4eb 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLTest.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLTest.java @@ -319,8 +319,12 @@ public class ExternalACLTest extends AbstractACLTestCase public void setUpRequestResponseSuccess() throws Exception { - writeACLFile("test", "GROUP messaging-users client server", - "ACL ALLOW-LOG messaging-users ACCESS VIRTUALHOST", + // The group "messaging-users", referenced in the ACL below, is currently defined + // in broker/etc/groups-systests. + // We tolerate a dependency from this test to that file because its + // contents are expected to change rarely. + + writeACLFile("test", "ACL ALLOW-LOG messaging-users ACCESS VIRTUALHOST", "# Server side", "ACL ALLOW-LOG server CREATE QUEUE name=\"example.RequestQueue\"" , "ACL ALLOW-LOG server BIND EXCHANGE", @@ -389,11 +393,12 @@ public class ExternalACLTest extends AbstractACLTestCase conn.start(); // create kipper - Topic kipper = sess.createTopic("kipper"); - TopicSubscriber subscriber = sess.createDurableSubscriber(kipper, "kipper"); + String topicName = "kipper"; + Topic topic = sess.createTopic(topicName); + TopicSubscriber subscriber = sess.createDurableSubscriber(topic, topicName); subscriber.close(); - sess.unsubscribe("kipper"); + sess.unsubscribe(topicName); //Do something to show connection is active. sess.rollback(); |