You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2016/06/24 16:21:54 UTC
svn commit: r1750129 - in
/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin:
HttpManagementUtil.java auth/OAuth2InteractiveAuthenticator.java
servlet/rest/SaslServlet.java
Author: kwall
Date: Fri Jun 24 16:21:54 2016
New Revision: 1750129
URL: http://svn.apache.org/viewvc?rev=1750129&view=rev
Log:
QPID-7320: [Java Broker] Restore management actor to operation logs produced by management actions.
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java?rev=1750129&r1=1750128&r2=1750129&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java (original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java Fri Jun 24 16:21:54 2016
@@ -25,9 +25,7 @@ import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
-import java.security.Principal;
import java.security.PrivilegedAction;
-import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -36,29 +34,16 @@ import java.util.List;
import java.util.zip.GZIPOutputStream;
import javax.security.auth.Subject;
-import javax.security.auth.x500.X500Principal;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import javax.xml.bind.DatatypeConverter;
import org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal;
import org.apache.qpid.server.management.plugin.session.LoginLogoutReporter;
-import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.plugin.QpidServiceLoader;
import org.apache.qpid.server.security.SecurityManager;
-import org.apache.qpid.server.security.SubjectCreator;
-import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
-import org.apache.qpid.server.security.auth.AuthenticationResult;
-import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
-import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
-import org.apache.qpid.server.security.auth.UsernamePrincipal;
-import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager;
-import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager;
-import org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider;
-import org.apache.qpid.transport.network.security.ssl.SSLUtil;
public class HttpManagementUtil
{
@@ -126,22 +111,25 @@ public class HttpManagementUtil
throw new SecurityException("Only authenticated users can access the management interface");
}
- Subject original = subject;
- subject = new Subject(false,
- original.getPrincipals(),
- original.getPublicCredentials(),
- original.getPrivateCredentials());
- subject.getPrincipals().add(new ServletConnectionPrincipal(request));
- subject.setReadOnly();
+ subject = createServletConnectionSubject(request, subject);
assertManagementAccess(broker.getSecurityManager(), subject);
saveAuthorisedSubject(request, subject);
-
-
}
}
+ public static Subject createServletConnectionSubject(final HttpServletRequest request, Subject original)
+ {
+ Subject subject = new Subject(false,
+ original.getPrincipals(),
+ original.getPublicCredentials(),
+ original.getPrivateCredentials());
+ subject.getPrincipals().add(new ServletConnectionPrincipal(request));
+ subject.setReadOnly();
+ return subject;
+ }
+
public static void assertManagementAccess(final SecurityManager securityManager, Subject subject)
{
Subject.doAs(subject, new PrivilegedAction<Void>()
Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java?rev=1750129&r1=1750128&r2=1750129&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java (original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java Fri Jun 24 16:21:54 2016
@@ -192,21 +192,14 @@ public class OAuth2InteractiveAuthentica
{
SubjectCreator subjectCreator = oauth2Provider.getSubjectCreator(request.isSecure());
SubjectAuthenticationResult result = subjectCreator.createResultWithGroups(authenticationResult);
+ Subject original = result.getSubject();
- Subject subject = result.getSubject();
-
- if (subject == null)
+ if (original == null)
{
throw new SecurityException("Only authenticated users can access the management interface");
}
- Subject original = subject;
- subject = new Subject(false,
- original.getPrincipals(),
- original.getPublicCredentials(),
- original.getPrivateCredentials());
- subject.getPrincipals().add(new ServletConnectionPrincipal(request));
- subject.setReadOnly();
+ Subject subject = HttpManagementUtil.createServletConnectionSubject(request, original);
return subject;
}
Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java?rev=1750129&r1=1750128&r2=1750129&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java (original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java Fri Jun 24 16:21:54 2016
@@ -220,11 +220,12 @@ public class SaslServlet extends Abstrac
if (authenticationResult.getStatus() == AuthenticationResult.AuthenticationStatus.SUCCESS)
{
- Subject subject = authenticationResult.getSubject();
+ Subject original = authenticationResult.getSubject();
Broker broker = getBroker();
try
{
- HttpManagementUtil.assertManagementAccess(broker.getSecurityManager(), subject);
+ HttpManagementUtil.assertManagementAccess(broker.getSecurityManager(), original);
+ Subject subject = HttpManagementUtil.createServletConnectionSubject(request, original);
HttpManagementUtil.saveAuthorisedSubject(request, subject);
session.removeAttribute(HttpManagementUtil.getRequestSpecificAttributeName(ATTR_ID, request));
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org