You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2016/02/01 16:40:35 UTC
svn commit: r1727958 - in /qpid/java/branches/6.0.x: ./
broker-core/src/main/java/org/apache/qpid/server/model/
broker-core/src/main/java/org/apache/qpid/server/security/
broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/
broker-co...
Author: kwall
Date: Mon Feb 1 15:40:35 2016
New Revision: 1727958
URL: http://svn.apache.org/viewvc?rev=1727958&view=rev
Log:
QPID-6965: Make preemptive HTTP authentication pluggable
Merged from trunk with commands:
svn merge -c 1722416 ^/qpid/java/trunk
svn merge -c 1727951 ^/qpid/java/trunk
Added:
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/UsernamePasswordAuthenticationProvider.java
- copied unchanged from r1722416, qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/UsernamePasswordAuthenticationProvider.java
qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestPreemptiveAuthenticator.java
- copied unchanged from r1722416, qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestPreemptiveAuthenticator.java
qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/
- copied from r1722416, qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/
Removed:
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/AuthorizationHolder.java
Modified:
qpid/java/branches/6.0.x/ (props changed)
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainAdapterSaslServer.java
qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java
qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java
qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java
qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SSLClientCertPreemptiveAuthenticator.java
Propchange: qpid/java/branches/6.0.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Feb 1 15:40:35 2016
@@ -9,5 +9,5 @@
/qpid/branches/java-broker-vhost-refactor/java:1493674-1494547
/qpid/branches/java-network-refactor/qpid/java:805429-821809
/qpid/branches/qpid-2935/qpid/java:1061302-1072333
-/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727555,1727608
+/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722416,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727555,1727608,1727951
/qpid/trunk/qpid:796646-796653
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java Mon Feb 1 15:40:35 2016
@@ -96,14 +96,4 @@ public interface AuthenticationProvider<
*/
AuthenticationResult authenticate(SaslServer server, byte[] response);
- /**
- * Authenticates a user using their username and password.
- *
- * @param username username
- * @param password password
- *
- * @return authentication result
- */
- AuthenticationResult authenticate(String username, String password);
-
}
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java Mon Feb 1 15:40:35 2016
@@ -25,8 +25,11 @@ import java.util.Map;
import javax.security.auth.login.AccountNotFoundException;
+import org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider;
+
@ManagedAnnotation
-public interface PasswordCredentialManagingAuthenticationProvider<X extends PasswordCredentialManagingAuthenticationProvider<X>> extends AuthenticationProvider<X>, ManagedInterface
+public interface PasswordCredentialManagingAuthenticationProvider<X extends PasswordCredentialManagingAuthenticationProvider<X>>
+ extends AuthenticationProvider<X>, UsernamePasswordAuthenticationProvider<X>, ManagedInterface
{
boolean createUser(String username, String password, Map<String, String> attributes);
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java Mon Feb 1 15:40:35 2016
@@ -64,7 +64,12 @@ public class SubjectCreator
_secure = secure;
}
- /**
+ public AuthenticationProvider<?> getAuthenticationProvider()
+ {
+ return _authenticationProvider;
+ }
+
+ /**
* Gets the known SASL mechanisms
*
* @return SASL mechanism names, space separated.
@@ -120,17 +125,7 @@ public class SubjectCreator
}
}
- /**
- * Authenticates a user using their username and password.
- */
- public SubjectAuthenticationResult authenticate(String username, String password)
- {
- final AuthenticationResult authenticationResult = _authenticationProvider.authenticate(username, password);
-
- return createResultWithGroups(username, authenticationResult);
- }
-
- private SubjectAuthenticationResult createResultWithGroups(String username, final AuthenticationResult authenticationResult)
+ public SubjectAuthenticationResult createResultWithGroups(String username, final AuthenticationResult authenticationResult)
{
if(authenticationResult.getStatus() == AuthenticationStatus.SUCCESS)
{
@@ -149,6 +144,8 @@ public class SubjectCreator
}
}
+
+
public Subject createSubjectWithGroups(Principal principal)
{
Subject authenticationSubject = new Subject();
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java Mon Feb 1 15:40:35 2016
@@ -52,7 +52,7 @@ public class AnonymousAuthenticationMana
ANONYMOUS_SUBJECT.getPrincipals().add(ANONYMOUS_PRINCIPAL);
}
- private static final AuthenticationResult ANONYMOUS_AUTHENTICATION = new AuthenticationResult(ANONYMOUS_PRINCIPAL);
+ public static final AuthenticationResult ANONYMOUS_AUTHENTICATION = new AuthenticationResult(ANONYMOUS_PRINCIPAL);
@ManagedObjectFactoryConstructor
protected AnonymousAuthenticationManager(final Map<String, Object> attributes, final Broker broker)
@@ -102,11 +102,4 @@ public class AnonymousAuthenticationMana
}
}
- @Override
- public AuthenticationResult authenticate(String username, String password)
- {
- return ANONYMOUS_AUTHENTICATION;
- }
-
-
}
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java Mon Feb 1 15:40:35 2016
@@ -98,10 +98,4 @@ public class ExternalAuthenticationManag
}
- @Override
- public AuthenticationResult authenticate(String username, String password)
- {
- return new AuthenticationResult(new UsernamePrincipal(username));
- }
-
}
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java Mon Feb 1 15:40:35 2016
@@ -96,12 +96,6 @@ public class KerberosAuthenticationManag
}
}
- @Override
- public AuthenticationResult authenticate(String username, String password)
- {
- return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
- }
-
private static class GssApiCallbackHandler implements CallbackHandler
{
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java Mon Feb 1 15:40:35 2016
@@ -79,11 +79,8 @@ public class PlainAuthenticationProvider
}
};
-
-
_scramSha1Adapter = new ScramSaslServerSourceAdapter(4096, "HmacSHA1", "SHA-1", passwordSource);
_scramSha256Adapter = new ScramSaslServerSourceAdapter(4096, "HmacSHA256", "SHA-256", passwordSource);
-
}
@Override
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java Mon Feb 1 15:40:35 2016
@@ -51,7 +51,9 @@ import org.apache.qpid.server.security.a
import org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSourceAdapter;
@ManagedObject( category = false, type = "Simple", register = false )
-public class SimpleAuthenticationManager extends AbstractAuthenticationManager<SimpleAuthenticationManager> implements PreferencesSupportingAuthenticationProvider
+public class SimpleAuthenticationManager extends AbstractAuthenticationManager<SimpleAuthenticationManager>
+ implements UsernamePasswordAuthenticationProvider<SimpleAuthenticationManager>,
+ PreferencesSupportingAuthenticationProvider
{
private static final Logger _logger = LoggerFactory.getLogger(SimpleAuthenticationManager.class);
@@ -67,6 +69,7 @@ public class SimpleAuthenticationManager
public SimpleAuthenticationManager(final Map<String, Object> attributes, final Broker broker)
{
super(attributes, broker);
+
ScramSaslServerSourceAdapter.PasswordSource passwordSource =
new ScramSaslServerSourceAdapter.PasswordSource()
{
@@ -80,7 +83,6 @@ public class SimpleAuthenticationManager
_scramSha1Adapter = new ScramSaslServerSourceAdapter(4096, "HmacSHA1", "SHA-1", passwordSource);
_scramSha256Adapter = new ScramSaslServerSourceAdapter(4096, "HmacSHA256", "SHA-256", passwordSource);
-
}
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java Mon Feb 1 15:40:35 2016
@@ -28,7 +28,10 @@ import org.apache.qpid.server.model.Pref
import org.apache.qpid.server.model.TrustStore;
@ManagedObject( category = false, type = "SimpleLDAP" )
-public interface SimpleLDAPAuthenticationManager<X extends SimpleLDAPAuthenticationManager<X>> extends AuthenticationProvider<X>, PreferencesSupportingAuthenticationProvider
+public interface SimpleLDAPAuthenticationManager<X extends SimpleLDAPAuthenticationManager<X>>
+ extends AuthenticationProvider<X>,
+ UsernamePasswordAuthenticationProvider<X>,
+ PreferencesSupportingAuthenticationProvider
{
String PROVIDER_TYPE = "SimpleLDAP";
String PROVIDER_URL = "providerUrl";
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainAdapterSaslServer.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainAdapterSaslServer.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainAdapterSaslServer.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainAdapterSaslServer.java Mon Feb 1 15:40:35 2016
@@ -28,6 +28,7 @@ import javax.security.sasl.SaslServer;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider;
public class PlainAdapterSaslServer implements SaslServer
{
@@ -50,7 +51,7 @@ public class PlainAdapterSaslServer impl
_passwordValidator = passwordValidator;
}
- public PlainAdapterSaslServer(final AuthenticationProvider authProvider)
+ public PlainAdapterSaslServer(final UsernamePasswordAuthenticationProvider<?> authProvider)
{
this(new PasswordValidator()
{
Modified: qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java Mon Feb 1 15:40:35 2016
@@ -66,24 +66,6 @@ public class SubjectCreatorTest extends
_subjectCreator = new SubjectCreator(_authenticationProvider, new HashSet<GroupProvider<?>>(Arrays.asList(_groupManager1, _groupManager2)),
false);
_authenticationResult = new AuthenticationResult(_userPrincipal);
- when(_authenticationProvider.authenticate(USERNAME, PASSWORD)).thenReturn(_authenticationResult);
- }
-
- public void testAuthenticateUsernameAndPasswordReturnsSubjectWithUserAndGroupPrincipals()
- {
- final SubjectAuthenticationResult actualResult = _subjectCreator.authenticate(USERNAME, PASSWORD);
-
- assertEquals(AuthenticationStatus.SUCCESS, actualResult.getStatus());
-
- final Subject actualSubject = actualResult.getSubject();
-
- assertEquals("Should contain one user principal and two groups ", 3, actualSubject.getPrincipals().size());
-
- assertTrue(actualSubject.getPrincipals().contains(new AuthenticatedPrincipal(_userPrincipal)));
- assertTrue(actualSubject.getPrincipals().contains(_group1));
- assertTrue(actualSubject.getPrincipals().contains(_group2));
-
- assertTrue(actualSubject.isReadOnly());
}
public void testSaslAuthenticationSuccessReturnsSubjectWithUserAndGroupPrincipals() throws Exception
@@ -104,24 +86,6 @@ public class SubjectCreatorTest extends
assertTrue(actualSubject.isReadOnly());
}
- public void testAuthenticateUnsuccessfulWithUsernameReturnsNullSubjectAndCorrectStatus()
- {
- testUnsuccessfulAuthentication(AuthenticationResult.AuthenticationStatus.CONTINUE);
- testUnsuccessfulAuthentication(AuthenticationResult.AuthenticationStatus.ERROR);
- }
-
- private void testUnsuccessfulAuthentication(AuthenticationStatus expectedStatus)
- {
- AuthenticationResult failedAuthenticationResult = new AuthenticationResult(expectedStatus);
-
- when(_authenticationProvider.authenticate(USERNAME, PASSWORD)).thenReturn(failedAuthenticationResult);
-
- SubjectAuthenticationResult subjectAuthenticationResult = _subjectCreator.authenticate(USERNAME, PASSWORD);
-
- assertSame(expectedStatus, subjectAuthenticationResult.getStatus());
- assertNull(subjectAuthenticationResult.getSubject());
- }
-
public void testAuthenticateUnsuccessfulWithSaslServerReturnsNullSubjectAndCorrectStatus()
{
testUnsuccessfulAuthenticationWithSaslServer(AuthenticationResult.AuthenticationStatus.CONTINUE);
Modified: qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java Mon Feb 1 15:40:35 2016
@@ -42,7 +42,7 @@ public class SimpleAuthenticationManager
{
private static final String TEST_USER = "testUser";
private static final String TEST_PASSWORD = "testPassword";
- private AuthenticationProvider _authenticationManager;
+ private SimpleAuthenticationManager _authenticationManager;
public void setUp() throws Exception
{
Modified: qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java (original)
+++ qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java Mon Feb 1 15:40:35 2016
@@ -53,7 +53,6 @@ import org.apache.qpid.server.model.Brok
import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.model.port.AmqpPort;
import org.apache.qpid.server.protocol.AMQSessionModel;
-import org.apache.qpid.server.security.AuthorizationHolder;
import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
import org.apache.qpid.server.util.Action;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
@@ -69,7 +68,7 @@ import org.apache.qpid.transport.Option;
import org.apache.qpid.transport.ProtocolEvent;
import org.apache.qpid.transport.Session;
-public class ServerConnection extends Connection implements AuthorizationHolder
+public class ServerConnection extends Connection
{
private static final Logger LOGGER = LoggerFactory.getLogger(ServerConnection.class);
public static final long CLOSE_OK_TIMEOUT = 10000l;
Modified: qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java (original)
+++ qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java Mon Feb 1 15:40:35 2016
@@ -116,8 +116,7 @@ import org.apache.qpid.transport.Xid;
import org.apache.qpid.transport.network.Ticker;
public class ServerSession extends Session
- implements AuthorizationHolder,
- AMQSessionModel<ServerSession>, LogSubject, AsyncAutoCommitTransaction.FutureRecorder,
+ implements AMQSessionModel<ServerSession>, LogSubject, AsyncAutoCommitTransaction.FutureRecorder,
Deletable<ServerSession>
{
Modified: qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java (original)
+++ qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java Mon Feb 1 15:40:35 2016
@@ -26,7 +26,10 @@ import java.nio.charset.StandardCharsets
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
import java.util.Collections;
+import java.util.List;
import java.util.zip.GZIPOutputStream;
import javax.security.auth.Subject;
@@ -41,14 +44,17 @@ import org.apache.qpid.server.management
import org.apache.qpid.server.management.plugin.session.LoginLogoutReporter;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.plugin.QpidServiceLoader;
import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
+import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager;
import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager;
+import org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
public class HttpManagementUtil
@@ -77,6 +83,17 @@ public class HttpManagementUtil
private static final String CONTENT_ENCODING_HEADER = "Content-Encoding";
private static final String GZIP_CONTENT_ENCODING = "gzip";
+ private static final Collection<HttpRequestPreemptiveAuthenticator> AUTHENTICATORS;
+ static
+ {
+ List<HttpRequestPreemptiveAuthenticator> authenticators = new ArrayList<>();
+ for(HttpRequestPreemptiveAuthenticator authenticator : (new QpidServiceLoader()).instancesOf(HttpRequestPreemptiveAuthenticator.class))
+ {
+ authenticators.add(authenticator);
+ }
+ AUTHENTICATORS = Collections.unmodifiableList(authenticators);
+ }
+
public static Broker<?> getBroker(ServletContext servletContext)
{
return (Broker<?>) servletContext.getAttribute(ATTR_BROKER);
@@ -146,80 +163,17 @@ public class HttpManagementUtil
public static Subject tryToAuthenticate(HttpServletRequest request, HttpManagementConfiguration managementConfig)
{
Subject subject = null;
- final AuthenticationProvider authenticationProvider = managementConfig.getAuthenticationProvider(request);
- SubjectCreator subjectCreator = authenticationProvider.getSubjectCreator(request.isSecure());
- String remoteUser = request.getRemoteUser();
-
- if (remoteUser != null || authenticationProvider instanceof AnonymousAuthenticationManager)
+ for(HttpRequestPreemptiveAuthenticator authenticator : AUTHENTICATORS)
{
- subject = authenticateUser(subjectCreator, remoteUser, null);
- }
- else if(authenticationProvider instanceof ExternalAuthenticationManager
- && Collections.list(request.getAttributeNames()).contains("javax.servlet.request.X509Certificate"))
- {
- Principal principal = null;
- X509Certificate[] certificates =
- (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
- if(certificates != null && certificates.length != 0)
+ subject = authenticator.attemptAuthentication(request, managementConfig);
+ if(subject != null)
{
- principal = certificates[0].getSubjectX500Principal();
-
- if(!Boolean.valueOf(String.valueOf(authenticationProvider.getAttribute(ExternalAuthenticationManager.ATTRIBUTE_USE_FULL_DN))))
- {
- String username;
- String dn = ((X500Principal) principal).getName(X500Principal.RFC2253);
-
-
- username = SSLUtil.getIdFromSubjectDN(dn);
- principal = new UsernamePrincipal(username);
- }
-
- subject = subjectCreator.createSubjectWithGroups(new AuthenticatedPrincipal(principal));
- }
- }
- else
- {
- String header = request.getHeader("Authorization");
- if (header != null)
- {
- String[] tokens = header.split("\\s");
- if (tokens.length >= 2 && "BASIC".equalsIgnoreCase(tokens[0]))
- {
- boolean isBasicAuthSupported = false;
- if (request.isSecure())
- {
- isBasicAuthSupported = managementConfig.isHttpsBasicAuthenticationEnabled();
- }
- else
- {
- isBasicAuthSupported = managementConfig.isHttpBasicAuthenticationEnabled();
- }
- if (isBasicAuthSupported)
- {
- String base64UsernameAndPassword = tokens[1];
- String[] credentials = (new String(DatatypeConverter.parseBase64Binary(base64UsernameAndPassword),
- StandardCharsets.UTF_8)).split(":", 2);
- if (credentials.length == 2)
- {
- subject = authenticateUser(subjectCreator, credentials[0], credentials[1]);
- }
- }
- }
+ break;
}
}
return subject;
}
- private static Subject authenticateUser(SubjectCreator subjectCreator, String username, String password)
- {
- SubjectAuthenticationResult authResult = subjectCreator.authenticate(username, password);
- if (authResult.getStatus() == AuthenticationStatus.SUCCESS)
- {
- return authResult.getSubject();
- }
- return null;
- }
-
public static OutputStream getOutputStream(final HttpServletRequest request, final HttpServletResponse response)
throws IOException
{
Modified: qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SSLClientCertPreemptiveAuthenticator.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SSLClientCertPreemptiveAuthenticator.java?rev=1727958&r1=1722416&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SSLClientCertPreemptiveAuthenticator.java (original)
+++ qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SSLClientCertPreemptiveAuthenticator.java Mon Feb 1 15:40:35 2016
@@ -56,12 +56,10 @@ public class SSLClientCertPreemptiveAuth
&& Collections.list(request.getAttributeNames()).contains(CERTIFICATE_ATTRIBUTE_NAME))
{
ExternalAuthenticationManager<?> externalAuthManager = (ExternalAuthenticationManager<?>)authenticationProvider;
- Principal principal = null;
- X509Certificate[] certificates =
- (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
+ X509Certificate[] certificates = (X509Certificate[]) request.getAttribute(CERTIFICATE_ATTRIBUTE_NAME);
if(certificates != null && certificates.length != 0)
{
- principal = certificates[0].getSubjectX500Principal();
+ Principal principal = certificates[0].getSubjectX500Principal();
if(!externalAuthManager.getUseFullDN())
{
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org