Author: kwall Date: Tue Sep 4 13:19:03 2012 New Revision: 1380626 URL: http://svn.apache.org/viewvc?rev=1380626&view=rev Log: QPID-4283: Make web management capable of using external authentication manager.
also: * remove test servlets * rename management.html => index.html * allow sasl-auth to be disabled Work of Robbie Gemmell <rob...@apache.org> and myself. Added: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html - copied, changed from r1380625, qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/management.html Removed: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/api/ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/management.html Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java qpid/trunk/qpid/java/broker/etc/config.xml qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java?rev=1380626&r1=1380625&r2=1380626&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java (original) +++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java Tue Sep 4 13:19:03 2012 @@ -32,8 +32,6 @@ import org.apache.qpid.server.logging.ac import org.apache.qpid.server.logging.messages.ManagementConsoleMessages; import org.apache.qpid.server.management.plugin.servlet.DefinedFileServlet; import org.apache.qpid.server.management.plugin.servlet.FileServlet; -import org.apache.qpid.server.management.plugin.servlet.api.ExchangesServlet; -import org.apache.qpid.server.management.plugin.servlet.api.VhostsServlet; import org.apache.qpid.server.management.plugin.servlet.rest.LogRecordsServlet; import org.apache.qpid.server.management.plugin.servlet.rest.MessageContentServlet; import org.apache.qpid.server.management.plugin.servlet.rest.MessageServlet; @@ -158,9 +156,6 @@ public class Management root.setContextPath("/"); server.setHandler(root); - root.addServlet(new ServletHolder(new VhostsServlet(_broker)), "/api/vhosts/*"); - root.addServlet(new ServletHolder(new ExchangesServlet(_broker)), "/api/exchanges/*"); - addRestServlet(root, "broker"); addRestServlet(root, "virtualhost", VirtualHost.class); addRestServlet(root, "authenticationprovider", AuthenticationProvider.class); @@ -183,7 +178,7 @@ public class Management root.addServlet(new ServletHolder(new SaslServlet(_broker)), "/rest/sasl"); - root.addServlet(new ServletHolder(new DefinedFileServlet("management.html")), "/management"); + root.addServlet(new ServletHolder(new DefinedFileServlet("index.html")), "/management"); root.addServlet(new ServletHolder(FileServlet.INSTANCE), "*.js"); root.addServlet(new ServletHolder(FileServlet.INSTANCE), "*.css"); Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java?rev=1380626&r1=1380625&r2=1380626&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java (original) +++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java Tue Sep 4 13:19:03 2012 @@ -257,7 +257,7 @@ public abstract class AbstractServlet ex String remoteUser = request.getRemoteUser(); if(remoteUser != null) { - subject = subjectCreator.createSubjectWithGroups(remoteUser); + subject = authenticateUserAndGetSubject(subjectCreator, remoteUser, null); } else { @@ -278,13 +278,7 @@ public abstract class AbstractServlet ex String[] credentials = (new String(Base64.decodeBase64(tokens[1].getBytes()))).split(":",2); if(credentials.length == 2) { - SubjectAuthenticationResult authResult = subjectCreator.authenticate(credentials[0], credentials[1]); - if( authResult.getStatus() != AuthenticationStatus.SUCCESS) - { - //TODO: write a return response indicating failure? - throw new AccessControlException("Incorrect username or password"); - } - subject = authResult.getSubject(); + subject = authenticateUserAndGetSubject(subjectCreator, credentials[0], credentials[1]); } else { @@ -308,6 +302,18 @@ public abstract class AbstractServlet ex return subject; } + private Subject authenticateUserAndGetSubject(SubjectCreator subjectCreator, String username, String password) + { + SubjectAuthenticationResult authResult = subjectCreator.authenticate(username, password); + if( authResult.getStatus() != AuthenticationStatus.SUCCESS) + { + //TODO: write a return response indicating failure? + throw new AccessControlException("Incorrect username or password"); + } + Subject subject = authResult.getSubject(); + return subject; + } + private boolean isBasicAuthSupported(HttpServletRequest req) { return req.isSecure() ? ApplicationRegistry.getInstance().getConfiguration().getHTTPSManagementBasicAuth() Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java?rev=1380626&r1=1380625&r2=1380626&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java (original) +++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java Tue Sep 4 13:19:03 2012 @@ -124,6 +124,8 @@ public class SaslServlet extends Abstrac @Override protected void doPostWithSubjectAndActor(final HttpServletRequest request, final HttpServletResponse response) throws IOException { + checkSaslAuthEnabled(request); + try { response.setContentType("application/json"); @@ -190,7 +192,24 @@ public class SaslServlet extends Abstrac LOGGER.error("Error processing SASL request", e); throw e; } + } + private void checkSaslAuthEnabled(HttpServletRequest request) + { + boolean saslAuthEnabled; + if (request.isSecure()) + { + saslAuthEnabled = ApplicationRegistry.getInstance().getConfiguration().getHTTPSManagementSaslAuthEnabled(); + } + else + { + saslAuthEnabled = ApplicationRegistry.getInstance().getConfiguration().getHTTPManagementSaslAuthEnabled(); + } + + if (!saslAuthEnabled) + { + throw new RuntimeException("Sasl authentication disabled."); + } } private void evaluateSaslResponse(final HttpServletResponse response, Copied: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html (from r1380625, qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/management.html) URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html?p2=qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html&p1=qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/management.html&r1=1380625&r2=1380626&rev=1380626&view=diff ============================================================================== (empty) Modified: qpid/trunk/qpid/java/broker/etc/config.xml URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/etc/config.xml?rev=1380626&r1=1380625&r2=1380626&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker/etc/config.xml (original) +++ qpid/trunk/qpid/java/broker/etc/config.xml Tue Sep 4 13:19:03 2012 @@ -48,7 +48,7 @@ <registryServer>8999</registryServer> <!-- If unspecified, connectorServer defaults to 100 + registryServer port. - <connectorServer>9099</connectionServer> + <connectorServer>9099</connectorServer> --> </jmxport> <ssl> Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java?rev=1380626&r1=1380625&r2=1380626&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java (original) +++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java Tue Sep 4 13:19:03 2012 @@ -620,6 +620,16 @@ public class ServerConfiguration extends return getBooleanValue("management.https.basic-auth", true); } + public boolean getHTTPManagementSaslAuthEnabled() + { + return getBooleanValue("management.http.sasl-auth", true); + } + + public boolean getHTTPSManagementSaslAuthEnabled() + { + return getBooleanValue("management.https.sasl-auth", true); + } + public String[] getVirtualHosts() { return _virtualHosts.keySet().toArray(new String[_virtualHosts.size()]); @@ -1053,4 +1063,5 @@ public class ServerConfiguration extends _qpidHome = path; } + } Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java?rev=1380626&r1=1380625&r2=1380626&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java (original) +++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java Tue Sep 4 13:19:03 2012 @@ -29,6 +29,7 @@ import org.apache.log4j.Logger; import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin; import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory; import org.apache.qpid.server.security.auth.AuthenticationResult; +import org.apache.qpid.server.security.auth.UsernamePrincipal; import org.apache.qpid.server.security.auth.sasl.external.ExternalSaslServer; public class ExternalAuthenticationManager implements AuthenticationManager @@ -159,7 +160,7 @@ public class ExternalAuthenticationManag @Override public AuthenticationResult authenticate(String username, String password) { - return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR); + return new AuthenticationResult(new UsernamePrincipal(username)); } @Override Modified: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java?rev=1380626&r1=1380625&r2=1380626&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java (original) +++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java Tue Sep 4 13:19:03 2012 @@ -300,6 +300,45 @@ public class ServerConfigurationTest ext assertEquals(false, _serverConfig.getJMXManagementEnabled()); } + public void testGetHTTPManagementEnabled() throws ConfigurationException + { + // Check default + _serverConfig.initialise(); + assertEquals(true, _serverConfig.getHTTPManagementEnabled()); + + // Check value we set + _config.setProperty("management.http.enabled", false); + _serverConfig = new ServerConfiguration(_config); + _serverConfig.initialise(); + assertEquals(false, _serverConfig.getHTTPManagementEnabled()); + } + + public void testGetHTTPManagementSaslAuthEnabled() throws ConfigurationException + { + // Check default + _serverConfig.initialise(); + assertEquals(true, _serverConfig.getHTTPManagementSaslAuthEnabled()); + + // Check value we set + _config.setProperty("management.http.sasl-auth", false); + _serverConfig = new ServerConfiguration(_config); + _serverConfig.initialise(); + assertEquals(false, _serverConfig.getHTTPManagementSaslAuthEnabled()); + } + + public void testGetHTTPSManagementSaslAuthEnabled() throws ConfigurationException + { + // Check default + _serverConfig.initialise(); + assertEquals(true, _serverConfig.getHTTPSManagementSaslAuthEnabled()); + + // Check value we set + _config.setProperty("management.https.sasl-auth", false); + _serverConfig = new ServerConfiguration(_config); + _serverConfig.initialise(); + assertEquals(false, _serverConfig.getHTTPSManagementSaslAuthEnabled()); + } + public void testGetManagementRightsInferAllAccess() throws Exception { _serverConfig.initialise(); --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org