You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2016/12/02 15:47:52 UTC
svn commit: r1772364 [1/4] - in /qpid/java/trunk:
broker-core/src/main/java/org/apache/qpid/server/model/
broker-core/src/main/java/org/apache/qpid/server/security/
broker-core/src/main/java/org/apache/qpid/server/security/auth/database/
broker-core/sr...
Author: orudyy
Date: Fri Dec 2 15:47:52 2016
New Revision: 1772364
URL: http://svn.apache.org/viewvc?rev=1772364&view=rev
Log:
QPID-7283: [Java Broker] Simplify SASL authentication functionality
Added:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/AbstractSaslServerNegotiator.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/PasswordSource.java
- copied, changed from r1772329, qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainInitialiser.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/SaslNegotiator.java
- copied, changed from r1772329, qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SaslServerProvider.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/SaslSettings.java
- copied, changed from r1772329, qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5Initialiser.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/anonymous/AnonymousNegotiator.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/AbstractCramMd5Negotiator.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CramMd5Base64HashedNegotiator.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CramMd5Base64HexNegotiator.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CramMd5HashedNegotiator.java
- copied, changed from r1772329, qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HashedInitialiser.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CramMd5HexNegotiator.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CramMd5Negotiator.java
- copied, changed from r1772329, qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HashedInitialiser.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalNegotiator.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/kerberos/
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/kerberos/KerberosNegotiator.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/oauth2/
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2Negotiator.java
- copied, changed from r1772329, qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2SaslServer.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiator.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/scram/ScramNegotiator.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/anonymous/
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/anonymous/AnonymousNegotiatorTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/crammd5/
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/crammd5/CramMd5NegotiatorTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/external/
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/external/ExternalNegotiatorTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/oauth2/
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2NegotiatorTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiatorTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/scram/
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/scram/ScramNegotiatorTest.java
Removed:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2SaslServer.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/UsernamePasswordInitialiser.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/anonymous/AnonymousSaslServer.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/anonymous/AnonymousSaslServerFactory.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HashedInitialiser.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HashedSaslServer.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HashedServerFactory.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexInitialiser.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexSaslServer.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexServerFactory.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5Initialiser.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainAdapterSaslServer.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainInitialiser.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainPasswordCallback.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServer.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServerFactory.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationProviderTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2SaslServerTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/CRAMMD5HexInitialiserTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/CRAMMD5HexServerTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/SaslServerTestCase.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/TestPrincipalDatabase.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServerTest.java
qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SaslServerProvider.java
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramSHA1AuthenticationManager.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramSHA256AuthenticationManager.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/scram/ScramSaslServer.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/scram/ScramSaslServerSource.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/scram/ScramSaslServerSourceAdapter.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/AbstractAMQPConnection.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabaseTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabaseTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationManagerTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ManagedAuthenticationManagerTestBase.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImplTest.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/SaslUtil.java
qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10.java
qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java
qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java
qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java
qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Impl.java
qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/test/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Test.java
qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0.java
qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ProtocolEngineCreator_1_0_0.java
qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ProtocolEngineCreator_1_0_0_SASL.java
qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/test/java/org/apache/qpid/server/protocol/v1_0/ProtocolEngine_1_0_0Test.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/Connection.java
qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/Session.java
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/SaslRestTest.java
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java Fri Dec 2 15:47:52 2016
@@ -28,6 +28,8 @@ import javax.security.sasl.SaslServer;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
@ManagedObject
public interface AuthenticationProvider<X extends AuthenticationProvider<X>> extends ConfiguredObject<X>
@@ -56,27 +58,5 @@ public interface AuthenticationProvider<
@ManagedAttribute( defaultValue = "[]")
List<String> getDisabledMechanisms();
-
- /**
- * Creates a SASL server for the specified mechanism name for the given
- * fully qualified domain name.
- *
- * @param mechanism mechanism name
- * @param localFQDN domain name
- * @param externalPrincipal externally authenticated Principal
- * @return SASL server
- * @throws javax.security.sasl.SaslException
- */
- SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException;
-
- /**
- * Authenticates a user using SASL negotiation.
- *
- * @param server SASL server
- * @param response SASL response to process
- *
- * @return authentication result
- */
- AuthenticationResult authenticate(SaslServer server, byte[] response);
-
+ SaslNegotiator createSaslNegotiator(String mechanism, final SaslSettings saslSettings);
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java Fri Dec 2 15:47:52 2016
@@ -29,14 +29,14 @@ import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.GroupProvider;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
/**
* Creates a {@link Subject} formed by the {@link Principal}'s returned from:
@@ -92,28 +92,19 @@ public class SubjectCreator
return mechanisms;
}
- /**
- * @see AuthenticationProvider#createSaslServer(String, String, Principal)
- */
- public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException
+ public SaslNegotiator createSaslNegotiator(String mechanism, final SaslSettings saslSettings)
{
if(!getMechanisms().contains(mechanism))
{
- throw new SaslException("Unsupported mechanism: " + mechanism + ".\nSupported mechanisms: " + getMechanisms());
+ return null;
}
- return _authenticationProvider.createSaslServer(mechanism, localFQDN, externalPrincipal);
+ return _authenticationProvider.createSaslNegotiator(mechanism, saslSettings);
}
- /**
- * Authenticates a user using SASL negotiation.
- *
- * @param server SASL server
- * @param response SASL response to process
- */
- public SubjectAuthenticationResult authenticate(SaslServer server, byte[] response)
+ public SubjectAuthenticationResult authenticate(SaslNegotiator saslNegotiator, byte[] response)
{
- AuthenticationResult authenticationResult = _authenticationProvider.authenticate(server, response);
- if(server.isComplete())
+ AuthenticationResult authenticationResult = saslNegotiator.handleResponse(response);
+ if(authenticationResult.getStatus() == AuthenticationStatus.SUCCESS)
{
return createResultWithGroups(authenticationResult);
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java Fri Dec 2 15:47:52 2016
@@ -39,8 +39,9 @@ import javax.security.auth.login.Account
import org.slf4j.Logger;
-import org.apache.qpid.server.model.AuthenticationProvider;
+import org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
+import org.apache.qpid.server.security.auth.sasl.PasswordSource;
import org.apache.qpid.server.util.BaseAction;
import org.apache.qpid.server.util.FileHelper;
@@ -52,16 +53,16 @@ public abstract class AbstractPasswordFi
private final Map<String, U> _userMap = new HashMap<>();
private final ReentrantLock _userUpdate = new ReentrantLock();
private final FileHelper _fileHelper = new FileHelper();
- private final AuthenticationProvider<?> _authenticationProvider;
+ private final PasswordCredentialManagingAuthenticationProvider<?> _authenticationProvider;
private File _passwordFile;
- public AbstractPasswordFilePrincipalDatabase(AuthenticationProvider<?> authenticationProvider)
+ public AbstractPasswordFilePrincipalDatabase(PasswordCredentialManagingAuthenticationProvider<?> authenticationProvider)
{
_authenticationProvider = authenticationProvider;
}
@Override
- public final AuthenticationProvider<?> getAuthenticationProvider()
+ public final PasswordCredentialManagingAuthenticationProvider<?> getAuthenticationProvider()
{
return _authenticationProvider;
}
@@ -197,6 +198,18 @@ public abstract class AbstractPasswordFi
}
}
+ protected PasswordSource getPasswordSource()
+ {
+ return new PasswordSource()
+ {
+ @Override
+ public char[] getPassword(final String username)
+ {
+ return lookupPassword(username);
+ }
+ };
+ }
+
private void loadPasswordFile() throws IOException
{
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java Fri Dec 2 15:47:52 2016
@@ -23,25 +23,19 @@ package org.apache.qpid.server.security.
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
-import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AccountNotFoundException;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.apache.qpid.server.model.AuthenticationProvider;
-import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HashedInitialiser;
-import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HashedSaslServer;
-import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HexInitialiser;
-import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HexSaslServer;
-import org.apache.qpid.server.security.auth.sasl.plain.PlainAdapterSaslServer;
-import org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer;
+import org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
+import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5HashedNegotiator;
+import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5HexNegotiator;
+import org.apache.qpid.server.security.auth.sasl.plain.PlainNegotiator;
/**
* Represents a user database where the account information is stored in a simple flat file.
@@ -53,22 +47,13 @@ import org.apache.qpid.server.security.a
public class Base64MD5PasswordFilePrincipalDatabase extends AbstractPasswordFilePrincipalDatabase<HashedUser>
{
private final Logger _logger = LoggerFactory.getLogger(Base64MD5PasswordFilePrincipalDatabase.class);
- private List<String> _mechanisms = Collections.unmodifiableList(Arrays.asList(CRAMMD5HashedSaslServer.MECHANISM,
- CRAMMD5HexSaslServer.MECHANISM,
- PlainSaslServer.MECHANISM));
- private final Map<String, CallbackHandler> _callbackHandlerMap = new HashMap<String, CallbackHandler>();
+ private List<String> _mechanisms = Collections.unmodifiableList(Arrays.asList(CramMd5HashedNegotiator.MECHANISM,
+ CramMd5HexNegotiator.MECHANISM,
+ PlainNegotiator.MECHANISM));
- public Base64MD5PasswordFilePrincipalDatabase(final AuthenticationProvider<?> authenticationProvider)
+ public Base64MD5PasswordFilePrincipalDatabase(final PasswordCredentialManagingAuthenticationProvider<?> authenticationProvider)
{
super(authenticationProvider);
- CRAMMD5HashedInitialiser crammd5HashedInitialiser = new CRAMMD5HashedInitialiser();
- crammd5HashedInitialiser.initialise(this);
- _callbackHandlerMap.put(CRAMMD5HashedSaslServer.MECHANISM, crammd5HashedInitialiser.getCallbackHandler());
-
- CRAMMD5HexInitialiser crammd5HexInitialiser = new CRAMMD5HexInitialiser();
- crammd5HexInitialiser.initialise(this);
- _callbackHandlerMap.put(CRAMMD5HexSaslServer.MECHANISM, crammd5HexInitialiser.getCallbackHandler());
-
}
@@ -143,42 +128,25 @@ public class Base64MD5PasswordFilePrinci
}
@Override
- public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException
+ public SaslNegotiator createSaslNegotiator(final String mechanism, final SaslSettings saslSettings)
{
- CallbackHandler callbackHandler = _callbackHandlerMap.get(mechanism);
- if(callbackHandler == null)
- {
- throw new SaslException("Unsupported mechanism: " + mechanism);
- }
-
- //The SaslServers simply delegate to the built in CRAM-MD5 SaslServer
- if(CRAMMD5HashedSaslServer.MECHANISM.equals(mechanism))
+ if(CramMd5HashedNegotiator.MECHANISM.equals(mechanism))
{
- return new CRAMMD5HashedSaslServer(mechanism, "AMQP", localFQDN, null, callbackHandler);
+ return new CramMd5HashedNegotiator(getAuthenticationProvider(),
+ saslSettings.getLocalFQDN(),
+ getPasswordSource());
}
- else if(CRAMMD5HexSaslServer.MECHANISM.equals(mechanism))
+ else if(CramMd5HexNegotiator.MECHANISM.equals(mechanism))
{
- return new CRAMMD5HexSaslServer(mechanism, "AMQP", localFQDN, null, callbackHandler);
+ return new CramMd5HexNegotiator(getAuthenticationProvider(),
+ saslSettings.getLocalFQDN(),
+ getPasswordSource());
}
- else if(PlainSaslServer.MECHANISM.equals(mechanism))
+ else if(PlainNegotiator.MECHANISM.equals(mechanism))
{
- return new PlainAdapterSaslServer(new PlainAdapterSaslServer.PasswordValidator()
- {
- @Override
- public boolean validatePassword(final String user, final String password)
- {
- try
- {
- return verifyPassword(user, password.toCharArray());
- }
- catch (AccountNotFoundException e)
- {
- return false;
- }
- }
- });
+ return new PlainNegotiator(getAuthenticationProvider());
}
-
- throw new SaslException("Unsupported mechanism: " + mechanism);
+ return null;
}
+
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java Fri Dec 2 15:47:52 2016
@@ -23,27 +23,23 @@ package org.apache.qpid.server.security.
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
-import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AccountNotFoundException;
-import javax.security.sasl.Sasl;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.apache.qpid.server.model.AuthenticationProvider;
+import org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider;
import org.apache.qpid.server.security.auth.manager.AbstractScramAuthenticationManager;
import org.apache.qpid.server.security.auth.manager.ScramSHA1AuthenticationManager;
import org.apache.qpid.server.security.auth.manager.ScramSHA256AuthenticationManager;
-import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5Initialiser;
-import org.apache.qpid.server.security.auth.sasl.plain.PlainInitialiser;
-import org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer;
-import org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServer;
+import org.apache.qpid.server.security.auth.sasl.PasswordSource;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
+import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5Negotiator;
+import org.apache.qpid.server.security.auth.sasl.plain.PlainNegotiator;
+import org.apache.qpid.server.security.auth.sasl.scram.ScramNegotiator;
import org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSourceAdapter;
/**
@@ -57,42 +53,29 @@ public class PlainPasswordFilePrincipalD
{
private final Logger _logger = LoggerFactory.getLogger(PlainPasswordFilePrincipalDatabase.class);
- private final Map<String, CallbackHandler> _callbackHandlerMap = new HashMap<String, CallbackHandler>();
- private final List<String> _mechanisms = Collections.unmodifiableList(Arrays.asList(PlainSaslServer.MECHANISM,
- CRAMMD5Initialiser.MECHANISM,
+ private final List<String> _mechanisms = Collections.unmodifiableList(Arrays.asList(PlainNegotiator.MECHANISM,
+ CramMd5Negotiator.MECHANISM,
ScramSHA1AuthenticationManager.MECHANISM,
ScramSHA256AuthenticationManager.MECHANISM));
private final ScramSaslServerSourceAdapter _scramSha1Adapter;
private final ScramSaslServerSourceAdapter _scramSha256Adapter;
- public PlainPasswordFilePrincipalDatabase(AuthenticationProvider<?> authenticationProvider)
+ public PlainPasswordFilePrincipalDatabase(PasswordCredentialManagingAuthenticationProvider<?> authenticationProvider)
{
super(authenticationProvider);
- PlainInitialiser plainInitialiser = new PlainInitialiser();
- plainInitialiser.initialise(this);
- _callbackHandlerMap.put(PlainSaslServer.MECHANISM, plainInitialiser.getCallbackHandler());
- _callbackHandlerMap.put(ScramSHA1AuthenticationManager.MECHANISM, plainInitialiser.getCallbackHandler());
- _callbackHandlerMap.put(ScramSHA256AuthenticationManager.MECHANISM, plainInitialiser.getCallbackHandler());
-
-
- CRAMMD5Initialiser crammd5Initialiser = new CRAMMD5Initialiser();
- crammd5Initialiser.initialise(this);
- _callbackHandlerMap.put(CRAMMD5Initialiser.MECHANISM, crammd5Initialiser.getCallbackHandler());
-
- ScramSaslServerSourceAdapter.PasswordSource passwordSource =
- new ScramSaslServerSourceAdapter.PasswordSource()
- {
- @Override
- public char[] getPassword(final String username)
- {
- return lookupPassword(username);
- }
- };
-
- final int scramIterationCount = authenticationProvider.getContextValue(Integer.class, AbstractScramAuthenticationManager.QPID_AUTHMANAGER_SCRAM_ITERATION_COUNT);
- _scramSha1Adapter = new ScramSaslServerSourceAdapter(scramIterationCount, "HmacSHA1", "SHA-1", passwordSource);
- _scramSha256Adapter = new ScramSaslServerSourceAdapter(scramIterationCount, "HmacSHA256", "SHA-256", passwordSource);
+
+ PasswordSource passwordSource = getPasswordSource();
+ final int scramIterationCount = authenticationProvider.getContextValue(Integer.class,
+ AbstractScramAuthenticationManager.QPID_AUTHMANAGER_SCRAM_ITERATION_COUNT);
+ _scramSha1Adapter = new ScramSaslServerSourceAdapter(scramIterationCount,
+ ScramSHA1AuthenticationManager.HMAC_NAME,
+ ScramSHA1AuthenticationManager.DIGEST_NAME,
+ passwordSource);
+ _scramSha256Adapter = new ScramSaslServerSourceAdapter(scramIterationCount,
+ ScramSHA256AuthenticationManager.HMAC_NAME,
+ ScramSHA256AuthenticationManager.DIGEST_NAME,
+ passwordSource);
}
@@ -110,7 +93,7 @@ public class PlainPasswordFilePrincipalD
{
char[] pwd = lookupPassword(principal);
-
+
if (pwd == null)
{
throw new AccountNotFoundException("Unable to lookup the specified users password");
@@ -146,33 +129,26 @@ public class PlainPasswordFilePrincipalD
}
@Override
- public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException
+ public SaslNegotiator createSaslNegotiator(final String mechanism, final SaslSettings saslSettings)
{
- final CallbackHandler callbackHandler = _callbackHandlerMap.get(mechanism);
- if(callbackHandler == null)
+ if (CramMd5Negotiator.MECHANISM.equals(mechanism))
{
- throw new SaslException("Unsupported mechanism: " + mechanism);
+ return new CramMd5Negotiator(getAuthenticationProvider(),
+ saslSettings.getLocalFQDN(),
+ getPasswordSource());
}
-
- if(CRAMMD5Initialiser.MECHANISM.equals(mechanism))
+ else if (PlainNegotiator.MECHANISM.equals(mechanism))
{
- //simply delegate to the built in CRAM-MD5 SaslServer
- return Sasl.createSaslServer(mechanism, "AMQP", localFQDN, null, callbackHandler);
+ return new PlainNegotiator(getAuthenticationProvider());
}
- else if(PlainSaslServer.MECHANISM.equals(mechanism))
+ else if (ScramSHA1AuthenticationManager.MECHANISM.equals(mechanism))
{
- return new PlainSaslServer(callbackHandler);
+ return new ScramNegotiator(getAuthenticationProvider(), _scramSha1Adapter, ScramSHA1AuthenticationManager.MECHANISM);
}
- else if(ScramSHA1AuthenticationManager.MECHANISM.equals(mechanism))
+ else if (ScramSHA256AuthenticationManager.MECHANISM.equals(mechanism))
{
- return new ScramSaslServer(_scramSha1Adapter, mechanism, "HmacSHA1", "SHA-1");
+ return new ScramNegotiator(getAuthenticationProvider(), _scramSha256Adapter, ScramSHA256AuthenticationManager.MECHANISM);
}
- else if(ScramSHA256AuthenticationManager.MECHANISM.equals(mechanism))
- {
- return new ScramSaslServer(_scramSha256Adapter, mechanism, "HmacSHA256", "SHA-256");
- }
-
- throw new SaslException("Unsupported mechanism: " + mechanism);
+ return null;
}
-
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java Fri Dec 2 15:47:52 2016
@@ -27,10 +27,10 @@ import java.util.List;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.AccountNotFoundException;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
-import org.apache.qpid.server.model.AuthenticationProvider;
+import org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
/** Represents a "user database" which is really a way of storing principals (i.e. usernames) and passwords. */
public interface PrincipalDatabase
@@ -109,7 +109,8 @@ public interface PrincipalDatabase
*/
public List<String> getMechanisms();
- public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException;
+ SaslNegotiator createSaslNegotiator(String mechanism, SaslSettings saslSettings);
+
+ PasswordCredentialManagingAuthenticationProvider<?> getAuthenticationProvider();
- AuthenticationProvider<?> getAuthenticationProvider();
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java Fri Dec 2 15:47:52 2016
@@ -198,5 +198,4 @@ public abstract class AbstractAuthentica
{
_container.getEventLogger().message(AuthenticationProviderMessages.OPERATION(operation));
}
-
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java Fri Dec 2 15:47:52 2016
@@ -24,7 +24,6 @@ import java.nio.charset.StandardCharsets
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
-import java.security.Principal;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
@@ -34,7 +33,6 @@ import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
import javax.xml.bind.DatatypeConverter;
import com.google.common.util.concurrent.ListenableFuture;
@@ -47,8 +45,10 @@ import org.apache.qpid.server.model.Stat
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
-import org.apache.qpid.server.security.auth.sasl.plain.PlainAdapterSaslServer;
-import org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServer;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
+import org.apache.qpid.server.security.auth.sasl.plain.PlainNegotiator;
+import org.apache.qpid.server.security.auth.sasl.scram.ScramNegotiator;
import org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSource;
import org.apache.qpid.util.Strings;
@@ -93,27 +93,22 @@ public abstract class AbstractScramAuthe
protected abstract String getMechanismName();
@Override
- public SaslServer createSaslServer(final String mechanism,
- final String localFQDN,
- final Principal externalPrincipal)
- throws SaslException
+ public SaslNegotiator createSaslNegotiator(String mechanism, final SaslSettings saslSettings)
{
if(getMechanismName().equals(mechanism))
{
- return new ScramSaslServer(this, getMechanismName(), getHmacName(), getDigestName());
+ return new ScramNegotiator(this, this, getMechanismName());
}
else if(PLAIN.equals(mechanism))
{
- return new PlainAdapterSaslServer(this);
+ return new PlainNegotiator(this);
}
else
{
- throw new SaslException("Unknown mechanism: " + mechanism);
+ return null;
}
}
- protected abstract String getDigestName();
-
@Override
public AuthenticationResult authenticate(final String username, final String password)
{
@@ -255,8 +250,6 @@ public abstract class AbstractScramAuthe
}
}
- protected abstract String getHmacName();
-
@Override
protected String createStoredPassword(final String password)
{
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java Fri Dec 2 15:47:52 2016
@@ -25,15 +25,14 @@ import java.util.Collections;
import java.util.List;
import java.util.Map;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
-
import org.apache.qpid.server.model.Container;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
-import org.apache.qpid.server.security.auth.sasl.anonymous.AnonymousSaslServer;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
+import org.apache.qpid.server.security.auth.sasl.anonymous.AnonymousNegotiator;
@ManagedObject( category = false, type= "Anonymous" )
public class AnonymousAuthenticationManager extends AbstractAuthenticationManager<AnonymousAuthenticationManager>
@@ -61,38 +60,15 @@ public class AnonymousAuthenticationMana
}
@Override
- public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException
+ public SaslNegotiator createSaslNegotiator(final String mechanism, final SaslSettings saslSettings)
{
if(MECHANISM_NAME.equals(mechanism))
{
- return new AnonymousSaslServer();
+ return new AnonymousNegotiator(_anonymousAuthenticationResult);
}
else
{
- throw new SaslException("Unknown mechanism: " + mechanism);
- }
- }
-
- @Override
- public AuthenticationResult authenticate(SaslServer server, byte[] response)
- {
- try
- {
- // Process response from the client
- byte[] challenge = server.evaluateResponse(response != null ? response : new byte[0]);
-
- if (server.isComplete())
- {
- return _anonymousAuthenticationResult;
- }
- else
- {
- return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
- }
- }
- catch (SaslException e)
- {
- return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
+ return null;
}
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java Fri Dec 2 15:47:52 2016
@@ -29,8 +29,6 @@ import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.login.AccountNotFoundException;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
@@ -40,8 +38,7 @@ import org.apache.qpid.server.model.Conf
import org.apache.qpid.server.model.Container;
import org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider;
import org.apache.qpid.server.model.User;
-import org.apache.qpid.server.security.auth.AuthenticationResult;
-import org.apache.qpid.server.security.auth.UsernamePrincipal;
+import org.apache.qpid.server.security.auth.sasl.PasswordSource;
public abstract class ConfigModelPasswordManagingAuthenticationProvider<X extends ConfigModelPasswordManagingAuthenticationProvider<X>>
extends AbstractAuthenticationManager<X>
@@ -56,11 +53,29 @@ public abstract class ConfigModelPasswor
super(attributes, container);
}
- ManagedUser getUser(final String username)
+ public ManagedUser getUser(final String username)
{
return _users.get(username);
}
+ protected PasswordSource getPasswordSource()
+ {
+ return new PasswordSource()
+ {
+ @Override
+ public char[] getPassword(final String username)
+ {
+ ManagedUser user = getUser(username);
+ if (user == null)
+ {
+ return null;
+ }
+ return user.getPassword().toCharArray();
+ }
+ };
+ }
+
+
@Override
public boolean createUser(final String username, final String password, final Map<String, String> attributes)
{
@@ -199,30 +214,6 @@ public abstract class ConfigModelPasswor
}
- @Override
- public AuthenticationResult authenticate(final SaslServer server, final byte[] response)
- {
- try
- {
- // Process response from the client
- byte[] challenge = server.evaluateResponse(response != null ? response : new byte[0]);
-
- if (server.isComplete())
- {
- final String userId = server.getAuthorizationID();
- return new AuthenticationResult(new UsernamePrincipal(userId, this), challenge);
- }
- else
- {
- return new AuthenticationResult(challenge, AuthenticationResult.AuthenticationStatus.CONTINUE);
- }
- }
- catch (SaslException e)
- {
- return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
- }
- }
-
protected abstract String createStoredPassword(String password);
Map<String, ManagedUser> getUserMap()
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java Fri Dec 2 15:47:52 2016
@@ -18,19 +18,16 @@
*/
package org.apache.qpid.server.security.auth.manager;
-import java.security.Principal;
import java.util.Collections;
import java.util.List;
import java.util.Map;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
-
import org.apache.qpid.server.model.Container;
import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
-import org.apache.qpid.server.security.auth.AuthenticationResult;
-import org.apache.qpid.server.security.auth.sasl.external.ExternalSaslServer;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
+import org.apache.qpid.server.security.auth.sasl.external.ExternalNegotiator;
public class ExternalAuthenticationManagerImpl extends AbstractAuthenticationManager<ExternalAuthenticationManagerImpl>
implements ExternalAuthenticationManager<ExternalAuthenticationManagerImpl>
@@ -59,42 +56,15 @@ public class ExternalAuthenticationManag
}
@Override
- public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException
+ public SaslNegotiator createSaslNegotiator(final String mechanism, final SaslSettings saslSettings)
{
if(MECHANISM_NAME.equals(mechanism))
{
- return new ExternalSaslServer(externalPrincipal, _useFullDN, this);
+ return new ExternalNegotiator(this, saslSettings.getExternalPrincipal());
}
else
{
- throw new SaslException("Unknown mechanism: " + mechanism);
+ return null;
}
}
-
- @Override
- public AuthenticationResult authenticate(SaslServer server, byte[] response)
- {
- // Process response from the client
- try
- {
- server.evaluateResponse(response != null ? response : new byte[0]);
-
- Principal principal = ((ExternalSaslServer)server).getAuthenticatedPrincipal();
-
- if(principal != null)
- {
- return new AuthenticationResult(principal);
- }
- else
- {
- return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
- }
- }
- catch (SaslException e)
- {
- return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR,e);
- }
-
- }
-
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java Fri Dec 2 15:47:52 2016
@@ -18,33 +18,22 @@
*/
package org.apache.qpid.server.security.auth.manager;
-import java.io.IOException;
-import java.security.Principal;
import java.util.Collections;
-import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.sasl.AuthorizeCallback;
-import javax.security.sasl.Sasl;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
-
import org.apache.qpid.server.model.Container;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
-import org.apache.qpid.server.security.auth.AuthenticationResult;
-import org.apache.qpid.server.security.auth.UsernamePrincipal;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
+import org.apache.qpid.server.security.auth.sasl.kerberos.KerberosNegotiator;
@ManagedObject( category = false, type = "Kerberos" )
public class KerberosAuthenticationManager extends AbstractAuthenticationManager<KerberosAuthenticationManager>
{
public static final String PROVIDER_TYPE = "Kerberos";
- private static final String GSSAPI_MECHANISM = "GSSAPI";
- private final CallbackHandler _callbackHandler = new GssApiCallbackHandler();
+ public static final String GSSAPI_MECHANISM = "GSSAPI";
@ManagedObjectFactoryConstructor
protected KerberosAuthenticationManager(final Map<String, Object> attributes, final Container<?> container)
@@ -59,59 +48,15 @@ public class KerberosAuthenticationManag
}
@Override
- public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException
+ public SaslNegotiator createSaslNegotiator(final String mechanism, final SaslSettings saslSettings)
{
if(GSSAPI_MECHANISM.equals(mechanism))
{
- return Sasl.createSaslServer(GSSAPI_MECHANISM, "AMQP", localFQDN,
- new HashMap<String, Object>(), _callbackHandler);
+ return new KerberosNegotiator(this, saslSettings.getLocalFQDN());
}
else
{
- throw new SaslException("Unknown mechanism: " + mechanism);
- }
- }
-
- @Override
- public AuthenticationResult authenticate(SaslServer server, byte[] response)
- {
- try
- {
- // Process response from the client
- byte[] challenge = server.evaluateResponse(response != null ? response : new byte[0]);
-
- if (server.isComplete())
- {
- return new AuthenticationResult(new UsernamePrincipal(server.getAuthorizationID(), this), challenge);
- }
- else
- {
- return new AuthenticationResult(challenge, AuthenticationResult.AuthenticationStatus.CONTINUE);
- }
- }
- catch (SaslException e)
- {
- return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
- }
- }
-
- private static class GssApiCallbackHandler implements CallbackHandler
- {
-
- @Override
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
- {
- for(Callback callback : callbacks)
- {
- if (callback instanceof AuthorizeCallback)
- {
- ((AuthorizeCallback) callback).setAuthorized(true);
- }
- else
- {
- throw new UnsupportedCallbackException(callback);
- }
- }
+ return null;
}
}
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java Fri Dec 2 15:47:52 2016
@@ -20,26 +20,14 @@
*/
package org.apache.qpid.server.security.auth.manager;
-import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
-import java.security.Principal;
-import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
-import java.util.Iterator;
import java.util.List;
import java.util.Map;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.sasl.AuthorizeCallback;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
import javax.xml.bind.DatatypeConverter;
import org.apache.qpid.server.model.Broker;
@@ -47,20 +35,22 @@ import org.apache.qpid.server.model.Mana
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
-import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HashedSaslServer;
-import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HexSaslServer;
-import org.apache.qpid.server.security.auth.sasl.plain.PlainAdapterSaslServer;
-import org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
+import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5Base64HashedNegotiator;
+import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5Base64HexNegotiator;
+import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5HashedNegotiator;
+import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5HexNegotiator;
+import org.apache.qpid.server.security.auth.sasl.plain.PlainNegotiator;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
-import org.apache.qpid.util.Strings;
-@ManagedObject( category = false, type = "MD5" )
+@ManagedObject(category = false, type = "MD5")
public class MD5AuthenticationProvider
extends ConfigModelPasswordManagingAuthenticationProvider<MD5AuthenticationProvider>
{
- private final List<String> _mechanisms = Collections.unmodifiableList(Arrays.asList(PlainSaslServer.MECHANISM,
- CRAMMD5HashedSaslServer.MECHANISM,
- CRAMMD5HexSaslServer.MECHANISM));
+ private final List<String> _mechanisms = Collections.unmodifiableList(Arrays.asList(PlainNegotiator.MECHANISM,
+ CramMd5HashedNegotiator.MECHANISM,
+ CramMd5HexNegotiator.MECHANISM));
@ManagedObjectFactoryConstructor
@@ -99,28 +89,27 @@ public class MD5AuthenticationProvider
}
@Override
- public SaslServer createSaslServer(final String mechanism,
- final String localFQDN,
- final Principal externalPrincipal)
- throws SaslException
+ public SaslNegotiator createSaslNegotiator(final String mechanism, final SaslSettings saslSettings)
{
- if(PlainSaslServer.MECHANISM.equals(mechanism))
+ if (PlainNegotiator.MECHANISM.equals(mechanism))
{
- return new PlainAdapterSaslServer(this);
+ return new PlainNegotiator(this);
}
- else if(CRAMMD5HashedSaslServer.MECHANISM.equals(mechanism))
+ else if (CramMd5Base64HashedNegotiator.MECHANISM.equals(mechanism))
{
- //simply delegate to the built in CRAM-MD5 SaslServer
- return new CRAMMD5HashedSaslServer(mechanism, "AMQP", localFQDN, null, new MD5Callbackhandler(false));
+ return new CramMd5Base64HashedNegotiator(this,
+ saslSettings.getLocalFQDN(),
+ getPasswordSource());
}
- else if(CRAMMD5HexSaslServer.MECHANISM.equals(mechanism))
+ else if (CramMd5Base64HexNegotiator.MECHANISM.equals(mechanism))
{
- //simply delegate to the built in CRAM-MD5 SaslServer
- return new CRAMMD5HashedSaslServer(mechanism, "AMQP", localFQDN, null, new MD5Callbackhandler(true));
+ return new CramMd5Base64HexNegotiator(this,
+ saslSettings.getLocalFQDN(),
+ getPasswordSource());
}
else
{
- throw new SaslException("Unsupported mechanism: " + mechanism);
+ return null;
}
}
@@ -129,7 +118,7 @@ public class MD5AuthenticationProvider
{
ManagedUser user = getUser(username);
AuthenticationResult result;
- if(user != null && user.getPassword().equals(createStoredPassword(password)))
+ if (user != null && user.getPassword().equals(createStoredPassword(password)))
{
result = new AuthenticationResult(new UsernamePrincipal(username, this));
}
@@ -139,90 +128,4 @@ public class MD5AuthenticationProvider
}
return result;
}
- private static final char[] HEX_CHARACTERS =
- {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
-
- private class MD5Callbackhandler implements CallbackHandler
- {
- private final boolean _hexify;
- private String _username;
-
- public MD5Callbackhandler(final boolean hexify)
- {
- _hexify = hexify;
- }
-
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
- {
- List<Callback> callbackList = new ArrayList<>(Arrays.asList(callbacks));
- Iterator<Callback> iter = callbackList.iterator();
- while(iter.hasNext())
- {
- Callback callback = iter.next();
- if (callback instanceof NameCallback)
- {
- _username = ((NameCallback) callback).getDefaultName();
- iter.remove();
- break;
- }
- }
-
- if(_username != null)
- {
- iter = callbackList.iterator();
- while (iter.hasNext())
- {
- Callback callback = iter.next();
- if (callback instanceof PasswordCallback)
- {
- iter.remove();
- ManagedUser user = getUser(_username);
- if(user != null)
- {
- String passwordData = user.getPassword();
- byte[] passwordBytes = Strings.decodeBase64(passwordData);
- char[] password;
- if(_hexify)
- {
- password = new char[passwordBytes.length * 2];
-
- for(int i = 0; i < passwordBytes.length; i++)
- {
- password[2*i] = HEX_CHARACTERS[(((int)passwordBytes[i]) & 0xf0)>>4];
- password[(2*i)+1] = HEX_CHARACTERS[(((int)passwordBytes[i]) & 0x0f)];
- }
- }
- else
- {
- password = new char[passwordBytes.length];
- for(int i = 0; i < passwordBytes.length; i++)
- {
- password[i] = (char) passwordBytes[i];
- }
- }
- ((PasswordCallback) callback).setPassword(password);
- }
- else
- {
- ((PasswordCallback) callback).setPassword(null);
- }
- break;
- }
- }
- }
-
- for (Callback callback : callbackList)
- {
-
- if (callback instanceof AuthorizeCallback)
- {
- ((AuthorizeCallback) callback).setAuthorized(true);
- }
- else
- {
- throw new UnsupportedCallbackException(callback);
- }
- }
- }
- }
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java Fri Dec 2 15:47:52 2016
@@ -20,42 +20,30 @@
*/
package org.apache.qpid.server.security.auth.manager;
-import java.io.IOException;
-import java.security.Principal;
-import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
-import java.util.Iterator;
import java.util.List;
import java.util.Map;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.sasl.AuthorizeCallback;
-import javax.security.sasl.Sasl;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
-
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
-import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5Initialiser;
-import org.apache.qpid.server.security.auth.sasl.plain.PlainAdapterSaslServer;
-import org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer;
-import org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServer;
+import org.apache.qpid.server.security.auth.sasl.PasswordSource;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
+import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5Negotiator;
+import org.apache.qpid.server.security.auth.sasl.plain.PlainNegotiator;
+import org.apache.qpid.server.security.auth.sasl.scram.ScramNegotiator;
import org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSourceAdapter;
-@ManagedObject( category = false, type = "Plain" )
+@ManagedObject(category = false, type = "Plain")
public class PlainAuthenticationProvider
extends ConfigModelPasswordManagingAuthenticationProvider<PlainAuthenticationProvider>
{
- private final List<String> _mechanisms = Collections.unmodifiableList(Arrays.asList(PlainSaslServer.MECHANISM,
- CRAMMD5Initialiser.MECHANISM,
+ private final List<String> _mechanisms = Collections.unmodifiableList(Arrays.asList(PlainNegotiator.MECHANISM,
+ CramMd5Negotiator.MECHANISM,
ScramSHA1AuthenticationManager.MECHANISM,
ScramSHA256AuthenticationManager.MECHANISM));
private volatile ScramSaslServerSourceAdapter _scramSha1Adapter;
@@ -73,23 +61,18 @@ public class PlainAuthenticationProvider
{
super.postResolveChildren();
- ScramSaslServerSourceAdapter.PasswordSource passwordSource =
- new ScramSaslServerSourceAdapter.PasswordSource()
- {
- @Override
- public char[] getPassword(final String username)
- {
- ManagedUser user = getUser(username);
-
- return user == null ? null : user.getPassword().toCharArray();
- }
- };
-
-
- final int scramIterationCount = getContextValue(Integer.class, AbstractScramAuthenticationManager.QPID_AUTHMANAGER_SCRAM_ITERATION_COUNT);
- _scramSha1Adapter = new ScramSaslServerSourceAdapter(scramIterationCount, "HmacSHA1", "SHA-1", passwordSource);
- _scramSha256Adapter = new ScramSaslServerSourceAdapter(scramIterationCount, "HmacSHA256", "SHA-256", passwordSource);
+ PasswordSource passwordSource = getPasswordSource();
+ final int scramIterationCount = getContextValue(Integer.class,
+ AbstractScramAuthenticationManager.QPID_AUTHMANAGER_SCRAM_ITERATION_COUNT);
+ _scramSha1Adapter = new ScramSaslServerSourceAdapter(scramIterationCount,
+ ScramSHA1AuthenticationManager.HMAC_NAME,
+ ScramSHA1AuthenticationManager.DIGEST_NAME,
+ passwordSource);
+ _scramSha256Adapter = new ScramSaslServerSourceAdapter(scramIterationCount,
+ ScramSHA256AuthenticationManager.HMAC_NAME,
+ ScramSHA256AuthenticationManager.DIGEST_NAME,
+ passwordSource);
}
@Override
@@ -111,40 +94,11 @@ public class PlainAuthenticationProvider
}
@Override
- public SaslServer createSaslServer(final String mechanism,
- final String localFQDN,
- final Principal externalPrincipal)
- throws SaslException
- {
- if(PlainSaslServer.MECHANISM.equals(mechanism))
- {
- return new PlainAdapterSaslServer(this);
- }
- else if(CRAMMD5Initialiser.MECHANISM.equals(mechanism))
- {
- //simply delegate to the built in CRAM-MD5 SaslServer
- return Sasl.createSaslServer(mechanism, "AMQP", localFQDN, null, new ServerCallbackHandler());
- }
- else if (ScramSHA1AuthenticationManager.MECHANISM.equals(mechanism))
- {
- return new ScramSaslServer(_scramSha1Adapter, mechanism, "HmacSHA1", "SHA-1");
- }
- else if(ScramSHA256AuthenticationManager.MECHANISM.equals(mechanism))
- {
- return new ScramSaslServer(_scramSha256Adapter, mechanism, "HmacSHA256", "SHA-256");
- }
- else
- {
- throw new SaslException("Unsupported mechanism: " + mechanism);
- }
- }
-
- @Override
public AuthenticationResult authenticate(final String username, final String password)
{
ManagedUser user = getUser(username);
AuthenticationResult result;
- if(user != null && user.getPassword().equals(password))
+ if (user != null && user.getPassword().equals(password))
{
result = new AuthenticationResult(new UsernamePrincipal(username, this));
}
@@ -155,60 +109,30 @@ public class PlainAuthenticationProvider
return result;
}
- private class ServerCallbackHandler implements CallbackHandler
+ @Override
+ public SaslNegotiator createSaslNegotiator(final String mechanism, final SaslSettings saslSettings)
{
- String _username;
-
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
+ if (PlainNegotiator.MECHANISM.equals(mechanism))
+ {
+ return new PlainNegotiator(this);
+ }
+ else if (CramMd5Negotiator.MECHANISM.equals(mechanism))
+ {
+ return new CramMd5Negotiator(this,
+ saslSettings.getLocalFQDN(),
+ getPasswordSource());
+ }
+ else if (ScramSHA1AuthenticationManager.MECHANISM.equals(mechanism))
+ {
+ return new ScramNegotiator(this, _scramSha1Adapter, ScramSHA1AuthenticationManager.MECHANISM);
+ }
+ else if (ScramSHA256AuthenticationManager.MECHANISM.equals(mechanism))
+ {
+ return new ScramNegotiator(this, _scramSha256Adapter, ScramSHA256AuthenticationManager.MECHANISM);
+ }
+ else
{
- List<Callback> callbackList = new ArrayList<>(Arrays.asList(callbacks));
- Iterator<Callback> iter = callbackList.iterator();
- while(iter.hasNext())
- {
- Callback callback = iter.next();
- if (callback instanceof NameCallback)
- {
- _username = ((NameCallback) callback).getDefaultName();
- iter.remove();
- break;
- }
- }
-
- if(_username != null)
- {
- iter = callbackList.iterator();
- while (iter.hasNext())
- {
- Callback callback = iter.next();
- if (callback instanceof PasswordCallback)
- {
- iter.remove();
- ManagedUser user = getUser(_username);
- if(user != null)
- {
- ((PasswordCallback) callback).setPassword(user.getPassword().toCharArray());
- }
- else
- {
- ((PasswordCallback) callback).setPassword(null);
- }
- break;
- }
- }
- }
-
- for (Callback callback : callbackList)
- {
-
- if (callback instanceof AuthorizeCallback)
- {
- ((AuthorizeCallback) callback).setAuthorized(true);
- }
- else
- {
- throw new UnsupportedCallbackException(callback);
- }
- }
+ return null;
}
}
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java Fri Dec 2 15:47:52 2016
@@ -36,8 +36,6 @@ import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.login.AccountNotFoundException;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
@@ -59,6 +57,8 @@ import org.apache.qpid.server.security.a
import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
import org.apache.qpid.server.util.FileHelper;
public abstract class PrincipalDatabaseAuthenticationManager<T extends PrincipalDatabaseAuthenticationManager<T>>
@@ -70,7 +70,6 @@ public abstract class PrincipalDatabaseA
private final Map<Principal, PrincipalAdapter> _userMap = new ConcurrentHashMap<Principal, PrincipalAdapter>();
- private final Container<?> _broker;
private PrincipalDatabase _principalDatabase;
@ManagedAttributeField
@@ -79,7 +78,6 @@ public abstract class PrincipalDatabaseA
protected PrincipalDatabaseAuthenticationManager(final Map<String, Object> attributes, final Container<?> broker)
{
super(attributes, broker);
- _broker = broker;
}
@Override
@@ -159,34 +157,10 @@ public abstract class PrincipalDatabaseA
return _principalDatabase.getMechanisms();
}
- public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException
- {
- return _principalDatabase.createSaslServer(mechanism, localFQDN, externalPrincipal);
- }
-
- /**
- * @see org.apache.qpid.server.model.AuthenticationProvider#authenticate(SaslServer, byte[])
- */
- public AuthenticationResult authenticate(SaslServer server, byte[] response)
+ @Override
+ public SaslNegotiator createSaslNegotiator(final String mechanism, final SaslSettings saslSettings)
{
- try
- {
- byte[] challenge = server.evaluateResponse(response != null ? response : new byte[0]);
-
- if (server.isComplete())
- {
- final String userId = server.getAuthorizationID();
- return new AuthenticationResult(new UsernamePrincipal(userId, this), challenge);
- }
- else
- {
- return new AuthenticationResult(challenge, AuthenticationResult.AuthenticationStatus.CONTINUE);
- }
- }
- catch (SaslException e)
- {
- return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
- }
+ return _principalDatabase.createSaslNegotiator(mechanism, saslSettings);
}
/**
@@ -202,12 +176,12 @@ public abstract class PrincipalDatabaseA
}
else
{
- return new AuthenticationResult(AuthenticationStatus.CONTINUE);
+ return new AuthenticationResult(AuthenticationStatus.ERROR);
}
}
catch (AccountNotFoundException e)
{
- return new AuthenticationResult(AuthenticationStatus.CONTINUE);
+ return new AuthenticationResult(AuthenticationStatus.ERROR);
}
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramSHA1AuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramSHA1AuthenticationManager.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramSHA1AuthenticationManager.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramSHA1AuthenticationManager.java Fri Dec 2 15:47:52 2016
@@ -31,10 +31,10 @@ public class ScramSHA1AuthenticationMana
extends AbstractScramAuthenticationManager<ScramSHA1AuthenticationManager>
{
public static final String PROVIDER_TYPE = "SCRAM-SHA-1";
- private static final String HMAC_NAME = "HmacSHA1";
+ public static final String HMAC_NAME = "HmacSHA1";
public static final String MECHANISM = "SCRAM-SHA-1";
- private static final String DIGEST_NAME = "SHA-1";
+ public static final String DIGEST_NAME = "SHA-1";
@ManagedObjectFactoryConstructor
@@ -50,13 +50,13 @@ public class ScramSHA1AuthenticationMana
}
@Override
- protected String getDigestName()
+ public String getDigestName()
{
return DIGEST_NAME;
}
@Override
- protected String getHmacName()
+ public String getHmacName()
{
return HMAC_NAME;
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramSHA256AuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramSHA256AuthenticationManager.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramSHA256AuthenticationManager.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramSHA256AuthenticationManager.java Fri Dec 2 15:47:52 2016
@@ -31,10 +31,10 @@ public class ScramSHA256AuthenticationMa
extends AbstractScramAuthenticationManager<ScramSHA256AuthenticationManager>
{
public static final String PROVIDER_TYPE = "SCRAM-SHA-256";
- private static final String HMAC_NAME = "HmacSHA256";
+ public static final String HMAC_NAME = "HmacSHA256";
public static final String MECHANISM = "SCRAM-SHA-256";
- private static final String DIGEST_NAME = "SHA-256";
+ public static final String DIGEST_NAME = "SHA-256";
@ManagedObjectFactoryConstructor
@@ -50,13 +50,13 @@ public class ScramSHA256AuthenticationMa
}
@Override
- protected String getDigestName()
+ public String getDigestName()
{
return DIGEST_NAME;
}
@Override
- protected String getHmacName()
+ public String getHmacName()
{
return HMAC_NAME;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org