You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ch...@apache.org on 2012/08/27 16:43:40 UTC

svn commit: r1377699 - in /activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp: StompProtocolHandler.scala StompUdpProtocol.scala

Author: chirino
Date: Mon Aug 27 14:43:39 2012
New Revision: 1377699

URL: http://svn.apache.org/viewvc?rev=1377699&view=rev
Log:
Fixes APLO-250 : add_user_header should prevent forging

When the add_user_header is enabled, we always update the header.

Modified:
    activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
    activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompUdpProtocol.scala

Modified: activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala?rev=1377699&r1=1377698&r2=1377699&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala Mon Aug 27 14:43:39 2012
@@ -32,12 +32,13 @@ import org.apache.activemq.apollo.broker
 import org.apache.activemq.apollo.util._
 import java.util.concurrent.TimeUnit
 import java.util.Map.Entry
-import java.security.cert.X509Certificate
 import collection.mutable.{ListBuffer, HashMap}
 import java.io.IOException
 import org.apache.activemq.apollo.dto._
-import org.fusesource.hawtdispatch.transport.{SecuredSession, HeartBeatMonitor, SslTransport}
+import org.fusesource.hawtdispatch.transport.HeartBeatMonitor
 import path.{LiteralPart, Path, PathParser}
+import scala.Some
+import org.apache.activemq.apollo.broker.SubscriptionAddress
 
 
 case class RichBuffer(self:Buffer) extends Proxy {
@@ -1183,21 +1184,25 @@ class StompProtocolHandler extends Proto
     if( host.authenticator!=null ) {
       if( config.add_user_header!=null ) {
         host.authenticator.user_name(security_context).foreach{ name=>
-          rc ::= (encode_header(config.add_user_header), encode_header(name))
+          val value = host.authenticator.user_name(security_context).getOrElse("")
+          rc ::= (encode_header(config.add_user_header), encode_header(value))
         }
       }
       if( !config.add_user_headers.isEmpty ){
         import collection.JavaConversions._
         config.add_user_headers.foreach { h =>
           val matches = security_context.principals(Option(h.kind).getOrElse("*"))
-          if( !matches.isEmpty ) {
+          val value = if( !matches.isEmpty ) {
             h.separator match {
               case null=>
-                rc ::= (encode_header(h.name.trim), encode_header(matches.head.getName))
+                matches.head.getName
               case separator =>
-                rc ::= (encode_header(h.name.trim), encode_header(matches.map(_.getName).mkString(separator)))
+                matches.map(_.getName).mkString(separator)
             }
+          } else {
+            ""
           }
+          rc ::= (encode_header(h.name.trim), encode_header(value))
         }
       }
     }

Modified: activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompUdpProtocol.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompUdpProtocol.scala?rev=1377699&r1=1377698&r2=1377699&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompUdpProtocol.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompUdpProtocol.scala Mon Aug 27 14:43:39 2012
@@ -198,21 +198,23 @@ class StompUdpProtocol extends UdpProtoc
       // Do we need to add the user id?
       if( host.authenticator!=null ) {
         if( config.add_user_header!=null ) {
-          host.authenticator.user_name(security_context).foreach{ name=>
-            rc ::= (encode_header(config.add_user_header), encode_header(name))
-          }
+          val value = host.authenticator.user_name(security_context).getOrElse("")
+          rc ::= (encode_header(config.add_user_header), encode_header(value))
         }
         if( !config.add_user_headers.isEmpty ){
           config.add_user_headers.foreach { h =>
             val matches = security_context.principals(Option(h.kind).getOrElse("*"))
-            if( !matches.isEmpty ) {
+            val value = if( !matches.isEmpty ) {
               h.separator match {
                 case null=>
-                  rc ::= (encode_header(h.name.trim), encode_header(matches.head.getName))
+                  matches.head.getName
                 case separator =>
-                  rc ::= (encode_header(h.name.trim), encode_header(matches.map(_.getName).mkString(separator)))
+                  matches.map(_.getName).mkString(separator)
               }
+            } else {
+              ""
             }
+            rc ::= (encode_header(h.name.trim), encode_header(value))
           }
         }
       }