You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2018/05/02 13:29:47 UTC
qpid-broker-j git commit: QPID-8172: [Broker-J] OAuth2 authentication
provider should not mandate setting of client secret
Repository: qpid-broker-j
Updated Branches:
refs/heads/master 30de6410f -> 39bfa6a0c
QPID-8172: [Broker-J] OAuth2 authentication provider should not mandate setting of client secret
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/39bfa6a0
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/39bfa6a0
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/39bfa6a0
Branch: refs/heads/master
Commit: 39bfa6a0c054bb746b0ea45402e8d8a2707895a1
Parents: 30de641
Author: Alex Rudyy <or...@apache.org>
Authored: Wed May 2 14:22:42 2018 +0100
Committer: Alex Rudyy <or...@apache.org>
Committed: Wed May 2 14:27:51 2018 +0100
----------------------------------------------------------------------
.../auth/manager/oauth2/OAuth2AuthenticationProvider.java | 2 +-
.../manager/oauth2/OAuth2AuthenticationProviderImpl.java | 8 ++++++--
.../plugin/auth/OAuth2InteractiveAuthenticator.java | 4 ++--
.../java/resources/authenticationprovider/oauth2/add.html | 4 ++--
4 files changed, 11 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/39bfa6a0/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
index 1259d14..9cbbcdf 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
@@ -72,7 +72,7 @@ public interface OAuth2AuthenticationProvider<T extends OAuth2AuthenticationProv
@ManagedAttribute( description = "Client ID to identify qpid to the OAuth endpoints", mandatory = true )
String getClientId();
- @ManagedAttribute( description = "Client secret to identify qpid to the OAuth endpoints", mandatory = true, secure = true )
+ @ManagedAttribute( description = "Client secret to identify qpid to the OAuth endpoints", secure = true )
String getClientSecret();
@ManagedAttribute( description = "The OAuth2 access token scope passed to the authorization endpoint", defaultValue = "${this:defaultScope}")
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/39bfa6a0/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
index f579fdd..56f69b9 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
@@ -272,16 +272,20 @@ public class OAuth2AuthenticationProviderImpl
connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=" + UTF_8.name());
connection.setRequestProperty("Accept", "application/json");
+ String clientSecret = getClientSecret() == null ? "" : getClientSecret();
if (getTokenEndpointNeedsAuth())
{
- String encoded = DatatypeConverter.printBase64Binary((getClientId() + ":" + getClientSecret()).getBytes(UTF_8));
+ String encoded = DatatypeConverter.printBase64Binary((getClientId() + ":" + clientSecret).getBytes(UTF_8));
connection.setRequestProperty("Authorization", "Basic " + encoded);
}
Map<String, String> requestBody = new HashMap<>();
requestBody.put("code", authorizationCode);
requestBody.put("client_id", getClientId());
- requestBody.put("client_secret", getClientSecret());
+ if (!getTokenEndpointNeedsAuth() && !"".equals(clientSecret))
+ {
+ requestBody.put("client_secret", clientSecret);
+ }
requestBody.put("redirect_uri", redirectUri);
requestBody.put("grant_type", "authorization_code");
requestBody.put("response_type", "token");
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/39bfa6a0/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
----------------------------------------------------------------------
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
index 2fb9606..d25f54c 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
@@ -24,6 +24,7 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.security.AccessControlException;
import java.security.SecureRandom;
+import java.util.Base64;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
@@ -33,7 +34,6 @@ import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import javax.xml.bind.DatatypeConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -353,7 +353,7 @@ public class OAuth2InteractiveAuthenticator implements HttpRequestInteractiveAut
byte[] nonceBytes = new byte[STATE_NONCE_BIT_SIZE / 8];
_random.nextBytes(nonceBytes);
- String nonce = DatatypeConverter.printBase64Binary(nonceBytes);
+ String nonce = Base64.getUrlEncoder().encodeToString(nonceBytes);
request.getSession().setAttribute(HttpManagementUtil.getRequestSpecificAttributeName(STATE_NAME, request), nonce);
return nonce;
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/39bfa6a0/broker-plugins/management-http/src/main/java/resources/authenticationprovider/oauth2/add.html
----------------------------------------------------------------------
diff --git a/broker-plugins/management-http/src/main/java/resources/authenticationprovider/oauth2/add.html b/broker-plugins/management-http/src/main/java/resources/authenticationprovider/oauth2/add.html
index fb27a77..5ebcefd 100644
--- a/broker-plugins/management-http/src/main/java/resources/authenticationprovider/oauth2/add.html
+++ b/broker-plugins/management-http/src/main/java/resources/authenticationprovider/oauth2/add.html
@@ -92,13 +92,13 @@
</div>
</div>
<div class="clear">
- <div class="formLabel-labelCell tableContainer-labelCell">Client Secret*:</div>
+ <div class="formLabel-labelCell tableContainer-labelCell">Client Secret:</div>
<div class="formLabel-controlCell tableContainer-valueCell">
<input type="password" id="addAuthenticationProvider.clientSecret"
data-dojo-type="dijit/form/ValidationTextBox"
data-dojo-props="
name: 'clientSecret',
- required: true,
+ required: false,
placeHolder: 'client secret',
promptMessage: 'Enter the client secret for this application.',
title: 'Enter the client secret for this application'"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org