qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rob...@apache.org
Subject svn commit: r1380016 - in /qpid/trunk/qpid/java: broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/ broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/servlet/rest/ bro...
Date Sun, 02 Sep 2012 18:26:41 GMT
Author: robbie
Date: Sun Sep  2 18:26:40 2012
New Revision: 1380016

URL: http://svn.apache.org/viewvc?rev=1380016&view=rev
Log:
QPID-4253: add configuration for basic-auth on http / https management and set to disabled
/ enabled respectively by default

Added:
    qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/servlet/rest/BasicAuthRestTest.java
Modified:
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
    qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/GroupRestACLTest.java
    qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/UserRestACLTest.java
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java?rev=1380016&r1=1380015&r2=1380016&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
Sun Sep  2 18:26:40 2012
@@ -255,17 +255,18 @@ public abstract class AbstractServlet ex
         {
             String header = request.getHeader("Authorization");
 
-            /*
-             * TODO - Should configure whether basic authentication is allowed... and in
particular whether it
-             * should be allowed over non-ssl connections
-             * */
-
             if (header != null)
             {
                 String[] tokens = header.split("\\s");
                 if(tokens.length >= 2
                         && "BASIC".equalsIgnoreCase(tokens[0]))
                 {
+                    if(!isBasicAuthSupported(request))
+                    {
+                        //TODO: write a return response indicating failure?
+                        throw new IllegalArgumentException("BASIC Authorization is not enabled.");
+                    }
+
                     String[] credentials = (new String(Base64.decodeBase64(tokens[1].getBytes()))).split(":",2);
                     if(credentials.length == 2)
                     {
@@ -299,6 +300,12 @@ public abstract class AbstractServlet ex
         return subject;
     }
 
+    private boolean isBasicAuthSupported(HttpServletRequest req)
+    {
+        return req.isSecure()  ? ApplicationRegistry.getInstance().getConfiguration().getHTTPSManagementBasicAuth()
+                               : ApplicationRegistry.getInstance().getConfiguration().getHTTPManagementBasicAuth();
+    }
+
     private HttpManagementActor getLogActorAndCacheInSession(HttpServletRequest req)
     {
         HttpSession session = req.getSession();

Added: qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/servlet/rest/BasicAuthRestTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/servlet/rest/BasicAuthRestTest.java?rev=1380016&view=auto
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/servlet/rest/BasicAuthRestTest.java
(added)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/servlet/rest/BasicAuthRestTest.java
Sun Sep  2 18:26:40 2012
@@ -0,0 +1,115 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.management.plugin.servlet.rest;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.configuration.ConfigurationException;
+
+public class BasicAuthRestTest extends QpidRestTestCase
+{
+    private static final String TRUSTSTORE = "test-profiles/test_resources/ssl/java_client_truststore.jks";
+    private static final String TRUSTSTORE_PASSWORD = "password";
+    private static final String USERNAME = "admin";
+
+    @Override
+    public void setUp() throws Exception
+    {
+        setSystemProperty("javax.net.debug", "ssl");
+
+        //don't call super method, we will configure the broker in the test before doing
so
+    }
+
+    @Override
+    protected void customizeConfiguration() throws ConfigurationException, IOException
+    {
+        //do nothing, we will configure this locally
+    }
+
+    private void configure(boolean useSsl) throws ConfigurationException, IOException
+    {
+        getRestTestHelper().setUseSsl(useSsl);
+        setConfigurationProperty("management.http.enabled",  String.valueOf(!useSsl));
+        setConfigurationProperty("management.http.port", Integer.toString(getRestTestHelper().getHttpPort()));
+        setConfigurationProperty("management.https.enabled", String.valueOf(useSsl));
+        setConfigurationProperty("management.https.port", Integer.toString(getRestTestHelper().getHttpPort()));
+        setConfigurationProperty("management.enabled", "false"); //JMX
+    }
+
+    private void verifyGetBrokerAttempt(int responseCode) throws IOException
+    {
+        HttpURLConnection conn = getRestTestHelper().openManagementConnection("/rest/broker",
"GET");
+        assertEquals(responseCode, conn.getResponseCode());
+    }
+
+    public void testDefaultEnabledWithHttps() throws Exception
+    {
+        configure(true);
+        super.setUp();
+        setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE);
+        setSystemProperty("javax.net.ssl.trustStorePassword", TRUSTSTORE_PASSWORD);
+
+        // Try the attempt with authentication, it should succeed because
+        // BASIC auth is enabled by default on secure connections.
+        getRestTestHelper().setUsernameAndPassword(USERNAME, USERNAME);
+        verifyGetBrokerAttempt(HttpServletResponse.SC_OK);
+    }
+
+    public void testDefaultDisabledWithHttp() throws Exception
+    {
+        configure(false);
+        super.setUp();
+
+        // Try the attempt with authentication, it should fail because
+        // BASIC auth is disabled by default on non-secure connections.
+        getRestTestHelper().setUsernameAndPassword(USERNAME, USERNAME);
+        verifyGetBrokerAttempt(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+    }
+
+    public void testEnablingForHttp() throws Exception
+    {
+        configure(false);
+        setConfigurationProperty("management.http.basic-auth", "true");
+        super.setUp();
+
+        // Try the attempt with authentication, it should succeed because
+        // BASIC auth is now enabled on non-secure connections.
+        getRestTestHelper().setUsernameAndPassword(USERNAME, USERNAME);
+        verifyGetBrokerAttempt(HttpServletResponse.SC_OK);
+    }
+
+    public void testDisablingForHttps() throws Exception
+    {
+        configure(true);
+        setConfigurationProperty("management.https.basic-auth", "false");
+        super.setUp();
+        setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE);
+        setSystemProperty("javax.net.ssl.trustStorePassword", TRUSTSTORE_PASSWORD);
+
+        // Try the attempt with authentication, it should fail because
+        // BASIC auth is now disabled on secure connections.
+        getRestTestHelper().setUsernameAndPassword(USERNAME, USERNAME);
+        verifyGetBrokerAttempt(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+    }
+}

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/GroupRestACLTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/GroupRestACLTest.java?rev=1380016&r1=1380015&r2=1380016&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/GroupRestACLTest.java
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/GroupRestACLTest.java
Sun Sep  2 18:26:40 2012
@@ -50,6 +50,7 @@ public class GroupRestACLTest extends Qp
     {
         _groupFile = createTemporaryGroupFile();
 
+        setConfigurationProperty("management.http.basic-auth", "true");
         setConfigurationProperty("security.file-group-manager.attributes.attribute.name",
"groupFile");
         setConfigurationProperty("security.file-group-manager.attributes.attribute.value",
_groupFile.getAbsolutePath());
 

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/UserRestACLTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/UserRestACLTest.java?rev=1380016&r1=1380015&r2=1380016&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/UserRestACLTest.java
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/test/java/org/apache/qpid/systest/rest/acl/UserRestACLTest.java
Sun Sep  2 18:26:40 2012
@@ -50,6 +50,7 @@ public class UserRestACLTest extends Qpi
     {
         _groupFile = createTemporaryGroupFile();
 
+        setConfigurationProperty("management.http.basic-auth", "true");
         setConfigurationProperty("security.file-group-manager.attributes.attribute.name",
"groupFile");
         setConfigurationProperty("security.file-group-manager.attributes.attribute.value",
_groupFile.getAbsolutePath());
 

Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java?rev=1380016&r1=1380015&r2=1380016&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
(original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
Sun Sep  2 18:26:40 2012
@@ -585,6 +585,11 @@ public class ServerConfiguration extends
         return getIntValue("management.http.port", DEFAULT_HTTP_MANAGEMENT_PORT);
     }
 
+    public boolean getHTTPManagementBasicAuth()
+    {
+        return getBooleanValue("management.http.basic-auth", false);
+    }
+
     public boolean getHTTPSManagementEnabled()
     {
         return getBooleanValue("management.https.enabled", false);
@@ -595,6 +600,11 @@ public class ServerConfiguration extends
         return getIntValue("management.https.port", DEFAULT_HTTPS_MANAGEMENT_PORT);
     }
 
+    public boolean getHTTPSManagementBasicAuth()
+    {
+        return getBooleanValue("management.https.basic-auth", true);
+    }
+
     public String[] getVirtualHosts()
     {
         return _virtualHosts.keySet().toArray(new String[_virtualHosts.size()]);



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message