Creating a branch for experimenting with some ideas for JMS client.rajith_jms_client

git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/rajith_jms_client@1128369 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 282 insertions, 0 deletions

diff --git a/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallPluginTest.java b/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallPluginTest.java
new file mode 100644
index 0000000000..2b04962c89
--- /dev/null
+++ b/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallPluginTest.java
@@ -0,0 +1,282 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.qpid.server.security.access;
+
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.XMLConfiguration;
+import org.apache.qpid.server.security.Result;
+import org.apache.qpid.server.security.access.plugins.Firewall;
+import org.apache.qpid.server.security.access.plugins.FirewallConfiguration;
+import org.apache.qpid.server.util.InternalBrokerBaseCase;
+
+public class FirewallPluginTest extends InternalBrokerBaseCase
+{
+    public class RuleInfo
+    {
+        private String _access;
+        private String _network;
+        private String _hostname;
+        
+        public void setAccess(String _access)
+        {
+            this._access = _access;
+        }
+        
+        public String getAccess()
+        {
+            return _access;
+        }
+        
+        public void setNetwork(String _network)
+        {
+            this._network = _network;
+        }
+        
+        public String getNetwork()
+        {
+            return _network;
+        }
+        
+        public void setHostname(String _hostname)
+        {
+            this._hostname = _hostname;
+        }
+        
+        public String getHostname()
+        {
+            return _hostname;
+        }
+    }
+
+    // IP address
+    private SocketAddress _address;
+
+    @Override
+    public void setUp() throws Exception
+    {
+        super.setUp();
+        
+        _address = new InetSocketAddress("127.0.0.1", 65535);
+    }
+
+    private Firewall initialisePlugin(String defaultAction, RuleInfo[] rules) throws IOException, ConfigurationException
+    {
+        // Create sample config file
+        File confFile = File.createTempFile(getClass().getSimpleName()+"conffile", null);
+        confFile.deleteOnExit();
+        BufferedWriter buf = new BufferedWriter(new FileWriter(confFile));
+        buf.write("<firewall default-action=\""+defaultAction+"\">\n");
+        if (rules != null)
+        {
+            for (RuleInfo rule : rules)
+            {
+                buf.write("<rule");
+                buf.write(" access=\""+rule.getAccess()+"\"");
+                if (rule.getHostname() != null)
+                {
+                    buf.write(" hostname=\""+rule.getHostname()+"\"");
+                }
+                if (rule.getNetwork() != null)
+                {
+                    buf.write(" network=\""+rule.getNetwork()+"\"");
+                }
+                buf.write("/>\n");
+            }
+        }
+        buf.write("</firewall>");
+        buf.close();
+        
+        // Configure plugin
+        FirewallConfiguration config = new FirewallConfiguration();
+        config.setConfiguration("", new XMLConfiguration(confFile));
+        Firewall plugin = new Firewall();
+        plugin.configure(config);
+        return plugin;
+    }
+
+    private Firewall initialisePlugin(String string) throws ConfigurationException, IOException
+    {
+        return initialisePlugin(string, null);
+    }
+    
+    public void testDefaultAction() throws Exception
+    {
+        // Test simple deny
+        Firewall plugin = initialisePlugin("deny");
+        assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
+
+        // Test simple allow
+        plugin = initialisePlugin("allow");
+        assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
+    }
+    
+
+    public void testSingleIPRule() throws Exception
+    {
+        RuleInfo rule = new RuleInfo();
+        rule.setAccess("allow");
+        rule.setNetwork("192.168.23.23");
+        
+        Firewall plugin = initialisePlugin("deny", new RuleInfo[]{rule});
+
+        assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
+        
+        // Set IP so that we're connected from the right address
+        _address = new InetSocketAddress("192.168.23.23", 65535);
+        assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
+    }
+    
+    public void testSingleNetworkRule() throws Exception
+    {
+        RuleInfo rule = new RuleInfo();
+        rule.setAccess("allow");
+        rule.setNetwork("192.168.23.0/24");
+        
+        Firewall plugin = initialisePlugin("deny", new RuleInfo[]{rule});
+
+        assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
+        
+        // Set IP so that we're connected from the right address
+        _address = new InetSocketAddress("192.168.23.23", 65535);
+        assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
+    }
+
+    public void testSingleHostRule() throws Exception
+    {
+        RuleInfo rule = new RuleInfo();
+        rule.setAccess("allow");
+        rule.setHostname(new InetSocketAddress("127.0.0.1", 5672).getHostName());
+        
+        Firewall plugin = initialisePlugin("deny", new RuleInfo[]{rule});
+
+        // Set IP so that we're connected from the right address
+        _address = new InetSocketAddress("127.0.0.1", 65535);
+        assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
+    }
+
+    public void testSingleHostWilcardRule() throws Exception
+    {
+        RuleInfo rule = new RuleInfo();
+        rule.setAccess("allow");
+        String hostname = new InetSocketAddress("127.0.0.1", 0).getHostName();
+        rule.setHostname(".*"+hostname.subSequence(hostname.length() - 1, hostname.length())+"*");
+        Firewall plugin = initialisePlugin("deny", new RuleInfo[]{rule});
+
+        // Set IP so that we're connected from the right address
+        _address = new InetSocketAddress("127.0.0.1", 65535);
+        assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
+    }
+    
+    public void testSeveralFirstAllowsAccess() throws Exception
+    {
+        RuleInfo firstRule = new RuleInfo();
+        firstRule.setAccess("allow");
+        firstRule.setNetwork("192.168.23.23");
+        
+        RuleInfo secondRule = new RuleInfo();
+        secondRule.setAccess("deny");
+        secondRule.setNetwork("192.168.42.42");
+
+        RuleInfo thirdRule = new RuleInfo();
+        thirdRule.setAccess("deny");
+        thirdRule.setHostname("localhost");
+        
+        Firewall plugin = initialisePlugin("deny", new RuleInfo[]{firstRule, secondRule, thirdRule});
+
+        assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
+        
+        // Set IP so that we're connected from the right address
+        _address = new InetSocketAddress("192.168.23.23", 65535);
+        assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
+    }
+    
+    public void testSeveralLastAllowsAccess() throws Exception
+    {
+        RuleInfo firstRule = new RuleInfo();
+        firstRule.setAccess("deny");
+        firstRule.setHostname("localhost");
+        
+        RuleInfo secondRule = new RuleInfo();
+        secondRule.setAccess("deny");
+        secondRule.setNetwork("192.168.42.42");
+
+        RuleInfo thirdRule = new RuleInfo();
+        thirdRule.setAccess("allow");
+        thirdRule.setNetwork("192.168.23.23");
+        
+        Firewall plugin = initialisePlugin("deny", new RuleInfo[]{firstRule, secondRule, thirdRule});
+
+        assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
+        
+        // Set IP so that we're connected from the right address
+        _address = new InetSocketAddress("192.168.23.23", 65535);
+        assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
+    }
+
+    public void testNetmask() throws Exception
+    {
+        RuleInfo firstRule = new RuleInfo();
+        firstRule.setAccess("allow");
+        firstRule.setNetwork("192.168.23.0/24");
+        Firewall plugin = initialisePlugin("deny", new RuleInfo[]{firstRule});
+
+        assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
+        
+        // Set IP so that we're connected from the right address
+        _address = new InetSocketAddress("192.168.23.23", 65535);
+        assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
+    }
+    
+    public void testCommaSeperatedNetmask() throws Exception
+    {
+        RuleInfo firstRule = new RuleInfo();
+        firstRule.setAccess("allow");
+        firstRule.setNetwork("10.1.1.1/8, 192.168.23.0/24");
+        Firewall plugin = initialisePlugin("deny", new RuleInfo[]{firstRule});
+
+        assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
+        
+        // Set IP so that we're connected from the right address
+        _address = new InetSocketAddress("192.168.23.23", 65535);
+        assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
+    }
+    
+    public void testCommaSeperatedHostnames() throws Exception
+    {
+        RuleInfo firstRule = new RuleInfo();
+        firstRule.setAccess("allow");
+        firstRule.setHostname("foo, bar, "+new InetSocketAddress("127.0.0.1", 5672).getHostName());
+        Firewall plugin = initialisePlugin("deny", new RuleInfo[]{firstRule});
+        
+        // Set IP so that we're connected from the right address
+        _address = new InetSocketAddress("10.0.0.1", 65535);
+        assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
+        
+        // Set IP so that we're connected from the right address
+        _address = new InetSocketAddress("127.0.0.1", 65535);
+        assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
+    }
+}