activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chir...@apache.org
Subject svn commit: r1231207 - in /activemq/activemq-apollo/trunk: apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/ apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/ apollo-stomp/src/main/scala/org/apache/activemq/apol...
Date Fri, 13 Jan 2012 17:50:09 GMT
Author: chirino
Date: Fri Jan 13 17:50:08 2012
New Revision: 1231207

URL: http://svn.apache.org/viewvc?rev=1231207&view=rev
Log:
Fixes APLO-125: Improve client authentication error messages

Modified:
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authenticator.scala
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/JaasAuthenticator.scala
    activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala
    activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
    activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/Support.scala

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authenticator.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authenticator.scala?rev=1231207&r1=1231206&r2=1231207&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authenticator.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/Authenticator.scala
Fri Jan 13 17:50:08 2012
@@ -29,9 +29,10 @@ trait Authenticator {
    * If the authentication succeeds, then the subject and
    * principles fields of the SecurityContext should be populated.
    *
-   * @returns true if the SecurityContext was authenticated.
+   * @returns null if the SecurityContext was authenticated. Otherwise
+   * returns an error message that can be given to a client.
    */
-  def authenticate(ctx:SecurityContext):Boolean @suspendable
+  def authenticate(ctx:SecurityContext):String @suspendable
 
   /**
    * Extracts the user name of the logged in user.

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/JaasAuthenticator.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/JaasAuthenticator.scala?rev=1231207&r1=1231206&r2=1231207&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/JaasAuthenticator.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/JaasAuthenticator.scala
Fri Jan 13 17:50:08 2012
@@ -16,7 +16,6 @@
  */
 package org.apache.activemq.apollo.broker.security
 
-import javax.security.auth.login.LoginContext
 
 import javax.security.auth.callback.Callback
 import javax.security.auth.callback.CallbackHandler
@@ -30,6 +29,8 @@ import org.fusesource.hawtdispatch._
 import org.apache.activemq.apollo.dto.AuthenticationDTO
 import org.apache.activemq.apollo.util.Log
 import collection.JavaConversions._
+import javax.security.auth.login._
+import javax.security.auth.message.AuthException
 
 /**
  * <p>
@@ -78,7 +79,7 @@ class JaasAuthenticator(val config: Auth
     }
   }
 
-  def _authenticate(security_ctx: SecurityContext): Boolean = {
+  def _authenticate(security_ctx: SecurityContext): String = {
     val original = Thread.currentThread().getContextClassLoader()
     Thread.currentThread().setContextClassLoader(getClass.getClassLoader())
     JaasAuthenticator._log.set(log)
@@ -103,12 +104,27 @@ class JaasAuthenticator(val config: Auth
 
       security_ctx.login_context.login()
       security_ctx.subject = security_ctx.login_context.getSubject()
-      true
+      null
+
     } catch {
       case x: Exception =>
+        val (reported, actual) = x match {
+          case x:AccountLockedException =>
+            ("Account locked", "Account locked: "+x.getMessage)
+          case x:AccountExpiredException  =>
+            ("Account expired", "Account expired: "+x.getMessage)
+          case x:CredentialExpiredException  =>
+            ("Creditial expired", "Creditial expired: "+x.getMessage)
+          case x:FailedLoginException  =>
+            ("Authentication failed", "Failed login: "+x.getMessage)
+          case x:AccountNotFoundException  =>
+            ("Authentication failed", "Account not found: "+x.getMessage)
+          case _ =>
+            ("Authentication failed", x.getMessage)
+        }
         security_ctx.login_context = null
-        log.info("authentication failed: local:%s, remote:%s, reason:%s ", security_ctx.local_address,
security_ctx.remote_address, x.getMessage)
-        false
+        log.info("authentication failed: local:%s, remote:%s, reason:%s ", security_ctx.local_address,
security_ctx.remote_address, actual)
+        reported
     } finally {
       JaasAuthenticator._log.remove
       Thread.currentThread().setContextClassLoader(original)

Modified: activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala?rev=1231207&r1=1231206&r2=1231207&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala
Fri Jan 13 17:50:08 2012
@@ -430,8 +430,9 @@ class OpenwireProtocolHandler extends Pr
       reset {
         if( host.authenticator!=null &&  host.authorizer!=null ) {
           suspend_read("authenticating and authorizing connect")
-          if( !host.authenticator.authenticate(security_context) ) {
-            async_die("Authentication failed. Credentials="+security_context.credential_dump)
+          val auth_failure = host.authenticator.authenticate(security_context)
+          if( auth_failure!=null ) {
+            async_die(auth_failure+". Credentials="+security_context.credential_dump)
             noop // to make the cps compiler plugin happy.
           } else if( !host.authorizer.can(security_context, "connect", connection.connector)
) {
             async_die("Not authorized to connect to connector '%s'. Principals=".format(connection.connector.id,
security_context.principal_dump))

Modified: activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala?rev=1231207&r1=1231206&r2=1231207&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
Fri Jan 13 17:50:08 2012
@@ -916,8 +916,9 @@ class StompProtocolHandler extends Proto
         connection_log = host.connection_log
         if( host.authenticator!=null &&  host.authorizer!=null ) {
           suspend_read("authenticating and authorizing connect")
-          if( !host.authenticator.authenticate(security_context) ) {
-            async_die("Authentication failed. Credentials="+security_context.credential_dump)
+          var auth_failure = host.authenticator.authenticate(security_context)
+          if( auth_failure!=null ) {
+            async_die(auth_failure+". Credentials="+security_context.credential_dump)
             noop // to make the cps compiler plugin happy.
           } else if( !host.authorizer.can(security_context, "connect", connection.connector)
) {
             async_die("Not authorized to connect to connector '%s'. Principals=".format(connection.connector.id,
security_context.principal_dump))

Modified: activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/Support.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/Support.scala?rev=1231207&r1=1231206&r2=1231207&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/Support.scala
(original)
+++ activemq/activemq-apollo/trunk/apollo-web/src/main/scala/org/apache/activemq/apollo/web/resources/Support.scala
Fri Jan 13 17:50:08 2012
@@ -251,7 +251,7 @@ abstract class Resource(parent:Resource=
       }
 
       reset {
-        if( authenticator.authenticate(security_context) ) {
+        if( authenticator.authenticate(security_context)==null ) {
           call_func_with_security
         } else {
           func(null)



Mime
View raw message