You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2020/09/12 21:30:39 UTC
[qpid-broker-j] 06/17: QPID-8459 AnonymousInteractiveAuthenticator
uses request.getRequestDispatcher().forward() instead of parsing request
URL
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
commit 940d4b0251cbfb4071045f5542a80c7ffa549e74
Author: Tomas Vavricka <to...@deutsche-boerse.com>
AuthorDate: Wed Aug 5 06:13:28 2020 +0000
QPID-8459 AnonymousInteractiveAuthenticator uses request.getRequestDispatcher().forward() instead of parsing request URL
(cherry picked from commit 6676f224ff7e9149d077bddec1931ac5a9f46546)
---
.../auth/AnonymousInteractiveAuthenticator.java | 88 ++++++++++------------
.../auth/UsernamePasswordInteractiveLogin.java | 17 +----
.../PreemptiveAuthenticationTest.java | 4 +-
3 files changed, 42 insertions(+), 67 deletions(-)
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/AnonymousInteractiveAuthenticator.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/AnonymousInteractiveAuthenticator.java
index f165974..c0ad0ab 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/AnonymousInteractiveAuthenticator.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/AnonymousInteractiveAuthenticator.java
@@ -20,10 +20,13 @@
package org.apache.qpid.server.management.plugin.auth;
+import java.io.IOException;
import java.security.AccessControlException;
import javax.security.auth.Subject;
+import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -54,45 +57,9 @@ public class AnonymousInteractiveAuthenticator implements HttpRequestInteractive
final HttpManagementConfiguration configuration)
{
final Port<?> port = configuration.getPort(request);
- if(configuration.getAuthenticationProvider(request) instanceof AnonymousAuthenticationManager)
+ if (configuration.getAuthenticationProvider(request) instanceof AnonymousAuthenticationManager)
{
- return response ->
- {
- AnonymousAuthenticationManager authenticationProvider =
- (AnonymousAuthenticationManager) configuration.getAuthenticationProvider(request);
- AuthenticationResult authenticationResult = authenticationProvider.getAnonymousAuthenticationResult();
- try
- {
- SubjectAuthenticationResult result = port.getSubjectCreator(request.isSecure(), request.getServerName()).createResultWithGroups(authenticationResult);
- Subject original = result.getSubject();
-
- if (original == null)
- {
- throw new SecurityException("Only authenticated users can access the management interface");
- }
- Subject subject = HttpManagementUtil.createServletConnectionSubject(request, original);
- Broker broker = (Broker) authenticationProvider.getParent();
- HttpManagementUtil.assertManagementAccess(broker, subject);
- HttpManagementUtil.saveAuthorisedSubject(request, subject);
-
- String originalRequestUri = getOriginalRequestUri(request);
- LOGGER.debug("Successful login. Redirect to original resource {}", originalRequestUri);
- response.sendRedirect(originalRequestUri);
- }
- catch (SecurityException e)
- {
- if (e instanceof AccessControlException)
- {
- LOGGER.info("User '{}' is not authorised for management", authenticationResult.getMainPrincipal());
- response.sendError(403, "User is not authorised for management");
- }
- else
- {
- LOGGER.info("Authentication failed", authenticationResult.getCause());
- response.sendError(401);
- }
- }
- };
+ return response -> getLoginHandler(request, response, configuration, port);
}
else
{
@@ -100,6 +67,39 @@ public class AnonymousInteractiveAuthenticator implements HttpRequestInteractive
}
}
+ private void getLoginHandler(HttpServletRequest request, HttpServletResponse response,
+ HttpManagementConfiguration configuration, Port<?> port) throws ServletException, IOException
+ {
+ final AnonymousAuthenticationManager authenticationProvider =
+ (AnonymousAuthenticationManager) configuration.getAuthenticationProvider(request);
+ final AuthenticationResult authenticationResult = authenticationProvider.getAnonymousAuthenticationResult();
+ try
+ {
+ final SubjectAuthenticationResult result = port.getSubjectCreator(request.isSecure(), request.getServerName()).createResultWithGroups(authenticationResult);
+ final Subject original = result.getSubject();
+
+ if (original == null)
+ {
+ throw new SecurityException("Only authenticated users can access the management interface");
+ }
+ final Subject subject = HttpManagementUtil.createServletConnectionSubject(request, original);
+ final Broker broker = (Broker) authenticationProvider.getParent();
+ HttpManagementUtil.assertManagementAccess(broker, subject);
+ HttpManagementUtil.saveAuthorisedSubject(request, subject);
+ request.getRequestDispatcher(HttpManagement.DEFAULT_LOGIN_URL).forward(request, response);
+ }
+ catch (AccessControlException e)
+ {
+ LOGGER.info("User '{}' is not authorised for management", authenticationResult.getMainPrincipal());
+ response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not authorised for management");
+ }
+ catch (SecurityException e)
+ {
+ LOGGER.info("Authentication failed", authenticationResult.getCause());
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ }
+ }
+
@Override
public LogoutHandler getLogoutHandler(final HttpServletRequest request,
final HttpManagementConfiguration configuration)
@@ -119,16 +119,4 @@ public class AnonymousInteractiveAuthenticator implements HttpRequestInteractive
{
return ANONYMOUS;
}
-
- private String getOriginalRequestUri(final HttpServletRequest request)
- {
- StringBuffer originalRequestURL = request.getRequestURL();
- final String queryString = request.getQueryString();
- if (queryString != null)
- {
- originalRequestURL.append("?").append(queryString);
- }
- return originalRequestURL.toString();
- }
-
}
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
index 4f7b98b..541ee43 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
@@ -20,11 +20,7 @@
*/
package org.apache.qpid.server.management.plugin.auth;
-import java.io.IOException;
-
-import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.apache.qpid.server.management.plugin.HttpManagement;
import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
@@ -35,16 +31,7 @@ import org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticati
@PluggableService
public class UsernamePasswordInteractiveLogin implements HttpRequestInteractiveAuthenticator
{
- private static final String DEFAULT_LOGIN_URL = "/index.html";
-
- private static final LogoutHandler LOGOUT_HANDLER = new LogoutHandler()
- {
- @Override
- public void handleLogout(final HttpServletResponse response) throws IOException
- {
- response.sendRedirect(HttpManagement.DEFAULT_LOGOUT_URL);
- }
- };
+ private static final LogoutHandler LOGOUT_HANDLER = response -> response.sendRedirect(HttpManagement.DEFAULT_LOGOUT_URL);
@Override
public AuthenticationHandler getAuthenticationHandler(final HttpServletRequest request,
@@ -52,7 +39,7 @@ public class UsernamePasswordInteractiveLogin implements HttpRequestInteractiveA
{
if(configuration.getAuthenticationProvider(request) instanceof UsernamePasswordAuthenticationProvider)
{
- return response -> request.getRequestDispatcher(DEFAULT_LOGIN_URL).forward(request, response);
+ return response -> request.getRequestDispatcher(HttpManagement.DEFAULT_LOGIN_URL).forward(request, response);
}
else
{
diff --git a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java
index dd4efb7..14db61d 100644
--- a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java
+++ b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java
@@ -116,7 +116,7 @@ public class PreemptiveAuthenticationTest extends HttpTestBase
{
HttpTestHelper helper = configForClientAuth("CN=foo");
- HttpURLConnection authenticateConnection = helper.openManagementConnection("/index.html", "GET");
+ HttpURLConnection authenticateConnection = helper.openManagementConnection(HttpManagement.DEFAULT_LOGIN_URL, "GET");
authenticateConnection.setInstanceFollowRedirects(false);
int status = authenticateConnection.getResponseCode();
@@ -125,7 +125,7 @@ public class PreemptiveAuthenticationTest extends HttpTestBase
assertThat(status, is(equalTo(HttpURLConnection.HTTP_MOVED_TEMP)));
- authenticateConnection = helper.openManagementConnection("/index.html", "GET");
+ authenticateConnection = helper.openManagementConnection(HttpManagement.DEFAULT_LOGIN_URL, "GET");
authenticateConnection.setRequestProperty("Cookie", cookies);
status = authenticateConnection.getResponseCode();
authenticateConnection.disconnect();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org