diff options
Diffstat (limited to 'qpid/java/broker-plugins/management-http')
2 files changed, 30 insertions, 25 deletions
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java index 1937ee8744..ef0a68a42b 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java @@ -45,6 +45,7 @@ import org.apache.qpid.server.security.auth.AuthenticatedPrincipal; import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; import org.apache.qpid.server.security.auth.SubjectAuthenticationResult; import org.apache.qpid.server.security.auth.UsernamePrincipal; +import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager; import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager; import org.apache.qpid.transport.network.security.ssl.SSLUtil; @@ -146,14 +147,14 @@ public class HttpManagementUtil Subject subject = null; SocketAddress localAddress = getSocketAddress(request); final AuthenticationProvider authenticationProvider = managementConfig.getAuthenticationProvider(localAddress); - SubjectCreator subjectCreator = authenticationProvider.getSubjectCreator(); + SubjectCreator subjectCreator = authenticationProvider.getSubjectCreator(request.isSecure()); String remoteUser = request.getRemoteUser(); - if (remoteUser != null || subjectCreator.isAnonymousAuthenticationAllowed()) + if (remoteUser != null || authenticationProvider instanceof AnonymousAuthenticationManager) { subject = authenticateUser(subjectCreator, remoteUser, null); } - else if(subjectCreator.isExternalAuthenticationAllowed() + else if(authenticationProvider instanceof ExternalAuthenticationManager && Collections.list(request.getAttributeNames()).contains("javax.servlet.request.X509Certificate")) { Principal principal = null; diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java index af3973c7b3..81d67caf96 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java @@ -20,34 +20,36 @@ */ package org.apache.qpid.server.management.plugin.servlet.rest; +import java.io.IOException; +import java.io.PrintWriter; +import java.net.SocketAddress; +import java.security.Principal; +import java.security.SecureRandom; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.Random; + +import javax.security.auth.Subject; +import javax.security.sasl.SaslException; +import javax.security.sasl.SaslServer; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + import org.apache.commons.codec.binary.Base64; -import org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal; -import org.apache.qpid.server.util.ConnectionScopedRuntimeException; +import org.apache.log4j.Logger; import org.codehaus.jackson.map.ObjectMapper; import org.codehaus.jackson.map.SerializationConfig; -import org.apache.log4j.Logger; import org.apache.qpid.server.management.plugin.HttpManagementConfiguration; import org.apache.qpid.server.management.plugin.HttpManagementUtil; +import org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.security.SubjectCreator; import org.apache.qpid.server.security.auth.AuthenticatedPrincipal; - -import javax.security.auth.Subject; -import javax.security.sasl.SaslException; -import javax.security.sasl.SaslServer; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.IOException; -import java.io.PrintWriter; -import java.net.SocketAddress; -import java.security.Principal; -import java.security.SecureRandom; -import java.util.LinkedHashMap; -import java.util.Map; -import java.util.Random; +import org.apache.qpid.server.util.ConnectionScopedRuntimeException; public class SaslServlet extends AbstractServlet { @@ -81,7 +83,8 @@ public class SaslServlet extends AbstractServlet getRandom(session); SubjectCreator subjectCreator = getSubjectCreator(request); - String[] mechanisms = subjectCreator.getMechanisms().split(" "); + List<String> mechanismsList = subjectCreator.getMechanisms(); + String[] mechanisms = mechanismsList.toArray(new String[mechanismsList.size()]); Map<String, Object> outputObject = new LinkedHashMap<String, Object>(); final Subject subject = getAuthorisedSubject(request); @@ -237,7 +240,7 @@ public class SaslServlet extends AbstractServlet if(saslServer.isComplete()) { - Subject originalSubject = subjectCreator.createSubjectWithGroups(saslServer.getAuthorizationID()); + Subject originalSubject = subjectCreator.createSubjectWithGroups(new AuthenticatedPrincipal(saslServer.getAuthorizationID())); Subject subject = new Subject(false, originalSubject.getPrincipals(), originalSubject.getPublicCredentials(), @@ -298,7 +301,8 @@ public class SaslServlet extends AbstractServlet private SubjectCreator getSubjectCreator(HttpServletRequest request) { SocketAddress localAddress = HttpManagementUtil.getSocketAddress(request); - return HttpManagementUtil.getManagementConfiguration(getServletContext()).getAuthenticationProvider(localAddress).getSubjectCreator(); + return HttpManagementUtil.getManagementConfiguration(getServletContext()).getAuthenticationProvider(localAddress).getSubjectCreator( + request.isSecure()); } @Override |