You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2018/03/27 16:33:33 UTC
[1/2] qpid-jms git commit: QPIDJMS-372: [SASL] [XOAUTH2] Make access
token validation comply with RFC-6749.
Repository: qpid-jms
Updated Branches:
refs/heads/master 02a3cc89a -> 7ce0c2916
QPIDJMS-372: [SASL] [XOAUTH2] Make access token validation comply with RFC-6749.
Project: http://git-wip-us.apache.org/repos/asf/qpid-jms/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-jms/commit/dfc24eea
Tree: http://git-wip-us.apache.org/repos/asf/qpid-jms/tree/dfc24eea
Diff: http://git-wip-us.apache.org/repos/asf/qpid-jms/diff/dfc24eea
Branch: refs/heads/master
Commit: dfc24eeab7f34ad54d3b64201d7a8034802b847b
Parents: 02a3cc8
Author: Keith Wall <kw...@apache.org>
Authored: Mon Mar 26 23:07:00 2018 +0100
Committer: Keith Wall <kw...@apache.org>
Committed: Tue Mar 27 14:47:15 2018 +0100
----------------------------------------------------------------------
.../java/org/apache/qpid/jms/sasl/XOauth2Mechanism.java | 10 +++-------
.../org/apache/qpid/jms/sasl/XOauth2MechanismTest.java | 9 +++++----
2 files changed, 8 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/dfc24eea/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/XOauth2Mechanism.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/XOauth2Mechanism.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/XOauth2Mechanism.java
index 380b2f6..3a2a90a 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/XOauth2Mechanism.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/XOauth2Mechanism.java
@@ -18,7 +18,7 @@ package org.apache.qpid.jms.sasl;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
-import java.util.Base64;
+import java.util.regex.Pattern;
/**
* Implements the SASL XOAUTH2 authentication Mechanism .
@@ -27,6 +27,7 @@ import java.util.Base64;
*/
public class XOauth2Mechanism extends AbstractMechanism {
+ private static final Pattern ACCESS_TOKEN_PATTERN = Pattern.compile("^[\\x20-\\x7F]+$");
private String additionalFailureInformation;
@Override
@@ -78,12 +79,7 @@ public class XOauth2Mechanism extends AbstractMechanism {
@Override
public boolean isApplicable(String username, String password, Principal localPrincipal) {
if(username != null && username.length() > 0 && password != null && password.length() > 0) {
- try {
- Base64.getDecoder().decode(password);
- return true;
- } catch (IllegalArgumentException e) {
- return false;
- }
+ return ACCESS_TOKEN_PATTERN.matcher(password).matches();
} else {
return false;
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/dfc24eea/qpid-jms-client/src/test/java/org/apache/qpid/jms/sasl/XOauth2MechanismTest.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/sasl/XOauth2MechanismTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/sasl/XOauth2MechanismTest.java
index adc3a8c..bbc226c 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/sasl/XOauth2MechanismTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/sasl/XOauth2MechanismTest.java
@@ -91,11 +91,12 @@ public class XOauth2MechanismTest {
assertFalse("Should not be applicable with empty token", mech.isApplicable("user", "", null));
}
+ /** RFC6749 defines the OAUTH2 an access token as comprising VSCHAR elements (\x20-7E) */
@Test
- public void testIsNotApplicableWithNonBase64Token() {
+ public void testIsNotApplicableWithIllegalAccessToken() {
XOauth2Mechanism mech = new XOauth2Mechanism();
- assertFalse("Should not be applicable with non base64 token", mech.isApplicable("user", "not base 64", null));
+ assertFalse("Should not be applicable with non vschars", mech.isApplicable("user", "illegalChar\000", null));
}
@@ -110,14 +111,14 @@ public class XOauth2MechanismTest {
public void testIsApplicableWithUserAndToken() {
XOauth2Mechanism mech = new XOauth2Mechanism();
- assertTrue("Should be applicable with user and token", mech.isApplicable("user", "YmFzZSA2NA==", null));
+ assertTrue("Should be applicable with user and token", mech.isApplicable("user", "2YotnFZFEjr1zCsicMWpAA", null));
}
@Test
public void testIsApplicableWithUserAndPasswordAndPrincipal() {
XOauth2Mechanism mech = new XOauth2Mechanism();
- assertTrue("Should be applicable with user and token and principal", mech.isApplicable("user", "YmFzZSA2NA==", new Principal() {
+ assertTrue("Should be applicable with user and token and principal", mech.isApplicable("user", "2YotnFZFEjr1zCsicMWpAA", new Principal() {
@Override
public String getName() {
return "name";
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[2/2] qpid-jms git commit: QPIDJMS-372: merge PR #16 from k-wall
Posted by ro...@apache.org.
QPIDJMS-372: merge PR #16 from k-wall
This closes #16
Project: http://git-wip-us.apache.org/repos/asf/qpid-jms/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-jms/commit/7ce0c291
Tree: http://git-wip-us.apache.org/repos/asf/qpid-jms/tree/7ce0c291
Diff: http://git-wip-us.apache.org/repos/asf/qpid-jms/diff/7ce0c291
Branch: refs/heads/master
Commit: 7ce0c2916961c01e162e4cda4b622d991eeadbb6
Parents: 02a3cc8 dfc24ee
Author: Robbie Gemmell <ro...@apache.org>
Authored: Tue Mar 27 17:23:04 2018 +0100
Committer: Robbie Gemmell <ro...@apache.org>
Committed: Tue Mar 27 17:23:04 2018 +0100
----------------------------------------------------------------------
.../java/org/apache/qpid/jms/sasl/XOauth2Mechanism.java | 10 +++-------
.../org/apache/qpid/jms/sasl/XOauth2MechanismTest.java | 9 +++++----
2 files changed, 8 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org