You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2012/09/04 15:19:04 UTC
svn commit: r1380626 - in /qpid/trunk/qpid/java:
broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/
broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/api/
broker-plugins/ma...
Author: kwall
Date: Tue Sep 4 13:19:03 2012
New Revision: 1380626
URL: http://svn.apache.org/viewvc?rev=1380626&view=rev
Log:
QPID-4283: Make web management capable of using external authentication manager.
also:
* remove test servlets
* rename management.html => index.html
* allow sasl-auth to be disabled
Work of Robbie Gemmell <ro...@apache.org> and myself.
Added:
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html
- copied, changed from r1380625, qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/management.html
Removed:
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/api/
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/management.html
Modified:
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
qpid/trunk/qpid/java/broker/etc/config.xml
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java
qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java?rev=1380626&r1=1380625&r2=1380626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java Tue Sep 4 13:19:03 2012
@@ -32,8 +32,6 @@ import org.apache.qpid.server.logging.ac
import org.apache.qpid.server.logging.messages.ManagementConsoleMessages;
import org.apache.qpid.server.management.plugin.servlet.DefinedFileServlet;
import org.apache.qpid.server.management.plugin.servlet.FileServlet;
-import org.apache.qpid.server.management.plugin.servlet.api.ExchangesServlet;
-import org.apache.qpid.server.management.plugin.servlet.api.VhostsServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.LogRecordsServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.MessageContentServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.MessageServlet;
@@ -158,9 +156,6 @@ public class Management
root.setContextPath("/");
server.setHandler(root);
- root.addServlet(new ServletHolder(new VhostsServlet(_broker)), "/api/vhosts/*");
- root.addServlet(new ServletHolder(new ExchangesServlet(_broker)), "/api/exchanges/*");
-
addRestServlet(root, "broker");
addRestServlet(root, "virtualhost", VirtualHost.class);
addRestServlet(root, "authenticationprovider", AuthenticationProvider.class);
@@ -183,7 +178,7 @@ public class Management
root.addServlet(new ServletHolder(new SaslServlet(_broker)), "/rest/sasl");
- root.addServlet(new ServletHolder(new DefinedFileServlet("management.html")), "/management");
+ root.addServlet(new ServletHolder(new DefinedFileServlet("index.html")), "/management");
root.addServlet(new ServletHolder(FileServlet.INSTANCE), "*.js");
root.addServlet(new ServletHolder(FileServlet.INSTANCE), "*.css");
Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java?rev=1380626&r1=1380625&r2=1380626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java Tue Sep 4 13:19:03 2012
@@ -257,7 +257,7 @@ public abstract class AbstractServlet ex
String remoteUser = request.getRemoteUser();
if(remoteUser != null)
{
- subject = subjectCreator.createSubjectWithGroups(remoteUser);
+ subject = authenticateUserAndGetSubject(subjectCreator, remoteUser, null);
}
else
{
@@ -278,13 +278,7 @@ public abstract class AbstractServlet ex
String[] credentials = (new String(Base64.decodeBase64(tokens[1].getBytes()))).split(":",2);
if(credentials.length == 2)
{
- SubjectAuthenticationResult authResult = subjectCreator.authenticate(credentials[0], credentials[1]);
- if( authResult.getStatus() != AuthenticationStatus.SUCCESS)
- {
- //TODO: write a return response indicating failure?
- throw new AccessControlException("Incorrect username or password");
- }
- subject = authResult.getSubject();
+ subject = authenticateUserAndGetSubject(subjectCreator, credentials[0], credentials[1]);
}
else
{
@@ -308,6 +302,18 @@ public abstract class AbstractServlet ex
return subject;
}
+ private Subject authenticateUserAndGetSubject(SubjectCreator subjectCreator, String username, String password)
+ {
+ SubjectAuthenticationResult authResult = subjectCreator.authenticate(username, password);
+ if( authResult.getStatus() != AuthenticationStatus.SUCCESS)
+ {
+ //TODO: write a return response indicating failure?
+ throw new AccessControlException("Incorrect username or password");
+ }
+ Subject subject = authResult.getSubject();
+ return subject;
+ }
+
private boolean isBasicAuthSupported(HttpServletRequest req)
{
return req.isSecure() ? ApplicationRegistry.getInstance().getConfiguration().getHTTPSManagementBasicAuth()
Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java?rev=1380626&r1=1380625&r2=1380626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java Tue Sep 4 13:19:03 2012
@@ -124,6 +124,8 @@ public class SaslServlet extends Abstrac
@Override
protected void doPostWithSubjectAndActor(final HttpServletRequest request, final HttpServletResponse response) throws IOException
{
+ checkSaslAuthEnabled(request);
+
try
{
response.setContentType("application/json");
@@ -190,7 +192,24 @@ public class SaslServlet extends Abstrac
LOGGER.error("Error processing SASL request", e);
throw e;
}
+ }
+ private void checkSaslAuthEnabled(HttpServletRequest request)
+ {
+ boolean saslAuthEnabled;
+ if (request.isSecure())
+ {
+ saslAuthEnabled = ApplicationRegistry.getInstance().getConfiguration().getHTTPSManagementSaslAuthEnabled();
+ }
+ else
+ {
+ saslAuthEnabled = ApplicationRegistry.getInstance().getConfiguration().getHTTPManagementSaslAuthEnabled();
+ }
+
+ if (!saslAuthEnabled)
+ {
+ throw new RuntimeException("Sasl authentication disabled.");
+ }
}
private void evaluateSaslResponse(final HttpServletResponse response,
Copied: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html (from r1380625, qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/management.html)
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html?p2=qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html&p1=qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/management.html&r1=1380625&r2=1380626&rev=1380626&view=diff
==============================================================================
(empty)
Modified: qpid/trunk/qpid/java/broker/etc/config.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/etc/config.xml?rev=1380626&r1=1380625&r2=1380626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/etc/config.xml (original)
+++ qpid/trunk/qpid/java/broker/etc/config.xml Tue Sep 4 13:19:03 2012
@@ -48,7 +48,7 @@
<registryServer>8999</registryServer>
<!--
If unspecified, connectorServer defaults to 100 + registryServer port.
- <connectorServer>9099</connectionServer>
+ <connectorServer>9099</connectorServer>
-->
</jmxport>
<ssl>
Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java?rev=1380626&r1=1380625&r2=1380626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java Tue Sep 4 13:19:03 2012
@@ -620,6 +620,16 @@ public class ServerConfiguration extends
return getBooleanValue("management.https.basic-auth", true);
}
+ public boolean getHTTPManagementSaslAuthEnabled()
+ {
+ return getBooleanValue("management.http.sasl-auth", true);
+ }
+
+ public boolean getHTTPSManagementSaslAuthEnabled()
+ {
+ return getBooleanValue("management.https.sasl-auth", true);
+ }
+
public String[] getVirtualHosts()
{
return _virtualHosts.keySet().toArray(new String[_virtualHosts.size()]);
@@ -1053,4 +1063,5 @@ public class ServerConfiguration extends
_qpidHome = path;
}
+
}
Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java?rev=1380626&r1=1380625&r2=1380626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java Tue Sep 4 13:19:03 2012
@@ -29,6 +29,7 @@ import org.apache.log4j.Logger;
import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.external.ExternalSaslServer;
public class ExternalAuthenticationManager implements AuthenticationManager
@@ -159,7 +160,7 @@ public class ExternalAuthenticationManag
@Override
public AuthenticationResult authenticate(String username, String password)
{
- return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
+ return new AuthenticationResult(new UsernamePrincipal(username));
}
@Override
Modified: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java?rev=1380626&r1=1380625&r2=1380626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java (original)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java Tue Sep 4 13:19:03 2012
@@ -300,6 +300,45 @@ public class ServerConfigurationTest ext
assertEquals(false, _serverConfig.getJMXManagementEnabled());
}
+ public void testGetHTTPManagementEnabled() throws ConfigurationException
+ {
+ // Check default
+ _serverConfig.initialise();
+ assertEquals(true, _serverConfig.getHTTPManagementEnabled());
+
+ // Check value we set
+ _config.setProperty("management.http.enabled", false);
+ _serverConfig = new ServerConfiguration(_config);
+ _serverConfig.initialise();
+ assertEquals(false, _serverConfig.getHTTPManagementEnabled());
+ }
+
+ public void testGetHTTPManagementSaslAuthEnabled() throws ConfigurationException
+ {
+ // Check default
+ _serverConfig.initialise();
+ assertEquals(true, _serverConfig.getHTTPManagementSaslAuthEnabled());
+
+ // Check value we set
+ _config.setProperty("management.http.sasl-auth", false);
+ _serverConfig = new ServerConfiguration(_config);
+ _serverConfig.initialise();
+ assertEquals(false, _serverConfig.getHTTPManagementSaslAuthEnabled());
+ }
+
+ public void testGetHTTPSManagementSaslAuthEnabled() throws ConfigurationException
+ {
+ // Check default
+ _serverConfig.initialise();
+ assertEquals(true, _serverConfig.getHTTPSManagementSaslAuthEnabled());
+
+ // Check value we set
+ _config.setProperty("management.https.sasl-auth", false);
+ _serverConfig = new ServerConfiguration(_config);
+ _serverConfig.initialise();
+ assertEquals(false, _serverConfig.getHTTPSManagementSaslAuthEnabled());
+ }
+
public void testGetManagementRightsInferAllAccess() throws Exception
{
_serverConfig.initialise();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org