qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rgodf...@apache.org
Subject svn commit: r1727532 - in /qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin: ./ auth/ filter/
Date Fri, 29 Jan 2016 11:12:59 GMT
Author: rgodfrey
Date: Fri Jan 29 11:12:59 2016
New Revision: 1727532

URL: http://svn.apache.org/viewvc?rev=1727532&view=rev
Log:
QPID-7027 : make interactive HTTP authentication pliggable

Added:
    qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestInteractiveAuthenticator.java
      - copied, changed from r1727364, qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestPreemptiveAuthenticator.java
    qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
  (with props)
Modified:
    qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingAuthorisationFilter.java

Copied: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestInteractiveAuthenticator.java
(from r1727364, qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestPreemptiveAuthenticator.java)
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestInteractiveAuthenticator.java?p2=qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestInteractiveAuthenticator.java&p1=qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestPreemptiveAuthenticator.java&r1=1727364&r2=1727532&rev=1727532&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestPreemptiveAuthenticator.java
(original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestInteractiveAuthenticator.java
Fri Jan 29 11:12:59 2016
@@ -20,13 +20,21 @@
  */
 package org.apache.qpid.server.management.plugin;
 
-import javax.security.auth.Subject;
+import java.io.IOException;
+
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
-import org.apache.qpid.server.model.port.HttpPort;
 import org.apache.qpid.server.plugin.Pluggable;
 
-public interface HttpRequestPreemptiveAuthenticator extends Pluggable
+public interface HttpRequestInteractiveAuthenticator extends Pluggable
 {
-    Subject attemptAuthentication(HttpServletRequest request, HttpManagementConfiguration
configuration);
+    interface AuthenticationHandler
+    {
+        void handleAuthentication(HttpServletResponse response) throws IOException;
+    }
+
+    AuthenticationHandler getAuthenticationHandler(HttpServletRequest request,
+                                                   HttpManagementConfiguration configuration);
+
 }

Added: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java?rev=1727532&view=auto
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
(added)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
Fri Jan 29 11:12:59 2016
@@ -0,0 +1,66 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.management.plugin.auth;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
+import org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator;
+import org.apache.qpid.server.plugin.PluggableService;
+import org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider;
+
+@PluggableService
+public class UsernamePasswordInteractiveLogin implements HttpRequestInteractiveAuthenticator
+{
+    private static String DEFAULT_LOGIN_URL = "login.html";
+
+    private static final AuthenticationHandler REDIRECT_HANDLER = new AuthenticationHandler()
+    {
+        @Override
+        public void handleAuthentication(final HttpServletResponse response) throws IOException
+        {
+            response.sendRedirect(DEFAULT_LOGIN_URL);
+        }
+    };
+
+    @Override
+    public AuthenticationHandler getAuthenticationHandler(final HttpServletRequest request,
+                                                          final HttpManagementConfiguration
configuration)
+    {
+        if(configuration.getAuthenticationProvider(request) instanceof UsernamePasswordAuthenticationProvider)
+        {
+            return REDIRECT_HANDLER;
+        }
+        else
+        {
+            return null;
+        }
+    }
+
+    @Override
+    public String getType()
+    {
+        return "UsernamePassword";
+    }
+}

Propchange: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingAuthorisationFilter.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingAuthorisationFilter.java?rev=1727532&r1=1727531&r2=1727532&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingAuthorisationFilter.java
(original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingAuthorisationFilter.java
Fri Jan 29 11:12:59 2016
@@ -21,6 +21,10 @@
 package org.apache.qpid.server.management.plugin.filter;
 
 import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -34,14 +38,25 @@ import javax.servlet.http.HttpServletRes
 
 import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
 import org.apache.qpid.server.management.plugin.HttpManagementUtil;
+import org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator;
 import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.plugin.QpidServiceLoader;
 
 public class RedirectingAuthorisationFilter implements Filter
 {
-    public static String DEFAULT_LOGIN_URL = "login.html";
-    public static String INIT_PARAM_LOGIN_URL = "login-url";
 
-    private String _loginUrl = DEFAULT_LOGIN_URL;
+    private static final Collection<HttpRequestInteractiveAuthenticator> AUTHENTICATORS;
+    static
+    {
+        List<HttpRequestInteractiveAuthenticator> authenticators = new ArrayList<>();
+        for(HttpRequestInteractiveAuthenticator authenticator : (new QpidServiceLoader()).instancesOf(HttpRequestInteractiveAuthenticator.class))
+        {
+            authenticators.add(authenticator);
+        }
+        AUTHENTICATORS = Collections.unmodifiableList(authenticators);
+    }
+
+
     private Broker _broker;
     private HttpManagementConfiguration _managementConfiguration;
 
@@ -53,11 +68,6 @@ public class RedirectingAuthorisationFil
     @Override
     public void init(FilterConfig config) throws ServletException
     {
-        String loginUrl = config.getInitParameter(INIT_PARAM_LOGIN_URL);
-        if (loginUrl != null)
-        {
-            _loginUrl = loginUrl;
-        }
         ServletContext servletContext = config.getServletContext();
         _broker = HttpManagementUtil.getBroker(servletContext);
         _managementConfiguration = HttpManagementUtil.getManagementConfiguration(servletContext);
@@ -76,7 +86,24 @@ public class RedirectingAuthorisationFil
         }
         catch(SecurityException e)
         {
-            httpResponse.sendRedirect(_loginUrl);
+            HttpRequestInteractiveAuthenticator.AuthenticationHandler handler = null;
+            for(HttpRequestInteractiveAuthenticator authenticator : AUTHENTICATORS)
+            {
+                handler = authenticator.getAuthenticationHandler(httpRequest, _managementConfiguration);
+                if(handler != null)
+                {
+                    break;
+                };
+            }
+
+            if(handler != null)
+            {
+                handler.handleAuthentication(httpResponse);
+            }
+            else
+            {
+                httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
+            }
         }
     }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message