private Mechanism findSaslMechanism(String[] remoteMechanisms) throws JMSSecurityRuntimeException { Mechanism mechanism = SaslMechanismFinder.findMatchingMechanism( connectionInfo.getUsername(), connectionInfo.getPassword(), transport.getLocalPrincipal(), saslMechanisms, remoteMechanisms); mechanism.setUsername(connectionInfo.getUsername()); mechanism.setPassword(connectionInfo.getPassword()); try { Map<String, String> saslOptions = PropertyUtil.filterProperties(PropertyUtil.parseQuery(getRemoteURI()), "sasl.options."); if (!saslOptions.containsKey("serverName")) { saslOptions.put("serverName", remoteURI.getHost()); } mechanism.init(Collections.unmodifiableMap(saslOptions)); } catch (Exception ex) { throw new RuntimeException("Failed to apply sasl options to mechanism: " + mechanism.getName() + ", reason: " + ex.toString(), ex); } return mechanism; }
public void handleSaslMechanisms(Sasl sasl, Transport transport) { try { String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms != null && remoteMechanisms.length != 0) { try { mechanism = mechanismFinder.apply(remoteMechanisms); } catch (JMSSecurityRuntimeException jmssre){ recordFailure("Could not find a suitable SASL mechanism. " + jmssre.getMessage(), jmssre); return; } byte[] response = mechanism.getInitialResponse(); if (response != null) { sasl.send(response, 0, response.length); } sasl.setMechanisms(mechanism.getName()); } } catch (Throwable error) { recordFailure("Exception while processing SASL init: " + error.getMessage(), error); } }
@Test(timeout = 30000) public void testCreateProducerAnonymousNotAuthorized() { MockJMSUser user = new MockJMSUser("user", "password"); user.setCanProducerAnonymously(false); factory.addUser(user); JMSContext context = cf.createContext("user", "password"); try { context.createProducer(); fail("Should not be able to create producer when not authorized"); } catch (JMSSecurityRuntimeException jmssre) {} }
public static JMSRuntimeException convertToRuntimeException(JMSException e) { if (e instanceof javax.jms.IllegalStateException) { return new IllegalStateRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof InvalidClientIDException) { return new InvalidClientIDRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof InvalidDestinationException) { return new InvalidDestinationRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof InvalidSelectorException) { return new InvalidSelectorRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof JMSSecurityException) { return new JMSSecurityRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof MessageFormatException) { return new MessageFormatRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof MessageNotWriteableException) { return new MessageNotWriteableRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof ResourceAllocationException) { return new ResourceAllocationRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof TransactionInProgressException) { return new TransactionInProgressRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof TransactionRolledBackException) { return new TransactionRolledBackRuntimeException(e.getMessage(), e.getErrorCode(), e); } return new JMSRuntimeException(e.getMessage(), e.getErrorCode(), e); }
/** * Converts instances of sub-classes of {@link JMSException} into the corresponding sub-class of * {@link JMSRuntimeException}. * * @param e * @return */ public static JMSRuntimeException convertToRuntimeException(JMSException e) { if (e instanceof javax.jms.IllegalStateException) { return new IllegalStateRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof InvalidClientIDException) { return new InvalidClientIDRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof InvalidDestinationException) { return new InvalidDestinationRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof InvalidSelectorException) { return new InvalidSelectorRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof JMSSecurityException) { return new JMSSecurityRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof MessageFormatException) { return new MessageFormatRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof MessageNotWriteableException) { return new MessageNotWriteableRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof ResourceAllocationException) { return new ResourceAllocationRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof TransactionInProgressException) { return new TransactionInProgressRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof TransactionRolledBackException) { return new TransactionRolledBackRuntimeException(e.getMessage(), e.getErrorCode(), e); } return new JMSRuntimeException(e.getMessage(), e.getErrorCode(), e); }
/** * Attempts to find a matching Mechanism implementation given a list of supported * mechanisms from a remote peer. Can return null if no matching Mechanisms are * found. * * @param username * the username, or null if there is none * @param password * the password, or null if there is none * @param localPrincipal * the Principal associated with the transport, or null if there is none * @param mechRestrictions * The possible mechanism(s) to which the client should restrict its * mechanism selection to if offered by the server, or null if there * is no restriction * @param remoteMechanisms * list of mechanism names that are supported by the remote peer. * * @return the best matching Mechanism for the supported remote set. * @throws JMSSecurityRuntimeException if no matching mechanism can be identified */ public static Mechanism findMatchingMechanism(String username, String password, Principal localPrincipal, Set<String> mechRestrictions, String... remoteMechanisms) throws JMSSecurityRuntimeException { Mechanism match = null; List<Mechanism> found = new ArrayList<Mechanism>(); List<String> remoteMechanismNames = Arrays.asList(remoteMechanisms); for (String remoteMechanism : remoteMechanismNames) { MechanismFactory factory = findMechanismFactory(remoteMechanism); if (factory != null) { Mechanism mech = factory.createMechanism(); boolean mechConfigured = mechRestrictions != null && mechRestrictions.contains(remoteMechanism); if(mechRestrictions != null && !mechConfigured) { LOG.debug("Skipping {} mechanism because it is not in the configured mechanisms restriction set", remoteMechanism); } else if(mech.isApplicable(username, password, localPrincipal)) { if(mech.isEnabledByDefault() || mechConfigured) { found.add(mech); } else { LOG.debug("Skipping {} mechanism as it must be explicitly enabled in the configured sasl mechanisms", mech); } } else { LOG.debug("Skipping {} mechanism because the available credentials are not sufficient", mech); } } } if (!found.isEmpty()) { // Sorts by priority using Mechanism comparison and return the last value in // list which is the Mechanism deemed to be the highest priority match. Collections.sort(found); match = found.get(found.size() - 1); } else { throw new JMSSecurityRuntimeException("No supported mechanism, or none usable with the available credentials. Server offered: " + remoteMechanismNames); } LOG.info("Best match for SASL auth was: {}", match); return match; }
private void doMechanismNegotiationFailsToFindMatchTestImpl(boolean createContext) throws Exception { try (TestAmqpPeer testPeer = new TestAmqpPeer();) { String failureMessageBreadcrumb = "Could not find a suitable SASL mechanism." + " No supported mechanism, or none usable with the available credentials. Server offered: [SCRAM-SHA-1, UNKNOWN, PLAIN]"; Symbol[] serverMechs = new Symbol[] { SCRAM_SHA_1, Symbol.valueOf("UNKNOWN"), PLAIN}; testPeer.expectSaslMechanismNegotiationFailure(serverMechs); String uriOptions = "?jms.clientID=myclientid"; ConnectionFactory factory = new JmsConnectionFactory("amqp://localhost:" + testPeer.getServerPort() + uriOptions); if(createContext) { try { factory.createContext(null, null); fail("Excepted exception to be thrown"); } catch (JMSSecurityRuntimeException jmssre) { // Expected, we deliberately failed the mechanism negotiation process. assertNotNull("Expected an exception message", jmssre.getMessage()); assertEquals("Unexpected message details", jmssre.getMessage(), failureMessageBreadcrumb); } } else { try { factory.createConnection(null, null); fail("Excepted exception to be thrown"); } catch (JMSSecurityException jmsse) { // Expected, we deliberately failed the mechanism negotiation process. assertNotNull("Expected an exception message", jmsse.getMessage()); assertEquals("Unexpected message details", jmsse.getMessage(), failureMessageBreadcrumb); } } testPeer.waitForAllHandlersToComplete(1000); } }
@Test public void testNoSaslMechanismAgreed() throws Exception { Function<String[], Mechanism> mechanismFunction = mechanismName -> { throw new JMSSecurityRuntimeException("reasons"); }; AmqpSaslAuthenticator authenticator = new AmqpSaslAuthenticator(mechanismFunction); authenticator.handleSaslMechanisms(sasl, transport); assertTrue(authenticator.isComplete()); assertFalse(authenticator.wasSuccessful()); assertNotNull(authenticator.getFailureCause()); assertTrue(authenticator.getFailureCause().getMessage().contains("Could not find a suitable SASL mechanism")); }
public static JMSRuntimeException toRuntimeException(final JMSException e) { if (e instanceof javax.jms.IllegalStateException) { return new IllegalStateRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof InvalidClientIDException) { return new InvalidClientIDRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof InvalidDestinationException) { return new InvalidDestinationRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof InvalidSelectorException) { return new InvalidSelectorRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof JMSSecurityException) { return new JMSSecurityRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof MessageFormatException) { return new MessageFormatRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof MessageNotWriteableException) { return new MessageNotWriteableRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof ResourceAllocationException) { return new ResourceAllocationRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof TransactionInProgressException) { return new TransactionInProgressRuntimeException(e.getMessage(), e.getErrorCode(), e); } if (e instanceof TransactionRolledBackException) { return new TransactionRolledBackRuntimeException(e.getMessage(), e.getErrorCode(), e); } return new JMSRuntimeException(e.getMessage(), e.getErrorCode(), e); }
@Test(expected = JMSSecurityRuntimeException.class) public void testConvertsJMSSecurityExceptionToJMSSecurityRuntimeException() { throw JMSExceptionSupport.createRuntimeException(new JMSSecurityException("error")); }
@Test(expected = JMSSecurityRuntimeException.class) public void testConvertsJMSSecurityExceptionToJMSSecurityRuntimeException() { throw JmsExceptionSupport.createRuntimeException(new JMSSecurityException("error")); }
