You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by rg...@apache.org on 2017/05/30 12:48:52 UTC
[2/2] qpid-broker-j git commit: QPID-7800 - [Java Broker] Refactor
Port classes to remove unnecessary intermediate classes/interfaces
QPID-7800 - [Java Broker] Refactor Port classes to remove unnecessary intermediate classes/interfaces
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/9baae38e
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/9baae38e
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/9baae38e
Branch: refs/heads/master
Commit: 9baae38e5b673c3384f7dde5072cbc6e8436e1bf
Parents: fed08da
Author: rgodfrey <rg...@apache.org>
Authored: Tue May 30 14:48:06 2017 +0200
Committer: rgodfrey <rg...@apache.org>
Committed: Tue May 30 14:48:06 2017 +0200
----------------------------------------------------------------------
.../server/model/AuthenticationProvider.java | 17 +-
.../java/org/apache/qpid/server/model/Port.java | 18 ++
...ctClientAuthCapablePortWithAuthProvider.java | 130 ---------
.../qpid/server/model/port/AbstractPort.java | 165 ++++++++++--
.../port/AbstractPortWithAuthProvider.java | 112 --------
.../apache/qpid/server/model/port/AmqpPort.java | 17 +-
.../qpid/server/model/port/AmqpPortImpl.java | 10 +-
.../model/port/ClientAuthCapablePort.java | 32 ---
.../apache/qpid/server/model/port/HttpPort.java | 16 +-
.../qpid/server/model/port/HttpPortImpl.java | 3 +-
.../server/model/port/PortWithAuthProvider.java | 29 --
.../qpid/server/security/SubjectCreator.java | 35 +--
.../manager/AbstractAuthenticationManager.java | 27 +-
.../OAuth2AuthenticationProviderImpl.java | 9 +-
.../server/security/SubjectCreatorTest.java | 37 +--
.../ManagedAuthenticationManagerTestBase.java | 9 +-
.../protocol/v0_10/AMQPConnection_0_10Impl.java | 97 ++++---
.../v0_10/ServerConnectionDelegate.java | 30 +--
.../protocol/v0_8/AMQPConnection_0_8Impl.java | 28 +-
.../protocol/v0_8/AMQPConnection_0_8Test.java | 7 +-
.../protocol/v1_0/AMQPConnection_1_0Impl.java | 270 ++++++++-----------
.../protocol/v1_0/type/transport/Open.java | 7 +-
.../protocol/v1_0/ProtocolEngine_1_0_0Test.java | 18 +-
.../management/plugin/HttpManagement.java | 15 +-
.../plugin/HttpManagementConfiguration.java | 3 +
.../management/plugin/HttpManagementUtil.java | 18 +-
.../auth/AnonymousInteractiveAuthenticator.java | 4 +-
.../auth/AnonymousPreemptiveAuthenticator.java | 4 +-
.../auth/BasicAuthPreemptiveAuthenticator.java | 4 +-
.../auth/OAuth2InteractiveAuthenticator.java | 5 +-
.../auth/OAuth2PreemptiveAuthenticator.java | 4 +-
.../SSLClientCertPreemptiveAuthenticator.java | 4 +-
.../plugin/servlet/rest/AbstractServlet.java | 3 +-
.../plugin/servlet/rest/RestServlet.java | 7 +-
.../plugin/servlet/rest/SaslServlet.java | 21 +-
.../OAuth2InteractiveAuthenticatorTest.java | 11 +-
.../auth/OAuth2PreemptiveAuthenticatorTest.java | 10 +-
.../org/apache/qpid/systest/rest/Asserts.java | 6 +-
38 files changed, 508 insertions(+), 734 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java b/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java
index 06d7e8d..cfa3163 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java
@@ -20,15 +20,9 @@
*/
package org.apache.qpid.server.model;
-import java.security.Principal;
import java.util.List;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
-
import org.apache.qpid.server.logging.EventLoggerProvider;
-import org.apache.qpid.server.security.SubjectCreator;
-import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.apache.qpid.server.security.auth.sasl.SaslSettings;
@@ -38,14 +32,6 @@ public interface AuthenticationProvider<X extends AuthenticationProvider<X>> ext
{
/**
- * A temporary method to create SubjectCreator.
- *
- * TODO: move all the functionality from SubjectCreator into AuthenticationProvider
- * @param secure
- */
- SubjectCreator getSubjectCreator(final boolean secure);
-
- /**
* Gets the SASL mechanisms known to this manager.
*
* @return SASL mechanism names, space separated.
@@ -61,4 +47,7 @@ public interface AuthenticationProvider<X extends AuthenticationProvider<X>> ext
List<String> getDisabledMechanisms();
SaslNegotiator createSaslNegotiator(String mechanism, final SaslSettings saslSettings);
+
+ List<String> getAvailableMechanisms(boolean secure);
+
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/Port.java b/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
index a3d3cc7..9da0a70 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/Port.java
@@ -27,6 +27,7 @@ import java.util.Set;
import com.google.common.util.concurrent.ListenableFuture;
import org.apache.qpid.server.configuration.CommonProperties;
+import org.apache.qpid.server.security.SubjectCreator;
@ManagedContextDependency({CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST})
@ManagedObject( description = Port.CLASS_DESCRIPTION, amqpName = "org.apache.qpid.Port")
@@ -50,6 +51,8 @@ public interface Port<X extends Port<X>> extends ConfiguredObject<X>
String AUTHENTICATION_PROVIDER = "authenticationProvider";
String KEY_STORE = "keyStore";
String TRUST_STORES = "trustStores";
+ String CLIENT_CERT_RECORDER = "clientCertRecorder";
+
String CONNECTION_MAXIMUM_AUTHENTICATION_DELAY = "connection.maximumAuthenticationDelay";
@@ -91,6 +94,18 @@ public interface Port<X extends Port<X>> extends ConfiguredObject<X>
@DerivedAttribute
List<String> getTlsCipherSuiteBlackList();
+ @ManagedAttribute
+ boolean getNeedClientAuth();
+
+ @ManagedAttribute
+ boolean getWantClientAuth();
+
+ @ManagedAttribute
+ TrustStore<?> getClientCertRecorder();
+
+ @ManagedAttribute( mandatory = true )
+ AuthenticationProvider<?> getAuthenticationProvider();
+
Collection<Connection> getConnections();
void start();
@@ -98,4 +113,7 @@ public interface Port<X extends Port<X>> extends ConfiguredObject<X>
ListenableFuture<Void> startAsync();
NamedAddressSpace getAddressSpace(String name);
+
+ SubjectCreator getSubjectCreator(final boolean secure);
+
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractClientAuthCapablePortWithAuthProvider.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractClientAuthCapablePortWithAuthProvider.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractClientAuthCapablePortWithAuthProvider.java
deleted file mode 100644
index 507bf36..0000000
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractClientAuthCapablePortWithAuthProvider.java
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.qpid.server.model.port;
-
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.qpid.server.configuration.IllegalConfigurationException;
-import org.apache.qpid.server.model.ConfiguredObject;
-import org.apache.qpid.server.model.Container;
-import org.apache.qpid.server.model.ManagedAttributeField;
-import org.apache.qpid.server.model.TrustStore;
-import org.apache.qpid.server.security.ManagedPeerCertificateTrustStore;
-
-abstract public class AbstractClientAuthCapablePortWithAuthProvider<X extends AbstractClientAuthCapablePortWithAuthProvider<X>> extends AbstractPortWithAuthProvider<X>
- implements ClientAuthCapablePort<X>
-{
- public static final String DEFAULT_AMQP_NEED_CLIENT_AUTH = "false";
- public static final String DEFAULT_AMQP_WANT_CLIENT_AUTH = "false";
-
- @ManagedAttributeField
- private boolean _needClientAuth;
-
- @ManagedAttributeField
- private boolean _wantClientAuth;
-
- @ManagedAttributeField
- private TrustStore<?> _clientCertRecorder;
-
- public AbstractClientAuthCapablePortWithAuthProvider(final Map<String, Object> attributes,
- final Container<?> broker)
- {
- super(attributes, broker);
- }
-
- @Override
- public boolean getNeedClientAuth()
- {
- return _needClientAuth;
- }
-
- @Override
- public TrustStore<?> getClientCertRecorder()
- {
- return _clientCertRecorder;
- }
-
- @Override
- public boolean getWantClientAuth()
- {
- return _wantClientAuth;
- }
-
- @Override
- public void onValidate()
- {
- super.onValidate();
- boolean useClientAuth = getNeedClientAuth() || getWantClientAuth();
-
- if(useClientAuth && (getTrustStores() == null || getTrustStores().isEmpty()))
- {
- throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust stores configured.");
- }
-
- boolean useTLSTransport = isUsingTLSTransport();
- if(useClientAuth && !useTLSTransport)
- {
- throw new IllegalConfigurationException(
- "Can't create port which requests SSL client certificates but doesn't use SSL transport.");
- }
-
- if(useClientAuth && getClientCertRecorder() != null)
- {
- if(!(getClientCertRecorder() instanceof ManagedPeerCertificateTrustStore))
- {
- throw new IllegalConfigurationException("Only trust stores of type " + ManagedPeerCertificateTrustStore.TYPE_NAME + " may be used as the client certificate recorder");
- }
- }
- }
-
- @Override
- protected void validateChange(final ConfiguredObject<?> proxyForValidation, final Set<String> changedAttributes)
- {
- super.validateChange(proxyForValidation, changedAttributes);
- ClientAuthCapablePort<?> updated = (ClientAuthCapablePort<?>)proxyForValidation;
-
- boolean requiresCertificate = updated.getNeedClientAuth() || updated.getWantClientAuth();
-
- boolean usesSsl = isUsingTLSTransport(updated.getTransports());
- if (usesSsl)
- {
- if ((updated.getTrustStores() == null || updated.getTrustStores().isEmpty() ) && requiresCertificate)
- {
- throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust store configured.");
- }
- }
- else
- {
- if (requiresCertificate)
- {
- throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but doesn't use SSL transport.");
- }
- }
-
-
- if(requiresCertificate && updated.getClientCertRecorder() != null)
- {
- if(!(updated.getClientCertRecorder() instanceof ManagedPeerCertificateTrustStore))
- {
- throw new IllegalConfigurationException("Only trust stores of type " + ManagedPeerCertificateTrustStore.TYPE_NAME + " may be used as the client certificate recorder");
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
index 9914c2f..94ff7c3 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
@@ -21,6 +21,7 @@
package org.apache.qpid.server.model.port;
+import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
@@ -36,20 +37,9 @@ import org.apache.qpid.server.configuration.CommonProperties;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.logging.EventLogger;
import org.apache.qpid.server.logging.messages.PortMessages;
-import org.apache.qpid.server.model.AbstractConfiguredObject;
-import org.apache.qpid.server.model.ConfiguredObject;
-import org.apache.qpid.server.model.Connection;
-import org.apache.qpid.server.model.Container;
-import org.apache.qpid.server.model.KeyStore;
-import org.apache.qpid.server.model.ManagedAttributeField;
-import org.apache.qpid.server.model.NamedAddressSpace;
-import org.apache.qpid.server.model.Port;
-import org.apache.qpid.server.model.Protocol;
-import org.apache.qpid.server.model.State;
-import org.apache.qpid.server.model.StateTransition;
-import org.apache.qpid.server.model.Transport;
-import org.apache.qpid.server.model.TrustStore;
-import org.apache.qpid.server.model.VirtualHostAlias;
+import org.apache.qpid.server.model.*;
+import org.apache.qpid.server.security.ManagedPeerCertificateTrustStore;
+import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.util.ParameterizedTypes;
public abstract class AbstractPort<X extends AbstractPort<X>> extends AbstractConfiguredObject<X> implements Port<X>
@@ -74,6 +64,19 @@ public abstract class AbstractPort<X extends AbstractPort<X>> extends AbstractCo
@ManagedAttributeField
private Set<Protocol> _protocols;
+ @ManagedAttributeField
+ private AuthenticationProvider _authenticationProvider;
+
+ @ManagedAttributeField
+ private boolean _needClientAuth;
+
+ @ManagedAttributeField
+ private boolean _wantClientAuth;
+
+ @ManagedAttributeField
+ private TrustStore<?> _clientCertRecorder;
+
+
private List<String> _tlsProtocolBlackList;
private List<String> _tlsProtocolWhiteList;
@@ -132,23 +135,87 @@ public abstract class AbstractPort<X extends AbstractPort<X>> extends AbstractCo
}
}
}
+
+ AuthenticationProvider<?> authenticationProvider = getAuthenticationProvider();
+ final Set<Transport> transports = getTransports();
+ validateAuthenticationMechanisms(authenticationProvider, transports);
+
+ boolean useClientAuth = getNeedClientAuth() || getWantClientAuth();
+
+ if(useClientAuth && (getTrustStores() == null || getTrustStores().isEmpty()))
+ {
+ throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust stores configured.");
+ }
+
+ if(useClientAuth && !useTLSTransport)
+ {
+ throw new IllegalConfigurationException(
+ "Can't create port which requests SSL client certificates but doesn't use SSL transport.");
+ }
+
+ if(useClientAuth && getClientCertRecorder() != null)
+ {
+ if(!(getClientCertRecorder() instanceof ManagedPeerCertificateTrustStore))
+ {
+ throw new IllegalConfigurationException("Only trust stores of type " + ManagedPeerCertificateTrustStore.TYPE_NAME + " may be used as the client certificate recorder");
+ }
+ }
}
- protected final boolean isUsingTLSTransport()
+ private void validateAuthenticationMechanisms(final AuthenticationProvider<?> authenticationProvider,
+ final Set<Transport> transports)
{
- return isUsingTLSTransport(getTransports());
+ List<String> availableMechanisms = new ArrayList<>(authenticationProvider.getMechanisms());
+ if(authenticationProvider.getDisabledMechanisms() != null)
+ {
+ availableMechanisms.removeAll(authenticationProvider.getDisabledMechanisms());
+ }
+ if (availableMechanisms.isEmpty())
+ {
+ throw new IllegalConfigurationException("The authentication provider '"
+ + authenticationProvider.getName()
+ + "' on port '"
+ + getName()
+ + "' has all authentication mechanisms disabled.");
+ }
+ if (hasNonTLSTransport(transports) && authenticationProvider.getSecureOnlyMechanisms() != null)
+ {
+ availableMechanisms.removeAll(authenticationProvider.getSecureOnlyMechanisms());
+ if(availableMechanisms.isEmpty())
+ {
+ throw new IllegalConfigurationException("The port '"
+ + getName()
+ + "' allows for non TLS connections, but all authentication "
+ + "mechanisms of the authentication provider '"
+ + authenticationProvider.getName()
+ + "' are disabled on non-secure connections.");
+ }
+ }
}
- protected final boolean isUsingTLSTransport(final Collection<Transport> transports)
+ @Override
+ public AuthenticationProvider getAuthenticationProvider()
{
- return hasTransportOfType(transports, true);
+ SystemConfig<?> systemConfig = getAncestor(SystemConfig.class);
+ if(systemConfig.isManagementMode())
+ {
+ return _container.getManagementModeAuthenticationProvider();
+ }
+ return _authenticationProvider;
+ }
+
+
+ private boolean isUsingTLSTransport()
+ {
+ return isUsingTLSTransport(getTransports());
}
- protected final boolean hasNonTLSTransport()
+ private boolean isUsingTLSTransport(final Collection<Transport> transports)
{
- return hasNonTLSTransport(getTransports());
+ return hasTransportOfType(transports, true);
}
- protected final boolean hasNonTLSTransport(final Collection<Transport> transports)
+
+ private boolean hasNonTLSTransport(final Collection<Transport> transports)
{
return hasTransportOfType(transports, false);
}
@@ -215,6 +282,37 @@ public abstract class AbstractPort<X extends AbstractPort<X>> extends AbstractCo
throw new IllegalConfigurationException("Can't create port which requires SSL but has no key store configured.");
}
}
+
+ if(changedAttributes.contains(Port.AUTHENTICATION_PROVIDER) || changedAttributes.contains(Port.TRANSPORTS))
+ {
+ validateAuthenticationMechanisms(updated.getAuthenticationProvider(), updated.getTransports());
+ }
+
+ boolean requiresCertificate = updated.getNeedClientAuth() || updated.getWantClientAuth();
+
+ if (usesSsl)
+ {
+ if ((updated.getTrustStores() == null || updated.getTrustStores().isEmpty() ) && requiresCertificate)
+ {
+ throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust store configured.");
+ }
+ }
+ else
+ {
+ if (requiresCertificate)
+ {
+ throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but doesn't use SSL transport.");
+ }
+ }
+
+
+ if(requiresCertificate && updated.getClientCertRecorder() != null)
+ {
+ if(!(updated.getClientCertRecorder() instanceof ManagedPeerCertificateTrustStore))
+ {
+ throw new IllegalConfigurationException("Only trust stores of type " + ManagedPeerCertificateTrustStore.TYPE_NAME + " may be used as the client certificate recorder");
+ }
+ }
}
@Override
@@ -351,6 +449,31 @@ public abstract class AbstractPort<X extends AbstractPort<X>> extends AbstractCo
}
@Override
+ public boolean getNeedClientAuth()
+ {
+ return _needClientAuth;
+ }
+
+ @Override
+ public TrustStore<?> getClientCertRecorder()
+ {
+ return _clientCertRecorder;
+ }
+
+ @Override
+ public boolean getWantClientAuth()
+ {
+ return _wantClientAuth;
+ }
+
+ @Override
+ public SubjectCreator getSubjectCreator(final boolean secure)
+ {
+ Collection children = _container.getChildren(GroupProvider.class);
+ return new SubjectCreator(getAuthenticationProvider(), children);
+ }
+
+ @Override
protected void logOperation(final String operation)
{
_eventLogger.message(PortMessages.OPERATION(operation));
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPortWithAuthProvider.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPortWithAuthProvider.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPortWithAuthProvider.java
deleted file mode 100644
index 7938a74..0000000
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPortWithAuthProvider.java
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.qpid.server.model.port;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.qpid.server.configuration.IllegalConfigurationException;
-import org.apache.qpid.server.model.AuthenticationProvider;
-import org.apache.qpid.server.model.ConfiguredObject;
-import org.apache.qpid.server.model.Container;
-import org.apache.qpid.server.model.ManagedAttributeField;
-import org.apache.qpid.server.model.Port;
-import org.apache.qpid.server.model.SystemConfig;
-import org.apache.qpid.server.model.Transport;
-
-abstract public class AbstractPortWithAuthProvider<X extends AbstractPortWithAuthProvider<X>> extends AbstractPort<X> implements PortWithAuthProvider<X>
-{
- private final Container<?> _container;
- @ManagedAttributeField
- private AuthenticationProvider _authenticationProvider;
-
- public AbstractPortWithAuthProvider(final Map<String, Object> attributes,
- final Container<?> container)
- {
- super(attributes, container);
- _container = container;
- }
-
- public AuthenticationProvider getAuthenticationProvider()
- {
- SystemConfig<?> systemConfig = getAncestor(SystemConfig.class);
- if(systemConfig.isManagementMode())
- {
- return _container.getManagementModeAuthenticationProvider();
- }
- return _authenticationProvider;
- }
-
- @Override
- public void onValidate()
- {
- super.onValidate();
-
- AuthenticationProvider<?> authenticationProvider = getAuthenticationProvider();
- final Set<Transport> transports = getTransports();
- validateAuthenticationMechanisms(authenticationProvider, transports);
-
- }
-
- private void validateAuthenticationMechanisms(final AuthenticationProvider<?> authenticationProvider,
- final Set<Transport> transports)
- {
- List<String> availableMechanisms = new ArrayList<>(authenticationProvider.getMechanisms());
- if(authenticationProvider.getDisabledMechanisms() != null)
- {
- availableMechanisms.removeAll(authenticationProvider.getDisabledMechanisms());
- }
- if (availableMechanisms.isEmpty())
- {
- throw new IllegalConfigurationException("The authentication provider '"
- + authenticationProvider.getName()
- + "' on port '"
- + getName()
- + "' has all authentication mechanisms disabled.");
- }
- if (hasNonTLSTransport(transports) && authenticationProvider.getSecureOnlyMechanisms() != null)
- {
- availableMechanisms.removeAll(authenticationProvider.getSecureOnlyMechanisms());
- if(availableMechanisms.isEmpty())
- {
- throw new IllegalConfigurationException("The port '"
- + getName()
- + "' allows for non TLS connections, but all authentication "
- + "mechanisms of the authentication provider '"
- + authenticationProvider.getName()
- + "' are disabled on non-secure connections.");
- }
- }
- }
-
- @Override
- protected void validateChange(final ConfiguredObject<?> proxyForValidation, final Set<String> changedAttributes)
- {
- super.validateChange(proxyForValidation, changedAttributes);
- if(changedAttributes.contains(Port.AUTHENTICATION_PROVIDER) || changedAttributes.contains(Port.TRANSPORTS))
- {
- PortWithAuthProvider<?> port = (PortWithAuthProvider<?>) proxyForValidation;
- validateAuthenticationMechanisms(port.getAuthenticationProvider(), port.getTransports());
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java
index 5bc46d9..44756cc 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPort.java
@@ -25,21 +25,19 @@ import java.util.Set;
import javax.net.ssl.SSLContext;
-import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.DerivedAttribute;
import org.apache.qpid.server.model.ManagedAttribute;
import org.apache.qpid.server.model.ManagedContextDefault;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedStatistic;
-import org.apache.qpid.server.model.NamedAddressSpace;
+import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.Protocol;
import org.apache.qpid.server.model.StatisticType;
import org.apache.qpid.server.model.StatisticUnit;
import org.apache.qpid.server.model.Transport;
-import org.apache.qpid.server.model.TrustStore;
@ManagedObject( category = false, type = "AMQP", amqpName = "org.apache.qpid.AmqpPort")
-public interface AmqpPort<X extends AmqpPort<X>> extends ClientAuthCapablePort<X>
+public interface AmqpPort<X extends AmqpPort<X>> extends Port<X>
{
String DEFAULT_AMQP_TCP_NO_DELAY = "true";
@@ -112,23 +110,20 @@ public interface AmqpPort<X extends AmqpPort<X>> extends ClientAuthCapablePort<X
@ManagedAttribute( defaultValue = "${" + PORT_AMQP_NUMBER_OF_SELECTORS + "}")
int getNumberOfSelectors();
+ @Override
@ManagedAttribute( defaultValue = DEFAULT_AMQP_NEED_CLIENT_AUTH )
boolean getNeedClientAuth();
+ @Override
@ManagedAttribute( defaultValue = DEFAULT_AMQP_WANT_CLIENT_AUTH )
boolean getWantClientAuth();
- @ManagedAttribute
- TrustStore<?> getClientCertRecorder();
-
- @ManagedAttribute( mandatory = true )
- AuthenticationProvider getAuthenticationProvider();
-
-
+ @Override
@ManagedAttribute( defaultValue = "TCP",
validValues = {"org.apache.qpid.server.model.port.AmqpPortImpl#getAllAvailableTransportCombinations()"})
Set<Transport> getTransports();
+ @Override
@ManagedAttribute( defaultValue = "${" + DEFAULT_AMQP_PROTOCOLS + "}", validValues = {"org.apache.qpid.server.model.port.AmqpPortImpl#getAllAvailableProtocolCombinations()"} )
Set<Protocol> getProtocols();
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java
index 902cd95..d928b27 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/port/AmqpPortImpl.java
@@ -22,9 +22,7 @@ package org.apache.qpid.server.model.port;
import java.io.IOException;
import java.io.StringWriter;
import java.net.SocketAddress;
-import java.security.GeneralSecurityException;
import java.security.PrivilegedAction;
-import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
@@ -34,10 +32,7 @@ import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
-import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
import javax.security.auth.Subject;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -70,12 +65,11 @@ import org.apache.qpid.server.plugin.TransportProviderFactory;
import org.apache.qpid.server.transport.AcceptingTransport;
import org.apache.qpid.server.transport.PortBindFailureException;
import org.apache.qpid.server.transport.TransportProvider;
+import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
import org.apache.qpid.server.util.PortUtil;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
-import org.apache.qpid.server.transport.network.security.ssl.QpidMultipleTrustManager;
-import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
-public class AmqpPortImpl extends AbstractClientAuthCapablePortWithAuthProvider<AmqpPortImpl> implements AmqpPort<AmqpPortImpl>
+public class AmqpPortImpl extends AbstractPort<AmqpPortImpl> implements AmqpPort<AmqpPortImpl>
{
private static final Logger LOGGER = LoggerFactory.getLogger(AmqpPortImpl.class);
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/main/java/org/apache/qpid/server/model/port/ClientAuthCapablePort.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/ClientAuthCapablePort.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/ClientAuthCapablePort.java
deleted file mode 100644
index 1c97e23..0000000
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/ClientAuthCapablePort.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.qpid.server.model.port;
-
-import org.apache.qpid.server.model.TrustStore;
-
-
-public interface ClientAuthCapablePort<X extends PortWithAuthProvider<X>> extends PortWithAuthProvider<X>
-{
- boolean getNeedClientAuth();
-
- boolean getWantClientAuth();
-
- TrustStore<?> getClientCertRecorder();
-}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java
index 6b3783b..3cc9158 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPort.java
@@ -22,17 +22,16 @@ package org.apache.qpid.server.model.port;
import java.util.Set;
-import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.DerivedAttribute;
import org.apache.qpid.server.model.ManagedAttribute;
import org.apache.qpid.server.model.ManagedContextDefault;
import org.apache.qpid.server.model.ManagedObject;
+import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.Protocol;
import org.apache.qpid.server.model.Transport;
-import org.apache.qpid.server.model.TrustStore;
@ManagedObject( category = false, type = "HTTP", amqpName = "org.apache.qpid.HttpPort")
-public interface HttpPort<X extends HttpPort<X>> extends ClientAuthCapablePort<X>
+public interface HttpPort<X extends HttpPort<X>> extends Port<X>
{
String DEFAULT_HTTP_NEED_CLIENT_AUTH = "false";
String DEFAULT_HTTP_WANT_CLIENT_AUTH = "false";
@@ -61,23 +60,20 @@ public interface HttpPort<X extends HttpPort<X>> extends ClientAuthCapablePort<X
@ManagedAttribute(defaultValue = "*")
String getBindingAddress();
+ @Override
@ManagedAttribute( defaultValue = DEFAULT_HTTP_NEED_CLIENT_AUTH)
boolean getNeedClientAuth();
+ @Override
@ManagedAttribute( defaultValue = DEFAULT_HTTP_WANT_CLIENT_AUTH)
boolean getWantClientAuth();
- @ManagedAttribute
- TrustStore<?> getClientCertRecorder();
-
- @ManagedAttribute( mandatory = true )
- AuthenticationProvider getAuthenticationProvider();
-
-
+ @Override
@ManagedAttribute( defaultValue = "TCP",
validValues = {"[ \"TCP\" ]", "[ \"SSL\" ]", "[ \"TCP\", \"SSL\" ]"})
Set<Transport> getTransports();
+ @Override
@ManagedAttribute( defaultValue = "HTTP", validValues = { "[ \"HTTP\"]"} )
Set<Protocol> getProtocols();
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java
index 7a56efa..88296df 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/model/port/HttpPortImpl.java
@@ -31,7 +31,7 @@ import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.util.PortUtil;
-public class HttpPortImpl extends AbstractClientAuthCapablePortWithAuthProvider<HttpPortImpl> implements HttpPort<HttpPortImpl>
+public class HttpPortImpl extends AbstractPort<HttpPortImpl> implements HttpPort<HttpPortImpl>
{
private PortManager _portManager;
@@ -60,6 +60,7 @@ public class HttpPortImpl extends AbstractClientAuthCapablePortWithAuthProvider<
super(attributes, container);
}
+ @Override
public void setPortManager(PortManager manager)
{
_portManager = manager;
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/main/java/org/apache/qpid/server/model/port/PortWithAuthProvider.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/model/port/PortWithAuthProvider.java b/broker-core/src/main/java/org/apache/qpid/server/model/port/PortWithAuthProvider.java
deleted file mode 100644
index b6854c5..0000000
--- a/broker-core/src/main/java/org/apache/qpid/server/model/port/PortWithAuthProvider.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.qpid.server.model.port;
-
-import org.apache.qpid.server.model.AuthenticationProvider;
-import org.apache.qpid.server.model.Port;
-
-public interface PortWithAuthProvider<X extends PortWithAuthProvider<X>> extends Port<X>
-{
- AuthenticationProvider getAuthenticationProvider();
-}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java b/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
index 9f6af23..4b54858 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
@@ -23,16 +23,13 @@ package org.apache.qpid.server.security;
import static org.apache.qpid.server.logging.messages.AuthenticationProviderMessages.AUTHENTICATION_FAILED;
import java.security.Principal;
-import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
-import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
-import org.apache.qpid.server.logging.LogMessage;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.GroupProvider;
import org.apache.qpid.server.security.auth.AuthenticationResult;
@@ -55,17 +52,14 @@ import org.apache.qpid.server.security.auth.sasl.SaslSettings;
public class SubjectCreator
{
private static final String UNKNOWN_AUTHENTICATION_ID = "<<UNKNOWN>>";
- private final boolean _secure;
private AuthenticationProvider<?> _authenticationProvider;
private Collection<GroupProvider<?>> _groupProviders;
public SubjectCreator(AuthenticationProvider<?> authenticationProvider,
- Collection<GroupProvider<?>> groupProviders,
- final boolean secure)
+ Collection<GroupProvider<?>> groupProviders)
{
_authenticationProvider = authenticationProvider;
_groupProviders = groupProviders;
- _secure = secure;
}
public AuthenticationProvider<?> getAuthenticationProvider()
@@ -73,35 +67,8 @@ public class SubjectCreator
return _authenticationProvider;
}
- /**
- * Gets the known SASL mechanisms
- *
- * @return SASL mechanism names, space separated.
- */
- public List<String> getMechanisms()
- {
- List<String> mechanisms = _authenticationProvider.getMechanisms();
- Set<String> filter = _authenticationProvider.getDisabledMechanisms() != null
- ? new HashSet<>(_authenticationProvider.getDisabledMechanisms())
- : new HashSet<String>() ;
- if(!_secure)
- {
- filter.addAll(_authenticationProvider.getSecureOnlyMechanisms());
- }
- if (!filter.isEmpty())
- {
- mechanisms = new ArrayList<>(mechanisms);
- mechanisms.removeAll(filter);
- }
- return mechanisms;
- }
-
public SaslNegotiator createSaslNegotiator(String mechanism, final SaslSettings saslSettings)
{
- if(!getMechanisms().contains(mechanism))
- {
- return null;
- }
return _authenticationProvider.createSaslNegotiator(mechanism, saslSettings);
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java
index 527897c..d4bbe76 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java
@@ -22,8 +22,10 @@ package org.apache.qpid.server.security.auth.manager;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import com.google.common.util.concurrent.FutureCallback;
import com.google.common.util.concurrent.Futures;
@@ -37,15 +39,12 @@ import org.apache.qpid.server.logging.messages.AuthenticationProviderMessages;
import org.apache.qpid.server.model.AbstractConfiguredObject;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Container;
-import org.apache.qpid.server.model.GroupProvider;
import org.apache.qpid.server.model.IntegrityViolationException;
import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.SystemConfig;
-import org.apache.qpid.server.model.port.AbstractPortWithAuthProvider;
-import org.apache.qpid.server.security.SubjectCreator;
public abstract class AbstractAuthenticationManager<T extends AbstractAuthenticationManager<T>>
extends AbstractConfiguredObject<T>
@@ -83,12 +82,25 @@ public abstract class AbstractAuthenticationManager<T extends AbstractAuthentica
}
@Override
- public SubjectCreator getSubjectCreator(final boolean secure)
+ public List<String> getAvailableMechanisms(boolean secure)
{
- Collection children = _container.getChildren(GroupProvider.class);
- return new SubjectCreator(this, children, secure);
+ List<String> mechanisms = getMechanisms();
+ Set<String> filter = getDisabledMechanisms() != null
+ ? new HashSet<>(getDisabledMechanisms())
+ : new HashSet<>() ;
+ if(!secure)
+ {
+ filter.addAll(getSecureOnlyMechanisms());
+ }
+ if (!filter.isEmpty())
+ {
+ mechanisms = new ArrayList<>(mechanisms);
+ mechanisms.removeAll(filter);
+ }
+ return mechanisms;
}
+
@StateTransition( currentState = State.UNINITIALIZED, desiredState = State.QUIESCED )
protected ListenableFuture<Void> startQuiesced()
{
@@ -128,8 +140,7 @@ public abstract class AbstractAuthenticationManager<T extends AbstractAuthentica
Collection<Port> ports = new ArrayList<>(_container.getChildren(Port.class));
for (Port<?> port : ports)
{
- if(port instanceof AbstractPortWithAuthProvider
- && ((AbstractPortWithAuthProvider<?>)port).getAuthenticationProvider() == this)
+ if(port.getAuthenticationProvider() == this)
{
throw new IntegrityViolationException("Authentication provider '" + providerName + "' is set on port " + port.getName());
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
index 6052d96..49aa020 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
@@ -220,7 +220,14 @@ public class OAuth2AuthenticationProviderImpl
@Override
public SaslNegotiator createSaslNegotiator(final String mechanism, final SaslSettings saslSettings)
{
- return new OAuth2Negotiator(this);
+ if(OAuth2Negotiator.MECHANISM.equals(mechanism))
+ {
+ return new OAuth2Negotiator(this);
+ }
+ else
+ {
+ return null;
+ }
}
@Override
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
----------------------------------------------------------------------
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
index 174dc0c..3be7ad9 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
@@ -69,8 +69,8 @@ public class SubjectCreatorTest extends QpidTestCase
when(_groupManager1.getGroupPrincipalsForUser(USERNAME_PRINCIPAL)).thenReturn(Collections.singleton(_group1));
when(_groupManager2.getGroupPrincipalsForUser(USERNAME_PRINCIPAL)).thenReturn(Collections.singleton(_group2));
- _subjectCreator = new SubjectCreator(_authenticationProvider, new HashSet<GroupProvider<?>>(Arrays.asList(_groupManager1, _groupManager2)),
- false);
+ _subjectCreator = new SubjectCreator(_authenticationProvider, new HashSet<GroupProvider<?>>(Arrays.asList(_groupManager1, _groupManager2))
+ );
_eventLogger = mock(EventLogger.class);
when(_authenticationProvider.getEventLogger()).thenReturn(_eventLogger);
_authenticationResult = new AuthenticationResult(USERNAME_PRINCIPAL);
@@ -144,38 +144,5 @@ public class SubjectCreatorTest extends QpidTestCase
assertEquals(expectedGroupPrincipals, actualGroupPrincipals);
}
- public void testDisabledMechanisms()
- {
- AuthenticationProvider<?> authenticationProvider = mock(AuthenticationProvider.class);
- SubjectCreator subjectCreator = new SubjectCreator(authenticationProvider,
- new HashSet<GroupProvider<?>>(Arrays.asList(_groupManager1,
- _groupManager2)),
- false);
- when(authenticationProvider.getMechanisms()).thenReturn(Arrays.asList("PLAIN", "SCRAM-SHA-1"));
- assertTrue("Should contain SCRAM-SHA-1 mechanism.", subjectCreator.getMechanisms().contains("SCRAM-SHA-1"));
- assertTrue("Should contain PLAIN mechanism.", subjectCreator.getMechanisms().contains("PLAIN"));
- when(authenticationProvider.getDisabledMechanisms()).thenReturn(Arrays.asList("SCRAM-SHA-1"));
- assertFalse("SCRAM-SHA-1 should have been filtered out.", subjectCreator.getMechanisms().contains("SCRAM-SHA-1"));
- assertTrue("PLAIN should not have been filtered out.", subjectCreator.getMechanisms().contains("PLAIN"));
- }
- public void testSecureOnlyMechanisms()
- {
- AuthenticationProvider<?> authenticationProvider = mock(AuthenticationProvider.class);
- SubjectCreator subjectCreator;
- subjectCreator = new SubjectCreator(authenticationProvider,
- new HashSet<GroupProvider<?>>(Arrays.asList(_groupManager1, _groupManager2)),
- false);
- when(authenticationProvider.getMechanisms()).thenReturn(Arrays.asList("PLAIN", "SCRAM-SHA-1"));
- assertTrue("Should contain SCRAM-SHA-1 mechanism", subjectCreator.getMechanisms().contains("SCRAM-SHA-1"));
- assertTrue("Should contain PLAIN mechanism", subjectCreator.getMechanisms().contains("PLAIN"));
- when(authenticationProvider.getSecureOnlyMechanisms()).thenReturn(Arrays.asList("PLAIN"));
- assertTrue("SCRAM-SHA-1 should not have been filtered out.", subjectCreator.getMechanisms().contains("SCRAM-SHA-1"));
- assertFalse("PLAIN should have been filtered out on insecure connection.", subjectCreator.getMechanisms().contains("PLAIN"));
-
- subjectCreator = new SubjectCreator(authenticationProvider,
- new HashSet<GroupProvider<?>>(Arrays.asList(_groupManager1, _groupManager2)),
- true);
- assertTrue("SCRAM-SHA-1 should not have been filtered out.", subjectCreator.getMechanisms().contains("SCRAM-SHA-1"));
- assertTrue("PLAIN should not have been filtered out on secure connection.", subjectCreator.getMechanisms().contains("PLAIN"));}
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ManagedAuthenticationManagerTestBase.java
----------------------------------------------------------------------
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ManagedAuthenticationManagerTestBase.java b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ManagedAuthenticationManagerTestBase.java
index 8ca5366..302ab56 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ManagedAuthenticationManagerTestBase.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ManagedAuthenticationManagerTestBase.java
@@ -35,10 +35,9 @@ import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.BrokerTestHelper;
import org.apache.qpid.server.model.User;
-import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticationResult;
-import org.apache.qpid.server.model.BrokerTestHelper;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.apache.qpid.server.security.auth.sasl.SaslSettings;
import org.apache.qpid.test.utils.QpidTestCase;
@@ -92,10 +91,8 @@ abstract class ManagedAuthenticationManagerTestBase extends QpidTestCase
public void testMechanisms()
{
- SubjectCreator insecureCreator = _authManager.getSubjectCreator(false);
- assertFalse("PLAIN authentication should not be available on an insecure connection", insecureCreator.getMechanisms().contains("PLAIN"));
- SubjectCreator secureCreator = _authManager.getSubjectCreator(true);
- assertTrue("PLAIN authentication should be available on a secure connection", secureCreator.getMechanisms().contains("PLAIN"));
+ assertFalse("PLAIN authentication should not be available on an insecure connection", _authManager.getAvailableMechanisms(false).contains("PLAIN"));
+ assertTrue("PLAIN authentication should be available on a secure connection", _authManager.getAvailableMechanisms(true).contains("PLAIN"));
}
public void testAddChildAndThenDelete() throws ExecutionException, InterruptedException
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10Impl.java
----------------------------------------------------------------------
diff --git a/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10Impl.java b/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10Impl.java
index 594280f..127b0a0 100755
--- a/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10Impl.java
+++ b/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10Impl.java
@@ -40,18 +40,17 @@ import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.Protocol;
import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.model.port.AmqpPort;
-import org.apache.qpid.server.security.SubjectCreator;
+import org.apache.qpid.server.protocol.v0_10.transport.ConnectionCloseCode;
import org.apache.qpid.server.session.AMQPSession;
import org.apache.qpid.server.store.StoreException;
import org.apache.qpid.server.transport.AbstractAMQPConnection;
import org.apache.qpid.server.transport.AggregateTicker;
+import org.apache.qpid.server.transport.ByteBufferSender;
import org.apache.qpid.server.transport.ProtocolEngine;
import org.apache.qpid.server.transport.ServerNetworkConnection;
import org.apache.qpid.server.util.Action;
import org.apache.qpid.server.util.ConnectionScopedRuntimeException;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
-import org.apache.qpid.server.transport.ByteBufferSender;
-import org.apache.qpid.server.protocol.v0_10.transport.ConnectionCloseCode;
public class AMQPConnection_0_10Impl extends AbstractAMQPConnection<AMQPConnection_0_10Impl, ServerConnection>
@@ -84,8 +83,7 @@ public class AMQPConnection_0_10Impl extends AbstractAMQPConnection<AMQPConnecti
_connection = new ServerConnection(id, broker, port, transport, this);
- SubjectCreator subjectCreator = port.getAuthenticationProvider().getSubjectCreator(transport.isSecure());
- ServerConnectionDelegate connDelegate = new ServerConnectionDelegate(broker, subjectCreator);
+ ServerConnectionDelegate connDelegate = new ServerConnectionDelegate(port, transport.isSecure());
_connection.setConnectionDelegate(connDelegate);
_connection.setRemoteAddress(network.getRemoteAddress());
@@ -93,17 +91,13 @@ public class AMQPConnection_0_10Impl extends AbstractAMQPConnection<AMQPConnecti
_inputHandler = new ServerInputHandler(new ServerAssembler(_connection));
_connection.addFrameSizeObserver(_inputHandler);
- AccessController.doPrivileged(new PrivilegedAction<Object>()
+ AccessController.doPrivileged((PrivilegedAction<Object>) () ->
{
- @Override
- public Object run()
- {
- _connection.setNetworkConnection(getNetwork());
- _disassembler = new ServerDisassembler(wrapSender(getNetwork().getSender()), Constant.MIN_MAX_FRAME_SIZE);
- _connection.setSender(_disassembler);
- _connection.addFrameSizeObserver(_disassembler);
- return null;
- }
+ _connection.setNetworkConnection(getNetwork());
+ _disassembler = new ServerDisassembler(wrapSender(getNetwork().getSender()), Constant.MIN_MAX_FRAME_SIZE);
+ _connection.setSender(_disassembler);
+ _connection.addFrameSizeObserver(_disassembler);
+ return null;
}, getAccessControllerContext());
}
@@ -139,36 +133,33 @@ public class AMQPConnection_0_10Impl extends AbstractAMQPConnection<AMQPConnecti
};
}
+ @Override
public void received(final QpidByteBuffer buf)
{
- AccessController.doPrivileged(new PrivilegedAction<Object>()
+ AccessController.doPrivileged((PrivilegedAction<Object>) () ->
{
- @Override
- public Object run()
+ updateLastReadTime();
+ try
+ {
+ _inputHandler.received(buf);
+ _connection.receivedComplete();
+ }
+ catch (IllegalArgumentException | IllegalStateException e)
{
- updateLastReadTime();
- try
+ throw new ConnectionScopedRuntimeException(e);
+ }
+ catch (StoreException e)
+ {
+ if (getAddressSpace().isActive())
{
- _inputHandler.received(buf);
- _connection.receivedComplete();
+ throw new ServerScopedRuntimeException(e);
}
- catch (IllegalArgumentException | IllegalStateException e)
+ else
{
throw new ConnectionScopedRuntimeException(e);
}
- catch (StoreException e)
- {
- if (getAddressSpace().isActive())
- {
- throw new ServerScopedRuntimeException(e);
- }
- else
- {
- throw new ConnectionScopedRuntimeException(e);
- }
- }
- return null;
}
+ return null;
}, getAccessControllerContext());
}
@@ -177,22 +168,20 @@ public class AMQPConnection_0_10Impl extends AbstractAMQPConnection<AMQPConnecti
{
}
+ @Override
public void writerIdle()
{
_connection.doHeartBeat();
}
+ @Override
public void readerIdle()
{
- AccessController.doPrivileged(new PrivilegedAction<Object>()
+ AccessController.doPrivileged((PrivilegedAction<Object>) () ->
{
- @Override
- public Object run()
- {
- _connection.getEventLogger().message(ConnectionMessages.IDLE_CLOSE("Current connection state: " + _connection.getConnectionDelegate().getState(), true));
- getNetwork().close();
- return null;
- }
+ _connection.getEventLogger().message(ConnectionMessages.IDLE_CLOSE("Current connection state: " + _connection.getConnectionDelegate().getState(), true));
+ getNetwork().close();
+ return null;
}, getAccessControllerContext());
}
@@ -207,18 +196,14 @@ public class AMQPConnection_0_10Impl extends AbstractAMQPConnection<AMQPConnecti
{
try
{
- AccessController.doPrivileged(new PrivilegedAction<Void>()
+ AccessController.doPrivileged((PrivilegedAction<Void>) () ->
{
- @Override
- public Void run()
+ _inputHandler.closed();
+ if(_disassembler != null)
{
- _inputHandler.closed();
- if(_disassembler != null)
- {
- _disassembler.closed();
- }
- return null;
+ _disassembler.closed();
}
+ return null;
}, getAccessControllerContext());
}
finally
@@ -281,16 +266,19 @@ public class AMQPConnection_0_10Impl extends AbstractAMQPConnection<AMQPConnecti
notifyWork();
}
+ @Override
public void clearWork()
{
_stateChanged.set(false);
}
+ @Override
public void setWorkListener(final Action<ProtocolEngine> listener)
{
_workListener.set(listener);
}
+ @Override
public boolean hasSessionWithName(final byte[] name)
{
return _connection.hasSessionWithName(name);
@@ -319,16 +307,19 @@ public class AMQPConnection_0_10Impl extends AbstractAMQPConnection<AMQPConnecti
_connection.addAsyncTask(action);
}
+ @Override
public void block()
{
_connection.block();
}
+ @Override
public String getRemoteContainerName()
{
return getClientId();
}
+ @Override
public Collection<? extends Session_0_10> getSessionModels()
{
final Collection<org.apache.qpid.server.model.Session> sessions =
@@ -337,11 +328,13 @@ public class AMQPConnection_0_10Impl extends AbstractAMQPConnection<AMQPConnecti
return session_0_10s;
}
+ @Override
public void unblock()
{
_connection.unblock();
}
+ @Override
public long getSessionCountLimit()
{
return _connection.getSessionCountLimit();
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java
----------------------------------------------------------------------
diff --git a/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java b/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java
index 3823e91..566131d 100644
--- a/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java
+++ b/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java
@@ -37,17 +37,18 @@ import org.slf4j.LoggerFactory;
import org.apache.qpid.server.common.ServerPropertyNames;
import org.apache.qpid.server.configuration.CommonProperties;
-import org.apache.qpid.server.properties.ConnectionStartProperties;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.NamedAddressSpace;
+import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.port.AmqpPort;
+import org.apache.qpid.server.properties.ConnectionStartProperties;
import org.apache.qpid.server.protocol.v0_10.transport.*;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.apache.qpid.server.security.auth.sasl.SaslSettings;
-import org.apache.qpid.server.transport.*;
+import org.apache.qpid.server.transport.AMQPConnection;
import org.apache.qpid.server.util.ConnectionScopedRuntimeException;
import org.apache.qpid.server.virtualhost.VirtualHostUnavailableException;
@@ -81,24 +82,15 @@ public class ServerConnectionDelegate extends MethodDelegate<ServerConnection> i
private volatile SubjectAuthenticationResult _successfulAuthenticationResult;
- public ServerConnectionDelegate(Broker<?> broker, SubjectCreator subjectCreator)
- {
- this(createConnectionProperties(broker), Collections.singletonList((Object)"en_US"), broker, subjectCreator);
- }
-
- private ServerConnectionDelegate(Map<String, Object> properties,
- List<Object> locales,
- Broker<?> broker,
- SubjectCreator subjectCreator)
+ public ServerConnectionDelegate(Port<?> port, boolean secure)
{
- _clientProperties = properties;
- _mechanisms = (List) subjectCreator.getMechanisms();
- _locales = locales;
+ _broker = (Broker<?>) port.getParent();
+ _clientProperties = createConnectionProperties((Broker<?>) port.getParent());
+ _mechanisms = new ArrayList<>(port.getAuthenticationProvider().getAvailableMechanisms(secure));
- _broker = broker;
- _maxNoOfChannels = broker.getConnection_sessionCountLimit();
- _subjectCreator = subjectCreator;
- _maximumFrameSize = Math.min(0xffff, broker.getNetworkBufferSize());
+ _maxNoOfChannels = _broker.getConnection_sessionCountLimit();
+ _subjectCreator = port.getSubjectCreator(secure);
+ _maximumFrameSize = Math.min(0xffff, _broker.getNetworkBufferSize());
}
@Override
@@ -173,7 +165,7 @@ public class ServerConnectionDelegate extends MethodDelegate<ServerConnection> i
{
assertState(serverConnection, ConnectionState.INIT);
serverConnection.send(new ProtocolHeader(1, 0, 10));
- serverConnection.sendConnectionStart(_clientProperties, _mechanisms, _locales);
+ serverConnection.sendConnectionStart(_clientProperties, _mechanisms, Collections.singletonList((Object)"en_US"));
_state = ConnectionState.AWAIT_START_OK;
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Impl.java
----------------------------------------------------------------------
diff --git a/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Impl.java b/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Impl.java
index 2093f91..8bf1183 100644
--- a/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Impl.java
+++ b/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Impl.java
@@ -223,16 +223,19 @@ public class AMQPConnection_0_8Impl
return broker.getNetworkBufferSize() - AMQFrame.getFrameOverhead();
}
+ @Override
public boolean isClosing()
{
return _orderlyClose.get();
}
+ @Override
public ClientDeliveryMethod createDeliveryMethod(int channelId)
{
return new WriteDeliverMethod(channelId);
}
+ @Override
public void received(final QpidByteBuffer msg)
{
AccessController.doPrivileged(new PrivilegedAction<Void>()
@@ -314,8 +317,7 @@ public class AMQPConnection_0_8Impl
setProtocolVersion(pv);
StringBuilder mechanismBuilder = new StringBuilder();
- SubjectCreator subjectCreator = getPort().getAuthenticationProvider().getSubjectCreator(getTransport().isSecure());
- for(String mechanismName : subjectCreator.getMechanisms())
+ for(String mechanismName : getPort().getAuthenticationProvider().getAvailableMechanisms(getTransport().isSecure()))
{
if(mechanismBuilder.length() != 0)
{
@@ -366,6 +368,7 @@ public class AMQPConnection_0_8Impl
}
}
+ @Override
public synchronized void writeFrame(AMQDataBlock frame)
{
if(_logger.isDebugEnabled())
@@ -397,6 +400,7 @@ public class AMQPConnection_0_8Impl
}
}
+ @Override
public boolean channelAwaitingClosure(int channelId)
{
return !_closingChannelsList.isEmpty() && _closingChannelsList.containsKey(channelId);
@@ -435,11 +439,13 @@ public class AMQPConnection_0_8Impl
}
+ @Override
public void closeChannel(AMQChannel channel)
{
closeChannel(channel, 0, null, false);
}
+ @Override
public void closeChannelAndWriteFrame(AMQChannel channel, int cause, String message)
{
writeFrame(new AMQFrame(channel.getChannelId(),
@@ -478,6 +484,7 @@ public class AMQPConnection_0_8Impl
}
+ @Override
public void closeChannelOk(int channelId)
{
_closingChannelsList.remove(channelId);
@@ -535,6 +542,7 @@ public class AMQPConnection_0_8Impl
}
}
+ @Override
public void sendConnectionClose(int errorCode,
String message, int channelId)
{
@@ -574,6 +582,7 @@ public class AMQPConnection_0_8Impl
getNetwork().close();
}
+ @Override
public boolean isSendQueueDeleteOkRegardless()
{
return _sendQueueDeleteOkRegardless;
@@ -639,6 +648,7 @@ public class AMQPConnection_0_8Impl
return _protocolVersion.getMajorVersion();
}
+ @Override
public ProtocolVersion getProtocolVersion()
{
return _protocolVersion;
@@ -654,16 +664,19 @@ public class AMQPConnection_0_8Impl
return getMethodRegistry();
}
+ @Override
public ProtocolOutputConverter getProtocolOutputConverter()
{
return _protocolOutputConverter;
}
+ @Override
public MethodRegistry getMethodRegistry()
{
return _methodRegistry;
}
+ @Override
public void closed()
{
try
@@ -708,6 +721,7 @@ public class AMQPConnection_0_8Impl
{
}
+ @Override
public void readerIdle()
{
AccessController.doPrivileged(new PrivilegedAction<Object>()
@@ -722,11 +736,13 @@ public class AMQPConnection_0_8Impl
}, getAccessControllerContext());
}
+ @Override
public synchronized void writerIdle()
{
writeFrame(HeartbeatBody.FRAME);
}
+ @Override
public long getSessionCountLimit()
{
return getMaximumNumberOfChannels();
@@ -737,6 +753,7 @@ public class AMQPConnection_0_8Impl
return String.valueOf(getNetwork().getRemoteAddress());
}
+ @Override
public void closeSessionAsync(final AMQPSession<?,?> session, final CloseReason reason, final String message)
{
final int cause;
@@ -826,6 +843,7 @@ public class AMQPConnection_0_8Impl
}
}
+ @Override
public void unblock()
{
synchronized (_channelAddRemoveLock)
@@ -854,6 +872,7 @@ public class AMQPConnection_0_8Impl
}
+ @Override
public void setDeferFlush(boolean deferFlush)
{
_deferFlush = deferFlush;
@@ -1214,6 +1233,7 @@ public class AMQPConnection_0_8Impl
}
+ @Override
public int getBinaryDataLimit()
{
return _binaryDataLimit;
@@ -1244,11 +1264,13 @@ public class AMQPConnection_0_8Impl
}
+ @Override
public Object getReference()
{
return _reference;
}
+ @Override
public boolean isCloseWhenNoRoute()
{
return _closeWhenNoRoute;
@@ -1261,7 +1283,7 @@ public class AMQPConnection_0_8Impl
private SubjectCreator getSubjectCreator()
{
- return getPort().getAuthenticationProvider().getSubjectCreator(getTransport().isSecure());
+ return getPort().getSubjectCreator(getTransport().isSecure());
}
@Override
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9baae38e/broker-plugins/amqp-0-8-protocol/src/test/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Test.java
----------------------------------------------------------------------
diff --git a/broker-plugins/amqp-0-8-protocol/src/test/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Test.java b/broker-plugins/amqp-0-8-protocol/src/test/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Test.java
index 3cd2d1b..d2c4035 100644
--- a/broker-plugins/amqp-0-8-protocol/src/test/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Test.java
+++ b/broker-plugins/amqp-0-8-protocol/src/test/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Test.java
@@ -21,6 +21,7 @@
package org.apache.qpid.server.protocol.v0_8;
import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.anyBoolean;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -81,6 +82,7 @@ public class AMQPConnection_0_8Test extends QpidTestCase
private AggregateTicker _ticker;
private ByteBufferSender _sender;
+ @Override
public void setUp() throws Exception
{
super.setUp();
@@ -129,7 +131,6 @@ public class AMQPConnection_0_8Test extends QpidTestCase
SubjectCreator subjectCreator = mock(SubjectCreator.class);
- when(subjectCreator.getMechanisms()).thenReturn(Collections.singletonList(SASL_MECH.toString()));
SaslNegotiator saslNegotiator = mock(SaslNegotiator.class);
when(subjectCreator.createSaslNegotiator(eq(SASL_MECH.toString()), any(SaslSettings.class))).thenReturn(saslNegotiator);
@@ -137,7 +138,7 @@ public class AMQPConnection_0_8Test extends QpidTestCase
new AuthenticationResult(new AuthenticatedPrincipal(new UsernamePrincipal("username", null))), new Subject()));
AuthenticationProvider authenticationProvider = mock(AuthenticationProvider.class);
- when(authenticationProvider.getSubjectCreator(false)).thenReturn(subjectCreator);
+ when(authenticationProvider.getAvailableMechanisms(anyBoolean())).thenReturn(Collections.singletonList(SASL_MECH.toString()));
_port = mock(AmqpPort.class);
when(_port.getParent()).thenReturn(_broker);
@@ -148,6 +149,7 @@ public class AMQPConnection_0_8Test extends QpidTestCase
when(_port.getAddressSpace(VIRTUAL_HOST_NAME)).thenReturn(_virtualHost);
when(_port.getContextValue(Long.class, Port.CONNECTION_MAXIMUM_AUTHENTICATION_DELAY)).thenReturn(2500l);
when(_port.getContextValue(Integer.class, Connection.MAX_MESSAGE_SIZE)).thenReturn(Connection.DEFAULT_MAX_MESSAGE_SIZE);
+ when(_port.getSubjectCreator(false)).thenReturn(subjectCreator);
_sender = mock(ByteBufferSender.class);
@@ -160,6 +162,7 @@ public class AMQPConnection_0_8Test extends QpidTestCase
_ticker = new AggregateTicker();
}
+ @Override
public void tearDown() throws Exception
{
try
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org