From d0ccea1b26815da1771deb1dde7c6a321c9b1d4f Mon Sep 17 00:00:00 2001 From: Venil Noronha Date: Sat, 9 Apr 2016 17:23:35 +0530 Subject: [PATCH 1/2] Support ActiveMQ trusted packages Ass support for white-listing specific packages or trusting all packages when using ActiveMQ. Fixes gh-5631 Closes gh-5644 --- .../ActiveMQConnectionFactoryFactory.java | 17 ++++++-- .../jms/activemq/ActiveMQProperties.java | 40 +++++++++++++++++++ .../jms/activemq/ActiveMQPropertiesTests.java | 24 +++++++++++ 3 files changed, 78 insertions(+), 3 deletions(-) diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQConnectionFactoryFactory.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQConnectionFactoryFactory.java index e39e6ab39c2..43da9f4e068 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQConnectionFactoryFactory.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQConnectionFactoryFactory.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2014 the original author or authors. + * Copyright 2012-2016 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -18,6 +18,7 @@ package org.springframework.boot.autoconfigure.jms.activemq; import org.apache.activemq.ActiveMQConnectionFactory; +import org.springframework.boot.autoconfigure.jms.activemq.ActiveMQProperties.Packages; import org.springframework.util.Assert; import org.springframework.util.StringUtils; @@ -26,6 +27,7 @@ import org.springframework.util.StringUtils; * in {@link ActiveMQProperties}. * * @author Phillip Webb + * @author Venil Noronha * @since 1.2.0 */ class ActiveMQConnectionFactoryFactory { @@ -57,11 +59,20 @@ class ActiveMQConnectionFactoryFactory { String brokerUrl = determineBrokerUrl(); String user = this.properties.getUser(); String password = this.properties.getPassword(); + T activeMqConnectionFactory; if (StringUtils.hasLength(user) && StringUtils.hasLength(password)) { - return factoryClass.getConstructor(String.class, String.class, String.class) + activeMqConnectionFactory = + factoryClass.getConstructor(String.class, String.class, String.class) .newInstance(user, password, brokerUrl); } - return factoryClass.getConstructor(String.class).newInstance(brokerUrl); + else { + activeMqConnectionFactory = + factoryClass.getConstructor(String.class).newInstance(brokerUrl); + } + Packages packages = this.properties.getPackages(); + activeMqConnectionFactory.setTrustAllPackages(packages.isTrustAll()); + activeMqConnectionFactory.setTrustedPackages(packages.getTrusted()); + return activeMqConnectionFactory; } String determineBrokerUrl() { diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQProperties.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQProperties.java index c50e51e2355..a56f5ad0ad8 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQProperties.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQProperties.java @@ -16,6 +16,9 @@ package org.springframework.boot.autoconfigure.jms.activemq; +import java.util.ArrayList; +import java.util.List; + import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.boot.context.properties.DeprecatedConfigurationProperty; @@ -25,6 +28,7 @@ import org.springframework.boot.context.properties.DeprecatedConfigurationProper * @author Greg Turnquist * @author Stephane Nicoll * @author Aurélien Leboulanger + * @author Venil Noronha */ @ConfigurationProperties(prefix = "spring.activemq") public class ActiveMQProperties { @@ -52,6 +56,8 @@ public class ActiveMQProperties { private Pool pool = new Pool(); + private Packages packages = new Packages(); + public String getBrokerUrl() { return this.brokerUrl; } @@ -113,6 +119,14 @@ public class ActiveMQProperties { this.pool = pool; } + public Packages getPackages() { + return this.packages; + } + + public void setPackages(Packages packages) { + this.packages = packages; + } + public static class Pool { /** @@ -170,4 +184,30 @@ public class ActiveMQProperties { } + public static class Packages { + + /** Whether security check for trusted packages should be turned off. */ + private boolean trustAll = false; + + /** The packages to trust. */ + private List trusted = new ArrayList(); + + public boolean isTrustAll() { + return this.trustAll; + } + + public void setTrustAll(boolean trustAll) { + this.trustAll = trustAll; + } + + public List getTrusted() { + return this.trusted; + } + + public void setTrusted(List trusted) { + this.trusted = trusted; + } + + } + } diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQPropertiesTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQPropertiesTests.java index 63eae653283..fa5553e6fc0 100644 --- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQPropertiesTests.java +++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQPropertiesTests.java @@ -16,15 +16,19 @@ package org.springframework.boot.autoconfigure.jms.activemq; +import org.apache.activemq.ActiveMQConnectionFactory; + import org.junit.Test; import static org.assertj.core.api.Assertions.assertThat; + /** * Tests for {@link ActiveMQProperties} and {@link ActiveMQConnectionFactoryFactory}. * * @author Stephane Nicoll * @author Aurélien Leboulanger + * @author Venil Noronha */ public class ActiveMQPropertiesTests { @@ -62,4 +66,24 @@ public class ActiveMQPropertiesTests { .determineBrokerUrl()).isEqualTo("vm://foo-bar"); } + @Test + public void testPackagesTrustAllSetToTrue() { + this.properties.getPackages().setTrustAll(true); + assertThat(new ActiveMQConnectionFactoryFactory(this.properties) + .createConnectionFactory(ActiveMQConnectionFactory.class) + .isTrustAllPackages()).isEqualTo(true); + } + + @Test + public void testPackagesToTrust() { + this.properties.getPackages().setTrustAll(false); + this.properties.getPackages().getTrusted().add("trusted.package"); + ActiveMQConnectionFactory factory = + new ActiveMQConnectionFactoryFactory(this.properties) + .createConnectionFactory(ActiveMQConnectionFactory.class); + assertThat(factory.isTrustAllPackages()).isEqualTo(false); + assertThat(factory.getTrustedPackages().size()).isEqualTo(1); + assertThat(factory.getTrustedPackages().get(0)).isEqualTo("trusted.package"); + } + } From 0c0be1e6266d4b4b7510341fafcb5206ec090532 Mon Sep 17 00:00:00 2001 From: Phillip Webb Date: Sun, 10 Apr 2016 07:33:56 -0700 Subject: [PATCH 2/2] Polish contribution --- .../ActiveMQConnectionFactoryFactory.java | 16 ++++++++++------ .../jms/activemq/ActiveMQProperties.java | 18 +++++++++--------- .../jms/activemq/ActiveMQPropertiesTests.java | 11 ++++------- .../appendix-application-properties.adoc | 2 ++ 4 files changed, 25 insertions(+), 22 deletions(-) diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQConnectionFactoryFactory.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQConnectionFactoryFactory.java index 43da9f4e068..4a29b1a661b 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQConnectionFactoryFactory.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQConnectionFactoryFactory.java @@ -61,17 +61,21 @@ class ActiveMQConnectionFactoryFactory { String password = this.properties.getPassword(); T activeMqConnectionFactory; if (StringUtils.hasLength(user) && StringUtils.hasLength(password)) { - activeMqConnectionFactory = - factoryClass.getConstructor(String.class, String.class, String.class) + activeMqConnectionFactory = factoryClass + .getConstructor(String.class, String.class, String.class) .newInstance(user, password, brokerUrl); } else { - activeMqConnectionFactory = - factoryClass.getConstructor(String.class).newInstance(brokerUrl); + activeMqConnectionFactory = factoryClass.getConstructor(String.class) + .newInstance(brokerUrl); } Packages packages = this.properties.getPackages(); - activeMqConnectionFactory.setTrustAllPackages(packages.isTrustAll()); - activeMqConnectionFactory.setTrustedPackages(packages.getTrusted()); + if (packages.getTrustAll() != null) { + activeMqConnectionFactory.setTrustAllPackages(packages.getTrustAll()); + } + if (!packages.getTrusted().isEmpty()) { + activeMqConnectionFactory.setTrustedPackages(packages.getTrusted()); + } return activeMqConnectionFactory; } diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQProperties.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQProperties.java index a56f5ad0ad8..bd448c831ab 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQProperties.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQProperties.java @@ -123,10 +123,6 @@ public class ActiveMQProperties { return this.packages; } - public void setPackages(Packages packages) { - this.packages = packages; - } - public static class Pool { /** @@ -186,17 +182,21 @@ public class ActiveMQProperties { public static class Packages { - /** Whether security check for trusted packages should be turned off. */ - private boolean trustAll = false; + /** + * Trust all packages. + */ + private Boolean trustAll; - /** The packages to trust. */ + /** + * The specific packages to trust (when not trusting all packages). + */ private List trusted = new ArrayList(); - public boolean isTrustAll() { + public Boolean getTrustAll() { return this.trustAll; } - public void setTrustAll(boolean trustAll) { + public void setTrustAll(Boolean trustAll) { this.trustAll = trustAll; } diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQPropertiesTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQPropertiesTests.java index fa5553e6fc0..00f9071da00 100644 --- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQPropertiesTests.java +++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/jms/activemq/ActiveMQPropertiesTests.java @@ -17,12 +17,10 @@ package org.springframework.boot.autoconfigure.jms.activemq; import org.apache.activemq.ActiveMQConnectionFactory; - import org.junit.Test; import static org.assertj.core.api.Assertions.assertThat; - /** * Tests for {@link ActiveMQProperties} and {@link ActiveMQConnectionFactoryFactory}. * @@ -67,7 +65,7 @@ public class ActiveMQPropertiesTests { } @Test - public void testPackagesTrustAllSetToTrue() { + public void setTrustAllPackages() { this.properties.getPackages().setTrustAll(true); assertThat(new ActiveMQConnectionFactoryFactory(this.properties) .createConnectionFactory(ActiveMQConnectionFactory.class) @@ -75,12 +73,11 @@ public class ActiveMQPropertiesTests { } @Test - public void testPackagesToTrust() { + public void setTrustedPackages() { this.properties.getPackages().setTrustAll(false); this.properties.getPackages().getTrusted().add("trusted.package"); - ActiveMQConnectionFactory factory = - new ActiveMQConnectionFactoryFactory(this.properties) - .createConnectionFactory(ActiveMQConnectionFactory.class); + ActiveMQConnectionFactory factory = new ActiveMQConnectionFactoryFactory( + this.properties).createConnectionFactory(ActiveMQConnectionFactory.class); assertThat(factory.isTrustAllPackages()).isEqualTo(false); assertThat(factory.getTrustedPackages().size()).isEqualTo(1); assertThat(factory.getTrustedPackages().get(0)).isEqualTo("trusted.package"); diff --git a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc index 38703143497..124f9711b9a 100644 --- a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc +++ b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc @@ -770,6 +770,8 @@ content into your application; rather pick only the properties that you need. spring.activemq.pool.expiry-timeout=0 # Connection expiration timeout in milliseconds. spring.activemq.pool.idle-timeout=30000 # Connection idle timeout in milliseconds. spring.activemq.pool.max-connections=1 # Maximum number of pooled connections. + spring.activemq.packages.trust-all= # Trust all packages + spring.activemq.packages.trusted= # The specific packages to trust (when not trusting all packages). # ARTEMIS ({sc-spring-boot-autoconfigure}/jms/artemis/ArtemisProperties.{sc-ext}[ArtemisProperties]) spring.artemis.embedded.cluster-password= # Cluster password. Randomly generated on startup by default.