You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by lq...@apache.org on 2016/06/02 13:11:26 UTC
svn commit: r1746557 - in /qpid/java/branches/6.0.x: ./
broker-core/src/main/java/org/apache/qpid/server/security/auth/
broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/
broker-core/src/test/java/org/apache/qpid/server/security/au...
Author: lquack
Date: Thu Jun 2 13:11:26 2016
New Revision: 1746557
URL: http://svn.apache.org/viewvc?rev=1746557&view=rev
Log:
QPID-7282: [Java Broker] always send server-final message (if required) to the client on succesful SASL negotiation
merged from trunk using:
$ svn merge -c 1746140,1746273 ^/qpid/java/trunk
conflicts on AMQPConnection_0_8 and AMQPConnection_1_0 were resolved manually
Added:
qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationProviderTest.java
- copied, changed from r1746140, qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationProviderTest.java
Modified:
qpid/java/branches/6.0.x/ (props changed)
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/AuthenticationResult.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationResultTest.java
qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java
qpid/java/branches/6.0.x/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8.java
qpid/java/branches/6.0.x/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/amqp_1_0/transport/ConnectionEndpoint.java
qpid/java/branches/6.0.x/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0.java
Propchange: qpid/java/branches/6.0.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 2 13:11:26 2016
@@ -9,5 +9,5 @@
/qpid/branches/java-broker-vhost-refactor/java:1493674-1494547
/qpid/branches/java-network-refactor/qpid/java:805429-821809
/qpid/branches/qpid-2935/qpid/java:1061302-1072333
-/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722416,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727532,1727555,1727608,1727951,1727954,1728089,1728167,1728302,1728497,1728501,1728524,1728639,1728651,1728772,1729215,1729297,1729347,1729356,1729406,1729408,1729412,1729515,1729638,1729656-1729
657,1729783,1729828,1729832,1729841,1729851,1729886,1729904,1729973,1730019,1730025,1730052,1730072,1730088,1730494,1730499,1730547,1730559,1730567,1730578,1730585,1730651,1730697,1730712-1730713,1730805,1731029,1731110,1731210,1731225,1731444,1731551,1731612,1732184,1732452,1732461,1732525,1732812,1733467,1734452,1736478,1736751,1736838,1737804,1737835,1737853,1737984,1737992,1738119,1738135,1738231,1738271,1738607,1738610,1738731,1738914,1741702,1742257,1742284,1742544,1742900,1742926,1743161,1743228,1743383,1743982,1744012-1744013,1744046,1744123,1744157,1744276,1744403,1745424,1745450
+/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722416,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727532,1727555,1727608,1727951,1727954,1728089,1728167,1728302,1728497,1728501,1728524,1728639,1728651,1728772,1729215,1729297,1729347,1729356,1729406,1729408,1729412,1729515,1729638,1729656-1729
657,1729783,1729828,1729832,1729841,1729851,1729886,1729904,1729973,1730019,1730025,1730052,1730072,1730088,1730494,1730499,1730547,1730559,1730567,1730578,1730585,1730651,1730697,1730712-1730713,1730805,1731029,1731110,1731210,1731225,1731444,1731551,1731612,1732184,1732452,1732461,1732525,1732812,1733467,1734452,1736478,1736751,1736838,1737804,1737835,1737853,1737984,1737992,1738119,1738135,1738231,1738271,1738607,1738610,1738731,1738914,1741702,1742257,1742284,1742544,1742900,1742926,1743161,1743228,1743383,1743982,1744012-1744013,1744046,1744123,1744157,1744276,1744403,1745424,1745450,1746140,1746273
/qpid/trunk/qpid:796646-796653
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/AuthenticationResult.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/AuthenticationResult.java?rev=1746557&r1=1746556&r2=1746557&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/AuthenticationResult.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/AuthenticationResult.java Thu Jun 2 13:11:26 2016
@@ -72,10 +72,15 @@ public class AuthenticationResult
public AuthenticationResult(Principal mainPrincipal)
{
- this(mainPrincipal, Collections.<Principal>emptySet());
+ this(mainPrincipal, null);
}
- public AuthenticationResult(Principal mainPrincipal, Set<Principal> otherPrincipals)
+ public AuthenticationResult(Principal mainPrincipal, byte[] challenge)
+ {
+ this(mainPrincipal, Collections.<Principal>emptySet(), challenge);
+ }
+
+ public AuthenticationResult(Principal mainPrincipal, Set<Principal> otherPrincipals, byte[] challenge)
{
AuthenticatedPrincipal specialQpidAuthenticatedPrincipal = new AuthenticatedPrincipal(mainPrincipal);
_principals.addAll(otherPrincipals);
@@ -84,7 +89,7 @@ public class AuthenticationResult
_mainPrincipal = mainPrincipal;
_status = AuthenticationStatus.SUCCESS;
- _challenge = null;
+ _challenge = challenge;
_cause = null;
}
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java?rev=1746557&r1=1746556&r2=1746557&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java Thu Jun 2 13:11:26 2016
@@ -93,7 +93,7 @@ public class AnonymousAuthenticationMana
}
else
{
- return new AuthenticationResult(challenge, AuthenticationResult.AuthenticationStatus.CONTINUE);
+ return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
}
}
catch (SaslException e)
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java?rev=1746557&r1=1746556&r2=1746557&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java Thu Jun 2 13:11:26 2016
@@ -221,10 +221,10 @@ public abstract class ConfigModelPasswor
// Process response from the client
byte[] challenge = server.evaluateResponse(response != null ? response : new byte[0]);
- if (server.isComplete() && (challenge == null || challenge.length == 0))
+ if (server.isComplete())
{
final String userId = server.getAuthorizationID();
- return new AuthenticationResult(new UsernamePrincipal(userId));
+ return new AuthenticationResult(new UsernamePrincipal(userId), challenge);
}
else
{
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java?rev=1746557&r1=1746556&r2=1746557&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java Thu Jun 2 13:11:26 2016
@@ -83,7 +83,7 @@ public class KerberosAuthenticationManag
if (server.isComplete())
{
- return new AuthenticationResult(new UsernamePrincipal(server.getAuthorizationID()));
+ return new AuthenticationResult(new UsernamePrincipal(server.getAuthorizationID()), challenge);
}
else
{
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java?rev=1746557&r1=1746556&r2=1746557&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java Thu Jun 2 13:11:26 2016
@@ -210,13 +210,12 @@ public abstract class PrincipalDatabaseA
{
try
{
- // Process response from the client
byte[] challenge = server.evaluateResponse(response != null ? response : new byte[0]);
if (server.isComplete())
{
final String userId = server.getAuthorizationID();
- return new AuthenticationResult(new UsernamePrincipal(userId));
+ return new AuthenticationResult(new UsernamePrincipal(userId), challenge);
}
else
{
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java?rev=1746557&r1=1746556&r2=1746557&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java Thu Jun 2 13:11:26 2016
@@ -136,7 +136,7 @@ public class SimpleAuthenticationManager
String authorizationID = server.getAuthorizationID();
_logger.debug("Authenticated as " + authorizationID);
- return new AuthenticationResult(new UsernamePrincipal(authorizationID));
+ return new AuthenticationResult(new UsernamePrincipal(authorizationID), challenge);
}
else
{
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java?rev=1746557&r1=1746556&r2=1746557&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java Thu Jun 2 13:11:26 2016
@@ -239,7 +239,7 @@ public class SimpleLDAPAuthenticationMan
String authorizationID = server.getAuthorizationID();
_logger.debug("Authenticated as {}", authorizationID);
- return new AuthenticationResult(new UsernamePrincipal(authorizationID));
+ return new AuthenticationResult(new UsernamePrincipal(authorizationID), challenge);
}
else
{
Copied: qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationProviderTest.java (from r1746140, qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationProviderTest.java)
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationProviderTest.java?p2=qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationProviderTest.java&p1=qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationProviderTest.java&r1=1746140&r2=1746557&rev=1746557&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationProviderTest.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationProviderTest.java Thu Jun 2 13:11:26 2016
@@ -19,12 +19,8 @@
package org.apache.qpid.server.security.auth;
-import static org.mockito.Matchers.any;
-import static org.mockito.Mockito.mock;
-
import java.io.File;
import java.util.Arrays;
-import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
@@ -33,12 +29,23 @@ import java.util.Map;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
-import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.AuthenticationProvider;
-import org.apache.qpid.server.security.auth.manager.*;
-import org.apache.qpid.server.security.auth.manager.oauth2.OAuth2AuthenticationProvider;
-import org.apache.qpid.server.security.auth.manager.oauth2.OAuth2AuthenticationProviderImplFactory;
-import org.apache.qpid.server.security.auth.manager.oauth2.OAuth2IdentityResolverService;
+import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.security.auth.manager.Base64MD5PasswordDatabaseAuthenticationManager;
+import org.apache.qpid.server.security.auth.manager.Base64MD5PasswordDatabaseAuthenticationManagerFactory;
+import org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManager;
+import org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManagerFactory;
+import org.apache.qpid.server.security.auth.manager.MD5AuthenticationProvider;
+import org.apache.qpid.server.security.auth.manager.MD5AuthenticationProviderFactory;
+import org.apache.qpid.server.security.auth.manager.PlainAuthenticationProvider;
+import org.apache.qpid.server.security.auth.manager.PlainAuthenticationProviderFactory;
+import org.apache.qpid.server.security.auth.manager.PlainPasswordDatabaseAuthenticationManager;
+import org.apache.qpid.server.security.auth.manager.PlainPasswordDatabaseAuthenticationManagerFactory;
+import org.apache.qpid.server.security.auth.manager.ScramSHA1AuthenticationManager;
+import org.apache.qpid.server.security.auth.manager.ScramSHA1AuthenticationManagerFactory;
+import org.apache.qpid.server.security.auth.manager.ScramSHA256AuthenticationManager;
+import org.apache.qpid.server.security.auth.manager.ScramSHA256AuthenticationManagerFactory;
+import org.apache.qpid.server.security.auth.manager.SimpleAuthenticationManager;
import org.apache.qpid.server.util.BrokerTestHelper;
import org.apache.qpid.test.utils.QpidTestCase;
import org.apache.qpid.test.utils.TestFileUtils;
@@ -114,15 +121,9 @@ public class AuthenticationProviderTest
AuthenticationResult result = authenticationProvider.authenticate(saslServer, new byte[1]);
assertEquals("Unexpected authentication status " + authenticationProvider,
- AuthenticationResult.AuthenticationStatus.CONTINUE,
- result.getStatus());
- assertTrue("Unexpected challenge " + authenticationProvider, Arrays.equals(new byte[1], result.getChallenge()));
-
- result = authenticationProvider.authenticate(saslServer, new byte[1]);
- assertEquals("Unexpected authentication status for " + authenticationProvider,
AuthenticationResult.AuthenticationStatus.SUCCESS,
result.getStatus());
- assertNull("Unexpected challenge " + authenticationProvider, result.getChallenge());
+ assertTrue("Unexpected challenge " + authenticationProvider, Arrays.equals(new byte[1], result.getChallenge()));
}
Modified: qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationResultTest.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationResultTest.java?rev=1746557&r1=1746556&r2=1746557&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationResultTest.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/AuthenticationResultTest.java Thu Jun 2 13:11:26 2016
@@ -87,7 +87,7 @@ public class AuthenticationResultTest ex
Principal secondaryPrincipal = mock(Principal.class);
Set<Principal> secondaryPrincipals = Collections.singleton(secondaryPrincipal);
- AuthenticationResult authenticationResult = new AuthenticationResult(mainPrincipal, secondaryPrincipals);
+ AuthenticationResult authenticationResult = new AuthenticationResult(mainPrincipal, secondaryPrincipals, null);
assertOnlyContainsWrappedAndSecondaryPrincipals(mainPrincipal, secondaryPrincipals, authenticationResult.getPrincipals());
assertSame(AuthenticationResult.AuthenticationStatus.SUCCESS, authenticationResult.getStatus());
@@ -103,7 +103,7 @@ public class AuthenticationResultTest ex
Set<Principal> deDuplicatedSecondaryPrincipals = Collections.singleton(secondaryPrincipal);
AuthenticationResult authenticationResult = new AuthenticationResult(
- mainPrincipal, secondaryPrincipalsContainingDuplicateOfMainPrincipal);
+ mainPrincipal, secondaryPrincipalsContainingDuplicateOfMainPrincipal, null);
assertOnlyContainsWrappedAndSecondaryPrincipals(mainPrincipal, deDuplicatedSecondaryPrincipals, authenticationResult.getPrincipals());
Modified: qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java?rev=1746557&r1=1746556&r2=1746557&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java (original)
+++ qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java Thu Jun 2 13:11:26 2016
@@ -79,6 +79,7 @@ public class ServerConnectionDelegate ex
}
private volatile ConnectionState _state = ConnectionState.INIT;
+ private volatile SubjectAuthenticationResult _successfulAuthenticationResult;
public ServerConnectionDelegate(Broker<?> broker, String localFQDN, SubjectCreator subjectCreator)
@@ -185,13 +186,28 @@ public class ServerConnectionDelegate ex
protected void secure(final SaslServer ss, final Connection conn, final byte[] response)
{
final ServerConnection sconn = (ServerConnection) conn;
- final SubjectAuthenticationResult authResult = _subjectCreator.authenticate(ss, response);
+ SubjectAuthenticationResult authResult = _successfulAuthenticationResult;
+ byte[] challenge = null;
+ if (authResult == null)
+ {
+ authResult = _subjectCreator.authenticate(ss, response);
+ challenge = authResult.getChallenge();
+ }
if (AuthenticationStatus.SUCCESS.equals(authResult.getStatus()))
{
- tuneAuthorizedConnection(sconn);
- sconn.setAuthorizedSubject(authResult.getSubject());
- _state = ConnectionState.AWAIT_TUNE_OK;
+ _successfulAuthenticationResult = authResult;
+ if (challenge == null || challenge.length == 0)
+ {
+ tuneAuthorizedConnection(sconn);
+ sconn.setAuthorizedSubject(authResult.getSubject());
+ _state = ConnectionState.AWAIT_TUNE_OK;
+ }
+ else
+ {
+ connectionAuthContinue(sconn, authResult.getChallenge());
+ _state = ConnectionState.AWAIT_SECURE_OK;
+ }
}
else if (AuthenticationStatus.CONTINUE.equals(authResult.getStatus()))
{
Modified: qpid/java/branches/6.0.x/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8.java?rev=1746557&r1=1746556&r2=1746557&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8.java (original)
+++ qpid/java/branches/6.0.x/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8.java Thu Jun 2 13:11:26 2016
@@ -174,6 +174,7 @@ public class AMQPConnection_0_8
private final int _binaryDataLimit;
private final long _maxMessageSize;
private volatile boolean _transportBlockedForWriting;
+ private volatile SubjectAuthenticationResult _successfulAuthenticationResult;
public AMQPConnection_0_8(Broker<?> broker,
ServerNetworkConnection network,
@@ -1124,8 +1125,6 @@ public class AMQPConnection_0_8
assertState(ConnectionState.AWAIT_SECURE_OK);
- Broker<?> broker = getBroker();
-
SubjectCreator subjectCreator = getSubjectCreator();
SaslServer ss = getSaslServer();
@@ -1133,44 +1132,7 @@ public class AMQPConnection_0_8
{
sendConnectionClose(AMQConstant.INTERNAL_ERROR, "No SASL context set up in connection", 0);
}
- MethodRegistry methodRegistry = getMethodRegistry();
- SubjectAuthenticationResult authResult = subjectCreator.authenticate(ss, response);
- switch (authResult.getStatus())
- {
- case ERROR:
- Exception cause = authResult.getCause();
-
- _logger.debug("Authentication failed: {}", (cause == null ? "" : cause.getMessage()));
-
- sendConnectionClose(AMQConstant.NOT_ALLOWED, "Authentication failed", 0);
-
- disposeSaslServer();
- break;
- case SUCCESS:
- _logger.debug("Connected as: {} ", authResult.getSubject());
-
- int frameMax = getDefaultMaxFrameSize();
-
- if (frameMax <= 0)
- {
- frameMax = Integer.MAX_VALUE;
- }
-
- ConnectionTuneBody tuneBody =
- methodRegistry.createConnectionTuneBody(broker.getConnection_sessionCountLimit(),
- frameMax,
- broker.getConnection_heartBeatDelay());
- writeFrame(tuneBody.generateFrame(0));
- _state = ConnectionState.AWAIT_TUNE_OK;
- setAuthorizedSubject(authResult.getSubject());
- disposeSaslServer();
- break;
- case CONTINUE:
-
- ConnectionSecureBody
- secureBody = methodRegistry.createConnectionSecureBody(authResult.getChallenge());
- writeFrame(secureBody.generateFrame(0));
- }
+ processSaslResponse(response, subjectCreator, ss);
}
@@ -1212,8 +1174,6 @@ public class AMQPConnection_0_8
assertState(ConnectionState.AWAIT_START_OK);
- Broker<?> broker = getBroker();
-
_logger.debug("SASL Mechanism selected: {} Locale : {}", mechanism, locale);
SubjectCreator subjectCreator = getSubjectCreator();
@@ -1236,57 +1196,84 @@ public class AMQPConnection_0_8
setSaslServer(ss);
- final SubjectAuthenticationResult authResult = subjectCreator.authenticate(ss, response);
+ processSaslResponse(response, subjectCreator, ss);
+ }
+ }
+ catch (SaslException e)
+ {
+ disposeSaslServer();
+ sendConnectionClose(AMQConstant.INTERNAL_ERROR, "SASL error: " + e, 0);
+ }
+ }
- MethodRegistry methodRegistry = getMethodRegistry();
+ private void processSaslResponse(final byte[] response,
+ final SubjectCreator subjectCreator,
+ final SaslServer ss)
+ {
+ MethodRegistry methodRegistry = getMethodRegistry();
+ SubjectAuthenticationResult authResult = _successfulAuthenticationResult;
+ byte[] challenge = null;
+ if (authResult == null)
+ {
+ authResult = subjectCreator.authenticate(ss, response);
+ challenge = authResult.getChallenge();
+ }
+
+ switch (authResult.getStatus())
+ {
+ case ERROR:
+ Exception cause = authResult.getCause();
- switch (authResult.getStatus())
+ _logger.debug("Authentication failed: {}", (cause == null ? "" : cause.getMessage()));
+
+ sendConnectionClose(AMQConstant.NOT_ALLOWED, "Authentication failed", 0);
+
+ disposeSaslServer();
+ break;
+
+ case SUCCESS:
+ _successfulAuthenticationResult = authResult;
+ if (challenge == null || challenge.length == 0)
{
- case ERROR:
- Exception cause = authResult.getCause();
+ _logger.debug("Connected as: {}", authResult.getSubject());
+ setAuthorizedSubject(authResult.getSubject());
- _logger.debug("Authentication failed: {}", (cause == null ? "" : cause.getMessage()));
+ int frameMax = getDefaultMaxFrameSize();
- sendConnectionClose(AMQConstant.NOT_ALLOWED, "Authentication failed", 0);
+ if (frameMax <= 0)
+ {
+ frameMax = Integer.MAX_VALUE;
+ }
- disposeSaslServer();
- break;
-
- case SUCCESS:
- _logger.debug("Connected as: {}", authResult.getSubject());
- setAuthorizedSubject(authResult.getSubject());
-
- int frameMax = getDefaultMaxFrameSize();
-
- if (frameMax <= 0)
- {
- frameMax = Integer.MAX_VALUE;
- }
-
- ConnectionTuneBody
- tuneBody =
- methodRegistry.createConnectionTuneBody(broker.getConnection_sessionCountLimit(),
- frameMax,
- broker.getConnection_heartBeatDelay());
- writeFrame(tuneBody.generateFrame(0));
- _state = ConnectionState.AWAIT_TUNE_OK;
- break;
- case CONTINUE:
- ConnectionSecureBody
- secureBody = methodRegistry.createConnectionSecureBody(authResult.getChallenge());
- writeFrame(secureBody.generateFrame(0));
+ Broker<?> broker = getBroker();
- _state = ConnectionState.AWAIT_SECURE_OK;
+ ConnectionTuneBody tuneBody =
+ methodRegistry.createConnectionTuneBody(broker.getConnection_sessionCountLimit(),
+ frameMax,
+ broker.getConnection_heartBeatDelay());
+ writeFrame(tuneBody.generateFrame(0));
+ _state = ConnectionState.AWAIT_TUNE_OK;
+ disposeSaslServer();
}
- }
- }
- catch (SaslException e)
- {
- disposeSaslServer();
- sendConnectionClose(AMQConstant.INTERNAL_ERROR, "SASL error: " + e, 0);
+ else
+ {
+ continueSaslNegotiation(challenge);
+ }
+ break;
+ case CONTINUE:
+ continueSaslNegotiation(challenge);
+ break;
}
}
+ private void continueSaslNegotiation(final byte[] challenge)
+ {
+ ConnectionSecureBody secureBody = getMethodRegistry().createConnectionSecureBody(challenge);
+ writeFrame(secureBody.generateFrame(0));
+
+ _state = ConnectionState.AWAIT_SECURE_OK;
+ }
+
@Override
public void receiveConnectionTuneOk(final int channelMax, final long frameMax, final int heartbeat)
{
Modified: qpid/java/branches/6.0.x/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/amqp_1_0/transport/ConnectionEndpoint.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/amqp_1_0/transport/ConnectionEndpoint.java?rev=1746557&r1=1746556&r2=1746557&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/amqp_1_0/transport/ConnectionEndpoint.java (original)
+++ qpid/java/branches/6.0.x/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/amqp_1_0/transport/ConnectionEndpoint.java Thu Jun 2 13:11:26 2016
@@ -77,6 +77,9 @@ import org.apache.qpid.amqp_1_0.type.tra
import org.apache.qpid.amqp_1_0.type.transport.Open;
import org.apache.qpid.amqp_1_0.type.transport.Transfer;
import org.apache.qpid.bytebuffer.QpidByteBuffer;
+import org.apache.qpid.server.security.SubjectCreator;
+import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
public class ConnectionEndpoint implements DescribedTypeConstructorRegistry.Source, ValueWriter.Registry.Source,
@@ -138,6 +141,8 @@ public class ConnectionEndpoint implemen
private Runnable _onSaslCompleteTask;
+ private volatile SubjectAuthenticationResult _successfulAuthenticationResult;
+ private SubjectCreator _subjectCreator;
private SaslServerProvider _saslServerProvider;
private SaslServer _saslServer;
private boolean _authenticated;
@@ -154,10 +159,11 @@ public class ConnectionEndpoint implemen
private Map _remoteProperties;
private long _desiredIdleTimeout;
- public ConnectionEndpoint(Container container, SaslServerProvider cbs)
+ public ConnectionEndpoint(Container container, SaslServerProvider cbs, final SubjectCreator subjectCreator)
{
_container = container;
_saslServerProvider = cbs;
+ _subjectCreator = subjectCreator;
_requiresSASLClient = false;
_requiresSASLServer = cbs != null;
}
@@ -908,11 +914,28 @@ public class ConnectionEndpoint implemen
try
{
_saslServer = _saslServerProvider.getSaslServer(mechanism, "localhost");
+ processSaslResponse(response);
+ }
+ catch (SaslException e)
+ {
+ handleSaslError();
+ }
+ }
- // Process response from the client
- byte[] challenge = _saslServer.evaluateResponse(response != null ? response : new byte[0]);
+ private void processSaslResponse(final byte[] response)
+ {
+ byte[] challenge = null;
+ SubjectAuthenticationResult authenticationResult = _successfulAuthenticationResult;
+ if (authenticationResult == null)
+ {
+ authenticationResult = _subjectCreator.authenticate(_saslServer, response != null ? response : new byte[0]);
+ challenge = authenticationResult.getChallenge();
+ }
- if (_saslServer.isComplete())
+ if (authenticationResult.getStatus() == AuthenticationResult.AuthenticationStatus.SUCCESS)
+ {
+ _successfulAuthenticationResult = authenticationResult;
+ if (challenge == null || challenge.length == 0)
{
SaslOutcome outcome = new SaslOutcome();
@@ -930,33 +953,44 @@ public class ConnectionEndpoint implemen
{
_onSaslCompleteTask.run();
}
-
}
else
{
- SaslChallenge challengeBody = new SaslChallenge();
- challengeBody.setChallenge(new Binary(challenge));
- _saslFrameOutput.send(new SASLFrame(challengeBody), null);
-
+ continueSaslNegotiation(challenge);
}
}
- catch (SaslException e)
+ else if (authenticationResult.getStatus() == AuthenticationResult.AuthenticationStatus.CONTINUE)
{
- SaslOutcome outcome = new SaslOutcome();
+ continueSaslNegotiation(challenge);
+ }
+ else
+ {
+ handleSaslError();
+ }
+ }
- outcome.setCode(SaslCode.AUTH);
- _saslFrameOutput.send(new SASLFrame(outcome), null);
- synchronized (getLock())
- {
- _saslComplete = true;
- _authenticated = false;
- getLock().notifyAll();
- }
- if (_onSaslCompleteTask != null)
- {
- _onSaslCompleteTask.run();
- }
+ private void continueSaslNegotiation(final byte[] challenge)
+ {
+ SaslChallenge challengeBody = new SaslChallenge();
+ challengeBody.setChallenge(new Binary(challenge));
+ _saslFrameOutput.send(new SASLFrame(challengeBody), null);
+ }
+ private void handleSaslError()
+ {
+ SaslOutcome outcome = new SaslOutcome();
+
+ outcome.setCode(SaslCode.AUTH);
+ _saslFrameOutput.send(new SASLFrame(outcome), null);
+ synchronized (getLock())
+ {
+ _saslComplete = true;
+ _authenticated = false;
+ getLock().notifyAll();
+ }
+ if (_onSaslCompleteTask != null)
+ {
+ _onSaslCompleteTask.run();
}
}
@@ -1043,58 +1077,7 @@ public class ConnectionEndpoint implemen
final Binary responseBinary = saslResponse.getResponse();
byte[] response = responseBinary == null ? new byte[0] : responseBinary.getArray();
-
- try
- {
-
- // Process response from the client
- byte[] challenge = _saslServer.evaluateResponse(response != null ? response : new byte[0]);
-
- if (_saslServer.isComplete())
- {
- SaslOutcome outcome = new SaslOutcome();
-
- outcome.setCode(SaslCode.OK);
- _saslFrameOutput.send(new SASLFrame(outcome), null);
- synchronized (getLock())
- {
- _saslComplete = true;
- _authenticated = true;
- _user = _saslServerProvider.getAuthenticatedPrincipal(_saslServer);
- getLock().notifyAll();
- }
- if (_onSaslCompleteTask != null)
- {
- _onSaslCompleteTask.run();
- }
-
- }
- else
- {
- SaslChallenge challengeBody = new SaslChallenge();
- challengeBody.setChallenge(new Binary(challenge));
- _saslFrameOutput.send(new SASLFrame(challengeBody), null);
-
- }
- }
- catch (SaslException e)
- {
- SaslOutcome outcome = new SaslOutcome();
-
- outcome.setCode(SaslCode.AUTH);
- _saslFrameOutput.send(new SASLFrame(outcome), null);
- synchronized (getLock())
- {
- _saslComplete = true;
- _authenticated = false;
- getLock().notifyAll();
- }
- if (_onSaslCompleteTask != null)
- {
- _onSaslCompleteTask.run();
- }
-
- }
+ processSaslResponse(response);
}
public void receiveSaslOutcome(final SaslOutcome saslOutcome)
Modified: qpid/java/branches/6.0.x/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0.java?rev=1746557&r1=1746556&r2=1746557&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0.java (original)
+++ qpid/java/branches/6.0.x/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0.java Thu Jun 2 13:11:26 2016
@@ -185,7 +185,7 @@ public class AMQPConnection_1_0 extends
SubjectCreator subjectCreator = port.getAuthenticationProvider().getSubjectCreator(transport.isSecure());
final ConnectionEndpoint endpoint =
- new ConnectionEndpoint(container, useSASL ? asSaslServerProvider(subjectCreator, network) : null);
+ new ConnectionEndpoint(container, useSASL ? asSaslServerProvider(subjectCreator, network) : null, subjectCreator);
endpoint.setLogger(new ConnectionEndpoint.FrameReceiptLogger()
{
@Override
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org