diff options
| author | Alex Rudyy <orudyy@apache.org> | 2013-04-17 10:53:55 +0000 |
|---|---|---|
| committer | Alex Rudyy <orudyy@apache.org> | 2013-04-17 10:53:55 +0000 |
| commit | 3582d877deaafe065952dfc2c8f75c3eed69ff5d (patch) | |
| tree | cb30fcd27abfa0d6bdd9c511eaa930271035c028 /java/systests | |
| parent | c403e5f5fbb433807d3ea867a26bea3cc6961ecc (diff) | |
| download | qpid-python-3582d877deaafe065952dfc2c8f75c3eed69ff5d.tar.gz | |
QPID-4746, QPID-4747: remove the defaultAuthenticationProvider attribute from broker and add an overriding authentication provider for management mode
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1468830 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'java/systests')
13 files changed, 100 insertions, 169 deletions
diff --git a/java/systests/etc/config-systests.json b/java/systests/etc/config-systests.json index ec3d17dbec..6bfaf08113 100644 --- a/java/systests/etc/config-systests.json +++ b/java/systests/etc/config-systests.json @@ -20,7 +20,6 @@ */ { "name": "QpidBroker", - "defaultAuthenticationProvider" : "plain", "defaultVirtualHost" : "test", "authenticationproviders" : [ { "name" : "plain", @@ -39,9 +38,11 @@ } ], "ports" : [ { "name" : "amqp", + "authenticationProvider" : "plain", "port" : "${test.port}" }, { "name" : "http", + "authenticationProvider" : "plain", "port" : "${test.hport}", "protocols" : [ "HTTP" ] }, { @@ -50,6 +51,7 @@ "protocols" : [ "RMI" ] }, { "name" : "jmx", + "authenticationProvider" : "plain", "port" : "${test.cport}", "protocols" : [ "JMX_RMI" ] }], @@ -67,4 +69,4 @@ "name" : "jmxManagement" } ] */ -}
\ No newline at end of file +} diff --git a/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java b/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java index e2cd3e254e..71b763685e 100644 --- a/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java +++ b/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java @@ -362,6 +362,7 @@ public class SSLTest extends QpidBrokerTestCase Map<String, Object> sslPortAttributes = new HashMap<String, Object>(); sslPortAttributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL)); sslPortAttributes.put(Port.PORT, DEFAULT_SSL_PORT); + sslPortAttributes.put(Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER); sslPortAttributes.put(Port.NEED_CLIENT_AUTH, needClientAuth); sslPortAttributes.put(Port.WANT_CLIENT_AUTH, wantClientAuth); sslPortAttributes.put(Port.NAME, TestBrokerConfiguration.ENTRY_NAME_SSL_PORT); diff --git a/java/systests/src/main/java/org/apache/qpid/server/logging/BrokerLoggingTest.java b/java/systests/src/main/java/org/apache/qpid/server/logging/BrokerLoggingTest.java index c5f5e06ae1..7773586073 100644 --- a/java/systests/src/main/java/org/apache/qpid/server/logging/BrokerLoggingTest.java +++ b/java/systests/src/main/java/org/apache/qpid/server/logging/BrokerLoggingTest.java @@ -95,9 +95,7 @@ public class BrokerLoggingTest extends AbstractTestLogging { String TESTID="BRK-1006"; - // This logging startup code only occurs when you run a Java broker, - // that broker must be started via Main so not an InVM broker. - if (isJavaBroker() && isExternalBroker()) + if (isJavaBroker()) { startBroker(); @@ -165,8 +163,6 @@ public class BrokerLoggingTest extends AbstractTestLogging */ public void testBrokerStartupDefaultLog4j() throws Exception { - // This logging startup code only occurs when you run a Java broker, - // that broker must be started via Main so not an InVM broker. if (isJavaBroker() && isExternalBroker() && !isInternalBroker()) { String TESTID = "BRK-1007"; @@ -256,7 +252,7 @@ public class BrokerLoggingTest extends AbstractTestLogging public void testBrokerStartupCustomLog4j() throws Exception { // This logging startup code only occurs when you run a Java broker - if (isJavaBroker() && isExternalBroker()) + if (isJavaBroker()) { String customLog4j = getBrokerCommandLog4JFile().getAbsolutePath(); @@ -344,7 +340,7 @@ public class BrokerLoggingTest extends AbstractTestLogging { // This logging startup code only occurs when you run a Java broker, // that broker must be started via Main so not an InVM broker. - if (isJavaBroker() && isExternalBroker()) + if (isJavaBroker()) { String TESTID = "BRK-1001"; @@ -426,9 +422,7 @@ public class BrokerLoggingTest extends AbstractTestLogging */ public void testBrokerStartupListeningTCPDefault() throws Exception { - // This logging startup code only occurs when you run a Java broker, - // that broker must be started via Main so not an InVM broker. - if (isJavaBroker() && isExternalBroker()) + if (isJavaBroker()) { String TESTID = "BRK-1002"; @@ -484,7 +478,7 @@ public class BrokerLoggingTest extends AbstractTestLogging //3 String message = getMessageString(log); assertTrue("Expected Listen log not correct" + message, - message.endsWith("Listening on [TCP] port " + getPort())); + message.endsWith("Listening on TCP port " + getPort())); validation = true; } @@ -534,9 +528,7 @@ public class BrokerLoggingTest extends AbstractTestLogging */ public void testBrokerStartupListeningTCPSSL() throws Exception { - // This logging startup code only occurs when you run a Java broker, - // that broker must be started via Main so not an InVM broker. - if (isJavaBroker() && isExternalBroker()) + if (isJavaBroker()) { String TESTID = "BRK-1002"; @@ -545,6 +537,8 @@ public class BrokerLoggingTest extends AbstractTestLogging sslPortAttributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL)); sslPortAttributes.put(Port.PORT, DEFAULT_SSL_PORT); sslPortAttributes.put(Port.NAME, TestBrokerConfiguration.ENTRY_NAME_SSL_PORT); + sslPortAttributes.put(Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER); + sslPortAttributes.put(Port.KEY_STORE, TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE); getBrokerConfiguration().addPortConfiguration(sslPortAttributes); startBroker(); @@ -599,12 +593,12 @@ public class BrokerLoggingTest extends AbstractTestLogging //Check the first String message = getMessageString(getLog(listenMessages .get(0))); assertTrue("Expected Listen log not correct" + message, - message.endsWith("Listening on [TCP] port " + getPort())); + message.endsWith("Listening on TCP port " + getPort())); // Check the third, ssl listen. message = getMessageString(getLog(listenMessages .get(2))); assertTrue("Expected Listen log not correct" + message, - message.endsWith("Listening on [SSL] port " + DEFAULT_SSL_PORT)); + message.endsWith("Listening on SSL port " + DEFAULT_SSL_PORT)); //4 Test ports open testSocketOpen(getPort()); @@ -643,9 +637,7 @@ public class BrokerLoggingTest extends AbstractTestLogging */ public void testBrokerStartupReady() throws Exception { - // This logging startup code only occurs when you run a Java broker, - // that broker must be started via Main so not an InVM broker. - if (isJavaBroker() && isExternalBroker()) + if (isJavaBroker()) { String TESTID = "BRK-1004"; @@ -731,9 +723,7 @@ public class BrokerLoggingTest extends AbstractTestLogging */ public void testBrokerShutdownListeningTCPDefault() throws Exception { - // This logging startup code only occurs when you run a Java broker, - // that broker must be started via Main so not an InVM broker. - if (isJavaBroker() && isExternalBroker()) + if (isJavaBroker() && isInternalBroker()) { String TESTID = "BRK-1003"; @@ -825,9 +815,7 @@ public class BrokerLoggingTest extends AbstractTestLogging */ public void testBrokerShutdownListeningTCPSSL() throws Exception { - // This logging startup code only occurs when you run a Java broker, - // that broker must be started via Main so not an InVM broker. - if (isJavaBroker() && isExternalBroker()) + if (isJavaBroker() && isInternalBroker()) { String TESTID = "BRK-1003"; @@ -836,6 +824,8 @@ public class BrokerLoggingTest extends AbstractTestLogging sslPortAttributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL)); sslPortAttributes.put(Port.PORT, DEFAULT_SSL_PORT); sslPortAttributes.put(Port.NAME, TestBrokerConfiguration.ENTRY_NAME_SSL_PORT); + sslPortAttributes.put(Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER); + sslPortAttributes.put(Port.KEY_STORE, TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE); getBrokerConfiguration().addPortConfiguration(sslPortAttributes); startBroker(); @@ -877,7 +867,7 @@ public class BrokerLoggingTest extends AbstractTestLogging // Check second, ssl, listen. message = getMessageString(getLog(listenMessages.get(1))); assertTrue("Expected shutdown log not correct" + message, - message.endsWith("TCP/SSL port " + DEFAULT_SSL_PORT)); + message.endsWith("SSL port " + DEFAULT_SSL_PORT)); //4 //Test Port closed @@ -913,9 +903,7 @@ public class BrokerLoggingTest extends AbstractTestLogging */ public void testBrokerShutdownStopped() throws Exception { - // This logging startup code only occurs when you run a Java broker, - // that broker must be started via Main so not an InVM broker. - if (isJavaBroker() && isExternalBroker()) + if (isJavaBroker() && isInternalBroker()) { String TESTID = "BRK-1005"; diff --git a/java/systests/src/main/java/org/apache/qpid/server/logging/VirtualHostLoggingTest.java b/java/systests/src/main/java/org/apache/qpid/server/logging/VirtualHostLoggingTest.java index 1ea105ae1a..25dd5fd2f8 100644 --- a/java/systests/src/main/java/org/apache/qpid/server/logging/VirtualHostLoggingTest.java +++ b/java/systests/src/main/java/org/apache/qpid/server/logging/VirtualHostLoggingTest.java @@ -105,22 +105,25 @@ public class VirtualHostLoggingTest extends AbstractTestLogging */ public void testVirtualhostClosure() throws Exception { - stopBroker(); + if (isJavaBroker() && isInternalBroker()) + { + stopBroker(); - // Wait for the correct VHT message to arrive. - waitForMessage(VHT_PREFIX + "1002"); + // Wait for the correct VHT message to arrive. + waitForMessage(VHT_PREFIX + "1002"); - // Validate each vhost logs a closure - List<String> results = findMatches(VHT_PREFIX + "1002"); + // Validate each vhost logs a closure + List<String> results = findMatches(VHT_PREFIX + "1002"); - try - { - assertEquals("Each vhost did not close their store.", 1, results.size()); - } - catch (AssertionFailedError afe) - { - dumpLogs(results, _monitor); - throw afe; + try + { + assertEquals("Each vhost did not close their store.", 1, results.size()); + } + catch (AssertionFailedError afe) + { + dumpLogs(results, _monitor); + throw afe; + } } } diff --git a/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java b/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java index 711765c159..6cc4ec17c7 100644 --- a/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java +++ b/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java @@ -42,7 +42,6 @@ import org.apache.commons.configuration.ConfigurationException; import org.apache.qpid.client.AMQConnectionURL; import org.apache.qpid.management.common.mbeans.ManagedConnection; import org.apache.qpid.server.model.AuthenticationProvider; -import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.model.Port; import org.apache.qpid.server.model.Transport; import org.apache.qpid.server.model.TrustStore; @@ -67,7 +66,6 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase public void testExternalAuthenticationManagerOnSSLPort() throws Exception { setCommonBrokerSSLProperties(true); - getBrokerConfiguration().setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_SSL_PORT, Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); super.setUp(); setClientKeystoreProperties(); @@ -94,13 +92,13 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase } /** - * Tests that when EXTERNAL authentication manager is set as the default, clients presenting certificates are able to connect. - * Also, checks a client with valid username and password but not using ssl is unable to connect to the non SSL port. + * Tests that when EXTERNAL authentication manager is set on the non-SSL port, clients with valid username and password + * but not using ssl are unable to connect to the non-SSL port. */ - public void testExternalAuthenticationManagerAsDefault() throws Exception + public void testExternalAuthenticationManagerOnNonSslPort() throws Exception { setCommonBrokerSSLProperties(true); - getBrokerConfiguration().setBrokerAttribute(Broker.DEFAULT_AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); + getBrokerConfiguration().setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT, Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); super.setUp(); setClientKeystoreProperties(); @@ -115,25 +113,15 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase { // pass } - - try - { - getExternalSSLConnection(false); - } - catch (JMSException e) - { - fail("Should be able to create a connection to the SSL port. " + e.getMessage()); - } } /** - * Tests that when EXTERNAL authentication manager is set as the default, clients without certificates are unable to connect to the SSL port + * Tests that when EXTERNAL authentication manager is used, clients without certificates are unable to connect to the SSL port * even with valid username and password. */ public void testExternalAuthenticationManagerWithoutClientKeyStore() throws Exception { setCommonBrokerSSLProperties(false); - getBrokerConfiguration().setBrokerAttribute(Broker.DEFAULT_AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); super.setUp(); setClientTrustoreProperties(); @@ -156,7 +144,6 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase public void testExternalAuthenticationDeniesUntrustedClientCert() throws Exception { setCommonBrokerSSLProperties(true); - getBrokerConfiguration().setBrokerAttribute(Broker.DEFAULT_AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); super.setUp(); setUntrustedClientKeystoreProperties(); @@ -219,8 +206,6 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase sslTrustStoreAttributes.put(TrustStore.PEERS_ONLY, true); getBrokerConfiguration().addTrustStoreConfiguration(sslTrustStoreAttributes); - getBrokerConfiguration().setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_SSL_PORT, Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); - super.setUp(); setClientKeystoreProperties(); @@ -267,7 +252,6 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase JMXTestUtils jmxUtils = new JMXTestUtils(this); setCommonBrokerSSLProperties(true); - getBrokerConfiguration().setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_SSL_PORT, Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); getBrokerConfiguration().addJmxManagementConfiguration(); super.setUp(); @@ -301,7 +285,6 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase JMXTestUtils jmxUtils = new JMXTestUtils(this); setCommonBrokerSSLProperties(true); - getBrokerConfiguration().setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_SSL_PORT, Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); getBrokerConfiguration().setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER, ExternalAuthenticationManagerFactory.ATTRIBUTE_USE_FULL_DN, "true"); getBrokerConfiguration().addJmxManagementConfiguration(); @@ -354,6 +337,7 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase private void setCommonBrokerSSLProperties(boolean needClientAuth, Collection<String> trustStoreNames) throws ConfigurationException { TestBrokerConfiguration config = getBrokerConfiguration(); + Map<String, Object> sslPortAttributes = new HashMap<String, Object>(); sslPortAttributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL)); sslPortAttributes.put(Port.PORT, DEFAULT_SSL_PORT); @@ -364,9 +348,11 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase config.addPortConfiguration(sslPortAttributes); Map<String, Object> externalAuthProviderAttributes = new HashMap<String, Object>(); - externalAuthProviderAttributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, ExternalAuthenticationManagerFactory.PROVIDER_TYPE); externalAuthProviderAttributes.put(AuthenticationProvider.NAME, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); + externalAuthProviderAttributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, ExternalAuthenticationManagerFactory.PROVIDER_TYPE); config.addAuthenticationProviderConfiguration(externalAuthProviderAttributes); + + config.setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_SSL_PORT, Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); } private void setUntrustedClientKeystoreProperties() diff --git a/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestTest.java b/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestTest.java index 7d4576db06..88a99ccf2b 100644 --- a/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestTest.java +++ b/java/systests/src/main/java/org/apache/qpid/systest/rest/BrokerRestTest.java @@ -126,7 +126,6 @@ public class BrokerRestTest extends QpidRestTestCase public void testPutToUpdateWithInvalidAttributeValues() throws Exception { Map<String, Object> invalidAttributes = new HashMap<String, Object>(); - invalidAttributes.put(Broker.DEFAULT_AUTHENTICATION_PROVIDER, "non-existing-provider"); invalidAttributes.put(Broker.DEFAULT_VIRTUAL_HOST, "non-existing-host"); invalidAttributes.put(Broker.QUEUE_ALERT_THRESHOLD_MESSAGE_AGE, -1000); invalidAttributes.put(Broker.QUEUE_ALERT_THRESHOLD_QUEUE_DEPTH_MESSAGES, -2000); @@ -166,7 +165,6 @@ public class BrokerRestTest extends QpidRestTestCase private Map<String, Object> getValidBrokerAttributes() { Map<String, Object> brokerAttributes = new HashMap<String, Object>(); - brokerAttributes.put(Broker.DEFAULT_AUTHENTICATION_PROVIDER, ANONYMOUS_AUTHENTICATION_PROVIDER); brokerAttributes.put(Broker.DEFAULT_VIRTUAL_HOST, TEST3_VIRTUALHOST); brokerAttributes.put(Broker.QUEUE_ALERT_THRESHOLD_MESSAGE_AGE, 1000); brokerAttributes.put(Broker.QUEUE_ALERT_THRESHOLD_QUEUE_DEPTH_MESSAGES, 2000); diff --git a/java/systests/src/main/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java b/java/systests/src/main/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java index 149ddcfcbb..c38d9bb396 100644 --- a/java/systests/src/main/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java +++ b/java/systests/src/main/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java @@ -115,6 +115,7 @@ public class KeyStoreRestTest extends QpidRestTestCase sslPortAttributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL)); sslPortAttributes.put(Port.PORT, DEFAULT_SSL_PORT); sslPortAttributes.put(Port.NAME, TestBrokerConfiguration.ENTRY_NAME_SSL_PORT); + sslPortAttributes.put(Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER); sslPortAttributes.put(Port.KEY_STORE, name); getBrokerConfiguration().addPortConfiguration(sslPortAttributes); diff --git a/java/systests/src/main/java/org/apache/qpid/systest/rest/PortRestTest.java b/java/systests/src/main/java/org/apache/qpid/systest/rest/PortRestTest.java index 8ec9e50fa9..be4dea6e81 100644 --- a/java/systests/src/main/java/org/apache/qpid/systest/rest/PortRestTest.java +++ b/java/systests/src/main/java/org/apache/qpid/systest/rest/PortRestTest.java @@ -78,6 +78,7 @@ public class PortRestTest extends QpidRestTestCase Map<String, Object> attributes = new HashMap<String, Object>(); attributes.put(Port.NAME, portName); attributes.put(Port.PORT, findFreePort()); + attributes.put(Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER); int responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes); assertEquals("Unexpected response code", 201, responseCode); @@ -138,6 +139,7 @@ public class PortRestTest extends QpidRestTestCase Map<String, Object> attributes = new HashMap<String, Object>(); attributes.put(Port.NAME, portName); attributes.put(Port.PORT, findFreePort()); + attributes.put(Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER); int responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes); assertEquals("Unexpected response code for port creation", 201, responseCode); @@ -161,25 +163,6 @@ public class PortRestTest extends QpidRestTestCase responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes); assertEquals("Port cannot be updated in non management mode", 409, responseCode); - - restartBrokerInManagementMode(); - - responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes); - assertEquals("Port should be allwed to update in a management mode", 200, responseCode); - - portDetails = getRestTestHelper().getJsonAsList("/rest/port/" + portName); - assertNotNull("Port details cannot be null", portDetails); - assertEquals("Unexpected number of ports with name " + portName, 1, portDetails.size()); - port = portDetails.get(0); - - assertEquals("Unexpected authentication provider", TestBrokerConfiguration.ENTRY_NAME_ANONYMOUS_PROVIDER, port.get(Port.AUTHENTICATION_PROVIDER)); - Object protocols = port.get(Port.PROTOCOLS); - assertNotNull("Protocols attribute is not found", protocols); - assertTrue("Protocol attribute value is not collection:" + protocols, protocols instanceof Collection); - @SuppressWarnings("unchecked") - Collection<String> protocolsCollection = ((Collection<String>)protocols); - assertEquals("Unexpected protocols size", 1, protocolsCollection.size()); - assertEquals("Unexpected protocols", Protocol.AMQP_0_9_1.name(), protocolsCollection.iterator().next()); } public void testPutUpdateOpenedAmqpPortFails() throws Exception @@ -199,6 +182,7 @@ public class PortRestTest extends QpidRestTestCase public void testUpdatePortTransportFromTCPToSSLWhenKeystoreIsConfigured() throws Exception { restartBrokerInManagementMode(); + getRestTestHelper().setManagementModeCredentials(); String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT; Map<String, Object> attributes = new HashMap<String, Object>(); @@ -210,6 +194,7 @@ public class PortRestTest extends QpidRestTestCase assertEquals("Transport has not been changed to SSL " , 200, responseCode); restartBroker(); + getRestTestHelper().setUsernameAndPassword("webadmin", "webadmin"); Map<String, Object> port = getRestTestHelper().getJsonAsSingletonList("/rest/port/" + portName); @@ -225,6 +210,7 @@ public class PortRestTest extends QpidRestTestCase public void testUpdateTransportFromTCPToSSLWithoutKeystoreConfiguredFails() throws Exception { restartBrokerInManagementMode(); + getRestTestHelper().setManagementModeCredentials(); String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT; Map<String, Object> attributes = new HashMap<String, Object>(); @@ -241,6 +227,7 @@ public class PortRestTest extends QpidRestTestCase Map<String, Object> attributes = new HashMap<String, Object>(); attributes.put(Port.NAME, portName); attributes.put(Port.PORT, DEFAULT_SSL_PORT); + attributes.put(Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER); attributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL)); attributes.put(Port.KEY_STORE, TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE); attributes.put(Port.TRUST_STORES, Collections.singleton(TestBrokerConfiguration.ENTRY_NAME_SSL_TRUSTSTORE)); @@ -249,6 +236,7 @@ public class PortRestTest extends QpidRestTestCase assertEquals("SSL port was not added", 201, responseCode); restartBrokerInManagementMode(); + getRestTestHelper().setManagementModeCredentials(); attributes.put(Port.NEED_CLIENT_AUTH, true); attributes.put(Port.WANT_CLIENT_AUTH, true); @@ -257,6 +245,7 @@ public class PortRestTest extends QpidRestTestCase assertEquals("Attributes for need/want client auth are not set", 200, responseCode); restartBroker(); + getRestTestHelper().setUsernameAndPassword("webadmin", "webadmin"); Map<String, Object> port = getRestTestHelper().getJsonAsSingletonList("/rest/port/" + portName); assertEquals("Unexpected " + Port.NEED_CLIENT_AUTH, true, port.get(Port.NEED_CLIENT_AUTH)); assertEquals("Unexpected " + Port.WANT_CLIENT_AUTH, true, port.get(Port.WANT_CLIENT_AUTH)); @@ -267,6 +256,7 @@ public class PortRestTest extends QpidRestTestCase new HashSet<String>(trustStores)); restartBrokerInManagementMode(); + getRestTestHelper().setManagementModeCredentials(); attributes = new HashMap<String, Object>(); attributes.put(Port.NAME, portName); @@ -285,6 +275,7 @@ public class PortRestTest extends QpidRestTestCase assertEquals("Should be able to change transport to TCP ", 200, responseCode); restartBroker(); + getRestTestHelper().setUsernameAndPassword("webadmin", "webadmin"); port = getRestTestHelper().getJsonAsSingletonList("/rest/port/" + portName); assertEquals("Unexpected " + Port.NEED_CLIENT_AUTH, false, port.get(Port.NEED_CLIENT_AUTH)); assertEquals("Unexpected " + Port.WANT_CLIENT_AUTH, false, port.get(Port.WANT_CLIENT_AUTH)); @@ -298,6 +289,7 @@ public class PortRestTest extends QpidRestTestCase public void testUpdateSettingWantNeedCertificateFailsForNonSSLPort() throws Exception { restartBrokerInManagementMode(); + getRestTestHelper().setManagementModeCredentials(); String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT; Map<String, Object> attributes = new HashMap<String, Object>(); @@ -316,6 +308,7 @@ public class PortRestTest extends QpidRestTestCase public void testUpdatePortAuthenticationProvider() throws Exception { restartBrokerInManagementMode(); + getRestTestHelper().setManagementModeCredentials(); String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT; Map<String, Object> attributes = new HashMap<String, Object>(); diff --git a/java/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java b/java/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java index 9628423a00..c15e5d7285 100644 --- a/java/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java +++ b/java/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java @@ -51,6 +51,7 @@ import junit.framework.Assert; import org.apache.commons.codec.binary.Base64; import org.apache.commons.configuration.ConfigurationException; import org.apache.log4j.Logger; +import org.apache.qpid.server.BrokerOptions; import org.apache.qpid.server.security.auth.manager.AbstractPrincipalDatabaseAuthManagerFactory; import org.apache.qpid.ssl.SSLContextFactory; import org.apache.qpid.test.utils.QpidBrokerTestCase; @@ -400,6 +401,11 @@ public class RestTestHelper _password = password; } + public void setManagementModeCredentials() + { + setUsernameAndPassword(BrokerOptions.MANAGEMENT_MODE_USER_NAME, QpidBrokerTestCase.MANAGEMENT_MODE_PASSWORD); + } + /** * Create password file that follows the convention username=password, which is deleted by {@link #tearDown()} */ diff --git a/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java b/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java index a5b1c4ff74..1c05f17e25 100644 --- a/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java +++ b/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java @@ -20,20 +20,20 @@ */ package org.apache.qpid.systest.rest; +import static org.apache.qpid.server.security.auth.sasl.SaslUtil.generateCramMD5ClientResponse; +import static org.apache.qpid.server.security.auth.sasl.SaslUtil.generateCramMD5HexClientResponse; +import static org.apache.qpid.server.security.auth.sasl.SaslUtil.generatePlainClientResponse; + import java.io.File; import java.io.FileWriter; import java.io.IOException; import java.io.OutputStream; import java.net.HttpURLConnection; -import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.HashMap; import java.util.List; import java.util.Map; -import javax.crypto.Mac; -import javax.crypto.spec.SecretKeySpec; - import org.apache.commons.codec.binary.Base64; import org.apache.commons.configuration.ConfigurationException; import org.apache.qpid.server.plugin.AuthenticationManagerFactory; @@ -345,59 +345,6 @@ public class SaslRestTest extends QpidRestTestCase } } - private static byte SEPARATOR = 0; - - private byte[] generatePlainClientResponse(String userName, String userPassword) throws Exception - { - byte[] password = userPassword.getBytes("UTF8"); - byte user[] = userName.getBytes("UTF8"); - byte response[] = new byte[password.length + user.length + 2 ]; - int size = 0; - response[size++] = SEPARATOR; - System.arraycopy(user, 0, response, size, user.length); - size += user.length; - response[size++] = SEPARATOR; - System.arraycopy(password, 0, response, size, password.length); - return response; - } - - private byte[] generateCramMD5HexClientResponse(String userName, String userPassword, byte[] challengeBytes) throws Exception - { - String macAlgorithm = "HmacMD5"; - byte[] digestedPasswordBytes = MessageDigest.getInstance("MD5").digest(userPassword.getBytes("UTF-8")); - byte[] hexEncodedDigestedPasswordBytes = toHex(digestedPasswordBytes).getBytes("UTF-8"); - Mac mac = Mac.getInstance(macAlgorithm); - mac.init(new SecretKeySpec(hexEncodedDigestedPasswordBytes, macAlgorithm)); - final byte[] messageAuthenticationCode = mac.doFinal(challengeBytes); - String responseAsString = userName + " " + toHex(messageAuthenticationCode); - return responseAsString.getBytes(); - } - - private byte[] generateCramMD5ClientResponse(String userName, String userPassword, byte[] challengeBytes) throws Exception - { - String macAlgorithm = "HmacMD5"; - Mac mac = Mac.getInstance(macAlgorithm); - mac.init(new SecretKeySpec(userPassword.getBytes("UTF-8"), macAlgorithm)); - final byte[] messageAuthenticationCode = mac.doFinal(challengeBytes); - String responseAsString = userName + " " + toHex(messageAuthenticationCode); - return responseAsString.getBytes(); - } - - private String toHex(byte[] data) - { - StringBuffer hash = new StringBuffer(); - for (int i = 0; i < data.length; i++) - { - String hex = Integer.toHexString(0xFF & data[i]); - if (hex.length() == 1) - { - hash.append('0'); - } - hash.append(hex); - } - return hash.toString(); - } - private void configureBase64MD5FilePrincipalDatabase() throws IOException, ConfigurationException { // generate user password entry diff --git a/java/systests/src/main/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java b/java/systests/src/main/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java index 87e7367235..8b788780d6 100644 --- a/java/systests/src/main/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java +++ b/java/systests/src/main/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java @@ -114,6 +114,7 @@ public class TrustStoreRestTest extends QpidRestTestCase sslPortAttributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL)); sslPortAttributes.put(Port.PORT, DEFAULT_SSL_PORT); sslPortAttributes.put(Port.NAME, TestBrokerConfiguration.ENTRY_NAME_SSL_PORT); + sslPortAttributes.put(Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER); sslPortAttributes.put(Port.KEY_STORE, TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE); sslPortAttributes.put(Port.TRUST_STORES, Collections.singleton(name)); getBrokerConfiguration().addPortConfiguration(sslPortAttributes); diff --git a/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java b/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java index 8806289bd0..ce4c869e66 100644 --- a/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java +++ b/java/systests/src/main/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java @@ -260,8 +260,6 @@ public class BrokerACLTest extends QpidRestTestCase String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT; assertPortExists(portName); - restartBrokerInManagementMode(); - getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER); int responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "DELETE", null); @@ -270,15 +268,14 @@ public class BrokerACLTest extends QpidRestTestCase assertPortExists(portName); } - public void testDeletePortAllowed() throws Exception + // TODO: test disabled until allowing the deletion of active ports outside management mode + public void DISABLED_testDeletePortAllowed() throws Exception { getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT; assertPortExists(portName); - restartBrokerInManagementMode(); - getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); int responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "DELETE", null); @@ -287,7 +284,8 @@ public class BrokerACLTest extends QpidRestTestCase assertPortDoesNotExist(portName); } - public void testSetPortAttributesAllowed() throws Exception + // TODO: test disabled until allowing the updating of active ports outside management mode + public void DISABLED_testSetPortAttributesAllowed() throws Exception { getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); @@ -298,7 +296,6 @@ public class BrokerACLTest extends QpidRestTestCase assertPortExists(portName); - restartBrokerInManagementMode(); Map<String, Object> attributes = new HashMap<String, Object>(); attributes.put(Port.NAME, portName); @@ -322,8 +319,6 @@ public class BrokerACLTest extends QpidRestTestCase assertPortExists(portName); - restartBrokerInManagementMode(); - getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER); Map<String, Object> attributes = new HashMap<String, Object>(); @@ -600,42 +595,45 @@ public class BrokerACLTest extends QpidRestTestCase { getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); - String defaultAuthenticationProvider = TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER; + int initialAlertRepeatGap = 30000; + int updatedAlertRepeatGap = 29999; + Map<String, Object> brokerAttributes = getRestTestHelper().getJsonAsSingletonList("/rest/broker"); - assertEquals("Unexpected authentication provider", defaultAuthenticationProvider, - brokerAttributes.get(Broker.DEFAULT_AUTHENTICATION_PROVIDER)); - restartBrokerInManagementMode(); + assertEquals("Unexpected alert repeat gap", initialAlertRepeatGap, + brokerAttributes.get(Broker.QUEUE_ALERT_REPEAT_GAP)); Map<String, Object> newAttributes = new HashMap<String, Object>(); - newAttributes.put(Broker.DEFAULT_AUTHENTICATION_PROVIDER, ANONYMOUS_AUTHENTICATION_PROVIDER); + newAttributes.put(Broker.QUEUE_ALERT_REPEAT_GAP, updatedAlertRepeatGap); + int responseCode = getRestTestHelper().submitRequest("/rest/broker", "PUT", newAttributes); assertEquals("Setting of port attribites should be allowed", 200, responseCode); brokerAttributes = getRestTestHelper().getJsonAsSingletonList("/rest/broker"); - assertEquals("Unexpected default authentication provider attribute value", ANONYMOUS_AUTHENTICATION_PROVIDER, - brokerAttributes.get(Broker.DEFAULT_AUTHENTICATION_PROVIDER)); + assertEquals("Unexpected default alert repeat gap", updatedAlertRepeatGap, + brokerAttributes.get(Broker.QUEUE_ALERT_REPEAT_GAP)); } public void testSetBrokerAttributesDenied() throws Exception { getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); - String defaultAuthenticationProvider = TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER; + int initialAlertRepeatGap = 30000; + int updatedAlertRepeatGap = 29999; Map<String, Object> brokerAttributes = getRestTestHelper().getJsonAsSingletonList("/rest/broker"); - assertEquals("Unexpected authentication provider", defaultAuthenticationProvider, - brokerAttributes.get(Broker.DEFAULT_AUTHENTICATION_PROVIDER)); - restartBrokerInManagementMode(); + assertEquals("Unexpected alert repeat gap", initialAlertRepeatGap, + brokerAttributes.get(Broker.QUEUE_ALERT_REPEAT_GAP)); getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER); Map<String, Object> newAttributes = new HashMap<String, Object>(); - newAttributes.put(Broker.DEFAULT_AUTHENTICATION_PROVIDER, ANONYMOUS_AUTHENTICATION_PROVIDER); + newAttributes.put(Broker.QUEUE_ALERT_REPEAT_GAP, updatedAlertRepeatGap); + int responseCode = getRestTestHelper().submitRequest("/rest/broker", "PUT", newAttributes); assertEquals("Setting of port attribites should be allowed", 403, responseCode); brokerAttributes = getRestTestHelper().getJsonAsSingletonList("/rest/broker"); - assertEquals("Unexpected default authentication provider attribute value", defaultAuthenticationProvider, - brokerAttributes.get(Broker.DEFAULT_AUTHENTICATION_PROVIDER)); + assertEquals("Unexpected default alert repeat gap", initialAlertRepeatGap, + brokerAttributes.get(Broker.QUEUE_ALERT_REPEAT_GAP)); } private int createPort(String portName) throws Exception diff --git a/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java b/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java index b005a9748c..c14c724419 100755 --- a/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java +++ b/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java @@ -184,6 +184,7 @@ public class QpidBrokerTestCase extends QpidTestCase protected List<Connection> _connections = new ArrayList<Connection>(); public static final String QUEUE = "queue"; public static final String TOPIC = "topic"; + public static final String MANAGEMENT_MODE_PASSWORD = "mm_password"; /** Map to hold test defined environment properties */ private Map<String, String> _env; @@ -467,6 +468,10 @@ public class QpidBrokerTestCase extends QpidTestCase options.setConfigurationStoreType(_brokerStoreType); options.setConfigurationStoreLocation(testConfig); options.setManagementMode(managementMode); + if (managementMode) + { + options.setManagementModePassword(MANAGEMENT_MODE_PASSWORD); + } //Set the log config file, relying on the log4j.configuration system property //set on the JVM by the JUnit runner task in module.xml. @@ -486,9 +491,11 @@ public class QpidBrokerTestCase extends QpidTestCase String[] cmd = _brokerCommandHelper.getBrokerCommand(port, testConfig, _brokerStoreType, _logConfigFile); if (managementMode) { - String[] newCmd = new String[cmd.length + 1]; + String[] newCmd = new String[cmd.length + 3]; System.arraycopy(cmd, 0, newCmd, 0, cmd.length); newCmd[cmd.length] = "-mm"; + newCmd[cmd.length + 1] = "-mmpass"; + newCmd[cmd.length + 2] = MANAGEMENT_MODE_PASSWORD; cmd = newCmd; } _logger.info("Starting spawn broker using command: " + StringUtils.join(cmd, ' ')); |