You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2020/08/23 20:23:26 UTC
[qpid-broker-j] 02/02: QPID-8459: [Broker-J] Reduce code duplication
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
commit 26aa2957d696f4909e4c7b4ca8893c2280e9e39b
Author: Alex Rudyy <or...@apache.org>
AuthorDate: Sun Aug 23 21:21:05 2020 +0100
QPID-8459: [Broker-J] Reduce code duplication
This closes #54
---
.../management/plugin/HttpManagementUtil.java | 9 ++++++
.../auth/AnonymousInteractiveAuthenticator.java | 21 ++++++-------
.../auth/OAuth2InteractiveAuthenticator.java | 35 +++++++---------------
.../SSLClientCertInteractiveAuthenticator.java | 5 ++--
.../auth/SpnegoInteractiveAuthenticator.java | 5 +---
.../plugin/servlet/rest/SaslServlet.java | 4 +--
6 files changed, 35 insertions(+), 44 deletions(-)
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
index c9f8e04..3c0783c 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
@@ -361,4 +361,13 @@ public class HttpManagementUtil
// session was invalidated
}
}
+
+ public static void createServletConnectionSubjectAssertManagementAccessAndSave(final Broker broker,
+ final HttpServletRequest request,
+ final Subject original)
+ {
+ final Subject subject = createServletConnectionSubject(request, original);
+ assertManagementAccess(broker, subject);
+ saveAuthorisedSubject(request, subject);
+ }
}
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/AnonymousInteractiveAuthenticator.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/AnonymousInteractiveAuthenticator.java
index c0ad0ab..9d25b63 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/AnonymousInteractiveAuthenticator.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/AnonymousInteractiveAuthenticator.java
@@ -56,10 +56,12 @@ public class AnonymousInteractiveAuthenticator implements HttpRequestInteractive
public AuthenticationHandler getAuthenticationHandler(final HttpServletRequest request,
final HttpManagementConfiguration configuration)
{
- final Port<?> port = configuration.getPort(request);
if (configuration.getAuthenticationProvider(request) instanceof AnonymousAuthenticationManager)
{
- return response -> getLoginHandler(request, response, configuration, port);
+ final AnonymousAuthenticationManager authenticationProvider =
+ (AnonymousAuthenticationManager) configuration.getAuthenticationProvider(request);
+ final Port<?> port = configuration.getPort(request);
+ return response -> getLoginHandler(request, response, authenticationProvider, port);
}
else
{
@@ -67,25 +69,24 @@ public class AnonymousInteractiveAuthenticator implements HttpRequestInteractive
}
}
- private void getLoginHandler(HttpServletRequest request, HttpServletResponse response,
- HttpManagementConfiguration configuration, Port<?> port) throws ServletException, IOException
+ private void getLoginHandler(final HttpServletRequest request,
+ final HttpServletResponse response,
+ final AnonymousAuthenticationManager authenticationProvider,
+ final Port<?> port) throws ServletException, IOException
{
- final AnonymousAuthenticationManager authenticationProvider =
- (AnonymousAuthenticationManager) configuration.getAuthenticationProvider(request);
final AuthenticationResult authenticationResult = authenticationProvider.getAnonymousAuthenticationResult();
try
{
- final SubjectAuthenticationResult result = port.getSubjectCreator(request.isSecure(), request.getServerName()).createResultWithGroups(authenticationResult);
+ final SubjectAuthenticationResult result = port.getSubjectCreator(request.isSecure(), request.getServerName())
+ .createResultWithGroups(authenticationResult);
final Subject original = result.getSubject();
if (original == null)
{
throw new SecurityException("Only authenticated users can access the management interface");
}
- final Subject subject = HttpManagementUtil.createServletConnectionSubject(request, original);
final Broker broker = (Broker) authenticationProvider.getParent();
- HttpManagementUtil.assertManagementAccess(broker, subject);
- HttpManagementUtil.saveAuthorisedSubject(request, subject);
+ HttpManagementUtil.createServletConnectionSubjectAssertManagementAccessAndSave(broker, request, original);
request.getRequestDispatcher(HttpManagement.DEFAULT_LOGIN_URL).forward(request, response);
}
catch (AccessControlException e)
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
index d25f54c..3df47a9 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
@@ -170,9 +170,17 @@ public class OAuth2InteractiveAuthenticator implements HttpRequestInteractiveAut
AuthenticationResult authenticationResult = oauth2Provider.authenticateViaAuthorizationCode(authorizationCode, redirectUri, addressSpace);
try
{
- Subject subject = createSubject(authenticationResult);
- authoriseManagement(subject);
- HttpManagementUtil.saveAuthorisedSubject(request, subject);
+ SubjectCreator subjectCreator = port.getSubjectCreator(request.isSecure(), request.getServerName());
+ SubjectAuthenticationResult result = subjectCreator.createResultWithGroups(authenticationResult);
+ Subject original = result.getSubject();
+
+ if (original == null)
+ {
+ throw new SecurityException("Only authenticated users can access the management interface");
+ }
+
+ Broker broker = (Broker) oauth2Provider.getParent();
+ HttpManagementUtil.createServletConnectionSubjectAssertManagementAccessAndSave(broker, request, original);
LOGGER.debug("Successful login. Redirect to original resource {}", originalRequestUri);
response.sendRedirect(originalRequestUri);
@@ -191,27 +199,6 @@ public class OAuth2InteractiveAuthenticator implements HttpRequestInteractiveAut
}
}
}
-
- private Subject createSubject(final AuthenticationResult authenticationResult)
- {
- SubjectCreator subjectCreator = port.getSubjectCreator(request.isSecure(), request.getServerName());
- SubjectAuthenticationResult result = subjectCreator.createResultWithGroups(authenticationResult);
- Subject original = result.getSubject();
-
- if (original == null)
- {
- throw new SecurityException("Only authenticated users can access the management interface");
- }
-
- Subject subject = HttpManagementUtil.createServletConnectionSubject(request, original);
- return subject;
- }
-
- private void authoriseManagement(final Subject subject)
- {
- Broker broker = (Broker) oauth2Provider.getParent();
- HttpManagementUtil.assertManagementAccess(broker, subject);
- }
};
}
}
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SSLClientCertInteractiveAuthenticator.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SSLClientCertInteractiveAuthenticator.java
index a2ebde0..bfa1a09 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SSLClientCertInteractiveAuthenticator.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SSLClientCertInteractiveAuthenticator.java
@@ -49,9 +49,8 @@ public class SSLClientCertInteractiveAuthenticator implements HttpRequestInterac
final Subject subject = _preemptiveAuthenticator.attemptAuthentication(request, configuration);
if (subject != null)
{
- final Subject servletSubject = HttpManagementUtil.createServletConnectionSubject(request, subject);
- HttpManagementUtil.assertManagementAccess((Broker) authenticationProvider.getParent(), servletSubject);
- HttpManagementUtil.saveAuthorisedSubject(request, servletSubject);
+ final Broker broker = (Broker) authenticationProvider.getParent();
+ HttpManagementUtil.createServletConnectionSubjectAssertManagementAccessAndSave(broker, request, subject);
response.sendRedirect("/");
}
else
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SpnegoInteractiveAuthenticator.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SpnegoInteractiveAuthenticator.java
index 004a8f4..48c8c7e 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SpnegoInteractiveAuthenticator.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SpnegoInteractiveAuthenticator.java
@@ -74,11 +74,8 @@ public class SpnegoInteractiveAuthenticator implements HttpRequestInteractiveAut
final Port<?> port = configuration.getPort(request);
final SubjectCreator subjectCreator = port.getSubjectCreator(request.isSecure(), request.getServerName());
final SubjectAuthenticationResult result = subjectCreator.createResultWithGroups(authenticationResult);
- final Subject subject = HttpManagementUtil.createServletConnectionSubject(request, result.getSubject());
-
final Broker broker = (Broker) kerberosProvider.getParent();
- HttpManagementUtil.assertManagementAccess(broker, subject);
- HttpManagementUtil.saveAuthorisedSubject(request, subject);
+ HttpManagementUtil.createServletConnectionSubjectAssertManagementAccessAndSave(broker, request, result.getSubject());
request.getRequestDispatcher(HttpManagement.DEFAULT_LOGIN_URL).forward(request, response);
}
};
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
index 102062d..f0daefb 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
@@ -249,9 +249,7 @@ public class SaslServlet extends AbstractServlet
Broker broker = getBroker();
try
{
- Subject subject = HttpManagementUtil.createServletConnectionSubject(request, original);
- HttpManagementUtil.assertManagementAccess(broker, subject);
- HttpManagementUtil.saveAuthorisedSubject(request, subject);
+ HttpManagementUtil.createServletConnectionSubjectAssertManagementAccessAndSave(broker, request, original);
if(challenge != null && challenge.length != 0)
{
outputObject.put("additionalData", Base64.getEncoder().encodeToString(challenge));
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org