qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kw...@apache.org
Subject svn commit: r1727958 - in /qpid/java/branches/6.0.x: ./ broker-core/src/main/java/org/apache/qpid/server/model/ broker-core/src/main/java/org/apache/qpid/server/security/ broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ broker-co...
Date Mon, 01 Feb 2016 15:40:35 GMT
Author: kwall
Date: Mon Feb  1 15:40:35 2016
New Revision: 1727958

URL: http://svn.apache.org/viewvc?rev=1727958&view=rev
Log:
QPID-6965: Make preemptive HTTP authentication pluggable

Merged from trunk with commands:

svn merge -c 1722416  ^/qpid/java/trunk
svn merge -c 1727951   ^/qpid/java/trunk


Added:
    qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/UsernamePasswordAuthenticationProvider.java
      - copied unchanged from r1722416, qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/UsernamePasswordAuthenticationProvider.java
    qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestPreemptiveAuthenticator.java
      - copied unchanged from r1722416, qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestPreemptiveAuthenticator.java
    qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/
      - copied from r1722416, qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/
Removed:
    qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/AuthorizationHolder.java
Modified:
    qpid/java/branches/6.0.x/   (props changed)
    qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java
    qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java
    qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
    qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java
    qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java
    qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java
    qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java
    qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java
    qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
    qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainAdapterSaslServer.java
    qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
    qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java
    qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java
    qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java
    qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
    qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SSLClientCertPreemptiveAuthenticator.java

Propchange: qpid/java/branches/6.0.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Feb  1 15:40:35 2016
@@ -9,5 +9,5 @@
 /qpid/branches/java-broker-vhost-refactor/java:1493674-1494547
 /qpid/branches/java-network-refactor/qpid/java:805429-821809
 /qpid/branches/qpid-2935/qpid/java:1061302-1072333
-/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727555,1727608
+/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722416,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727555,1727608,1727951
 /qpid/trunk/qpid:796646-796653

Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java
(original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java
Mon Feb  1 15:40:35 2016
@@ -96,14 +96,4 @@ public interface AuthenticationProvider<
      */
     AuthenticationResult authenticate(SaslServer server, byte[] response);
 
-    /**
-     * Authenticates a user using their username and password.
-     *
-     * @param username username
-     * @param password password
-     *
-     * @return authentication result
-     */
-    AuthenticationResult authenticate(String username, String password);
-
 }

Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java
(original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java
Mon Feb  1 15:40:35 2016
@@ -25,8 +25,11 @@ import java.util.Map;
 
 import javax.security.auth.login.AccountNotFoundException;
 
+import org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider;
+
 @ManagedAnnotation
-public interface PasswordCredentialManagingAuthenticationProvider<X extends PasswordCredentialManagingAuthenticationProvider<X>>
extends AuthenticationProvider<X>, ManagedInterface
+public interface PasswordCredentialManagingAuthenticationProvider<X extends PasswordCredentialManagingAuthenticationProvider<X>>
+        extends AuthenticationProvider<X>, UsernamePasswordAuthenticationProvider<X>,
ManagedInterface
 {
     boolean createUser(String username, String password, Map<String, String> attributes);
 

Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
(original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
Mon Feb  1 15:40:35 2016
@@ -64,7 +64,12 @@ public class SubjectCreator
         _secure = secure;
     }
 
-   /**
+    public AuthenticationProvider<?> getAuthenticationProvider()
+    {
+        return _authenticationProvider;
+    }
+
+    /**
     * Gets the known SASL mechanisms
     *
     * @return SASL mechanism names, space separated.
@@ -120,17 +125,7 @@ public class SubjectCreator
         }
     }
 
-    /**
-     * Authenticates a user using their username and password.
-     */
-    public SubjectAuthenticationResult authenticate(String username, String password)
-    {
-        final AuthenticationResult authenticationResult = _authenticationProvider.authenticate(username,
password);
-
-        return createResultWithGroups(username, authenticationResult);
-    }
-
-    private SubjectAuthenticationResult createResultWithGroups(String username, final AuthenticationResult
authenticationResult)
+    public SubjectAuthenticationResult createResultWithGroups(String username, final AuthenticationResult
authenticationResult)
     {
         if(authenticationResult.getStatus() == AuthenticationStatus.SUCCESS)
         {
@@ -149,6 +144,8 @@ public class SubjectCreator
         }
     }
 
+
+
     public Subject createSubjectWithGroups(Principal principal)
     {
         Subject authenticationSubject = new Subject();

Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java
(original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java
Mon Feb  1 15:40:35 2016
@@ -52,7 +52,7 @@ public class AnonymousAuthenticationMana
         ANONYMOUS_SUBJECT.getPrincipals().add(ANONYMOUS_PRINCIPAL);
     }
 
-    private static final AuthenticationResult ANONYMOUS_AUTHENTICATION = new AuthenticationResult(ANONYMOUS_PRINCIPAL);
+    public static final AuthenticationResult ANONYMOUS_AUTHENTICATION = new AuthenticationResult(ANONYMOUS_PRINCIPAL);
 
     @ManagedObjectFactoryConstructor
     protected AnonymousAuthenticationManager(final Map<String, Object> attributes,
final Broker broker)
@@ -102,11 +102,4 @@ public class AnonymousAuthenticationMana
         }
     }
 
-    @Override
-    public AuthenticationResult authenticate(String username, String password)
-    {
-        return ANONYMOUS_AUTHENTICATION;
-    }
-
-
 }

Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java
(original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerImpl.java
Mon Feb  1 15:40:35 2016
@@ -98,10 +98,4 @@ public class ExternalAuthenticationManag
 
     }
 
-    @Override
-    public AuthenticationResult authenticate(String username, String password)
-    {
-        return new AuthenticationResult(new UsernamePrincipal(username));
-    }
-
 }

Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java
(original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java
Mon Feb  1 15:40:35 2016
@@ -96,12 +96,6 @@ public class KerberosAuthenticationManag
         }
     }
 
-    @Override
-    public AuthenticationResult authenticate(String username, String password)
-    {
-        return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
-    }
-
     private static class GssApiCallbackHandler implements CallbackHandler
     {
 

Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java
(original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainAuthenticationProvider.java
Mon Feb  1 15:40:35 2016
@@ -79,11 +79,8 @@ public class PlainAuthenticationProvider
                     }
                 };
 
-
-
         _scramSha1Adapter = new ScramSaslServerSourceAdapter(4096, "HmacSHA1", "SHA-1", passwordSource);
         _scramSha256Adapter = new ScramSaslServerSourceAdapter(4096, "HmacSHA256", "SHA-256",
passwordSource);
-
     }
 
     @Override

Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java
(original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java
Mon Feb  1 15:40:35 2016
@@ -51,7 +51,9 @@ import org.apache.qpid.server.security.a
 import org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSourceAdapter;
 
 @ManagedObject( category = false, type = "Simple", register = false )
-public class SimpleAuthenticationManager extends AbstractAuthenticationManager<SimpleAuthenticationManager>
implements PreferencesSupportingAuthenticationProvider
+public class SimpleAuthenticationManager extends AbstractAuthenticationManager<SimpleAuthenticationManager>
+        implements UsernamePasswordAuthenticationProvider<SimpleAuthenticationManager>,
+                   PreferencesSupportingAuthenticationProvider
 {
     private static final Logger _logger = LoggerFactory.getLogger(SimpleAuthenticationManager.class);
 
@@ -67,6 +69,7 @@ public class SimpleAuthenticationManager
     public SimpleAuthenticationManager(final Map<String, Object> attributes, final
Broker broker)
     {
         super(attributes, broker);
+
         ScramSaslServerSourceAdapter.PasswordSource passwordSource =
                 new ScramSaslServerSourceAdapter.PasswordSource()
                 {
@@ -80,7 +83,6 @@ public class SimpleAuthenticationManager
 
         _scramSha1Adapter = new ScramSaslServerSourceAdapter(4096, "HmacSHA1", "SHA-1", passwordSource);
         _scramSha256Adapter = new ScramSaslServerSourceAdapter(4096, "HmacSHA256", "SHA-256",
passwordSource);
-
     }
 
 

Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
(original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
Mon Feb  1 15:40:35 2016
@@ -28,7 +28,10 @@ import org.apache.qpid.server.model.Pref
 import org.apache.qpid.server.model.TrustStore;
 
 @ManagedObject( category = false, type = "SimpleLDAP" )
-public interface SimpleLDAPAuthenticationManager<X extends SimpleLDAPAuthenticationManager<X>>
extends AuthenticationProvider<X>, PreferencesSupportingAuthenticationProvider
+public interface SimpleLDAPAuthenticationManager<X extends SimpleLDAPAuthenticationManager<X>>
+        extends AuthenticationProvider<X>,
+                UsernamePasswordAuthenticationProvider<X>,
+                PreferencesSupportingAuthenticationProvider
 {
     String PROVIDER_TYPE = "SimpleLDAP";
     String PROVIDER_URL = "providerUrl";

Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainAdapterSaslServer.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainAdapterSaslServer.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainAdapterSaslServer.java
(original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainAdapterSaslServer.java
Mon Feb  1 15:40:35 2016
@@ -28,6 +28,7 @@ import javax.security.sasl.SaslServer;
 
 import org.apache.qpid.server.model.AuthenticationProvider;
 import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider;
 
 public class PlainAdapterSaslServer implements SaslServer
 {
@@ -50,7 +51,7 @@ public class PlainAdapterSaslServer impl
         _passwordValidator = passwordValidator;
     }
 
-    public PlainAdapterSaslServer(final AuthenticationProvider authProvider)
+    public PlainAdapterSaslServer(final UsernamePasswordAuthenticationProvider<?> authProvider)
     {
         this(new PasswordValidator()
             {

Modified: qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
(original)
+++ qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
Mon Feb  1 15:40:35 2016
@@ -66,24 +66,6 @@ public class SubjectCreatorTest extends
         _subjectCreator = new SubjectCreator(_authenticationProvider, new HashSet<GroupProvider<?>>(Arrays.asList(_groupManager1,
_groupManager2)),
                                              false);
         _authenticationResult = new AuthenticationResult(_userPrincipal);
-        when(_authenticationProvider.authenticate(USERNAME, PASSWORD)).thenReturn(_authenticationResult);
-    }
-
-    public void testAuthenticateUsernameAndPasswordReturnsSubjectWithUserAndGroupPrincipals()
-    {
-        final SubjectAuthenticationResult actualResult = _subjectCreator.authenticate(USERNAME,
PASSWORD);
-
-        assertEquals(AuthenticationStatus.SUCCESS, actualResult.getStatus());
-
-        final Subject actualSubject = actualResult.getSubject();
-
-        assertEquals("Should contain one user principal and two groups ", 3, actualSubject.getPrincipals().size());
-
-        assertTrue(actualSubject.getPrincipals().contains(new AuthenticatedPrincipal(_userPrincipal)));
-        assertTrue(actualSubject.getPrincipals().contains(_group1));
-        assertTrue(actualSubject.getPrincipals().contains(_group2));
-
-        assertTrue(actualSubject.isReadOnly());
     }
 
     public void testSaslAuthenticationSuccessReturnsSubjectWithUserAndGroupPrincipals() throws
Exception
@@ -104,24 +86,6 @@ public class SubjectCreatorTest extends
         assertTrue(actualSubject.isReadOnly());
     }
 
-    public void testAuthenticateUnsuccessfulWithUsernameReturnsNullSubjectAndCorrectStatus()
-    {
-        testUnsuccessfulAuthentication(AuthenticationResult.AuthenticationStatus.CONTINUE);
-        testUnsuccessfulAuthentication(AuthenticationResult.AuthenticationStatus.ERROR);
-    }
-
-    private void testUnsuccessfulAuthentication(AuthenticationStatus expectedStatus)
-    {
-        AuthenticationResult failedAuthenticationResult = new AuthenticationResult(expectedStatus);
-
-        when(_authenticationProvider.authenticate(USERNAME, PASSWORD)).thenReturn(failedAuthenticationResult);
-
-        SubjectAuthenticationResult subjectAuthenticationResult = _subjectCreator.authenticate(USERNAME,
PASSWORD);
-
-        assertSame(expectedStatus, subjectAuthenticationResult.getStatus());
-        assertNull(subjectAuthenticationResult.getSubject());
-    }
-
     public void testAuthenticateUnsuccessfulWithSaslServerReturnsNullSubjectAndCorrectStatus()
     {
         testUnsuccessfulAuthenticationWithSaslServer(AuthenticationResult.AuthenticationStatus.CONTINUE);

Modified: qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java
(original)
+++ qpid/java/branches/6.0.x/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java
Mon Feb  1 15:40:35 2016
@@ -42,7 +42,7 @@ public class SimpleAuthenticationManager
 {
     private static final String TEST_USER = "testUser";
     private static final String TEST_PASSWORD = "testPassword";
-    private AuthenticationProvider _authenticationManager;
+    private SimpleAuthenticationManager _authenticationManager;
 
     public void setUp() throws Exception
     {

Modified: qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java
(original)
+++ qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java
Mon Feb  1 15:40:35 2016
@@ -53,7 +53,6 @@ import org.apache.qpid.server.model.Brok
 import org.apache.qpid.server.model.Transport;
 import org.apache.qpid.server.model.port.AmqpPort;
 import org.apache.qpid.server.protocol.AMQSessionModel;
-import org.apache.qpid.server.security.AuthorizationHolder;
 import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
 import org.apache.qpid.server.util.Action;
 import org.apache.qpid.server.util.ServerScopedRuntimeException;
@@ -69,7 +68,7 @@ import org.apache.qpid.transport.Option;
 import org.apache.qpid.transport.ProtocolEvent;
 import org.apache.qpid.transport.Session;
 
-public class ServerConnection extends Connection implements AuthorizationHolder
+public class ServerConnection extends Connection
 {
     private static final Logger LOGGER = LoggerFactory.getLogger(ServerConnection.class);
     public static final long CLOSE_OK_TIMEOUT = 10000l;

Modified: qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java
(original)
+++ qpid/java/branches/6.0.x/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java
Mon Feb  1 15:40:35 2016
@@ -116,8 +116,7 @@ import org.apache.qpid.transport.Xid;
 import org.apache.qpid.transport.network.Ticker;
 
 public class ServerSession extends Session
-        implements AuthorizationHolder,
-                   AMQSessionModel<ServerSession>, LogSubject, AsyncAutoCommitTransaction.FutureRecorder,
+        implements AMQSessionModel<ServerSession>, LogSubject, AsyncAutoCommitTransaction.FutureRecorder,
                    Deletable<ServerSession>
 
 {

Modified: qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java?rev=1727958&r1=1727957&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
(original)
+++ qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
Mon Feb  1 15:40:35 2016
@@ -26,7 +26,10 @@ import java.nio.charset.StandardCharsets
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Collections;
+import java.util.List;
 import java.util.zip.GZIPOutputStream;
 
 import javax.security.auth.Subject;
@@ -41,14 +44,17 @@ import org.apache.qpid.server.management
 import org.apache.qpid.server.management.plugin.session.LoginLogoutReporter;
 import org.apache.qpid.server.model.AuthenticationProvider;
 import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.plugin.QpidServiceLoader;
 import org.apache.qpid.server.security.SecurityManager;
 import org.apache.qpid.server.security.SubjectCreator;
 import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
+import org.apache.qpid.server.security.auth.AuthenticationResult;
 import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
 import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
 import org.apache.qpid.server.security.auth.UsernamePrincipal;
 import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager;
 import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager;
+import org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider;
 import org.apache.qpid.transport.network.security.ssl.SSLUtil;
 
 public class HttpManagementUtil
@@ -77,6 +83,17 @@ public class HttpManagementUtil
     private static final String CONTENT_ENCODING_HEADER = "Content-Encoding";
     private static final String GZIP_CONTENT_ENCODING = "gzip";
 
+    private static final Collection<HttpRequestPreemptiveAuthenticator> AUTHENTICATORS;
+    static
+    {
+        List<HttpRequestPreemptiveAuthenticator> authenticators = new ArrayList<>();
+        for(HttpRequestPreemptiveAuthenticator authenticator : (new QpidServiceLoader()).instancesOf(HttpRequestPreemptiveAuthenticator.class))
+        {
+            authenticators.add(authenticator);
+        }
+        AUTHENTICATORS = Collections.unmodifiableList(authenticators);
+    }
+
     public static Broker<?> getBroker(ServletContext servletContext)
     {
         return (Broker<?>) servletContext.getAttribute(ATTR_BROKER);
@@ -146,80 +163,17 @@ public class HttpManagementUtil
     public static Subject tryToAuthenticate(HttpServletRequest request, HttpManagementConfiguration
managementConfig)
     {
         Subject subject = null;
-        final AuthenticationProvider authenticationProvider = managementConfig.getAuthenticationProvider(request);
-        SubjectCreator subjectCreator = authenticationProvider.getSubjectCreator(request.isSecure());
-        String remoteUser = request.getRemoteUser();
-
-        if (remoteUser != null || authenticationProvider instanceof AnonymousAuthenticationManager)
+        for(HttpRequestPreemptiveAuthenticator authenticator : AUTHENTICATORS)
         {
-            subject = authenticateUser(subjectCreator, remoteUser, null);
-        }
-        else if(authenticationProvider instanceof ExternalAuthenticationManager
-                && Collections.list(request.getAttributeNames()).contains("javax.servlet.request.X509Certificate"))
-        {
-            Principal principal = null;
-            X509Certificate[] certificates =
-                    (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
-            if(certificates != null && certificates.length != 0)
+            subject = authenticator.attemptAuthentication(request, managementConfig);
+            if(subject != null)
             {
-                principal = certificates[0].getSubjectX500Principal();
-
-                if(!Boolean.valueOf(String.valueOf(authenticationProvider.getAttribute(ExternalAuthenticationManager.ATTRIBUTE_USE_FULL_DN))))
-                {
-                    String username;
-                    String dn = ((X500Principal) principal).getName(X500Principal.RFC2253);
-
-
-                    username = SSLUtil.getIdFromSubjectDN(dn);
-                    principal = new  UsernamePrincipal(username);
-                }
-
-                subject = subjectCreator.createSubjectWithGroups(new AuthenticatedPrincipal(principal));
-            }
-        }
-        else
-        {
-            String header = request.getHeader("Authorization");
-            if (header != null)
-            {
-                String[] tokens = header.split("\\s");
-                if (tokens.length >= 2 && "BASIC".equalsIgnoreCase(tokens[0]))
-                {
-                    boolean isBasicAuthSupported = false;
-                    if (request.isSecure())
-                    {
-                        isBasicAuthSupported = managementConfig.isHttpsBasicAuthenticationEnabled();
-                    }
-                    else
-                    {
-                        isBasicAuthSupported = managementConfig.isHttpBasicAuthenticationEnabled();
-                    }
-                    if (isBasicAuthSupported)
-                    {
-                        String base64UsernameAndPassword = tokens[1];
-                        String[] credentials = (new String(DatatypeConverter.parseBase64Binary(base64UsernameAndPassword),
-                                                           StandardCharsets.UTF_8)).split(":",
2);
-                        if (credentials.length == 2)
-                        {
-                            subject = authenticateUser(subjectCreator, credentials[0], credentials[1]);
-                        }
-                    }
-                }
+                break;
             }
         }
         return subject;
     }
 
-    private static Subject authenticateUser(SubjectCreator subjectCreator, String username,
String password)
-    {
-        SubjectAuthenticationResult authResult = subjectCreator.authenticate(username, password);
-        if (authResult.getStatus() == AuthenticationStatus.SUCCESS)
-        {
-            return authResult.getSubject();
-        }
-        return null;
-    }
-
     public static OutputStream getOutputStream(final HttpServletRequest request, final HttpServletResponse
response)
             throws IOException
     {

Modified: qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SSLClientCertPreemptiveAuthenticator.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SSLClientCertPreemptiveAuthenticator.java?rev=1727958&r1=1722416&r2=1727958&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SSLClientCertPreemptiveAuthenticator.java
(original)
+++ qpid/java/branches/6.0.x/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/SSLClientCertPreemptiveAuthenticator.java
Mon Feb  1 15:40:35 2016
@@ -56,12 +56,10 @@ public class SSLClientCertPreemptiveAuth
            && Collections.list(request.getAttributeNames()).contains(CERTIFICATE_ATTRIBUTE_NAME))
         {
             ExternalAuthenticationManager<?> externalAuthManager = (ExternalAuthenticationManager<?>)authenticationProvider;
-            Principal principal = null;
-            X509Certificate[] certificates =
-                    (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
+            X509Certificate[] certificates = (X509Certificate[]) request.getAttribute(CERTIFICATE_ATTRIBUTE_NAME);
             if(certificates != null && certificates.length != 0)
             {
-                principal = certificates[0].getSubjectX500Principal();
+                Principal principal = certificates[0].getSubjectX500Principal();
 
                 if(!externalAuthManager.getUseFullDN())
                 {



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message