summaryrefslogtreecommitdiff
path: root/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java')
-rw-r--r--java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java322
1 files changed, 0 insertions, 322 deletions
diff --git a/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java b/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java
deleted file mode 100644
index 8969363979..0000000000
--- a/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.qpid.server.security.access;
-
-import org.apache.qpid.server.registry.ApplicationRegistry;
-import org.apache.qpid.server.registry.ConfigurationFileApplicationRegistry;
-import org.apache.qpid.server.virtualhost.VirtualHost;
-import org.apache.qpid.server.virtualhost.VirtualHostRegistry;
-import org.apache.qpid.test.utils.QpidTestCase;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.io.RandomAccessFile;
-import java.net.InetSocketAddress;
-
-public class FirewallConfigurationTest extends QpidTestCase
-{
- @Override
- protected void tearDown() throws Exception
- {
- super.tearDown();
- ApplicationRegistry.remove();
- }
-
- public void testFirewallConfiguration() throws Exception
- {
- // Write out config
- File mainFile = File.createTempFile(getClass().getName(), null);
- mainFile.deleteOnExit();
- writeConfigFile(mainFile, false);
-
- // Load config
- ApplicationRegistry reg = new ConfigurationFileApplicationRegistry(mainFile);
- ApplicationRegistry.initialise(reg);
-
- // Test config
- assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535)));
- assertTrue(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.1.2.3", 65535)));
- }
-
- public void testCombinedConfigurationFirewall() throws Exception
- {
- // Write out config
- File mainFile = File.createTempFile(getClass().getName(), null);
- File fileA = File.createTempFile(getClass().getName(), null);
- File fileB = File.createTempFile(getClass().getName(), null);
-
- mainFile.deleteOnExit();
- fileA.deleteOnExit();
- fileB.deleteOnExit();
-
- FileWriter out = new FileWriter(mainFile);
- out.write("<configuration><system/>");
- out.write("<xml fileName=\"" + fileA.getAbsolutePath() + "\"/>");
- out.write("</configuration>");
- out.close();
-
- out = new FileWriter(fileA);
- out.write("<broker>\n");
- out.write("\t<plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory>\n");
- out.write("\t<cache-directory>${QPID_WORK}/cache</cache-directory>\n");
- out.write("\t<management><enabled>false</enabled></management>\n");
- out.write("\t<security>\n");
- out.write("\t\t<pd-auth-manager>\n");
- out.write("\t\t\t<principal-database>\n");
- out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n");
- out.write("\t\t\t\t<attributes>\n");
- out.write("\t\t\t\t\t<attribute>\n");
- out.write("\t\t\t\t\t\t<name>passwordFile</name>\n");
- out.write("\t\t\t\t\t\t<value>/dev/null</value>\n");
- out.write("\t\t\t\t\t</attribute>\n");
- out.write("\t\t\t\t</attributes>\n");
- out.write("\t\t\t</principal-database>\n");
- out.write("\t\t</pd-auth-manager>\n");
- out.write("\t\t<firewall>\n");
- out.write("\t\t\t<xml fileName=\"" + fileB.getAbsolutePath() + "\"/>");
- out.write("\t\t</firewall>\n");
- out.write("\t</security>\n");
- out.write("\t<virtualhosts>\n");
- out.write("\t\t<virtualhost>\n");
- out.write("\t\t\t<name>test</name>\n");
- out.write("\t\t</virtualhost>\n");
- out.write("\t</virtualhosts>\n");
- out.write("</broker>\n");
- out.close();
-
- out = new FileWriter(fileB);
- out.write("<firewall>\n");
- out.write("\t<rule access=\"deny\" network=\"127.0.0.1\"/>");
- out.write("</firewall>\n");
- out.close();
-
- // Load config
- ApplicationRegistry reg = new ConfigurationFileApplicationRegistry(mainFile);
- ApplicationRegistry.initialise(reg);
-
- // Test config
- assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535)));
- }
-
- public void testConfigurationFirewallReload() throws Exception
- {
- // Write out config
- File mainFile = File.createTempFile(getClass().getName(), null);
-
- mainFile.deleteOnExit();
- writeConfigFile(mainFile, false);
-
- // Load config
- ApplicationRegistry reg = new ConfigurationFileApplicationRegistry(mainFile);
- ApplicationRegistry.initialise(reg);
-
- // Test config
- assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535)));
-
- // Switch to deny the connection
- writeConfigFile(mainFile, true);
-
- reg.getConfiguration().reparseConfigFileSecuritySections();
-
- assertTrue(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535)));
- }
-
- public void testCombinedConfigurationFirewallReload() throws Exception
- {
- // Write out config
- File mainFile = File.createTempFile(getClass().getName(), null);
- File fileA = File.createTempFile(getClass().getName(), null);
- File fileB = File.createTempFile(getClass().getName(), null);
-
- mainFile.deleteOnExit();
- fileA.deleteOnExit();
- fileB.deleteOnExit();
-
- FileWriter out = new FileWriter(mainFile);
- out.write("<configuration><system/>");
- out.write("<xml fileName=\"" + fileA.getAbsolutePath() + "\"/>");
- out.write("</configuration>");
- out.close();
-
- out = new FileWriter(fileA);
- out.write("<broker>\n");
- out.write("\t<plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory>\n");
- out.write("\t<management><enabled>false</enabled></management>\n");
- out.write("\t<security>\n");
- out.write("\t\t<pd-auth-manager>\n");
- out.write("\t\t\t<principal-database>\n");
- out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n");
- out.write("\t\t\t\t<attributes>\n");
- out.write("\t\t\t\t\t<attribute>\n");
- out.write("\t\t\t\t\t\t<name>passwordFile</name>\n");
- out.write("\t\t\t\t\t\t<value>/dev/null</value>\n");
- out.write("\t\t\t\t\t</attribute>\n");
- out.write("\t\t\t\t</attributes>\n");
- out.write("\t\t\t</principal-database>\n");
- out.write("\t\t</pd-auth-manager>\n");
- out.write("\t\t<firewall>\n");
- out.write("\t\t\t<xml fileName=\"" + fileB.getAbsolutePath() + "\"/>");
- out.write("\t\t</firewall>\n");
- out.write("\t</security>\n");
- out.write("\t<virtualhosts>\n");
- out.write("\t\t<virtualhost>\n");
- out.write("\t\t\t<name>test</name>\n");
- out.write("\t\t</virtualhost>\n");
- out.write("\t</virtualhosts>\n");
- out.write("</broker>\n");
- out.close();
-
- out = new FileWriter(fileB);
- out.write("<firewall>\n");
- out.write("\t<rule access=\"deny\" network=\"127.0.0.1\"/>");
- out.write("</firewall>\n");
- out.close();
-
- // Load config
- ApplicationRegistry reg = new ConfigurationFileApplicationRegistry(mainFile);
- ApplicationRegistry.initialise(reg);
-
- // Test config
- assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535)));
-
- RandomAccessFile fileBRandom = new RandomAccessFile(fileB, "rw");
- fileBRandom.setLength(0);
- fileBRandom.seek(0);
- fileBRandom.close();
-
- out = new FileWriter(fileB);
- out.write("<firewall>\n");
- out.write("\t<rule access=\"allow\" network=\"127.0.0.1\"/>");
- out.write("</firewall>\n");
- out.close();
-
- reg.getConfiguration().reparseConfigFileSecuritySections();
-
- assertTrue(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535)));
-
- fileBRandom = new RandomAccessFile(fileB, "rw");
- fileBRandom.setLength(0);
- fileBRandom.seek(0);
- fileBRandom.close();
-
- out = new FileWriter(fileB);
- out.write("<firewall>\n");
- out.write("\t<rule access=\"deny\" network=\"127.0.0.1\"/>");
- out.write("</firewall>\n");
- out.close();
-
- reg.getConfiguration().reparseConfigFileSecuritySections();
-
- assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535)));
- }
-
- private void writeFirewallVhostsFile(File vhostsFile, boolean allow) throws IOException
- {
- FileWriter out = new FileWriter(vhostsFile);
- String ipAddr = "127.0.0.1"; // FIXME: get this from InetAddress.getLocalHost().getAddress() ?
- out.write("<virtualhosts><virtualhost>");
- out.write("<name>test</name>");
- out.write("<test>");
- out.write("<security><firewall>");
- out.write("<rule access=\""+((allow) ? "allow" : "deny")+"\" network=\""+ipAddr +"\"/>");
- out.write("</firewall></security>");
- out.write("</test>");
- out.write("</virtualhost></virtualhosts>");
- out.close();
- }
-
- private void writeConfigFile(File mainFile, boolean allow) throws IOException {
- writeConfigFile(mainFile, allow, true, null, "test");
- }
-
- /*
- XMLConfiguration config = new XMLConfiguration(mainFile);
- PluginManager pluginManager = new MockPluginManager("");
- SecurityManager manager = new SecurityManager(config, pluginManager, Firewall.FACTORY);
-
- */
- private void writeConfigFile(File mainFile, boolean allow, boolean includeVhosts, File vhostsFile, String name) throws IOException {
- FileWriter out = new FileWriter(mainFile);
- out.write("<broker>\n");
- out.write("\t<plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory>\n");
- out.write("\t<management><enabled>false</enabled></management>\n");
- out.write("\t<security>\n");
- out.write("\t\t<pd-auth-manager>\n");
- out.write("\t\t\t<principal-database>\n");
- out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n");
- out.write("\t\t\t\t<attributes>\n");
- out.write("\t\t\t\t\t<attribute>\n");
- out.write("\t\t\t\t\t\t<name>passwordFile</name>\n");
- out.write("\t\t\t\t\t\t<value>/dev/null</value>\n");
- out.write("\t\t\t\t\t</attribute>\n");
- out.write("\t\t\t\t</attributes>\n");
- out.write("\t\t\t</principal-database>\n");
- out.write("\t\t</pd-auth-manager>\n");
- out.write("\t\t<firewall>\n");
- out.write("\t\t\t<rule access=\""+ ((allow) ? "allow" : "deny") +"\" network=\"127.0.0.1\"/>");
- out.write("\t\t</firewall>\n");
- out.write("\t</security>\n");
- if (includeVhosts)
- {
- out.write("\t<virtualhosts>\n");
- out.write("\t\t<default>test</default>\n");
- out.write("\t\t<virtualhost>\n");
- out.write(String.format("\t\t\t<name>%s</name>\n", name));
- out.write("\t\t</virtualhost>\n");
- out.write("\t</virtualhosts>\n");
- }
- if (vhostsFile != null)
- {
- out.write("\t<virtualhosts>"+vhostsFile.getAbsolutePath()+"</virtualhosts>\n");
- }
- out.write("</broker>\n");
- out.close();
- }
-
- /**
- * Test that configuration loads correctly when virtual hosts are specified in an external
- * configuration file only.
- * <p>
- * Test for QPID-2360
- */
- public void testExternalFirewallVirtualhostXMLFile() throws Exception
- {
- // Write out config
- File mainFile = File.createTempFile(getClass().getName(), "config");
- mainFile.deleteOnExit();
- File vhostsFile = File.createTempFile(getClass().getName(), "vhosts");
- vhostsFile.deleteOnExit();
- writeConfigFile(mainFile, false, false, vhostsFile, null);
- writeFirewallVhostsFile(vhostsFile, false);
-
- // Load config
- ApplicationRegistry reg = new ConfigurationFileApplicationRegistry(mainFile);
- ApplicationRegistry.initialise(reg);
-
- // Test config
- VirtualHostRegistry virtualHostRegistry = reg.getVirtualHostRegistry();
- VirtualHost virtualHost = virtualHostRegistry.getVirtualHost("test");
-
- assertEquals("Incorrect virtualhost count", 1, virtualHostRegistry.getVirtualHosts().size());
- assertEquals("Incorrect virtualhost name", "test", virtualHost.getName());
- }
-}
View Lorry Controller Status