qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lqu...@apache.org
Subject svn commit: r1735461 - in /qpid/java/trunk: broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/ broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/
Date Thu, 17 Mar 2016 17:12:47 GMT
Author: lquack
Date: Thu Mar 17 17:12:47 2016
New Revision: 1735461

URL: http://svn.apache.org/viewvc?rev=1735461&view=rev
Log:
QPID-7151: [Java Broker] Improve error handling in OAuth2 AuthenticationProvider

Modified:
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
    qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java?rev=1735461&r1=1735460&r2=1735461&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
(original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
Thu Mar 17 17:12:47 2016
@@ -302,13 +302,13 @@ public class OAuth2AuthenticationProvide
                 LOGGER.debug("Call to token endpoint '{}' complete, response code : {}",
tokenEndpoint, responseCode);
 
                 Map<String, Object> responseMap = _objectMapper.readValue(input, Map.class);
-                if (responseCode != 200)
+                if (responseCode != 200 || responseMap.containsKey("error"))
                 {
                     IllegalStateException e = new IllegalStateException(String.format("Token
endpoint failed, response code %d, error '%s', description '%s'",
                                                                                       responseCode,
                                                                                       responseMap.get("error"),
                                                                                       responseMap.get("error_description")));
-                    LOGGER.error("Call to token endpoint failed", e);
+                    LOGGER.error(e.getMessage());
                     return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR,
e);
                 }
 

Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java?rev=1735461&r1=1735460&r2=1735461&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
(original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
Thu Mar 17 17:12:47 2016
@@ -173,10 +173,18 @@ public class OAuth2InteractiveAuthentica
                             LOGGER.debug("Successful login. Redirect to original resource
{}", originalRequestUri);
                             response.sendRedirect(originalRequestUri);
                         }
-                        catch (AccessControlException e)
+                        catch (SecurityException e)
                         {
-                            LOGGER.info("User '{}' is not authorised for management", authenticationResult.getMainPrincipal());
-                            response.sendError(403, "User is not authorised for management");
+                            if (e instanceof AccessControlException)
+                            {
+                                LOGGER.info("User '{}' is not authorised for management",
authenticationResult.getMainPrincipal());
+                                response.sendError(403, "User is not authorised for management");
+                            }
+                            else
+                            {
+                                LOGGER.info("Authentication failed", authenticationResult.getCause());
+                                response.sendError(401);
+                            }
                         }
                     }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message