You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2021/06/13 21:25:06 UTC
[qpid-broker-j] branch 8.0.x updated: QPID-8529:[Broker-J] Make
sure that subject is set for all http requests
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
The following commit(s) were added to refs/heads/8.0.x by this push:
new 5c1b562 QPID-8529:[Broker-J] Make sure that subject is set for all http requests
5c1b562 is described below
commit 5c1b5626ec2a53243bbfe84b560370fbc7475902
Author: Dedeepya T <de...@yahoo.co.in>
AuthorDate: Tue Jun 1 20:24:45 2021 +0530
QPID-8529:[Broker-J] Make sure that subject is set for all http requests
This closes #89
---
.../auth/manager/AuthenticationResultCacher.java | 34 ++++++++++++----------
.../manager/AuthenticationResultCacherTest.java | 13 +++++++++
.../filter/InteractiveAuthenticationFilter.java | 27 ++++++++++++++++-
3 files changed, 58 insertions(+), 16 deletions(-)
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacher.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacher.java
index b18147d..70adba8 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacher.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacher.java
@@ -115,23 +115,27 @@ public class AuthenticationResultCacher
MessageDigest md = MessageDigest.getInstance("SHA-256");
Subject subject = Subject.getSubject(AccessController.getContext());
- Set<SocketConnectionPrincipal> connectionPrincipals = subject.getPrincipals(SocketConnectionPrincipal.class);
- if (connectionPrincipals != null && !connectionPrincipals.isEmpty())
+ if (subject != null)
{
- SocketConnectionPrincipal connectionPrincipal = connectionPrincipals.iterator().next();
- SocketAddress remoteAddress = connectionPrincipal.getRemoteAddress();
- String address;
- if (remoteAddress instanceof InetSocketAddress)
+ Set<SocketConnectionPrincipal> connectionPrincipals =
+ subject.getPrincipals(SocketConnectionPrincipal.class);
+ if (!connectionPrincipals.isEmpty())
{
- address = ((InetSocketAddress) remoteAddress).getHostString();
- }
- else
- {
- address = remoteAddress.toString();
- }
- if (address != null)
- {
- md.update(address.getBytes(UTF8));
+ SocketConnectionPrincipal connectionPrincipal = connectionPrincipals.iterator().next();
+ SocketAddress remoteAddress = connectionPrincipal.getRemoteAddress();
+ String address;
+ if (remoteAddress instanceof InetSocketAddress)
+ {
+ address = ((InetSocketAddress) remoteAddress).getHostString();
+ }
+ else
+ {
+ address = remoteAddress.toString();
+ }
+ if (address != null)
+ {
+ md.update(address.getBytes(UTF8));
+ }
}
}
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacherTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacherTest.java
index 659fc91..82ac4f6 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacherTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacherTest.java
@@ -135,6 +135,19 @@ public class AuthenticationResultCacherTest extends UnitTestBase
assertGetOrLoad(credentials, expectedResult, expectedHitCount);
}
+ @Test
+ public void testCacheHitNoSubject()
+ {
+ final String credentials = "credentials";
+ final AuthenticationResult result1 = _authenticationResultCacher.getOrLoad(new String[]{credentials}, _loader);
+ assertEquals("Unexpected AuthenticationResult", _successfulAuthenticationResult, result1);
+ assertEquals("Unexpected number of loads before cache hit", 1, _loadCallCount);
+
+ final AuthenticationResult result2 = _authenticationResultCacher.getOrLoad(new String[]{credentials}, _loader);
+ assertEquals("Unexpected AuthenticationResult", _successfulAuthenticationResult, result2);
+ assertEquals("Unexpected number of loads before cache hit", 1, _loadCallCount);
+ }
+
private void assertGetOrLoad(final String credentials,
final AuthenticationResult expectedResult,
final int expectedHitCount)
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/InteractiveAuthenticationFilter.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/InteractiveAuthenticationFilter.java
index 5507959..1a5de7e 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/InteractiveAuthenticationFilter.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/InteractiveAuthenticationFilter.java
@@ -21,6 +21,9 @@
package org.apache.qpid.server.management.plugin.filter;
import java.io.IOException;
+import java.security.Principal;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -40,6 +43,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
import org.apache.qpid.server.management.plugin.HttpManagementUtil;
import org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator;
+import org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal;
import org.apache.qpid.server.plugin.QpidServiceLoader;
import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
@@ -96,7 +100,7 @@ public class InteractiveAuthenticationFilter implements Filter
if(handler != null)
{
- handler.handleAuthentication(httpResponse);
+ invokeAuthenticationHandler(httpRequest, httpResponse, handler);
}
else
{
@@ -105,4 +109,25 @@ public class InteractiveAuthenticationFilter implements Filter
}
}
+ private void invokeAuthenticationHandler(final HttpServletRequest httpRequest,
+ final HttpServletResponse httpResponse,
+ final HttpRequestInteractiveAuthenticator.AuthenticationHandler handler)
+ throws ServletException
+ {
+ final Subject tempSubject = new Subject(true,
+ Collections.<Principal>singleton(new ServletConnectionPrincipal(httpRequest)),
+ Collections.emptySet(),
+ Collections.emptySet());
+ try
+ {
+ Subject.doAs(tempSubject, (PrivilegedExceptionAction<Void>) () -> {
+ handler.handleAuthentication(httpResponse);
+ return null;
+ });
+ }
+ catch (PrivilegedActionException e)
+ {
+ throw new ServletException(e);
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org