qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rob...@apache.org
Subject svn commit: r1463192 - in /qpid/branches/0.22/qpid/java: ./ amqp-1-0-client-jms/ amqp-1-0-client/ amqp-1-0-common/ broker/ broker/bin/ broker/src/main/java/org/apache/qpid/server/message/ broker/src/main/java/org/apache/qpid/server/protocol/ broker/src...
Date Mon, 01 Apr 2013 16:30:26 GMT
Author: robbie
Date: Mon Apr  1 16:30:25 2013
New Revision: 1463192

URL: http://svn.apache.org/r1463192
Log:
QPID-4676: change External auth provider to create usernames of the form <CN>@<DC1>.<DC2>....<DCN>
by default

- Allows for use of SSL Client Authentication in manner more consistent with the C++ broker
- Adds 'useFullDN' attribute to the auth provider to allow enabling use of the old behaviour

Based on patch from Jakub Scholz, with some updates from me.

merged from trunk r1463074

Added:
    qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationProviderAttributeDescriptions.properties
      - copied unchanged from r1463074, qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationProviderAttributeDescriptions.properties
Modified:
    qpid/branches/0.22/qpid/java/   (props changed)
    qpid/branches/0.22/qpid/java/amqp-1-0-client/   (props changed)
    qpid/branches/0.22/qpid/java/amqp-1-0-client-jms/   (props changed)
    qpid/branches/0.22/qpid/java/amqp-1-0-common/   (props changed)
    qpid/branches/0.22/qpid/java/broker/   (props changed)
    qpid/branches/0.22/qpid/java/broker/bin/   (props changed)
    qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/message/MessageMetaData_1_0.java
  (props changed)
    qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0.java
  (props changed)
    qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0_SASL.java
  (props changed)
    qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/v1_0/
  (props changed)
    qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/queue/   (props
changed)
    qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java
    qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerFactory.java
    qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java
    qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/
  (props changed)
    qpid/branches/0.22/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java
    qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/LoggingManagement.java
  (props changed)
    qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedBroker.java
  (props changed)
    qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedConnection.java
  (props changed)
    qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedExchange.java
  (props changed)
    qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedQueue.java
  (props changed)
    qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/UserManagement.java
  (props changed)
    qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanAttribute.java
  (props changed)
    qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanConstructor.java
  (props changed)
    qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanDescription.java
  (props changed)
    qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanOperation.java
  (props changed)
    qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanOperationParameter.java
  (props changed)
    qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/server/SupportedProtocolVersionsTest.java
  (props changed)
    qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java
  (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/CPPExcludes   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/Excludes   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/JavaBDBExcludes   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/JavaExcludes   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/JavaPre010Excludes   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/JavaTransientExcludes   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/XAExcludes   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/cpp.async.testprofile   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/cpp.cluster.testprofile   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/cpp.noprefetch.testprofile   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/cpp.ssl.excludes   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/cpp.ssl.testprofile   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/cpp.testprofile   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/java-bdb-spawn.0-9-1.testprofile   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/java-bdb.0-9-1.testprofile   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/java-dby.0-9-1.testprofile   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/java-mms-spawn.0-10.testprofile   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/java-mms.0-9-1.testprofile   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/log4j-test.xml   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/test-provider.properties   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/test_resources/   (props changed)
    qpid/branches/0.22/qpid/java/test-profiles/testprofile.defaults   (props changed)

Propchange: qpid/branches/0.22/qpid/java/
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java:r1463074

Propchange: qpid/branches/0.22/qpid/java/amqp-1-0-client/
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/amqp-1-0-client:r1463074

Propchange: qpid/branches/0.22/qpid/java/amqp-1-0-client-jms/
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/amqp-1-0-client-jms:r1463074

Propchange: qpid/branches/0.22/qpid/java/amqp-1-0-common/
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/amqp-1-0-common:r1463074

Propchange: qpid/branches/0.22/qpid/java/broker/
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/broker:r1463074

Propchange: qpid/branches/0.22/qpid/java/broker/bin/
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/broker/bin:r1463074

Propchange: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/message/MessageMetaData_1_0.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/message/MessageMetaData_1_0.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0_SASL.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0_SASL.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/v1_0/
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/v1_0:r1463074

Propchange: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/queue/
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/queue:r1463074

Modified: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java?rev=1463192&r1=1463191&r2=1463192&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java
(original)
+++ qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java
Mon Apr  1 16:30:25 2013
@@ -31,8 +31,11 @@ public class ExternalAuthenticationManag
 {
     private static final String EXTERNAL = "EXTERNAL";
 
-    ExternalAuthenticationManager()
+    private boolean _useFullDN = false;
+
+    ExternalAuthenticationManager(boolean useFullDN)
     {
+        _useFullDN = useFullDN;
     }
 
     @Override
@@ -52,7 +55,7 @@ public class ExternalAuthenticationManag
     {
         if(EXTERNAL.equals(mechanism))
         {
-            return new ExternalSaslServer(externalPrincipal);
+            return new ExternalSaslServer(externalPrincipal, _useFullDN);
         }
         else
         {

Modified: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerFactory.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerFactory.java?rev=1463192&r1=1463191&r2=1463192&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerFactory.java
(original)
+++ qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerFactory.java
Mon Apr  1 16:30:25 2013
@@ -19,22 +19,32 @@
  */
 package org.apache.qpid.server.security.auth.manager;
 
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Map;
 
 import org.apache.qpid.server.plugin.AuthenticationManagerFactory;
+import org.apache.qpid.server.util.ResourceBundleLoader;
 
 public class ExternalAuthenticationManagerFactory implements AuthenticationManagerFactory
 {
+    public static final String RESOURCE_BUNDLE = "org.apache.qpid.server.security.auth.manager.ExternalAuthenticationProviderAttributeDescriptions";
     public static final String PROVIDER_TYPE = "External";
+    public static final String ATTRIBUTE_USE_FULL_DN = "useFullDN";
+
+    public static final Collection<String> ATTRIBUTES = Collections.<String>
unmodifiableList(Arrays.asList(
+            ATTRIBUTE_TYPE,
+            ATTRIBUTE_USE_FULL_DN));
 
     @Override
     public AuthenticationManager createInstance(Map<String, Object> attributes)
     {
         if (attributes != null && PROVIDER_TYPE.equals(attributes.get(ATTRIBUTE_TYPE)))
         {
-            return new ExternalAuthenticationManager();
+            boolean useFullDN = Boolean.valueOf(String.valueOf(attributes.get(ATTRIBUTE_USE_FULL_DN)));
+
+            return new ExternalAuthenticationManager(useFullDN);
         }
         return null;
     }
@@ -42,7 +52,7 @@ public class ExternalAuthenticationManag
     @Override
     public Collection<String> getAttributeNames()
     {
-        return Collections.<String>singletonList(ATTRIBUTE_TYPE);
+        return ATTRIBUTES;
     }
 
     @Override
@@ -54,7 +64,7 @@ public class ExternalAuthenticationManag
     @Override
     public Map<String, String> getAttributeDescriptions()
     {
-        return null;
+        return ResourceBundleLoader.getResources(RESOURCE_BUNDLE);
     }
 
 }

Modified: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java?rev=1463192&r1=1463191&r2=1463192&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java
(original)
+++ qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java
Mon Apr  1 16:30:25 2013
@@ -19,19 +19,27 @@
 package org.apache.qpid.server.security.auth.sasl.external;
 
 import java.security.Principal;
+
+import javax.security.auth.x500.X500Principal;
 import javax.security.sasl.SaslException;
 import javax.security.sasl.SaslServer;
 
+import org.apache.log4j.Logger;
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
 
 public class ExternalSaslServer implements SaslServer
 {
+    private static final Logger LOGGER = Logger.getLogger(ExternalSaslServer.class);
+
     public static final String MECHANISM = "EXTERNAL";
 
     private boolean _complete = false;
     private final Principal _externalPrincipal;
+    private boolean _useFullDN = false;
 
-    public ExternalSaslServer(Principal externalPrincipal)
+    public ExternalSaslServer(Principal externalPrincipal, boolean useFullDN)
     {
+        _useFullDN = useFullDN;
         _externalPrincipal = externalPrincipal;
     }
 
@@ -77,6 +85,83 @@ public class ExternalSaslServer implemen
 
     public Principal getAuthenticatedPrincipal()
     {
-        return _externalPrincipal;
+        if (_externalPrincipal instanceof X500Principal && !_useFullDN)
+        {
+            // Construct username as <CN>@<DC1>.<DC2>.<DC3>....<DCN>
+
+            String username;
+            String dn = ((X500Principal) _externalPrincipal).getName(X500Principal.RFC2253);
+
+            if(LOGGER.isDebugEnabled())
+            {
+                LOGGER.debug("Parsing username from Principal DN: " + dn);
+            }
+
+            if (dn.contains("CN="))
+            {
+                username = dn.substring(dn.indexOf("CN=") + 3, (dn.indexOf(",", dn.indexOf("CN="))
!= -1) ? dn.indexOf(",", dn.indexOf("CN=")) : dn.length());
+
+                if (username.isEmpty())
+                {
+                    // CN is empty => Cannot construct username => Authentication failed
=> return null
+                    if(LOGGER.isDebugEnabled())
+                    {
+                        LOGGER.debug("CN value was empty in Principal name, unable to construct
username");
+                    }
+                    return null;
+                }
+                else
+                {
+                    if (dn.contains("DC="))
+                    {
+                        int start = 0;
+                        String dc = "";
+
+                        while (dn.indexOf("DC=", start) != -1)
+                        {
+                            int dcStart = dn.indexOf("DC=", start) + 3;
+                            int dcEnd = (dn.indexOf(",", dn.indexOf("DC=", start)) != -1)
? dn.indexOf(",", dn.indexOf("DC=", start)) : dn.length();
+
+                            if (dc.isEmpty())
+                            {
+                                dc = dn.substring(dcStart, dcEnd);
+                            }
+                            else
+                            {
+                                dc = dc.concat(".").concat(dn.substring(dcStart, dcEnd));
+                            }
+
+                            start = dn.indexOf("DC=", start) + 1;
+                        }
+
+                        username = username.concat("@").concat(dc);
+                    }
+                }
+
+                if(LOGGER.isDebugEnabled())
+                {
+                    LOGGER.debug("Constructing Principal with username: " + username);
+                }
+                return new UsernamePrincipal(username);
+            }
+            else
+            {
+                // No CN => Cannot construct username => Authentication failed =>
return null
+                if(LOGGER.isDebugEnabled())
+                {
+                    LOGGER.debug("No CN= present in DN, unable to construct username");
+                }
+                return null;
+            }
+        }
+        else
+        {
+            if(LOGGER.isDebugEnabled())
+            {
+                LOGGER.debug("Using external Principal: " + _externalPrincipal);
+            }
+
+            return _externalPrincipal;
+        }
     }
 }
\ No newline at end of file

Propchange: qpid/branches/0.22/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost:r1463074

Modified: qpid/branches/0.22/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.22/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java?rev=1463192&r1=1463191&r2=1463192&view=diff
==============================================================================
--- qpid/branches/0.22/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java
(original)
+++ qpid/branches/0.22/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java
Mon Apr  1 16:30:25 2013
@@ -25,11 +25,13 @@ import javax.security.sasl.SaslException
 import javax.security.sasl.SaslServer;
 
 import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
 import org.apache.qpid.test.utils.QpidTestCase;
 
 public class ExternalAuthenticationManagerTest extends QpidTestCase
 {
-    private AuthenticationManager _manager = new ExternalAuthenticationManager();
+    private AuthenticationManager _manager = new ExternalAuthenticationManager(false);
+    private AuthenticationManager _managerUsingFullDN = new ExternalAuthenticationManager(true);
 
     public void testGetMechanisms() throws Exception
     {
@@ -38,13 +40,23 @@ public class ExternalAuthenticationManag
 
     public void testCreateSaslServer() throws Exception
     {
-        SaslServer server = _manager.createSaslServer("EXTERNAL", "example.example.com",
null);
+        createSaslServerTestImpl(_manager);
+    }
+
+    public void testCreateSaslServerUsingFullDN() throws Exception
+    {
+        createSaslServerTestImpl(_managerUsingFullDN);
+    }
+
+    public void createSaslServerTestImpl(AuthenticationManager manager) throws Exception
+    {
+        SaslServer server = manager.createSaslServer("EXTERNAL", "example.example.com", null);
 
         assertEquals("Sasl Server mechanism name is not as expected", "EXTERNAL", server.getMechanismName());
 
         try
         {
-            server = _manager.createSaslServer("PLAIN", "example.example.com", null);
+            server = manager.createSaslServer("PLAIN", "example.example.com", null);
             fail("Expected creating SaslServer with incorrect mechanism to throw an exception");
         }
         catch (SaslException e)
@@ -53,12 +65,16 @@ public class ExternalAuthenticationManag
         }
     }
 
-    public void testAuthenticate() throws Exception
+    /**
+     * Test behaviour of the authentication when the useFullDN attribute is set true
+     * and the username is taken directly as the externally supplied Principal
+     */
+    public void testAuthenticateWithFullDN() throws Exception
     {
         X500Principal principal = new X500Principal("CN=person, DC=example, DC=com");
-        SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com",
principal);
+        SaslServer saslServer = _managerUsingFullDN.createSaslServer("EXTERNAL", "example.example.com",
principal);
 
-        AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
+        AuthenticationResult result = _managerUsingFullDN.authenticate(saslServer, new byte[0]);
         assertNotNull(result);
         assertEquals("Expected authentication to be successful",
                      AuthenticationResult.AuthenticationStatus.SUCCESS,
@@ -66,15 +82,102 @@ public class ExternalAuthenticationManag
 
         assertOnlyContainsWrapped(principal, result.getPrincipals());
 
+        saslServer = _managerUsingFullDN.createSaslServer("EXTERNAL", "example.example.com",
null);
+        result = _managerUsingFullDN.authenticate(saslServer, new byte[0]);
+
+        assertNotNull(result);
+        assertEquals("Expected authentication to be unsuccessful",
+                     AuthenticationResult.AuthenticationStatus.ERROR,
+                     result.getStatus());
+    }
+
+    /**
+     * Test behaviour of the authentication when parsing the username from
+     * the Principals DN as <CN>@<DC1>.<DC2>.<DC3>....<DCN>
+     */
+    public void testAuthenticateWithUsernameBasedOnCNAndDC() throws Exception
+    {
+        X500Principal principal;
+        SaslServer saslServer;
+        AuthenticationResult result;
+        UsernamePrincipal expectedPrincipal;
+
+        // DN contains only CN
+        principal = new X500Principal("CN=person");
+        expectedPrincipal = new UsernamePrincipal("person");
+        saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+
+        result = _manager.authenticate(saslServer, new byte[0]);
+        assertNotNull(result);
+        assertEquals("Expected authentication to be successful",
+                     AuthenticationResult.AuthenticationStatus.SUCCESS,
+                     result.getStatus());
+        assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
+
+        // Null princial
         saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", null);
         result = _manager.authenticate(saslServer, new byte[0]);
 
         assertNotNull(result);
-                assertEquals("Expected authentication to be unsuccessful",
-                             AuthenticationResult.AuthenticationStatus.ERROR,
-                             result.getStatus());
+        assertEquals("Expected authentication to be unsuccessful",
+                AuthenticationResult.AuthenticationStatus.ERROR,
+                result.getStatus());
+
+        // DN doesn't contain CN
+        principal = new X500Principal("DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire,
C=GB");
+        saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+        result = _manager.authenticate(saslServer, new byte[0]);
 
-    }
+        assertNotNull(result);
+        assertEquals("Expected authentication to be unsuccessful",
+                AuthenticationResult.AuthenticationStatus.ERROR,
+                result.getStatus());
+
+        // DN contains empty CN
+        principal = new X500Principal("CN=, DC=example, DC=com, O=My Company Ltd, L=Newbury,
ST=Berkshire, C=GB");
+        saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+        result = _manager.authenticate(saslServer, new byte[0]);
+
+        assertNotNull(result);
+        assertEquals("Expected authentication to be unsuccessful",
+                AuthenticationResult.AuthenticationStatus.ERROR,
+                result.getStatus());
+
+        // DN contains CN and DC
+        principal = new X500Principal("CN=person, DC=example, DC=com");
+        expectedPrincipal = new UsernamePrincipal("person@example.com");
+        saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+
+        result = _manager.authenticate(saslServer, new byte[0]);
+        assertNotNull(result);
+        assertEquals("Expected authentication to be successful",
+                AuthenticationResult.AuthenticationStatus.SUCCESS,
+                result.getStatus());
+        assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
+
+        // DN contains CN and DC and other components
+        principal = new X500Principal("CN=person, DC=example, DC=com, O=My Company Ltd, L=Newbury,
ST=Berkshire, C=GB");
+        expectedPrincipal = new UsernamePrincipal("person@example.com");
+        saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+
+        result = _manager.authenticate(saslServer, new byte[0]);
+        assertNotNull(result);
+        assertEquals("Expected authentication to be successful",
+                AuthenticationResult.AuthenticationStatus.SUCCESS,
+                result.getStatus());
+        assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
+
+        // DN contains CN and DC and other components
+        principal = new X500Principal("CN=person, O=My Company Ltd, L=Newbury, ST=Berkshire,
C=GB");
+        expectedPrincipal = new UsernamePrincipal("person");
+        saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
 
+        result = _manager.authenticate(saslServer, new byte[0]);
+        assertNotNull(result);
+        assertEquals("Expected authentication to be successful",
+                AuthenticationResult.AuthenticationStatus.SUCCESS,
+                result.getStatus());
+        assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
+    }
 
 }

Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/LoggingManagement.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/LoggingManagement.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedBroker.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedBroker.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedConnection.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedConnection.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedExchange.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedExchange.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedQueue.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/ManagedQueue.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/UserManagement.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/UserManagement.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanAttribute.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanAttribute.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanConstructor.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanConstructor.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanDescription.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanDescription.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanOperation.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanOperation.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanOperationParameter.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/management/common/src/main/java/org/apache/qpid/management/common/mbeans/annotations/MBeanOperationParameter.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/server/SupportedProtocolVersionsTest.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/SupportedProtocolVersionsTest.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/QpidBrokerTestCase.java:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/CPPExcludes
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/CPPExcludes:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/Excludes
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/Excludes:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/JavaBDBExcludes
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/JavaBDBExcludes:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/JavaExcludes
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/JavaExcludes:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/JavaPre010Excludes
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/JavaPre010Excludes:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/JavaTransientExcludes
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/JavaTransientExcludes:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/XAExcludes
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/XAExcludes:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/cpp.async.testprofile
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/cpp.async.testprofile:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/cpp.cluster.testprofile
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/cpp.cluster.testprofile:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/cpp.noprefetch.testprofile
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/cpp.noprefetch.testprofile:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/cpp.ssl.excludes
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/cpp.ssl.excludes:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/cpp.ssl.testprofile
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/cpp.ssl.testprofile:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/cpp.testprofile
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/cpp.testprofile:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/java-bdb-spawn.0-9-1.testprofile
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/java-bdb-spawn.0-9-1.testprofile:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/java-bdb.0-9-1.testprofile
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/java-bdb.0-9-1.testprofile:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/java-dby.0-9-1.testprofile
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/java-dby.0-9-1.testprofile:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/java-mms-spawn.0-10.testprofile
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/java-mms-spawn.0-10.testprofile:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/java-mms.0-9-1.testprofile
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/java-mms.0-9-1.testprofile:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/log4j-test.xml
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/log4j-test.xml:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/test-provider.properties
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/test-provider.properties:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/test_resources/
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/test_resources:r1463074

Propchange: qpid/branches/0.22/qpid/java/test-profiles/testprofile.defaults
------------------------------------------------------------------------------
  Merged /qpid/trunk/qpid/java/test-profiles/testprofile.defaults:r1463074



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message