diff options
| author | Alex Rudyy <orudyy@apache.org> | 2013-05-17 15:31:44 +0000 |
|---|---|---|
| committer | Alex Rudyy <orudyy@apache.org> | 2013-05-17 15:31:44 +0000 |
| commit | 15b97238f3a5a0e5a76838e3326fff6da86b56d2 (patch) | |
| tree | 3310b5de7fdb76ae6278b456fe417147499d880b /java/broker-plugins | |
| parent | fe03336e3d9166435f8750aac4b0b45bc57ad5ba (diff) | |
| download | qpid-python-15b97238f3a5a0e5a76838e3326fff6da86b56d2.tar.gz | |
QPID-4858: Prevent silent use of insecure HTTP connector when HTTP protocol with SSL transport was requested.
Remove separate HTTPS protocol and use HTTP protocol with SSL transport for consistency with all other protocol types.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1483866 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'java/broker-plugins')
3 files changed, 8 insertions, 33 deletions
diff --git a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java index 8e99b8d65a..d87a1755da 100644 --- a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java +++ b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java @@ -64,6 +64,7 @@ import org.apache.qpid.server.model.Protocol; import org.apache.qpid.server.model.Queue; import org.apache.qpid.server.model.Session; import org.apache.qpid.server.model.State; +import org.apache.qpid.server.model.Transport; import org.apache.qpid.server.model.TrustStore; import org.apache.qpid.server.model.User; import org.apache.qpid.server.model.VirtualHost; @@ -206,11 +207,6 @@ public class HttpManagement extends AbstractPluginAdapter implements HttpManagem return (Integer)getAttribute(TIME_OUT); } - private boolean isManagementHttp(Port port) - { - return port.getProtocols().contains(Protocol.HTTP) || port.getProtocols().contains(Protocol.HTTPS); - } - @SuppressWarnings("unchecked") private Server createServer(Collection<Port> ports) { @@ -227,15 +223,15 @@ public class HttpManagement extends AbstractPluginAdapter implements HttpManagem { continue; } - final Collection<Protocol> protocols = port.getProtocols(); + Connector connector = null; - //TODO: what to do if protocol HTTP and transport SSL? - if (protocols.contains(Protocol.HTTP)) + Collection<Transport> transports = port.getTransports(); + if (!transports.contains(Transport.SSL)) { connector = new SelectChannelConnector(); } - else if (protocols.contains(Protocol.HTTPS)) + else if (transports.contains(Transport.SSL)) { KeyStore keyStore = port.getKeyStore(); if (keyStore == null) @@ -253,7 +249,7 @@ public class HttpManagement extends AbstractPluginAdapter implements HttpManagem } else { - throw new IllegalArgumentException("Unexpected protocol " + protocols); + throw new IllegalArgumentException("Unexpected transport on port " + port.getName() + ":" + transports); } lastPort = port.getPort(); connector.setPort(port.getPort()); @@ -365,7 +361,7 @@ public class HttpManagement extends AbstractPluginAdapter implements HttpManagem Collection<Port> httpPorts = new HashSet<Port>(); for (Port port : ports) { - if (isManagementHttp(port)) + if (port.getProtocols().contains(Protocol.HTTP)) { httpPorts.add(port); } diff --git a/java/broker-plugins/management-http/src/main/java/resources/addPort.html b/java/broker-plugins/management-http/src/main/java/resources/addPort.html index 8fcc4e890b..59abbadf32 100644 --- a/java/broker-plugins/management-http/src/main/java/resources/addPort.html +++ b/java/broker-plugins/management-http/src/main/java/resources/addPort.html @@ -66,9 +66,8 @@ </div> <div id="formAddPort:fieldsHTTP"> <select id="formAddPort.protocolsHTTP" name="protocols" data-dojo-type="dijit.form.FilteringSelect" - data-dojo-props="name: 'protocols', value: '', label: 'HTTP protocol*:'" missingMessage="HTTP protocol must be supplied"> + data-dojo-props="name: 'protocols', value: 'HTTP', label: 'HTTP protocol*:'" missingMessage="HTTP protocol must be supplied"> <option value="HTTP">HTTP</option> - <option value="HTTPS">HTTPS</option> </select> </div> <div id="formAddPort:transport" > diff --git a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js index 705cffe7ff..0343d3393a 100644 --- a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js +++ b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js @@ -239,17 +239,6 @@ define(["dojo/_base/xhr", } disableTransportWidget = true; } - else if (newValue == "HTTP" && registry.byId("formAddPort.protocolsHTTP").value == "HTTPS") - { - if (transportWidget.value != "SSL") - { - transportWidget.set("value", "SSL"); - - // changing of transport widget value will cause the call to toggleSslWidgets - toggleSsl = false; - } - disableTransportWidget = true; - } if (toggleSsl) { toggleSslWidgets(newValue, transportWidget.value); @@ -290,15 +279,6 @@ define(["dojo/_base/xhr", registry.byId("formAddPort.authenticationProvider").set("disabled", isRMI); }); - registry.byId("formAddPort.protocolsHTTP").on("change", function(newValue){ - var isHTTPS = newValue == "HTTPS"; - var transportWidget = registry.byId("formAddPort.transports"); - if (isHTTPS && transportWidget.value != "SSL") { - transportWidget.set("value", "SSL"); - } - transportWidget.set("disabled", isHTTPS); - }); - theForm.on("submit", function(e) { event.stop(e); |