You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ch...@apache.org on 2012/08/27 16:43:40 UTC
svn commit: r1377699 - in
/activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp:
StompProtocolHandler.scala StompUdpProtocol.scala
Author: chirino
Date: Mon Aug 27 14:43:39 2012
New Revision: 1377699
URL: http://svn.apache.org/viewvc?rev=1377699&view=rev
Log:
Fixes APLO-250 : add_user_header should prevent forging
When the add_user_header is enabled, we always update the header.
Modified:
activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompUdpProtocol.scala
Modified: activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala?rev=1377699&r1=1377698&r2=1377699&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala Mon Aug 27 14:43:39 2012
@@ -32,12 +32,13 @@ import org.apache.activemq.apollo.broker
import org.apache.activemq.apollo.util._
import java.util.concurrent.TimeUnit
import java.util.Map.Entry
-import java.security.cert.X509Certificate
import collection.mutable.{ListBuffer, HashMap}
import java.io.IOException
import org.apache.activemq.apollo.dto._
-import org.fusesource.hawtdispatch.transport.{SecuredSession, HeartBeatMonitor, SslTransport}
+import org.fusesource.hawtdispatch.transport.HeartBeatMonitor
import path.{LiteralPart, Path, PathParser}
+import scala.Some
+import org.apache.activemq.apollo.broker.SubscriptionAddress
case class RichBuffer(self:Buffer) extends Proxy {
@@ -1183,21 +1184,25 @@ class StompProtocolHandler extends Proto
if( host.authenticator!=null ) {
if( config.add_user_header!=null ) {
host.authenticator.user_name(security_context).foreach{ name=>
- rc ::= (encode_header(config.add_user_header), encode_header(name))
+ val value = host.authenticator.user_name(security_context).getOrElse("")
+ rc ::= (encode_header(config.add_user_header), encode_header(value))
}
}
if( !config.add_user_headers.isEmpty ){
import collection.JavaConversions._
config.add_user_headers.foreach { h =>
val matches = security_context.principals(Option(h.kind).getOrElse("*"))
- if( !matches.isEmpty ) {
+ val value = if( !matches.isEmpty ) {
h.separator match {
case null=>
- rc ::= (encode_header(h.name.trim), encode_header(matches.head.getName))
+ matches.head.getName
case separator =>
- rc ::= (encode_header(h.name.trim), encode_header(matches.map(_.getName).mkString(separator)))
+ matches.map(_.getName).mkString(separator)
}
+ } else {
+ ""
}
+ rc ::= (encode_header(h.name.trim), encode_header(value))
}
}
}
Modified: activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompUdpProtocol.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompUdpProtocol.scala?rev=1377699&r1=1377698&r2=1377699&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompUdpProtocol.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompUdpProtocol.scala Mon Aug 27 14:43:39 2012
@@ -198,21 +198,23 @@ class StompUdpProtocol extends UdpProtoc
// Do we need to add the user id?
if( host.authenticator!=null ) {
if( config.add_user_header!=null ) {
- host.authenticator.user_name(security_context).foreach{ name=>
- rc ::= (encode_header(config.add_user_header), encode_header(name))
- }
+ val value = host.authenticator.user_name(security_context).getOrElse("")
+ rc ::= (encode_header(config.add_user_header), encode_header(value))
}
if( !config.add_user_headers.isEmpty ){
config.add_user_headers.foreach { h =>
val matches = security_context.principals(Option(h.kind).getOrElse("*"))
- if( !matches.isEmpty ) {
+ val value = if( !matches.isEmpty ) {
h.separator match {
case null=>
- rc ::= (encode_header(h.name.trim), encode_header(matches.head.getName))
+ matches.head.getName
case separator =>
- rc ::= (encode_header(h.name.trim), encode_header(matches.map(_.getName).mkString(separator)))
+ matches.map(_.getName).mkString(separator)
}
+ } else {
+ ""
}
+ rc ::= (encode_header(h.name.trim), encode_header(value))
}
}
}