Author: rgodfrey
Date: Thu May 17 20:15:22 2012
New Revision: 1339840
URL: http://svn.apache.org/viewvc?rev=1339840&view=rev
Log:
QPID-4007 : [Java Broker] Add Kerberos authentication support
Added:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java
- copied, changed from r1339578,
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java
Removed:
qpid/trunk/qpid/java/client/src/test/java/org/apache/mina/
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/testcases/
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java?rev=1339840&r1=1339839&r2=1339840&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
Thu May 17 20:15:22 2012
@@ -23,6 +23,7 @@ import org.apache.felix.framework.Felix;
import org.apache.felix.framework.util.StringMap;
import org.apache.log4j.Logger;
import
org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager;
+import
org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManager;
import org.osgi.framework.BundleActivator;
import org.osgi.framework.BundleContext;
import org.osgi.framework.BundleException;
@@ -158,7 +159,8 @@ public class PluginManager implements Cl
new SlowConsumerDetectionPolicyConfigurationFactory(),
new SlowConsumerDetectionQueueConfigurationFactory(),
PrincipalDatabaseAuthenticationManager.PrincipalDatabaseAuthenticationManagerConfiguration.FACTORY,
-
AnonymousAuthenticationManager.AnonymousAuthenticationManagerConfiguration.FACTORY))
+
AnonymousAuthenticationManager.AnonymousAuthenticationManagerConfiguration.FACTORY,
+
KerberosAuthenticationManager.KerberosAuthenticationManagerConfiguration.FACTORY))
{
_configPlugins.put(configFactory.getParentPaths(), configFactory);
}
@@ -174,7 +176,8 @@ public class PluginManager implements Cl
}
for (AuthenticationManagerPluginFactory<? extends Plugin>
pluginFactory : Arrays.asList(
- PrincipalDatabaseAuthenticationManager.FACTORY,
AnonymousAuthenticationManager.FACTORY))
+ PrincipalDatabaseAuthenticationManager.FACTORY,
AnonymousAuthenticationManager.FACTORY,
+ KerberosAuthenticationManager.FACTORY))
{
_authenticationManagerPlugins.put(pluginFactory.getPluginName(),
pluginFactory);
}
Copied:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java
(from r1339578,
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java)
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java?p2=qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java&p1=qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java&r1=1339578&r2=1339840&rev=1339840&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java
Thu May 17 20:15:22 2012
@@ -1,30 +1,33 @@
/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.qpid.server.security.auth.manager;
-import java.security.Principal;
+import java.io.IOException;
import java.util.Arrays;
+import java.util.HashMap;
import java.util.List;
import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.sasl.AuthorizeCallback;
+import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.commons.configuration.Configuration;
@@ -34,33 +37,15 @@ import org.apache.qpid.server.configurat
import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;
-import
org.apache.qpid.server.security.auth.sasl.anonymous.AnonymousInitialiser;
-import org.apache.qpid.server.security.auth.sasl.anonymous.AnonymousSaslServer;
-public class AnonymousAuthenticationManager implements AuthenticationManager
+public class KerberosAuthenticationManager implements AuthenticationManager
{
- private static final Logger _logger =
Logger.getLogger(AnonymousAuthenticationManager.class);
-
- private static final AnonymousInitialiser SASL_INITIALISER = new
AnonymousInitialiser();
-
- private static final String ANONYMOUS =
SASL_INITIALISER.getMechanismName();
-
- private static final Principal ANONYMOUS_PRINCIPAL = new
UsernamePrincipal("ANONYMOUS");
-
- private static final Subject ANONYMOUS_SUBJECT = new Subject();
- static
- {
- ANONYMOUS_SUBJECT.getPrincipals().add(ANONYMOUS_PRINCIPAL);
- }
-
- private static final AuthenticationResult ANONYMOUS_AUTHENTICATION = new
AuthenticationResult(ANONYMOUS_SUBJECT);
-
-
- private static CallbackHandler _callbackHandler =
SASL_INITIALISER.getCallbackHandler();
+ private static final Logger _logger =
Logger.getLogger(KerberosAuthenticationManager.class);
- static final AnonymousAuthenticationManager INSTANCE = new
AnonymousAuthenticationManager();
+ private static final String GSSAPI_MECHANISM = "GSSAPI";
+ private final CallbackHandler _callbackHandler = new
GssApiCallbackHandler();
- public static class AnonymousAuthenticationManagerConfiguration extends
ConfigurationPlugin
+ public static class KerberosAuthenticationManagerConfiguration extends
ConfigurationPlugin
{
public static final ConfigurationPluginFactory FACTORY =
@@ -68,12 +53,12 @@ public class AnonymousAuthenticationMana
{
public List<String> getParentPaths()
{
- return
Arrays.asList("security.anonymous-auth-manager");
+ return Arrays.asList("security.kerberos-auth-manager");
}
public ConfigurationPlugin newInstance(final String path,
final Configuration config) throws ConfigurationException
{
- final ConfigurationPlugin instance = new
AnonymousAuthenticationManagerConfiguration();
+ final ConfigurationPlugin instance = new
KerberosAuthenticationManagerConfiguration();
instance.setConfiguration(path, config);
return instance;
@@ -89,17 +74,17 @@ public class AnonymousAuthenticationMana
{
}
- }
+ }
- public static final
AuthenticationManagerPluginFactory<AnonymousAuthenticationManager> FACTORY =
new AuthenticationManagerPluginFactory<AnonymousAuthenticationManager>()
+ public static final
AuthenticationManagerPluginFactory<KerberosAuthenticationManager> FACTORY = new
AuthenticationManagerPluginFactory<KerberosAuthenticationManager>()
{
- public AnonymousAuthenticationManager newInstance(final
ConfigurationPlugin config) throws ConfigurationException
+ public KerberosAuthenticationManager newInstance(final
ConfigurationPlugin config) throws ConfigurationException
{
- AnonymousAuthenticationManagerConfiguration configuration =
+ KerberosAuthenticationManagerConfiguration configuration =
config == null
? null
- : (AnonymousAuthenticationManagerConfiguration)
config.getConfiguration(AnonymousAuthenticationManagerConfiguration.class.getName());
+ : (KerberosAuthenticationManagerConfiguration)
config.getConfiguration(KerberosAuthenticationManagerConfiguration.class.getName());
// If there is no configuration for this plugin then don't load it.
if (configuration == null)
@@ -107,22 +92,24 @@ public class AnonymousAuthenticationMana
_logger.info("No authentication-manager configuration found
for AnonymousAuthenticationManager");
return null;
}
- return INSTANCE;
+ KerberosAuthenticationManager kerberosAuthenticationManager = new
KerberosAuthenticationManager();
+ kerberosAuthenticationManager.configure(configuration);
+ return kerberosAuthenticationManager;
}
- public Class<AnonymousAuthenticationManager> getPluginClass()
+ public Class<KerberosAuthenticationManager> getPluginClass()
{
- return AnonymousAuthenticationManager.class;
+ return KerberosAuthenticationManager.class;
}
public String getPluginName()
{
- return AnonymousAuthenticationManager.class.getName();
+ return KerberosAuthenticationManager.class.getName();
}
};
- private AnonymousAuthenticationManager()
+ private KerberosAuthenticationManager()
{
}
@@ -135,15 +122,24 @@ public class AnonymousAuthenticationMana
@Override
public String getMechanisms()
{
- return ANONYMOUS;
+ return GSSAPI_MECHANISM;
}
@Override
public SaslServer createSaslServer(String mechanism, String localFQDN)
throws SaslException
{
- if(ANONYMOUS.equals(mechanism))
+ if(mechanism.equals(mechanism))
{
- return new AnonymousSaslServer();
+ try
+ {
+ return Sasl.createSaslServer(GSSAPI_MECHANISM, "AMQP", "scrumpy",
+ new HashMap<String, Object>(),
_callbackHandler);
+ }
+ catch (SaslException e)
+ {
+ e.printStackTrace(System.err);
+ throw e;
+ }
}
else
{
@@ -161,7 +157,10 @@ public class AnonymousAuthenticationMana
if (server.isComplete())
{
- return ANONYMOUS_AUTHENTICATION;
+ final Subject subject = new Subject();
+ _logger.debug("Authenticated as " +
server.getAuthorizationID());
+ subject.getPrincipals().add(new
UsernamePrincipal(server.getAuthorizationID()));
+ return new AuthenticationResult(subject);
}
else
{
@@ -170,6 +169,7 @@ public class AnonymousAuthenticationMana
}
catch (SaslException e)
{
+ e.printStackTrace(System.err);
return new
AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
}
}
@@ -177,13 +177,13 @@ public class AnonymousAuthenticationMana
@Override
public AuthenticationResult authenticate(String username, String password)
{
- return ANONYMOUS_AUTHENTICATION;
+ return new
AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
}
@Override
public CallbackHandler getHandler(String mechanism)
{
- if(ANONYMOUS.equals(mechanism))
+ if(GSSAPI_MECHANISM.equals(mechanism))
{
return _callbackHandler;
}
@@ -202,4 +202,24 @@ public class AnonymousAuthenticationMana
public void configure(ConfigurationPlugin config) throws
ConfigurationException
{
}
+
+ private static class GssApiCallbackHandler implements CallbackHandler
+ {
+
+ @Override
+ public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException
+ {
+ for(Callback callback : callbacks)
+ {
+ if (callback instanceof AuthorizeCallback)
+ {
+ ((AuthorizeCallback) callback).setAuthorized(true);
+ }
+ else
+ {
+ throw new UnsupportedCallbackException(callback);
+ }
+ }
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org
For additional commands, e-mail: commits-h...@qpid.apache.org
