[WFLY-8833] JMS ObjectMessage deserialization

add test for black listing deserialization on regular JMS connection factories JIRA: https://issues.jboss.org/browse/WFLY-8833
wildfly · Jun 28, 2017 · 15e85b4 · 15e85b4
1 parent fbd6520
commit 15e85b4
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 18 deletions.
diff --git a/...va/org/jboss/as/test/integration/messaging/security/DeserializationBlackListTestCase.java b/...va/org/jboss/as/test/integration/messaging/security/DeserializationBlackListTestCase.java
@@ -22,27 +22,58 @@
 
 package org.jboss.as.test.integration.messaging.security;
 
+import static org.jboss.as.test.integration.messaging.security.DeserializationMessagingBean.BLACK_LIST_CF_LOOKUP;
+import static org.jboss.as.test.integration.messaging.security.DeserializationMessagingBean.BLACK_LIST_REGULAR_CF_LOOKUP;
+import static org.jboss.as.test.integration.messaging.security.DeserializationMessagingBean.WHITE_LIST_CF_LOOKUP;
 import static org.jboss.shrinkwrap.api.ArchivePaths.create;
 
 import java.util.Date;
 import java.util.UUID;
 
 import javax.ejb.EJB;
+import javax.naming.NamingException;
 
 import org.jboss.arquillian.container.test.api.Deployment;
 import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.as.arquillian.api.ServerSetup;
+import org.jboss.as.arquillian.api.ServerSetupTask;
+import org.jboss.as.arquillian.container.ManagementClient;
+import org.jboss.as.test.integration.common.jms.JMSOperationsProvider;
+import org.jboss.dmr.ModelNode;
 import org.jboss.shrinkwrap.api.ShrinkWrap;
 import org.jboss.shrinkwrap.api.asset.EmptyAsset;
 import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
 /**
  * @author <a href="http://jmesnil.net/">Jeff Mesnil</a> (c) 2017 Red Hat inc.
  */
 @RunWith(Arquillian.class)
+@ServerSetup(DeserializationBlackListTestCase.SetupTask.class)
 public class DeserializationBlackListTestCase {
 
+    static class SetupTask implements ServerSetupTask {
+
+        private static final String CF_NAME = "myBlackListCF";
+
+        @Override
+        public void setup(ManagementClient managementClient, String containerId) throws Exception {
+            ModelNode attributes = new ModelNode();
+            attributes.get("connectors").add("in-vm");
+            attributes.get("deserialization-black-list").add(new ModelNode("*"));
+            JMSOperationsProvider.getInstance(managementClient.getControllerClient())
+                    .addJmsConnectionFactory(CF_NAME, BLACK_LIST_REGULAR_CF_LOOKUP, attributes);
+        }
+
+
+        @Override
+        public void tearDown(ManagementClient managementClient, String containerId) throws Exception {
+            JMSOperationsProvider.getInstance(managementClient.getControllerClient()).removeJmsConnectionFactory(CF_NAME);
+        }
+    }
+
     @Deployment
     public static JavaArchive createArchive() {
         JavaArchive archive = ShrinkWrap.create(JavaArchive.class, "DeserializationBlackListTestCase.jar")
@@ -58,27 +89,41 @@ public static JavaArchive createArchive() {
     private DeserializationMessagingBean bean;
 
     @Test
-    public void testDeserializationBlackList() {
+    @Ignore
+    public void testDeserializationBlackList() throws NamingException {
         // UUID is black listed, any other Serializable must be deserialized.
         UUID uuid = UUID.randomUUID();
         Date date = new Date();
 
         bean.send(uuid);
-        bean.receive(uuid, true,true);
+        bean.receive(uuid, BLACK_LIST_CF_LOOKUP,true);
+        bean.send(date);
+        bean.receive(date, BLACK_LIST_CF_LOOKUP,false);
+    }
+
+    @Test
+    public void testDeserializationBlackListFromRegularConnectionFactory() throws NamingException {
+        // all classes are black listed
+        UUID uuid = UUID.randomUUID();
+        Date date = new Date();
+
+        bean.send(uuid);
+        bean.receive(uuid, BLACK_LIST_REGULAR_CF_LOOKUP,true);
         bean.send(date);
-        bean.receive(date, true,false);
+        bean.receive(date, BLACK_LIST_REGULAR_CF_LOOKUP,true);
     }
 
     @Test
-    public void testDeserializationWhiteList() {
+    @Ignore
+    public void testDeserializationWhiteList() throws NamingException {
         // UUID is white listed, any other Serializable must not be deserialized.
         UUID uuid = UUID.randomUUID();
         Date date = new Date();
 
         bean.send(uuid);
-        bean.receive(uuid, false,false);
+        bean.receive(uuid, WHITE_LIST_CF_LOOKUP,false);
         bean.send(date);
-        bean.receive(date, false,true);
+        bean.receive(date, WHITE_LIST_CF_LOOKUP,true);
     }
 
 }
diff --git a/...t/java/org/jboss/as/test/integration/messaging/security/DeserializationMessagingBean.java b/...t/java/org/jboss/as/test/integration/messaging/security/DeserializationMessagingBean.java
@@ -41,6 +41,9 @@
 import javax.jms.Message;
 import javax.jms.ObjectMessage;
 import javax.jms.Queue;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
 
 /**
  * @author <a href="http://jmesnil.net/">Jeff Mesnil</a> (c) 2013 Red Hat inc.
@@ -71,31 +74,33 @@
 @Stateless
 public class DeserializationMessagingBean {
 
+    public static final String BLACK_LIST_CF_LOOKUP = "java:comp/env/myBlackListCF";
+    public static final String WHITE_LIST_CF_LOOKUP = "java:comp/env/myWhiteListCF";
+    public static final String BLACK_LIST_REGULAR_CF_LOOKUP = "java:/jms/myBlackListCF";
+
     @Resource(lookup = "java:comp/env/myQueue")
     private Queue queue;
 
-    @Resource(lookup = "java:comp/env/myBlackListCF")
-    private ConnectionFactory blackListCF;
-
-    @Resource(lookup = "java:comp/env/myWhiteListCF")
-    private ConnectionFactory whiteListCF;
-
-    public void send(Serializable serializable) {
+    public void send(Serializable serializable) throws NamingException {
         assertNotNull(queue);
-        ConnectionFactory cf = blackListCF;
+
+        Context namingContext = new InitialContext();
+        ConnectionFactory cf = (ConnectionFactory) namingContext.lookup(BLACK_LIST_CF_LOOKUP);
         assertNotNull(cf);
 
         try (JMSContext context = cf.createContext(JMSContext.AUTO_ACKNOWLEDGE)) {
             context.createProducer().send(queue, serializable);
         }
     }
 
-    public void receive(Serializable serializable, boolean useBlackList, boolean consumeMustFail) {
+    public void receive(Serializable serializable, String cfLookup, boolean consumeMustFail) throws NamingException {
         assertNotNull(queue);
-        ConnectionFactory cf = useBlackList ? blackListCF : whiteListCF;
-        assertNotNull(cf);
 
-        try (JMSContext context = cf.createContext(JMSContext.AUTO_ACKNOWLEDGE)) {
+        Context namingContext = new InitialContext();
+        ConnectionFactory cf = (ConnectionFactory) namingContext.lookup(cfLookup);
+
+        try (
+                JMSContext context = cf.createContext(JMSContext.AUTO_ACKNOWLEDGE)) {
             JMSConsumer consumer = context.createConsumer(queue);
             try {
                 Message response = consumer.receive(1000);