From f608cd0f72d98d60f92165ac0efd6c70efcd870c Mon Sep 17 00:00:00 2001
From: Aidan Skinner <aidan@apache.org>
Date: Wed, 15 Apr 2009 15:55:36 +0000
Subject: QPID-1812: Fix firewall rule parsing, add test for this.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@765250 13f79535-47bb-0310-9956-ffa450edef68
---
 .../access/plugins/network/FirewallPlugin.java     |  4 +-
 .../configuration/ServerConfigurationTest.java     | 64 +++++++++++++++++++++-
 2 files changed, 64 insertions(+), 4 deletions(-)

(limited to 'java')

diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallPlugin.java b/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallPlugin.java
index 85026121ab..810be8ae22 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallPlugin.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/network/FirewallPlugin.java
@@ -55,7 +55,7 @@ public class FirewallPlugin extends AbstractACLPlugin
         public ACLPlugin newInstance(Configuration config) throws ConfigurationException
         {
             FirewallPlugin plugin = new FirewallPlugin();
-            plugin.setConfiguration(config);
+            plugin.setConfiguration(config.subset("firewall"));
             return plugin;
         }
     };
@@ -245,7 +245,7 @@ public class FirewallPlugin extends AbstractACLPlugin
         }
         CompositeConfiguration finalConfig = new CompositeConfiguration(config);
         
-        List subFiles = config.getList("firewall.xml[@fileName]");
+        List subFiles = config.getList("xml[@fileName]");
         for (Object subFile : subFiles)
         {
             finalConfig.addConfiguration(new XMLConfiguration((String) subFile));
diff --git a/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java b/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
index 2c39d006b9..0152fc5122 100644
--- a/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
+++ b/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
@@ -696,6 +696,64 @@ public class ServerConfigurationTest extends TestCase
                 "foo", config.getManagementKeyStorePath());
     }
 
+    public void testFirewallConfiguration() throws Exception
+    {
+     // Write out config
+        File mainFile = File.createTempFile(getClass().getName(), null);
+        mainFile.deleteOnExit();
+        FileWriter out = new FileWriter(mainFile);
+
+        out.write("<broker>\n");
+        out.write("\t<management><enabled>false</enabled></management>\n");
+        out.write("\t<security>\n");
+        out.write("\t\t<principal-databases>\n");
+        out.write("\t\t\t<principal-database>\n");
+        out.write("\t\t\t\t<name>passwordfile</name>\n");
+        out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n");
+        out.write("\t\t\t\t<attributes>\n");
+        out.write("\t\t\t\t\t<attribute>\n");
+        out.write("\t\t\t\t\t\t<name>passwordFile</name>\n");
+        out.write("\t\t\t\t\t\t<value>/dev/null</value>\n");
+        out.write("\t\t\t\t\t</attribute>\n");
+        out.write("\t\t\t\t</attributes>\n");
+        out.write("\t\t\t</principal-database>\n");
+        out.write("\t\t</principal-databases>\n");
+        out.write("\t\t<jmx>\n");
+        out.write("\t\t\t<access>/dev/null</access>\n");
+        out.write("\t\t\t<principal-database>passwordfile</principal-database>\n");
+        out.write("\t\t</jmx>\n");
+        out.write("\t\t<firewall>\n");
+        out.write("\t\t\t<rule access=\"deny\" network=\"127.0.0.1\"/>");
+        out.write("\t\t</firewall>\n");
+        out.write("\t</security>\n");
+        out.write("\t<virtualhosts>\n");
+        out.write("\t\t<virtualhost>\n");
+        out.write("\t\t\t<name>test</name>\n");
+        out.write("\t\t</virtualhost>\n");
+        out.write("\t</virtualhosts>\n");
+        out.write("</broker>\n");
+        out.close();
+        
+        // Load config
+        ApplicationRegistry reg = new ConfigurationFileApplicationRegistry(mainFile);
+        ApplicationRegistry.initialise(reg, 1);
+
+        // Test config
+        VirtualHostRegistry virtualHostRegistry = reg.getVirtualHostRegistry();
+        VirtualHost virtualHost = virtualHostRegistry.getVirtualHost("test");
+        AMQCodecFactory codecFactory = new AMQCodecFactory(true);
+
+        TestIoSession iosession = new TestIoSession();
+        iosession.setAddress("127.0.0.1");
+        
+        AMQProtocolSession session = new AMQMinaProtocolSession(iosession, virtualHostRegistry, codecFactory);
+        assertFalse(reg.getAccessManager().authoriseConnect(session, virtualHost));
+        
+        iosession.setAddress("127.1.2.3");
+        session = new AMQMinaProtocolSession(iosession, virtualHostRegistry, codecFactory);
+        assertTrue(reg.getAccessManager().authoriseConnect(session, virtualHost));
+    }
+    
     public void testCombinedConfigurationFirewall() throws Exception
     {
         // Write out config
@@ -756,11 +814,13 @@ public class ServerConfigurationTest extends TestCase
         ApplicationRegistry.initialise(reg, 1);
 
         // Test config
-        TestIoSession iosession = new TestIoSession();
-        iosession.setAddress("127.0.0.1");
         VirtualHostRegistry virtualHostRegistry = reg.getVirtualHostRegistry();
         VirtualHost virtualHost = virtualHostRegistry.getVirtualHost("test");
         AMQCodecFactory codecFactory = new AMQCodecFactory(true);
+
+        TestIoSession iosession = new TestIoSession();
+        iosession.setAddress("127.0.0.1");
+        
         AMQProtocolSession session = new AMQMinaProtocolSession(iosession, virtualHostRegistry, codecFactory);
         assertFalse(reg.getAccessManager().authoriseConnect(session, virtualHost));
     }
-- 
cgit v1.2.1