You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by lq...@apache.org on 2016/03/17 18:12:47 UTC
svn commit: r1735461 - in /qpid/java/trunk:
broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/
broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/
Author: lquack
Date: Thu Mar 17 17:12:47 2016
New Revision: 1735461
URL: http://svn.apache.org/viewvc?rev=1735461&view=rev
Log:
QPID-7151: [Java Broker] Improve error handling in OAuth2 AuthenticationProvider
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java?rev=1735461&r1=1735460&r2=1735461&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java Thu Mar 17 17:12:47 2016
@@ -302,13 +302,13 @@ public class OAuth2AuthenticationProvide
LOGGER.debug("Call to token endpoint '{}' complete, response code : {}", tokenEndpoint, responseCode);
Map<String, Object> responseMap = _objectMapper.readValue(input, Map.class);
- if (responseCode != 200)
+ if (responseCode != 200 || responseMap.containsKey("error"))
{
IllegalStateException e = new IllegalStateException(String.format("Token endpoint failed, response code %d, error '%s', description '%s'",
responseCode,
responseMap.get("error"),
responseMap.get("error_description")));
- LOGGER.error("Call to token endpoint failed", e);
+ LOGGER.error(e.getMessage());
return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
}
Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java?rev=1735461&r1=1735460&r2=1735461&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java (original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java Thu Mar 17 17:12:47 2016
@@ -173,10 +173,18 @@ public class OAuth2InteractiveAuthentica
LOGGER.debug("Successful login. Redirect to original resource {}", originalRequestUri);
response.sendRedirect(originalRequestUri);
}
- catch (AccessControlException e)
+ catch (SecurityException e)
{
- LOGGER.info("User '{}' is not authorised for management", authenticationResult.getMainPrincipal());
- response.sendError(403, "User is not authorised for management");
+ if (e instanceof AccessControlException)
+ {
+ LOGGER.info("User '{}' is not authorised for management", authenticationResult.getMainPrincipal());
+ response.sendError(403, "User is not authorised for management");
+ }
+ else
+ {
+ LOGGER.info("Authentication failed", authenticationResult.getCause());
+ response.sendError(401);
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org