QPID-2184: add additional testing against static firewall configurations

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@884634 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 82 insertions, 0 deletions

diff --git a/java/systests/src/main/java/org/apache/qpid/server/security/firewall/FirewallConfigTest.java b/java/systests/src/main/java/org/apache/qpid/server/security/firewall/FirewallConfigTest.java
index 94bacea2f4..b0415b67c0 100644
--- a/java/systests/src/main/java/org/apache/qpid/server/security/firewall/FirewallConfigTest.java
+++ b/java/systests/src/main/java/org/apache/qpid/server/security/firewall/FirewallConfigTest.java
@@ -7,6 +7,7 @@ import java.io.IOException;
 import javax.jms.Connection;
 import javax.jms.JMSException;
 
+import org.apache.qpid.client.AMQConnectionURL;
 import org.apache.qpid.test.utils.QpidTestCase;
 
 public class FirewallConfigTest extends QpidTestCase 
@@ -50,6 +51,87 @@ public class FirewallConfigTest extends QpidTestCase
         out.write("</broker>");
         out.close();
     }
+    
+    public void testVhostAllowBrokerDeny() throws Exception
+    {
+        if (_broker.equals(VM))
+        {
+            //No point running this test with an InVM broker as the
+            //firewall plugin only functions for TCP connections.
+            return;
+        }
+
+        _configFile = new File(System.getProperty("QPID_HOME"), "etc/config-systests-firewall-2.xml");
+        
+        super.setUp();
+        
+        Connection conn = null;
+        try 
+        {
+            //Try to get a connection to the 'test2' vhost
+            //This is expected to fail as it is denied at the broker level
+            conn = getConnection(new AMQConnectionURL(
+                    "amqp://username:password@clientid/test2?brokerlist='" + getBroker() + "'"));
+            fail("We expected the connection to fail");
+        } 
+        catch (JMSException e)
+        {
+            //ignore
+        }
+        
+        conn = null;
+        try 
+        {
+            //Try to get a connection to the 'test' vhost
+            //This is expected to succeed as it is allowed at the vhost level
+            conn = getConnection();
+        } 
+        catch (JMSException e)
+        {
+            e.getLinkedException().printStackTrace();
+            fail("The connection was expected to succeed: " + e.getMessage());
+        }
+    }
+    
+    public void testVhostDenyBrokerAllow() throws Exception
+    {
+        if (_broker.equals(VM))
+        {
+            //No point running this test with an InVM broker as the
+            //firewall plugin only functions for TCP connections.
+            return;
+        }
+        
+        _configFile = new File(System.getProperty("QPID_HOME"), "etc/config-systests-firewall-3.xml");
+        
+        super.setUp();
+        
+        Connection conn = null;
+        try 
+        {
+            //Try to get a connection to the 'test2' vhost
+            //This is expected to fail as it is denied at the vhost level
+            conn = getConnection(new AMQConnectionURL(
+                    "amqp://username:password@clientid/test2?brokerlist='" + getBroker() + "'"));
+        } 
+        catch (JMSException e)
+        {
+            //ignore
+        }
+
+        conn = null;
+        try 
+        {
+            //Try to get a connection to the 'test' vhost
+            //This is expected to succeed as it is allowed at the broker level
+            conn = getConnection();
+        } 
+        catch (JMSException e)
+        {
+            e.getLinkedException().printStackTrace();
+            fail("The connection was expected to succeed: " + e.getMessage());
+        }
+    }
  
     public void testDenyOnRestart() throws Exception
     {