You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2017/07/20 09:27:20 UTC

qpid-broker-j git commit: QPID-7789: Fix defect affecting Oauth2 authentication introduced by commit 6bde48c519847a14dcdbeba33b9eb200f3a089cd

Repository: qpid-broker-j
Updated Branches:
  refs/heads/master a039459c1 -> 135fc404d


QPID-7789: Fix defect affecting Oauth2 authentication introduced by commit 6bde48c519847a14dcdbeba33b9eb200f3a089cd


Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/135fc404
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/135fc404
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/135fc404

Branch: refs/heads/master
Commit: 135fc404db42ee4a59c98a33671965cfb8409e42
Parents: a039459
Author: Alex Rudyy <or...@apache.org>
Authored: Thu Jul 20 10:26:18 2017 +0100
Committer: Alex Rudyy <or...@apache.org>
Committed: Thu Jul 20 10:27:06 2017 +0100

----------------------------------------------------------------------
 .../server/management/plugin/HttpManagement.java    |  1 +
 .../auth/UsernamePasswordInteractiveLogin.java      | 16 ++--------------
 .../management/plugin/filter/RedirectingFilter.java |  1 -
 3 files changed, 3 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/135fc404/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
----------------------------------------------------------------------
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
index 5876276..3b9d7de 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
@@ -347,6 +347,7 @@ public class HttpManagement extends AbstractPluginAdapter<HttpManagement> implem
         root.addFilter(restAuthorizationFilter, "/apidocs/*", EnumSet.of(DispatcherType.REQUEST));
         root.addFilter(restAuthorizationFilter, "/service/*", EnumSet.of(DispatcherType.REQUEST));
 
+        root.addFilter(new FilterHolder(new RedirectingFilter()), "/index.html", EnumSet.of(DispatcherType.REQUEST));
         root.addFilter(new FilterHolder(new RedirectingFilter()), "/", EnumSet.of(DispatcherType.REQUEST));
         if (_serveUncompressedDojo)
         {

http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/135fc404/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
----------------------------------------------------------------------
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
index 8894aee..4f7b98b 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
@@ -22,6 +22,7 @@ package org.apache.qpid.server.management.plugin.auth;
 
 import java.io.IOException;
 
+import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -34,21 +35,8 @@ import org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticati
 @PluggableService
 public class UsernamePasswordInteractiveLogin implements HttpRequestInteractiveAuthenticator
 {
-    // TODO: When we refactor web management and adopt web fragments, move logout.html
-    // to WEB-INF/ and dispatch (forward) to them, rather than using a client side redirect.
-    // This would keep the login/logout pages private and inaccessible to the user when using auth providers
-    // such as Ouath2.
     private static final String DEFAULT_LOGIN_URL = "/index.html";
 
-    private static final AuthenticationHandler REDIRECT_HANDLER = new AuthenticationHandler()
-    {
-        @Override
-        public void handleAuthentication(final HttpServletResponse response) throws IOException
-        {
-            response.sendRedirect(DEFAULT_LOGIN_URL);
-        }
-    };
-
     private static  final LogoutHandler LOGOUT_HANDLER = new LogoutHandler()
     {
         @Override
@@ -64,7 +52,7 @@ public class UsernamePasswordInteractiveLogin implements HttpRequestInteractiveA
     {
         if(configuration.getAuthenticationProvider(request) instanceof UsernamePasswordAuthenticationProvider)
         {
-            return REDIRECT_HANDLER;
+            return response -> request.getRequestDispatcher(DEFAULT_LOGIN_URL).forward(request, response);
         }
         else
         {

http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/135fc404/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingFilter.java
----------------------------------------------------------------------
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingFilter.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingFilter.java
index dac1a5f..db65fe1 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingFilter.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingFilter.java
@@ -40,7 +40,6 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
 import org.apache.qpid.server.management.plugin.HttpManagementUtil;
 import org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator;
-import org.apache.qpid.server.model.Broker;
 import org.apache.qpid.server.plugin.QpidServiceLoader;
 import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org