You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2013/04/19 17:00:10 UTC
svn commit: r1469865 - in /qpid/branches/0.22/qpid/java: ./
amqp-1-0-client-jms/ amqp-1-0-client/ amqp-1-0-common/
broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/
broker-plugins/management-http/src/main/java/org/a...
Author: robbie
Date: Fri Apr 19 15:00:08 2013
New Revision: 1469865
URL: http://svn.apache.org/r1469865
Log:
QPID-4705: Restrict access to web management interfaces to authenticated and authorised users only
merged from trunk r1465590
Added:
qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementConfiguration.java
- copied unchanged from r1465590, qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementConfiguration.java
qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
- copied unchanged from r1465590, qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/
- copied from r1465590, qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/
qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/ForbiddingAuthorisationFilter.java
- copied unchanged from r1465590, qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/ForbiddingAuthorisationFilter.java
qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingAuthorisationFilter.java
- copied unchanged from r1465590, qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingAuthorisationFilter.java
qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
- copied unchanged from r1465590, qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/resources/login.html
- copied unchanged from r1465590, qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/login.html
qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/AnonymousAccessRestTest.java
- copied unchanged from r1465590, qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/AnonymousAccessRestTest.java
Modified:
qpid/branches/0.22/qpid/java/ (props changed)
qpid/branches/0.22/qpid/java/amqp-1-0-client/ (props changed)
qpid/branches/0.22/qpid/java/amqp-1-0-client-jms/ (props changed)
qpid/branches/0.22/qpid/java/amqp-1-0-common/ (props changed)
qpid/branches/0.22/qpid/java/broker/ (props changed)
qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/HelperServlet.java
qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/LogoutServlet.java
qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html
qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/sasl.js
qpid/branches/0.22/qpid/java/broker/bin/ (props changed)
qpid/branches/0.22/qpid/java/broker/etc/md5passwd
qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/message/MessageMetaData_1_0.java (props changed)
qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0.java (props changed)
qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0_SASL.java (props changed)
qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/v1_0/ (props changed)
qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/queue/ (props changed)
qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/ (props changed)
qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/LoggingManagement.java (props changed)
qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedBroker.java (props changed)
qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedConnection.java (props changed)
qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedExchange.java (props changed)
qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedQueue.java (props changed)
qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/UserManagement.java (props changed)
qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanAttribute.java (props changed)
qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanConstructor.java (props changed)
qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanDescription.java (props changed)
qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanOperation.java (props changed)
qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanOperationParameter.java (props changed)
qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/server/SupportedProtocolVersionsTest.java (props changed)
qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BasicAuthRestTest.java
qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/QpidRestTestCase.java
qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java
qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/UserRestTest.java
qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java (props changed)
qpid/branches/0.22/qpid/java/test-profiles/ (props changed)
qpid/branches/0.22/qpid/java/test-profiles/CPPExcludes (props changed)
qpid/branches/0.22/qpid/java/test-profiles/Excludes (props changed)
qpid/branches/0.22/qpid/java/test-profiles/JavaBDBExcludes (props changed)
qpid/branches/0.22/qpid/java/test-profiles/JavaExcludes (props changed)
qpid/branches/0.22/qpid/java/test-profiles/JavaPre010Excludes (props changed)
qpid/branches/0.22/qpid/java/test-profiles/JavaTransientExcludes (props changed)
qpid/branches/0.22/qpid/java/test-profiles/XAExcludes (props changed)
qpid/branches/0.22/qpid/java/test-profiles/cpp.async.testprofile (props changed)
qpid/branches/0.22/qpid/java/test-profiles/cpp.cluster.testprofile (props changed)
qpid/branches/0.22/qpid/java/test-profiles/cpp.noprefetch.testprofile (props changed)
qpid/branches/0.22/qpid/java/test-profiles/cpp.ssl.excludes (props changed)
qpid/branches/0.22/qpid/java/test-profiles/cpp.ssl.testprofile (props changed)
qpid/branches/0.22/qpid/java/test-profiles/cpp.testprofile (props changed)
qpid/branches/0.22/qpid/java/test-profiles/java-bdb-spawn.0-9-1.testprofile (props changed)
qpid/branches/0.22/qpid/java/test-profiles/java-bdb.0-9-1.testprofile (props changed)
qpid/branches/0.22/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile (props changed)
qpid/branches/0.22/qpid/java/test-profiles/java-dby.0-9-1.testprofile (props changed)
qpid/branches/0.22/qpid/java/test-profiles/java-mms-spawn.0-10.testprofile (props changed)
qpid/branches/0.22/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile (props changed)
qpid/branches/0.22/qpid/java/test-profiles/java-mms.0-9-1.testprofile (props changed)
qpid/branches/0.22/qpid/java/test-profiles/log4j-test.xml (props changed)
qpid/branches/0.22/qpid/java/test-profiles/test-provider.properties (props changed)
qpid/branches/0.22/qpid/java/test-profiles/test_resources/ (props changed)
qpid/branches/0.22/qpid/java/test-profiles/testprofile.defaults (props changed)
Propchange: qpid/branches/0.22/qpid/java/
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java:r1465590
Propchange: qpid/branches/0.22/qpid/java/amqp-1-0-client/
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/amqp-1-0-client:r1465590
Propchange: qpid/branches/0.22/qpid/java/amqp-1-0-client-jms/
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/amqp-1-0-client-jms:r1465590
Propchange: qpid/branches/0.22/qpid/java/amqp-1-0-common/
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/amqp-1-0-common:r1465590
Propchange: qpid/branches/0.22/qpid/java/broker/
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/broker:r1465590
Modified: qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java?rev=1469865&r1=1469864&r2=1469865&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java (original)
+++ qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java Fri Apr 19 15:00:08 2013
@@ -24,6 +24,7 @@ import java.io.File;
import java.lang.reflect.Type;
import java.util.Collection;
import java.util.Collections;
+import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -33,9 +34,10 @@ import org.apache.log4j.Logger;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.logging.actors.CurrentActor;
import org.apache.qpid.server.logging.messages.ManagementConsoleMessages;
+import org.apache.qpid.server.management.plugin.filter.ForbiddingAuthorisationFilter;
+import org.apache.qpid.server.management.plugin.filter.RedirectingAuthorisationFilter;
import org.apache.qpid.server.management.plugin.servlet.DefinedFileServlet;
import org.apache.qpid.server.management.plugin.servlet.FileServlet;
-import org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.HelperServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.LogRecordsServlet;
import org.apache.qpid.server.management.plugin.servlet.rest.LogoutServlet;
@@ -66,15 +68,17 @@ import org.apache.qpid.server.model.adap
import org.apache.qpid.server.plugin.PluginFactory;
import org.apache.qpid.server.util.MapValueConverter;
import org.eclipse.jetty.server.Connector;
+import org.eclipse.jetty.server.DispatcherType;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.SessionManager;
import org.eclipse.jetty.server.nio.SelectChannelConnector;
import org.eclipse.jetty.server.ssl.SslSocketConnector;
+import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.ssl.SslContextFactory;
-public class HttpManagement extends AbstractPluginAdapter
+public class HttpManagement extends AbstractPluginAdapter implements HttpManagementConfiguration
{
private final Logger _logger = Logger.getLogger(HttpManagement.class);
@@ -105,8 +109,6 @@ public class HttpManagement extends Abst
add(PluginFactory.PLUGIN_TYPE);
}});
- public static final String ENTRY_POINT_PATH = "/management";
-
private static final String OPERATIONAL_LOGGING_NAME = "Web";
@@ -266,8 +268,14 @@ public class HttpManagement extends Abst
server.setHandler(root);
// set servlet context attributes for broker and configuration
- root.getServletContext().setAttribute(AbstractServlet.ATTR_BROKER, _broker);
- root.getServletContext().setAttribute(AbstractServlet.ATTR_MANAGEMENT, this);
+ root.getServletContext().setAttribute(HttpManagementUtil.ATTR_BROKER, _broker);
+ root.getServletContext().setAttribute(HttpManagementUtil.ATTR_MANAGEMENT_CONFIGURATION, this);
+
+ FilterHolder restAuthorizationFilter = new FilterHolder(new ForbiddingAuthorisationFilter());
+ restAuthorizationFilter.setInitParameter(ForbiddingAuthorisationFilter.INIT_PARAM_ALLOWED, "/rest/sasl");
+ root.addFilter(restAuthorizationFilter, "/rest/*", EnumSet.of(DispatcherType.REQUEST));
+ root.addFilter(new FilterHolder(new RedirectingAuthorisationFilter()), HttpManagementUtil.ENTRY_POINT_PATH, EnumSet.of(DispatcherType.REQUEST));
+ root.addFilter(new FilterHolder(new RedirectingAuthorisationFilter()), "/index.html", EnumSet.of(DispatcherType.REQUEST));
addRestServlet(root, "broker");
addRestServlet(root, "virtualhost", VirtualHost.class);
@@ -291,7 +299,7 @@ public class HttpManagement extends Abst
root.addServlet(new ServletHolder(new SaslServlet()), "/rest/sasl");
- root.addServlet(new ServletHolder(new DefinedFileServlet("index.html")), ENTRY_POINT_PATH);
+ root.addServlet(new ServletHolder(new DefinedFileServlet("index.html")), HttpManagementUtil.ENTRY_POINT_PATH);
root.addServlet(new ServletHolder(new LogoutServlet()), "/logout");
root.addServlet(new ServletHolder(FileServlet.INSTANCE), "*.js");
Modified: qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java?rev=1469865&r1=1469864&r2=1469865&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java (original)
+++ qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java Fri Apr 19 15:00:08 2013
@@ -21,9 +21,6 @@
package org.apache.qpid.server.management.plugin.servlet.rest;
import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.net.SocketAddress;
-import java.security.AccessControlException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
@@ -34,44 +31,22 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import org.apache.qpid.framing.AMQShortString;
import org.apache.qpid.server.logging.LogActor;
-import org.apache.qpid.server.logging.RootMessageLogger;
import org.apache.qpid.server.logging.actors.CurrentActor;
import org.apache.qpid.server.logging.actors.HttpManagementActor;
-import org.apache.qpid.server.management.plugin.HttpManagement;
-import org.apache.qpid.server.management.plugin.session.LoginLogoutReporter;
+import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
+import org.apache.qpid.server.management.plugin.HttpManagementUtil;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.security.SecurityManager;
-import org.apache.qpid.server.security.SubjectCreator;
-import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
-import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
-import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager;
public abstract class AbstractServlet extends HttpServlet
{
private static final Logger LOGGER = Logger.getLogger(AbstractServlet.class);
- /**
- * Servlet context attribute holding a reference to a broker instance
- */
- public static final String ATTR_BROKER = "Qpid.broker";
-
- /**
- * Servlet context attribute holding a reference to plugin configuration
- */
- public static final String ATTR_MANAGEMENT = "Qpid.management";
-
- private static final String ATTR_LOGIN_LOGOUT_REPORTER = "AbstractServlet.loginLogoutReporter";
- private static final String ATTR_SUBJECT = "AbstractServlet.subject";
- private static final String ATTR_LOG_ACTOR = "AbstractServlet.logActor";
-
private Broker _broker;
- private RootMessageLogger _rootLogger;
- private HttpManagement _httpManagement;
+ private HttpManagementConfiguration _managementConfiguration;
protected AbstractServlet()
{
@@ -83,9 +58,8 @@ public abstract class AbstractServlet ex
{
ServletConfig servletConfig = getServletConfig();
ServletContext servletContext = servletConfig.getServletContext();
- _broker = (Broker)servletContext.getAttribute(ATTR_BROKER);
- _rootLogger = _broker.getRootMessageLogger();
- _httpManagement = (HttpManagement)servletContext.getAttribute(ATTR_MANAGEMENT);
+ _broker = HttpManagementUtil.getBroker(servletContext);
+ _managementConfiguration = HttpManagementUtil.getManagementConfiguration(servletContext);
super.init();
}
@@ -211,18 +185,18 @@ public abstract class AbstractServlet ex
Subject subject;
try
{
- subject = getAndCacheAuthorizedSubject(request);
+ subject = getAuthorisedSubject(request);
}
- catch (AccessControlException e)
+ catch (SecurityException e)
{
- sendError(resp, HttpServletResponse.SC_FORBIDDEN);
+ sendError(resp, HttpServletResponse.SC_UNAUTHORIZED);
return;
}
SecurityManager.setThreadSubject(subject);
try
{
- HttpManagementActor logActor = getLogActorAndCacheInSession(request);
+ HttpManagementActor logActor = HttpManagementUtil.getOrCreateAndCacheLogActor(request, _broker);
CurrentActor.set(logActor);
try
{
@@ -256,187 +230,24 @@ public abstract class AbstractServlet ex
}
}
- /**
- * Gets the logged-in {@link Subject} by trying the following:
- *
- * <ul>
- * <li>Get it from the session</li>
- * <li>Get it from the request</li>
- * <li>Log in using the username and password in the Authorization HTTP header</li>
- * <li>Create a Subject representing the anonymous user.</li>
- * </ul>
- *
- * If an authenticated subject is found it is cached in the http session.
- */
- private Subject getAndCacheAuthorizedSubject(HttpServletRequest request)
+ protected Subject getAuthorisedSubject(HttpServletRequest request)
{
- HttpSession session = request.getSession();
- Subject subject = getAuthorisedSubjectFromSession(session);
-
- if(subject != null)
- {
- return subject;
- }
-
- SubjectCreator subjectCreator = getSubjectCreator(request);
- subject = authenticate(request, subjectCreator);
- if (subject != null)
+ Subject subject = HttpManagementUtil.getAuthorisedSubject(request.getSession());
+ if (subject == null)
{
- authoriseManagement(request, subject);
- setAuthorisedSubjectInSession(subject, request, session);
+ throw new SecurityException("Access to management rest interfaces is denied for un-authorised user");
}
- else
- {
- subject = subjectCreator.createSubjectWithGroups(AnonymousAuthenticationManager.ANONYMOUS_USERNAME);
- }
-
return subject;
}
- protected void authoriseManagement(HttpServletRequest request, Subject subject)
- {
- // TODO: We should eliminate SecurityManager.setThreadSubject in favour of Subject.doAs
- SecurityManager.setThreadSubject(subject); // Required for accessManagement check
- LogActor actor = createHttpManagementActor(request);
- CurrentActor.set(actor);
- try
- {
- try
- {
- Subject.doAs(subject, new PrivilegedExceptionAction<Void>() // Required for proper logging of Subject
- {
- @Override
- public Void run() throws Exception
- {
- boolean allowed = getSecurityManager().accessManagement();
- if (!allowed)
- {
- throw new AccessControlException("User is not authorised for management");
- }
- return null;
- }
- });
- }
- catch (PrivilegedActionException e)
- {
- throw new RuntimeException("Unable to perform access check", e);
- }
- }
- finally
- {
- try
- {
- CurrentActor.remove();
- }
- finally
- {
- SecurityManager.setThreadSubject(null);
- }
- }
- }
-
- private Subject authenticate(HttpServletRequest request, SubjectCreator subjectCreator)
- {
- Subject subject = null;
-
- String remoteUser = request.getRemoteUser();
- if(remoteUser != null)
- {
- subject = authenticateUserAndGetSubject(subjectCreator, remoteUser, null);
- }
- else
- {
- String header = request.getHeader("Authorization");
-
- if (header != null)
- {
- String[] tokens = header.split("\\s");
- if(tokens.length >= 2 && "BASIC".equalsIgnoreCase(tokens[0]))
- {
- if(!isBasicAuthSupported(request))
- {
- //TODO: write a return response indicating failure?
- throw new IllegalArgumentException("BASIC Authorization is not enabled.");
- }
-
- subject = performBasicAuth(subject, subjectCreator, tokens[1]);
- }
- }
- }
-
- return subject;
- }
-
- private Subject performBasicAuth(Subject subject,SubjectCreator subjectCreator, String base64UsernameAndPassword)
- {
- String[] credentials = (new String(Base64.decodeBase64(base64UsernameAndPassword.getBytes()))).split(":",2);
- if(credentials.length == 2)
- {
- subject = authenticateUserAndGetSubject(subjectCreator, credentials[0], credentials[1]);
- }
- else
- {
- //TODO: write a return response indicating failure?
- throw new AccessControlException("Invalid number of credentials supplied: "
- + credentials.length);
- }
- return subject;
- }
-
- private Subject authenticateUserAndGetSubject(SubjectCreator subjectCreator, String username, String password)
- {
- SubjectAuthenticationResult authResult = subjectCreator.authenticate(username, password);
- if( authResult.getStatus() != AuthenticationStatus.SUCCESS)
- {
- //TODO: write a return response indicating failure?
- throw new AccessControlException("Incorrect username or password");
- }
- Subject subject = authResult.getSubject();
- return subject;
- }
-
- private boolean isBasicAuthSupported(HttpServletRequest req)
- {
- return req.isSecure() ? _httpManagement.isHttpsBasicAuthenticationEnabled()
- : _httpManagement.isHttpBasicAuthenticationEnabled();
- }
-
- private HttpManagementActor getLogActorAndCacheInSession(HttpServletRequest req)
- {
- HttpSession session = req.getSession();
-
- HttpManagementActor actor = (HttpManagementActor) session.getAttribute(ATTR_LOG_ACTOR);
- if(actor == null)
- {
- actor = createHttpManagementActor(req);
- session.setAttribute(ATTR_LOG_ACTOR, actor);
- }
-
- return actor;
- }
-
- protected Subject getAuthorisedSubjectFromSession(HttpSession session)
- {
- return (Subject)session.getAttribute(ATTR_SUBJECT);
- }
-
- protected void setAuthorisedSubjectInSession(Subject subject, HttpServletRequest request, final HttpSession session)
- {
- session.setAttribute(ATTR_SUBJECT, subject);
-
- LogActor logActor = createHttpManagementActor(request);
- // Cause the user logon to be logged.
- session.setAttribute(ATTR_LOGIN_LOGOUT_REPORTER, new LoginLogoutReporter(logActor, subject));
- }
-
protected Broker getBroker()
{
return _broker;
}
- protected SocketAddress getSocketAddress(HttpServletRequest request)
+ protected HttpManagementConfiguration getManagementConfiguration()
{
- return InetSocketAddress.createUnresolved(request.getServerName(), request.getServerPort());
+ return _managementConfiguration;
}
protected void sendError(final HttpServletResponse resp, int errorCode)
@@ -450,24 +261,4 @@ public abstract class AbstractServlet ex
throw new RuntimeException("Failed to send error response code " + errorCode, e);
}
}
-
- private HttpManagementActor createHttpManagementActor(HttpServletRequest request)
- {
- return new HttpManagementActor(_rootLogger, request.getRemoteAddr(), request.getRemotePort());
- }
-
- protected HttpManagement getManagement()
- {
- return _httpManagement;
- }
-
- protected SecurityManager getSecurityManager()
- {
- return _broker.getSecurityManager();
- }
-
- protected SubjectCreator getSubjectCreator(HttpServletRequest request)
- {
- return _broker.getSubjectCreator(getSocketAddress(request));
- }
}
Modified: qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/HelperServlet.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/HelperServlet.java?rev=1469865&r1=1469864&r2=1469865&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/HelperServlet.java (original)
+++ qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/HelperServlet.java Fri Apr 19 15:00:08 2013
@@ -33,7 +33,6 @@ import javax.servlet.http.HttpServletRes
import org.apache.qpid.server.management.plugin.servlet.rest.action.ListAuthenticationProviderAttributes;
import org.apache.qpid.server.management.plugin.servlet.rest.action.ListMessageStoreTypes;
-import org.apache.qpid.server.model.Broker;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.map.SerializationConfig;
@@ -96,7 +95,7 @@ public class HelperServlet extends Abstr
}
}
- Object output = action.perform(parameters, (Broker) getServletContext().getAttribute(ATTR_BROKER));
+ Object output = action.perform(parameters, getBroker());
if (output == null)
{
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
Modified: qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/LogoutServlet.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/LogoutServlet.java?rev=1469865&r1=1469864&r2=1469865&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/LogoutServlet.java (original)
+++ qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/LogoutServlet.java Fri Apr 19 15:00:08 2013
@@ -29,13 +29,13 @@ import javax.servlet.http.HttpServletReq
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.apache.qpid.server.management.plugin.HttpManagement;
+import org.apache.qpid.server.management.plugin.HttpManagementUtil;
@SuppressWarnings("serial")
public class LogoutServlet extends HttpServlet
{
public static final String RETURN_URL_INIT_PARAM = "qpid.webui_logout_redirect";
- private String _returnUrl = HttpManagement.ENTRY_POINT_PATH;
+ private String _returnUrl = HttpManagementUtil.ENTRY_POINT_PATH;
@Override
public void init(ServletConfig config) throws ServletException
Modified: qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java?rev=1469865&r1=1469864&r2=1469865&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java (original)
+++ qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java Fri Apr 19 15:00:08 2013
@@ -25,7 +25,10 @@ import org.codehaus.jackson.map.ObjectMa
import org.codehaus.jackson.map.SerializationConfig;
import org.apache.log4j.Logger;
-import org.apache.qpid.server.management.plugin.HttpManagement;
+import org.apache.qpid.server.logging.LogActor;
+import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
+import org.apache.qpid.server.management.plugin.HttpManagementUtil;
+import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
@@ -38,7 +41,6 @@ import javax.servlet.http.HttpServletRes
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;
-import java.security.AccessControlException;
import java.security.Principal;
import java.security.SecureRandom;
import java.util.LinkedHashMap;
@@ -80,7 +82,7 @@ public class SaslServlet extends Abstrac
String[] mechanisms = subjectCreator.getMechanisms().split(" ");
Map<String, Object> outputObject = new LinkedHashMap<String, Object>();
- final Subject subject = getAuthorisedSubjectFromSession(session);
+ final Subject subject = getAuthorisedSubject(request);
if(subject != null)
{
Principal principal = AuthenticatedPrincipal.getAuthenticatedPrincipalFromSubject(subject);
@@ -195,8 +197,8 @@ public class SaslServlet extends Abstrac
private void checkSaslAuthEnabled(HttpServletRequest request)
{
- boolean saslAuthEnabled;
- HttpManagement management = getManagement();
+ boolean saslAuthEnabled = false;
+ HttpManagementConfiguration management = getManagementConfiguration();
if (request.isSecure())
{
saslAuthEnabled = management.isHttpsSaslAuthenticationEnabled();
@@ -205,7 +207,6 @@ public class SaslServlet extends Abstrac
{
saslAuthEnabled = management.isHttpSaslAuthenticationEnabled();
}
-
if (!saslAuthEnabled)
{
throw new RuntimeException("Sasl authentication disabled.");
@@ -227,7 +228,7 @@ public class SaslServlet extends Abstrac
session.removeAttribute(ATTR_ID);
session.removeAttribute(ATTR_SASL_SERVER);
session.removeAttribute(ATTR_EXPIRY);
- response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
@@ -236,17 +237,15 @@ public class SaslServlet extends Abstrac
{
Subject subject = subjectCreator.createSubjectWithGroups(saslServer.getAuthorizationID());
- try
- {
- authoriseManagement(request, subject);
- }
- catch (AccessControlException ace)
+ Broker broker = getBroker();
+ LogActor actor = HttpManagementUtil.getOrCreateAndCacheLogActor(request, broker);
+ if (!HttpManagementUtil.hasAccessToManagement(broker.getSecurityManager(), subject, actor))
{
sendError(response, HttpServletResponse.SC_FORBIDDEN);
return;
}
- setAuthorisedSubjectInSession(subject, request, session);
+ HttpManagementUtil.saveAuthorisedSubject(request.getSession(), subject, actor);
session.removeAttribute(ATTR_ID);
session.removeAttribute(ATTR_SASL_SERVER);
session.removeAttribute(ATTR_EXPIRY);
@@ -274,4 +273,15 @@ public class SaslServlet extends Abstrac
mapper.writeValue(writer, outputObject);
}
}
+
+ private SubjectCreator getSubjectCreator(HttpServletRequest request)
+ {
+ return getBroker().getSubjectCreator(HttpManagementUtil.getSocketAddress(request));
+ }
+
+ @Override
+ protected Subject getAuthorisedSubject(HttpServletRequest request)
+ {
+ return HttpManagementUtil.getAuthorisedSubject(request.getSession());
+ }
}
Modified: qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html?rev=1469865&r1=1469864&r2=1469865&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html (original)
+++ qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html Fri Apr 19 15:00:08 2013
@@ -65,7 +65,7 @@
"qpid/management/treeView",
"qpid/management/controller",
"qpid/common/footer",
- "qpid/authorization/sasl"]);
+ "qpid/authorization/checkUser"]);
</script>
</head>
Modified: qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/sasl.js
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/sasl.js?rev=1469865&r1=1469864&r2=1469865&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/sasl.js (original)
+++ qpid/branches/0.22/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/sasl.js Fri Apr 19 15:00:08 2013
@@ -18,10 +18,7 @@
* under the License.
*
*/
-require(["dijit/form/DropDownButton", "dijit/TooltipDialog", "dijit/form/TextBox",
- "dojo/_base/xhr", "dojox/encoding/base64", "dojox/encoding/digests/_base", "dojox/encoding/digests/MD5"]);
-var button;
-var usernameSpan;
+define(["dojo/_base/xhr", "dojox/encoding/base64", "dojox/encoding/digests/_base", "dojox/encoding/digests/MD5"], function () {
var encodeUTF8 = function encodeUTF8(str) {
var byteArray = [];
@@ -49,8 +46,23 @@ var decodeUTF8 = function decodeUTF8(byt
return decodeURIComponent(str);
};
+var errorHandler = function errorHandler(error)
+{
+ if(error.status == 401)
+ {
+ alert("Authentication Failed");
+ }
+ else if(error.status == 403)
+ {
+ alert("Authorization Failed");
+ }
+ else
+ {
+ alert(error);
+ }
+}
-var saslPlain = function saslPlain(user, password)
+var saslPlain = function saslPlain(user, password, callbackFunction)
{
var responseArray = [ 0 ].concat(encodeUTF8( user )).concat( [ 0 ] ).concat( encodeUTF8( password ) );
var plainResponse = dojox.encoding.base64.encode(responseArray);
@@ -65,25 +77,10 @@ var saslPlain = function saslPlain(user,
},
handleAs: "json",
failOk: true
- }).then(function()
- {
- updateAuthentication();
- },
- function(error)
- {
- if(error.status == 403)
- {
- alert("Authentication Failed");
- }
- else
- {
- alert(error);
- }
- updateAuthentication();
- });
+ }).then(callbackFunction, errorHandler);
};
-var saslCramMD5 = function saslCramMD5(user, password)
+var saslCramMD5 = function saslCramMD5(user, password, saslMechanism, callbackFunction)
{
// Using dojo.xhrGet, as very little information is being sent
@@ -91,7 +88,7 @@ var saslCramMD5 = function saslCramMD5(u
// The URL of the request
url: "rest/sasl",
content: {
- mechanism: "CRAM-MD5"
+ mechanism: saslMechanism
},
handleAs: "json",
failOk: true
@@ -121,22 +118,7 @@ var saslCramMD5 = function saslCramMD5(u
},
handleAs: "json",
failOk: true
- }).then(function()
- {
- updateAuthentication();
- },
- function(error)
- {
- if(error.status == 403)
- {
- alert("Authentication Failed");
- }
- else
- {
- alert(error);
- }
- updateAuthentication();
- });
+ }).then(callbackFunction, errorHandler);
},
function(error)
@@ -163,86 +145,45 @@ var containsMechanism = function contain
return false;
};
-var doAuthenticate = function doAuthenticate()
+var SaslClient = {};
+
+SaslClient.authenticate = function(username, password, callbackFunction)
{
dojo.xhrGet({
- // The URL of the request
url: "rest/sasl",
- handleAs: "json"
+ handleAs: "json",
+ failOk: true
}).then(function(data)
{
- var mechMap = data.mechanisms;
-
- if (containsMechanism(mechMap, "CRAM-MD5"))
- {
- saslCramMD5(dojo.byId("username").value, dojo.byId("pass").value);
- updateAuthentication();
- }
- else if (containsMechanism(mechMap, "PLAIN"))
- {
- saslPlain(dojo.byId("username").value, dojo.byId("pass").value);
- updateAuthentication();
- }
- else
- {
- alert("No supported SASL mechanism offered: " + mechMap);
- }
- }
- );
-
-
+ var mechMap = data.mechanisms;
+ if (containsMechanism(mechMap, "CRAM-MD5"))
+ {
+ saslCramMD5(username, password, "CRAM-MD5", callbackFunction);
+ }
+ else if (containsMechanism(mechMap, "CRAM-MD5-HEX"))
+ {
+ var hashedPassword = dojox.encoding.digests.MD5(password, dojox.encoding.digests.outputTypes.Hex);
+ saslCramMD5(username, hashedPassword, "CRAM-MD5-HEX", callbackFunction);
+ }
+ else if (containsMechanism(mechMap, "PLAIN"))
+ {
+ saslPlain(username, password, callbackFunction);
+ }
+ else
+ {
+ alert("No supported SASL mechanism offered: " + mechMap);
+ }
+ }, errorHandler);
};
-
-var updateAuthentication = function updateAuthentication()
+SaslClient.getUser = function(callbackFunction)
{
dojo.xhrGet({
- // The URL of the request
url: "rest/sasl",
- handleAs: "json"
- }).then(function(data)
- {
- if(data.user)
- {
- dojo.byId("authenticatedUser").innerHTML = data.user;
- dojo.style(button.domNode, {display: 'none'});
- dojo.style(usernameSpan, {display: 'block'});
- }
- else
- {
- dojo.style(button.domNode, {display: 'block'});
- dojo.style(usernameSpan, {display: 'none'});
- }
- }
- );
+ handleAs: "json",
+ failOk: true
+ }).then(callbackFunction, errorHandler);
};
-require(["dijit/form/DropDownButton", "dijit/TooltipDialog", "dijit/form/TextBox", "dojo/_base/xhr", "dojo/dom", "dojo/dom-construct", "dojo/domReady!"],
- function(DropDownButton, TooltipDialog, TextBox, xhr, dom, domConstruct){
- var dialog = new TooltipDialog({
- content:
- '<strong><label for="username" style="display:inline-block;width:100px;">Username:</label></strong>' +
- '<div data-dojo-type="dijit.form.TextBox" id="username"></div><br/>' +
- '<strong><label for="pass" style="display:inline-block;width:100px;">Password:</label></strong>' +
- '<div data-dojo-type="dijit.form.TextBox" type="password" id="pass"></div><br/>' +
- '<button data-dojo-type="dijit.form.Button" data-dojo-props="onClick:doAuthenticate" type="submit">Login</button>'
- });
-
- button = new DropDownButton({
- label: "Login",
- dropDown: dialog
- });
-
- usernameSpan = domConstruct.create("span", { innerHTML: '<strong>User: </strong> <span id="authenticatedUser"></span><a href="logout">[logout]</a>',
- style: { display: "none" }});
-
-
- var loginDiv = dom.byId("login");
- loginDiv.appendChild(usernameSpan);
- loginDiv.appendChild(button.domNode);
-
-
-
-
- updateAuthentication();
-});
\ No newline at end of file
+return SaslClient;
+});
Propchange: qpid/branches/0.22/qpid/java/broker/bin/
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/broker/bin:r1465590
Modified: qpid/branches/0.22/qpid/java/broker/etc/md5passwd
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/broker/etc/md5passwd?rev=1469865&r1=1469864&r2=1469865&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/broker/etc/md5passwd (original)
+++ qpid/branches/0.22/qpid/java/broker/etc/md5passwd Fri Apr 19 15:00:08 2013
@@ -20,3 +20,4 @@ guest:CE4DQ6BIb/BVMN9scFyLtA==
client:CE4DQ6BIb/BVMN9scFyLtA==
server:CE4DQ6BIb/BVMN9scFyLtA==
admin:ISMvKXpXpadDiUoOSoAfww==
+webadmin:rda7WOE5vhAzJNBNgtj1RQ==
Propchange: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/message/MessageMetaData_1_0.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/message/MessageMetaData_1_0.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0_SASL.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0_SASL.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/v1_0/
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/v1_0:r1465590
Propchange: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/queue/
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/queue:r1465590
Modified: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SubjectCreator.java?rev=1469865&r1=1469864&r2=1469865&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SubjectCreator.java (original)
+++ qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/SubjectCreator.java Fri Apr 19 15:00:08 2013
@@ -35,6 +35,7 @@ import org.apache.qpid.server.security.a
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
+import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager;
import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
/**
@@ -153,4 +154,9 @@ public class SubjectCreator
return Collections.unmodifiableSet(principals);
}
+
+ public boolean isAnonymousAuthenticationAllowed()
+ {
+ return _authenticationManager instanceof AnonymousAuthenticationManager;
+ }
}
Propchange: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost:r1465590
Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/LoggingManagement.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/LoggingManagement.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedBroker.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedBroker.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedConnection.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedConnection.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedExchange.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedExchange.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedQueue.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedQueue.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/UserManagement.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/UserManagement.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanAttribute.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanAttribute.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanConstructor.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanConstructor.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanDescription.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanDescription.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanOperation.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanOperation.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanOperationParameter.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanOperationParameter.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/server/SupportedProtocolVersionsTest.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/SupportedProtocolVersionsTest.java:r1465590
Modified: qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BasicAuthRestTest.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BasicAuthRestTest.java?rev=1469865&r1=1469864&r2=1469865&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BasicAuthRestTest.java (original)
+++ qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/BasicAuthRestTest.java Fri Apr 19 15:00:08 2013
@@ -68,7 +68,7 @@ public class BasicAuthRestTest extends Q
assertEquals(responseCode, conn.getResponseCode());
}
- public void testDefaultEnabledWithHttps() throws Exception
+ public void testBasicAuthWhenEnabledWithHttps() throws Exception
{
configure(true);
super.setUp();
@@ -81,15 +81,16 @@ public class BasicAuthRestTest extends Q
verifyGetBrokerAttempt(HttpServletResponse.SC_OK);
}
- public void testDefaultDisabledWithHttp() throws Exception
+ public void testBasicAuthWhenDisabledWithHttp() throws Exception
{
configure(false);
+ getBrokerConfiguration().setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT, "httpBasicAuthenticationEnabled", false);
super.setUp();
// Try the attempt with authentication, it should fail because
// BASIC auth is disabled by default on non-secure connections.
getRestTestHelper().setUsernameAndPassword(USERNAME, USERNAME);
- verifyGetBrokerAttempt(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ verifyGetBrokerAttempt(HttpServletResponse.SC_UNAUTHORIZED);
}
public void testEnablingForHttp() throws Exception
@@ -116,6 +117,6 @@ public class BasicAuthRestTest extends Q
// Try the attempt with authentication, it should fail because
// BASIC auth is now disabled on secure connections.
getRestTestHelper().setUsernameAndPassword(USERNAME, USERNAME);
- verifyGetBrokerAttempt(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ verifyGetBrokerAttempt(HttpServletResponse.SC_UNAUTHORIZED);
}
}
Modified: qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/QpidRestTestCase.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/QpidRestTestCase.java?rev=1469865&r1=1469864&r2=1469865&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/QpidRestTestCase.java (original)
+++ qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/QpidRestTestCase.java Fri Apr 19 15:00:08 2013
@@ -27,9 +27,7 @@ import java.util.Map;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Port;
-import org.apache.qpid.server.plugin.AuthenticationManagerFactory;
import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory;
-import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManagerFactory;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
import org.apache.qpid.test.utils.QpidBrokerTestCase;
@@ -49,6 +47,9 @@ public class QpidRestTestCase extends Qp
@Override
public void setUp() throws Exception
{
+ // use webadmin account to perform tests
+ getRestTestHelper().setUsernameAndPassword("webadmin", "webadmin");
+
// Set up virtualhost config with queues and bindings to the amq.direct
for (String virtualhost : EXPECTED_VIRTUALHOSTS)
{
@@ -89,6 +90,11 @@ public class QpidRestTestCase extends Qp
anonymousProviderAttributes.put(AuthenticationProvider.TYPE, AnonymousAuthenticationManagerFactory.PROVIDER_TYPE);
anonymousProviderAttributes.put(AuthenticationProvider.NAME, ANONYMOUS_AUTHENTICATION_PROVIDER);
config.addAuthenticationProviderConfiguration(anonymousProviderAttributes);
+
+ // set password authentication provider on http port for the tests
+ config.setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT, Port.AUTHENTICATION_PROVIDER,
+ TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER);
+ config.setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT, "httpBasicAuthenticationEnabled", true);
}
public RestTestHelper getRestTestHelper()
Modified: qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java?rev=1469865&r1=1469864&r2=1469865&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java (original)
+++ qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java Fri Apr 19 15:00:08 2013
@@ -131,7 +131,7 @@ public class SaslRestTest extends QpidRe
os.flush();
int code = connection.getResponseCode();
- assertEquals("Unexpected response code", 403, code);
+ assertEquals("Unexpected response code", 401, code);
List<String> cookies = connection.getHeaderFields().get("Set-Cookie");
@@ -156,7 +156,7 @@ public class SaslRestTest extends QpidRe
os.flush();
int code = connection.getResponseCode();
- assertEquals("Unexpected response code", 403, code);
+ assertEquals("Unexpected response code", 401, code);
List<String> cookies = connection.getHeaderFields().get("Set-Cookie");
@@ -196,7 +196,7 @@ public class SaslRestTest extends QpidRe
// authenticate user with correct credentials
int code = authenticateUser(connection, "admin", "incorrect", "CRAM-MD5");
- assertEquals("Unexpected response code", 403, code);
+ assertEquals("Unexpected response code", 401, code);
// request authenticated user details
connection = getRestTestHelper().openManagementConnection("/rest/sasl", "GET");
@@ -215,7 +215,7 @@ public class SaslRestTest extends QpidRe
// authenticate user with correct credentials
int code = authenticateUser(connection, "nonexisting", "admin", "CRAM-MD5");
- assertEquals("Unexpected response code", 403, code);
+ assertEquals("Unexpected response code", 401, code);
// request authenticated user details
connection = getRestTestHelper().openManagementConnection("/rest/sasl", "GET");
@@ -254,7 +254,7 @@ public class SaslRestTest extends QpidRe
// try to authenticate user with incorrect passowrd
int code = authenticateUser(connection, "admin", "incorrect", "CRAM-MD5-HEX");
- assertEquals("Unexpected response code", 403, code);
+ assertEquals("Unexpected response code", 401, code);
// request authenticated user details
connection = getRestTestHelper().openManagementConnection("/rest/sasl", "GET");
@@ -273,7 +273,7 @@ public class SaslRestTest extends QpidRe
// try to authenticate non-existing user
int code = authenticateUser(connection, "nonexisting", "admin", "CRAM-MD5-HEX");
- assertEquals("Unexpected response code", 403, code);
+ assertEquals("Unexpected response code", 401, code);
// request authenticated user details
connection = getRestTestHelper().openManagementConnection("/rest/sasl", "GET");
Modified: qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/UserRestTest.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/UserRestTest.java?rev=1469865&r1=1469864&r2=1469865&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/UserRestTest.java (original)
+++ qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/UserRestTest.java Fri Apr 19 15:00:08 2013
@@ -34,6 +34,7 @@ public class UserRestTest extends QpidRe
getRestTestHelper().configureTemporaryPasswordFile(this, "user1", "user2");
super.setUp(); // do this last because it starts the broker, using the modified config
+ getRestTestHelper().setUsernameAndPassword("user1", "user1");
}
public void testGet() throws Exception
Propchange: qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/CPPExcludes
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/CPPExcludes:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/Excludes
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/Excludes:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/JavaBDBExcludes
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/JavaBDBExcludes:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/JavaExcludes
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/JavaExcludes:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/JavaPre010Excludes
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/JavaPre010Excludes:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/JavaTransientExcludes
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/JavaTransientExcludes:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/XAExcludes
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/XAExcludes:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/cpp.async.testprofile
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/cpp.async.testprofile:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/cpp.cluster.testprofile
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/cpp.cluster.testprofile:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/cpp.noprefetch.testprofile
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/cpp.noprefetch.testprofile:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/cpp.ssl.excludes
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/cpp.ssl.excludes:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/cpp.ssl.testprofile
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/cpp.ssl.testprofile:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/cpp.testprofile
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/cpp.testprofile:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/java-bdb-spawn.0-9-1.testprofile
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/java-bdb-spawn.0-9-1.testprofile:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/java-bdb.0-9-1.testprofile
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/java-bdb.0-9-1.testprofile:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/java-dby.0-9-1.testprofile
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/java-dby.0-9-1.testprofile:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/java-mms-spawn.0-10.testprofile
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/java-mms-spawn.0-10.testprofile:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/java-mms.0-9-1.testprofile
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/java-mms.0-9-1.testprofile:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/log4j-test.xml
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/log4j-test.xml:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/test-provider.properties
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/test-provider.properties:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/test_resources/
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/test_resources:r1465590
Propchange: qpid/branches/0.22/qpid/java/test-profiles/testprofile.defaults
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/java/test-profiles/testprofile.defaults:r1465590
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org