Support ActiveMQ trusted packages

Ass support for white-listing specific packages or trusting all packages when using ActiveMQ. Fixes gh-5631 Closes gh-5644
2016-04-09 17:23:35 +05:30 · 2016-04-09 17:23:35 +05:30 · d0ccea1b26
parent bdd9d510eb
commit d0ccea1b26
3 changed files with 78 additions and 3 deletions
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQConnectionFactoryFactory.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQConnectionFactoryFactory.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2014 the original author or authors.
+ * Copyright 2012-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -18,6 +18,7 @@ package org.springframework.boot.autoconfigure.jms.activemq;
 import org.apache.activemq.ActiveMQConnectionFactory;
 import org.springframework.boot.autoconfigure.jms.activemq.ActiveMQProperties.Packages;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
@ -26,6 +27,7 @@ import org.springframework.util.StringUtils;
 * in {@link ActiveMQProperties}.
 *
 * @author Phillip Webb
 * @author Venil Noronha
 * @since 1.2.0
 */
 class ActiveMQConnectionFactoryFactory {
@ -57,11 +59,20 @@ class ActiveMQConnectionFactoryFactory {
 		String brokerUrl = determineBrokerUrl();
 		String user = this.properties.getUser();
 		String password = this.properties.getPassword();
 		T activeMqConnectionFactory;
 		if (StringUtils.hasLength(user) && StringUtils.hasLength(password)) {
-			return factoryClass.getConstructor(String.class, String.class, String.class)
+			activeMqConnectionFactory =
 				factoryClass.getConstructor(String.class, String.class, String.class)
 					.newInstance(user, password, brokerUrl);
 		}
-		return factoryClass.getConstructor(String.class).newInstance(brokerUrl);
+		else {
 			activeMqConnectionFactory =
 				factoryClass.getConstructor(String.class).newInstance(brokerUrl);
 		}
 		Packages packages = this.properties.getPackages();
 		activeMqConnectionFactory.setTrustAllPackages(packages.isTrustAll());
 		activeMqConnectionFactory.setTrustedPackages(packages.getTrusted());
 		return activeMqConnectionFactory;
 	}
 	String determineBrokerUrl() {
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQProperties.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQProperties.java
@ -16,6 +16,9 @@
 package org.springframework.boot.autoconfigure.jms.activemq;
 import java.util.ArrayList;
 import java.util.List;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.DeprecatedConfigurationProperty;
@ -25,6 +28,7 @@ import org.springframework.boot.context.properties.DeprecatedConfigurationProper
 * @author Greg Turnquist
 * @author Stephane Nicoll
 * @author Aurélien Leboulanger
 * @author Venil Noronha
 */
@ConfigurationProperties(prefix = "spring.activemq")
 public class ActiveMQProperties {
@ -52,6 +56,8 @@ public class ActiveMQProperties {
 	private Pool pool = new Pool();
 	private Packages packages = new Packages();
 	public String getBrokerUrl() {
 		return this.brokerUrl;
 	}
@ -113,6 +119,14 @@ public class ActiveMQProperties {
 		this.pool = pool;
 	}
 	public Packages getPackages() {
 		return this.packages;
 	}
 	public void setPackages(Packages packages) {
 		this.packages = packages;
 	}
 	public static class Pool {
 		/**
@ -170,4 +184,30 @@ public class ActiveMQProperties {
 	}
 	public static class Packages {
 		/** Whether security check for trusted packages should be turned off. */
 		private boolean trustAll = false;
 		/** The packages to trust. */
 		private List<String> trusted = new ArrayList<String>();
 		public boolean isTrustAll() {
 			return this.trustAll;
 		}
 		public void setTrustAll(boolean trustAll) {
 			this.trustAll = trustAll;
 		}
 		public List<String> getTrusted() {
 			return this.trusted;
 		}
 		public void setTrusted(List<String> trusted) {
 			this.trusted = trusted;
 		}
 	}
 }
--- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQPropertiesTests.java
+++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQPropertiesTests.java
@ -16,15 +16,19 @@
 package org.springframework.boot.autoconfigure.jms.activemq;
 import org.apache.activemq.ActiveMQConnectionFactory;
 import org.junit.Test;
 import static org.assertj.core.api.Assertions.assertThat;
 /**
 * Tests for {@link ActiveMQProperties} and {@link ActiveMQConnectionFactoryFactory}.
 *
 * @author Stephane Nicoll
 * @author Aurélien Leboulanger
 * @author Venil Noronha
 */
 public class ActiveMQPropertiesTests {
@ -62,4 +66,24 @@ public class ActiveMQPropertiesTests {
 				.determineBrokerUrl()).isEqualTo("vm://foo-bar");
 	}
 	@Test
 	public void testPackagesTrustAllSetToTrue() {
 		this.properties.getPackages().setTrustAll(true);
 		assertThat(new ActiveMQConnectionFactoryFactory(this.properties)
 				.createConnectionFactory(ActiveMQConnectionFactory.class)
 				.isTrustAllPackages()).isEqualTo(true);
 	}
 	@Test
 	public void testPackagesToTrust() {
 		this.properties.getPackages().setTrustAll(false);
 		this.properties.getPackages().getTrusted().add("trusted.package");
 		ActiveMQConnectionFactory factory =
 			new ActiveMQConnectionFactoryFactory(this.properties)
 				.createConnectionFactory(ActiveMQConnectionFactory.class);
 		assertThat(factory.isTrustAllPackages()).isEqualTo(false);
 		assertThat(factory.getTrustedPackages().size()).isEqualTo(1);
 		assertThat(factory.getTrustedPackages().get(0)).isEqualTo("trusted.package");
 	}
 }