Example 1 with AccessController
use of com.sun.messaging.jmq.jmsserver.auth.AccessController in project openmq by eclipse-ee4j.
the class AuthHandler method handle.
/**
* Method to handle Authentication messages
*/
@Override
public boolean handle(IMQConnection con, Packet msg) throws BrokerException {
byte[] resp = null;
ByteBuffer bbuf = msg.getMessageBodyByteBuffer();
int size = bbuf.remaining();
resp = new byte[size];
bbuf.get(resp);
String reason = null;
AccessController ac = con.getAccessController();
boolean isIndemp = msg.getIndempotent();
byte[] req = null;
int status = Status.ERROR;
String username = null;
if (con.isAuthenticated()) {
if (!isIndemp) {
// already authenticated
reason = "already authenticated";
logger.log(Logger.WARNING, "Received unexpected authentication " + con.getRemoteConnectionString() + ":" + con.getConnectionUID());
status = Status.ERROR;
} else {
status = Status.OK;
}
resp = null;
} else if (!con.setConnectionState(Connection.STATE_AUTH_RESPONSED)) {
reason = "bad connection state";
status = Status.UNAVAILABLE;
resp = null;
}
if (resp != null) {
try {
req = ac.handleResponse(resp, msg.getSequence());
status = Status.OK;
// audit logging for successful authentication
Globals.getAuditSession().authentication(con.getUserName(), con.remoteHostString(), true);
if (req == null) {
IMQService s = (IMQService) con.getService();
String stype = ServiceType.getServiceTypeString(s.getServiceType());
try {
AuthCacheData acd = s.getAuthCacheData();
acd.setCacheData(ac.getCacheData());
ac.checkConnectionPermission(s.getName(), stype);
// audit logging for connection authorization
Globals.getAuditSession().connectionAuth(con.getUserName(), con.remoteHostString(), stype, s.getName(), true);
} catch (AccessControlException e) {
reason = "Forbidden";
status = Status.FORBIDDEN;
ac.logout();
logger.log(Logger.WARNING, Globals.getBrokerResources().getKString(BrokerResources.W_SERVICE_ACCESS_DENIED, s.getName(), stype) + " - " + e.getMessage(), e);
// audit logging for authentication failure
Globals.getAuditSession().connectionAuth(con.getUserName(), con.remoteHostString(), stype, s.getName(), false);
username = con.getUserName();
}
}
} catch (FailedLoginException e) {
// IMQService s = (IMQService)con.getService();
Globals.getAuditSession().authentication(e.getUser(), con.remoteHostString(), false);
username = e.getUser();
status = Status.INVALID_LOGIN;
reason = e.getMessage();
logger.log(Logger.WARNING, BrokerResources.W_LOGIN_FAILED, e);
} catch (OutOfMemoryError err) {
// re-processed
throw err;
} catch (Throwable w) {
status = Status.FORBIDDEN;
reason = w.getMessage();
logger.log(Logger.ERROR, w.getMessage(), w);
}
}
// XXX - for now simple returns granted authenticate reply
Packet pkt = new Packet(con.useDirectBuffers());
pkt.setConsumerID(msg.getConsumerID());
Hashtable hash = new Hashtable();
if (reason != null) {
hash.put("JMQReason", reason);
}
if (resp == null) {
pkt.setPacketType(PacketType.AUTHENTICATE_REPLY);
hash.put("JMQStatus", Integer.valueOf(status));
pkt.setProperties(hash);
} else {
if (req != null) {
if (!con.setConnectionState(Connection.STATE_AUTH_REQUESTED)) {
status = Status.UNAVAILABLE;
req = null;
}
}
if (req == null) {
if (status == Status.OK) {
if (!con.setConnectionState(Connection.STATE_AUTHENTICATED)) {
status = Status.UNAVAILABLE;
}
}
pkt.setPacketType(PacketType.AUTHENTICATE_REPLY);
hash.put("JMQStatus", Integer.valueOf(status));
if (((IMQBasicConnection) con).getDumpPacket() || ((IMQBasicConnection) con).getDumpOutPacket()) {
hash.put("JMQReqID", msg.getSysMessageID().toString());
}
pkt.setProperties(hash);
} else {
pkt.setPacketType(PacketType.AUTHENTICATE_REQUEST);
hash.put("JMQAuthType", ac.getAuthType());
hash.put("JMQChallenge", Boolean.FALSE);
if (((IMQBasicConnection) con).getDumpPacket() || ((IMQBasicConnection) con).getDumpOutPacket()) {
hash.put("JMQReqID", msg.getSysMessageID().toString());
}
pkt.setProperties(hash);
pkt.setMessageBody(req);
}
}
con.sendControlMessage(pkt);
if (status != Status.OK) {
IMQService s = (IMQService) con.getService();
Agent agent = Globals.getAgent();
if (agent != null) {
agent.notifyConnectionReject(s.getName(), username, con.remoteHostString());
}
con.closeConnection(true, GoodbyeReason.CON_FATAL_ERROR, Globals.getBrokerResources().getKString(BrokerResources.M_AUTH_FAIL_CLOSE));
} else {
Agent agent = Globals.getAgent();
if (agent != null) {
agent.registerConnection(con.getConnectionUID().longValue());
agent.notifyConnectionOpen(con.getConnectionUID().longValue());
}
}
return true;
}
Also used :
Agent(com.sun.messaging.jmq.jmsserver.management.agent.Agent)
AccessControlException(java.security.AccessControlException)
IMQService(com.sun.messaging.jmq.jmsserver.service.imq.IMQService)
AccessController(com.sun.messaging.jmq.jmsserver.auth.AccessController)
AuthCacheData(com.sun.messaging.jmq.jmsserver.auth.AuthCacheData)
FailedLoginException(com.sun.messaging.jmq.auth.api.FailedLoginException)
Example 2 with AccessController
use of com.sun.messaging.jmq.jmsserver.auth.AccessController in project openmq by eclipse-ee4j.
the class ClientIDHandler method validate.
/**
* method to validate a client ID
*
* @param clientid the client ID sent from client
* @param con the connection
* @exception if clientid uses JMQ reserved name space "${u:" or null or in case of ${u} expansion if connection not
* authenticated
*/
private String validate(String clientid, Connection con) throws BrokerException {
String cid = clientid;
if (clientid != null) {
if (clientid.startsWith("${u}")) {
AccessController ac = con.getAccessController();
String user = ac.getAuthenticatedName().getName();
cid = "${u:" + user + "}" + clientid.substring(4);
} else if (clientid.startsWith("${u:")) {
cid = null;
} else if (clientid.indexOf("${%%}") != -1) {
logger.log(Logger.DEBUG, "bad client id ${%%}");
cid = null;
}
}
if (cid == null || cid.trim().length() == 0) {
throw new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_INVALID_CLIENTID, (clientid == null) ? "null" : clientid));
}
if (DEBUG) {
logger.log(Logger.DEBUG, "ClientIDHandler:validated client ID:" + cid + ":");
}
return cid;
}
Also used :
AccessController(com.sun.messaging.jmq.jmsserver.auth.AccessController)
BrokerException(com.sun.messaging.jmq.jmsserver.util.BrokerException)
Example 3 with AccessController
use of com.sun.messaging.jmq.jmsserver.auth.AccessController in project openmq by eclipse-ee4j.
the class PacketRouter method checkAccessControl.
private boolean checkAccessControl(Packet msg, IMQConnection con, PacketHandler handler, int pktype) {
AccessController ac = con.getAccessController();
if (pktype != PacketType.HELLO && pktype != PacketType.PING && pktype != PacketType.AUTHENTICATE && pktype != PacketType.GOODBYE) {
if (!ac.isAuthenticated()) {
String emsg = Globals.getBrokerResources().getKString(BrokerResources.E_UNEXPECTED_PACKET_NOT_AUTHENTICATED, PacketType.getString(pktype));
defaultHandler.sendError(con, msg, emsg, Status.ERROR);
return false;
}
try {
handler.checkPermission(msg, con);
return true;
} catch (AccessControlException e) {
try {
handler.handleForbidden(con, msg, pktype + 1);
} catch (BrokerException ex) {
defaultHandler.sendError(con, ex, msg);
} catch (Exception ex) {
defaultHandler.sendError(con, new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_INTERNAL_EXCEPTION, "Unexpected Error processing message"), ex), msg);
}
} catch (BrokerException ex) {
defaultHandler.sendError(con, msg, ex.getMessage(), ex.getStatusCode());
} catch (Exception ex) {
defaultHandler.sendError(con, new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_INTERNAL_EXCEPTION, "Unexpected Error processing message"), ex), msg);
}
return false;
} else {
return true;
}
}
Also used :
AccessController(com.sun.messaging.jmq.jmsserver.auth.AccessController)
BrokerException(com.sun.messaging.jmq.jmsserver.util.BrokerException)
AccessControlException(java.security.AccessControlException)
ServiceRestrictionWaitException(com.sun.messaging.jmq.jmsserver.util.ServiceRestrictionWaitException)
ServiceRestrictionException(com.sun.messaging.jmq.jmsserver.util.ServiceRestrictionException)
AccessControlException(java.security.AccessControlException)
BrokerException(com.sun.messaging.jmq.jmsserver.util.BrokerException)
Example 4 with AccessController
use of com.sun.messaging.jmq.jmsserver.auth.AccessController in project openmq by eclipse-ee4j.
the class HelloHandler method handle.
/**
* Method to handle HELLO messages
*/
@Override
public boolean handle(IMQConnection con, Packet msg) throws BrokerException {
if (DEBUG) {
logger.log(Logger.DEBUGHIGH, "HelloHandler: handle() [ Received Hello Message]");
}
String reason = null;
Hashtable hello_props = null;
try {
hello_props = msg.getProperties();
} catch (Exception ex) {
logger.logStack(Logger.WARNING, "HELLO Packet.getProperties()", ex);
hello_props = new Hashtable();
}
boolean alreadyStarted = con.isStarted();
boolean alreadyAuthenticated = con.isAuthenticated();
int requestedProtocol = 0;
int highestProtocol = con.getHighestSupportedProtocol();
int lowestProtocol = PacketType.VERSION1;
String expectedClusterID = null;
UID expectedSessionID = null;
ConnectionUID oldCID = null;
Integer bufsize = null;
String destprov = null;
if (hello_props != null) {
Integer level = (Integer) hello_props.get("JMQProtocolLevel");
String clientv = (String) hello_props.get("JMQVersion");
if (DEBUG) {
logger.log(logger.INFO, "HelloHandler.handle(): Client[" + clientv + ", " + level + "] " + con);
}
if (level == null) {
requestedProtocol = PacketType.VERSION1;
} else {
requestedProtocol = level.intValue();
}
bufsize = (Integer) hello_props.get("JMQSize");
if (bufsize == null) {
// XXX try old protocol
bufsize = (Integer) hello_props.get("JMQRBufferSize");
}
// Retrieve HA related properties
Long longUID = (Long) hello_props.get("JMQStoreSession");
if (longUID != null) {
expectedSessionID = new UID(longUID.longValue());
}
expectedClusterID = (String) hello_props.get("JMQClusterID");
Boolean reconnectable = (Boolean) hello_props.get("JMQReconnectable");
Boolean haclient = (Boolean) hello_props.get("JMQHAClient");
if (Globals.getHAEnabled() && haclient != null && haclient.booleanValue()) {
reconnectable = haclient;
}
String s = (String) hello_props.get("JMQUserAgent");
if (s != null) {
con.addClientData(IMQConnection.USER_AGENT, s);
}
// currently private property
destprov = (String) hello_props.get("JMQDestinationProvider");
longUID = (Long) hello_props.get("JMQConnectionID");
if (longUID != null) {
logger.log(Logger.DEBUG, "Have old connectionUID");
oldCID = new ConnectionUID(longUID.longValue());
logger.log(Logger.INFO, BrokerResources.I_RECONNECTING, oldCID);
logger.log(Logger.DEBUG, "Checking for active connection");
Connection oldcon = Globals.getConnectionManager().getConnection(oldCID);
DUMP("Before connection Destroy");
if (oldcon != null) {
logger.log(Logger.DEBUG, "Destroying old connection " + oldCID);
oldcon.destroyConnection(true, GoodbyeReason.ADMIN_KILLED_CON, "Destroying old connection with same connectionUID " + oldCID + " - reconnect is happening before connection was reaped");
}
/*
* LKS DUMP();
*
* logger.log(Logger.DEBUG,"Updating connection in id list " + "["+oldcid + "," + uid + "]"); // old code
* con.setConnectionUID(oldcid); Globals.getConnectionManager().updateConnectionUID( oldcid, uid);
* //Globals.getConnectionManager().updateConnectionUID( // uid, oldcid);
*/
DUMP("After Connection Destroy");
}
con.getConnectionUID().setCanReconnect(reconnectable != null && reconnectable.booleanValue());
Long interval = (Long) hello_props.get("JMQInterval");
// LKS - XXX just override for testing
long itime = (interval == null ? ConnectionManager.DEFAULT_RECONNECT_INTERVAL : interval.longValue());
con.setReconnectInterval(itime);
} else {
requestedProtocol = PacketType.VERSION1;
}
int supportedProtocol = 0;
if (requestedProtocol > highestProtocol) {
supportedProtocol = highestProtocol;
} else if (requestedProtocol < lowestProtocol) {
supportedProtocol = lowestProtocol;
} else {
supportedProtocol = requestedProtocol;
}
con.setClientProtocolVersion(supportedProtocol);
if (bufsize != null) {
logger.log(Logger.DEBUG, "Received JMQRBufferSize -" + bufsize);
con.setFlowCount(bufsize.intValue());
}
Packet pkt = new Packet(con.useDirectBuffers());
pkt.setPacketType(PacketType.HELLO_REPLY);
pkt.setConsumerID(msg.getConsumerID());
Hashtable hash = new Hashtable();
reason = "unavailable";
int status = Status.UNAVAILABLE;
// protocol, then use the IP in the message packet.
if (con.getRemoteIP() == null) {
con.setRemoteIP(msg.getIP());
}
if ((alreadyAuthenticated || alreadyStarted) && !msg.getIndempotent()) {
// handle ibit
status = Status.ERROR;
reason = "Connection reuse not allowed";
if (alreadyAuthenticated) {
logger.log(Logger.WARNING, "Internal Error: " + " received HELLO on already authenticated connection " + con.getRemoteConnectionString() + " " + con.getConnectionUID());
} else {
logger.log(Logger.WARNING, "Internal Error: " + " received HELLO on already started connection " + con.getRemoteConnectionString() + " " + con.getConnectionUID());
}
} else if (requestedProtocol != supportedProtocol) {
// Bad protocol level.
logger.log(Logger.WARNING, rb.W_BAD_PROTO_VERSION, Integer.toString(requestedProtocol), Integer.toString(supportedProtocol));
reason = "bad version";
status = Status.BAD_VERSION;
} else if (con.getConnectionState() != Connection.STATE_UNAVAILABLE) {
/**
* connection may not be able to be created e.g: licensing, being destroyed (e.g due to timeout)
*/
if (con.setConnectionState(Connection.STATE_INITIALIZED)) {
reason = null;
status = Status.OK;
} else {
status = Status.UNAVAILABLE;
}
} else {
status = Status.UNAVAILABLE;
}
if (status == Status.OK && destprov != null) {
if (((IMQService) con.getService()).getServiceType() == ServiceType.ADMIN) {
status = Status.BAD_REQUEST;
reason = "JMQDestinationProvider not supported on ADMIN service";
logger.log(logger.WARNING, reason);
} else if (!destprov.equals(CoreLifecycleSpi.GFMQ) && !destprov.equals(CoreLifecycleSpi.CHMP)) {
status = Status.UNSUPPORTED_TYPE;
reason = "Unsupported JMQDestinationProvider " + destprov;
logger.log(logger.WARNING, reason);
} else if (destprov.equals(CoreLifecycleSpi.CHMP) && Globals.getCorePlugin(destprov) == null) {
status = Status.UNSUPPORTED_TYPE;
reason = destprov + " not enabled";
logger.log(logger.WARNING, reason);
}
}
UID brokerSessionID = Globals.getBrokerSessionID();
if (brokerSessionID != null) {
hash.put("JMQBrokerSessionID", Long.valueOf(brokerSessionID.longValue()));
}
// OK, handle the HA properties HERE
String clusterID = null;
UID sessionUID = null;
ClusterManager cfg = Globals.getClusterManager();
if (cfg != null) {
clusterID = cfg.getClusterId();
sessionUID = cfg.getStoreSessionUID();
hash.put("JMQHA", Boolean.valueOf(cfg.isHA()));
if (clusterID != null) {
hash.put("JMQClusterID", clusterID);
}
if (sessionUID != null && !Globals.getDestinationList().isPartitionMode()) {
hash.put("JMQStoreSession", Long.valueOf(sessionUID.longValue()));
}
String list = null;
Iterator itr = null;
if (((IMQService) con.getService()).getServiceType() != ServiceType.ADMIN) {
itr = cfg.getKnownBrokers(false);
} else {
itr = cfg.getKnownBrokers(true);
}
Set s = new HashSet();
// ok get rid of dups
while (itr.hasNext()) {
ClusteredBroker cb = (ClusteredBroker) itr.next();
s.add(cb.getBrokerURL().toString());
}
// OK .. now convert to a string
itr = s.iterator();
while (itr.hasNext()) {
if (list == null) {
list = itr.next().toString();
} else {
list += "," + itr.next().toString();
}
}
if (list != null) {
hash.put("JMQBrokerList", list);
}
}
HAMonitorService hamonitor = Globals.getHAMonitorService();
if (hamonitor != null && hamonitor.inTakeover()) {
if (((IMQService) con.getService()).getServiceType() != ServiceType.ADMIN) {
status = Status.TIMEOUT;
if (oldCID != null) {
logger.log(logger.INFO, BrokerResources.W_IN_TAKEOVER_RECONNECT_LATER, oldCID);
} else {
logger.log(logger.INFO, BrokerResources.W_IN_TAKEOVER_RECONNECT_LATER, con.getConnectionUID());
}
}
}
// first we want to deal with a bad clusterid
if (clusterID != null && expectedClusterID != null && !clusterID.equals(expectedClusterID)) {
status = Status.BAD_REQUEST;
} else if (expectedSessionID != null && sessionUID != null && expectedSessionID.equals(sessionUID)) {
// cool we connected to the right broker
// we already have the right owner
} else if (expectedSessionID != null) {
if (cfg == null) {
// not running any cluster config
logger.log(Logger.WARNING, BrokerResources.E_INTERNAL_BROKER_ERROR, "Internal Error: Received session on" + " non-clustered broker");
status = Status.NOT_FOUND;
} else {
// OK, if we are here, we need to locate the right
// broker for the session
//
// Here are the steps we need to check:
// 1. does this broker support the sessionUID
// if not
// 2. can we locate another broker with the sessionUID
//
ClusteredBroker owner = null;
//
// OK, see if this was a session UID we took over at some
// point in the past
Set s = cfg.getSupportedStoreSessionUIDs();
if (s.contains(expectedSessionID)) {
// yep, we took it over
owner = cfg.getLocalBroker();
}
if (owner == null) {
// this broker isnt supprting the session
// see if the database indicates someone else has it
String ownerString = cfg.lookupStoreSessionOwner(expectedSessionID);
if (ownerString != null) {
owner = cfg.getBroker(ownerString);
}
}
try {
if (owner != null) {
ClusteredBroker creator = null;
String creatorString = cfg.getStoreSessionCreator(expectedSessionID);
if (creatorString != null) {
creator = cfg.getBroker(creatorString);
}
int stat = owner.getStatus();
if (BrokerStatus.getBrokerInDoubt(stat) || !BrokerStatus.getBrokerLinkIsUp(stat) || owner.getState() == BrokerState.FAILOVER_STARTED) {
status = Status.TIMEOUT;
logger.log(logger.INFO, Globals.getBrokerResources().getKString(BrokerResources.I_RECONNECT_OWNER_INDOUBT, expectedSessionID, owner));
} else if (!owner.isLocalBroker()) {
status = Status.MOVED_PERMANENTLY;
hash.put("JMQStoreOwner", owner.getBrokerURL().toString());
logger.log(logger.INFO, Globals.getBrokerResources().getKString(BrokerResources.I_RECONNECT_OWNER_NOTME, expectedSessionID, owner));
} else if (creator == null) {
// XXX
status = Status.NOT_FOUND;
logger.log(logger.INFO, Globals.getBrokerResources().getKString(BrokerResources.I_RECONNECT_NOCREATOR, expectedSessionID));
} else if (creator.getState() == BrokerState.FAILOVER_STARTED) {
status = Status.TIMEOUT;
logger.log(logger.INFO, Globals.getBrokerResources().getKString(BrokerResources.I_RECONNECT_INTAKEOVER, expectedSessionID));
} else {
// local broker owns us - set owner for debugging only
// not required for protocol
hash.put("JMQStoreOwner", owner.getBrokerURL().toString());
}
} else {
// didnt find owner
status = Status.NOT_FOUND;
logger.log(logger.INFO, Globals.getBrokerResources().getKString(BrokerResources.I_RECONNECT_OWNER_NOTFOUND, expectedSessionID));
}
} catch (Exception ex) {
logger.log(Logger.WARNING, BrokerResources.W_RECONNECT_ERROR, expectedSessionID.toString(), ex);
status = Status.NOT_FOUND;
}
}
}
if (!con.isAdminConnection() && Globals.getMemManager() != null) {
hash.put("JMQSize", Integer.valueOf(Globals.getMemManager().getJMQSize()));
hash.put("JMQBytes", Long.valueOf(Globals.getMemManager().getJMQBytes()));
hash.put("JMQMaxMsgBytes", Long.valueOf(Globals.getMemManager().getJMQMaxMsgBytes()));
}
hash.put("JMQService", con.getService().getName());
hash.put("JMQConnectionID", Long.valueOf(con.getConnectionUID().longValue()));
hash.put("JMQProtocolLevel", Integer.valueOf(supportedProtocol));
hash.put("JMQVersion", Globals.getVersion().getProductVersion());
if (((IMQBasicConnection) con).getDumpPacket() || ((IMQBasicConnection) con).getDumpOutPacket()) {
hash.put("JMQReqID", msg.getSysMessageID().toString());
}
try {
sessionUID = con.attachStorePartition(expectedSessionID);
if (Globals.getDestinationList().isPartitionMode()) {
hash.put("JMQStoreSession", Long.valueOf(sessionUID.longValue()));
}
} catch (BrokerException e) {
status = e.getStatusCode();
reason = e.getMessage();
if (status == Status.NOT_FOUND) {
logger.log(logger.INFO, e.getMessage());
} else {
logger.logStack(logger.ERROR, e.getMessage(), e);
}
}
hash.put("JMQStatus", Integer.valueOf(status));
if (reason != null) {
hash.put("JMQReason", reason);
}
pkt.setProperties(hash);
con.sendControlMessage(pkt);
// OK .. valid status messages are
if (status != Status.OK && status != Status.MOVED_PERMANENTLY && status != Status.NOT_FOUND && status != Status.TIMEOUT) {
// destroy the connection !!! (should be ok if destroy twice)
con.closeConnection(true, GoodbyeReason.CON_FATAL_ERROR, Globals.getBrokerResources().getKString(BrokerResources.M_INIT_FAIL_CLOSE));
connectionList.removeConnection(con.getConnectionUID(), false, GoodbyeReason.CON_FATAL_ERROR, Globals.getBrokerResources().getKString(BrokerResources.M_INIT_FAIL_CLOSE));
return true;
}
status = Status.UNAVAILABLE;
String authType = null;
if (hello_props != null) {
authType = (String) hello_props.get("JMQAuthType");
}
AccessController ac = con.getAccessController();
pkt = new Packet(con.useDirectBuffers());
pkt.setPacketType(PacketType.AUTHENTICATE_REQUEST);
pkt.setConsumerID(msg.getConsumerID());
hash = new Hashtable();
hash.put("JMQSequence", Integer.valueOf(msg.getSequence()));
hash.put("JMQChallenge", Boolean.TRUE);
Properties props = new Properties();
props.setProperty(Globals.IMQ + ".clientIP", msg.getIPString());
props.setProperty(Globals.IMQ + ".connectionID", con.getConnectionUID().toString());
byte[] req = null;
try {
AuthCacheData acd = ((IMQService) con.getService()).getAuthCacheData();
req = ac.getChallenge(msg.getSequence(), props, acd.getCacheData(), authType);
hash.put("JMQAuthType", ac.getAuthType());
if (con.setConnectionState(Connection.STATE_AUTH_REQUESTED)) {
status = Status.OK;
}
} catch (FailedLoginException e) {
logger.log(Logger.WARNING, e.getMessage(), e);
status = Status.FORBIDDEN;
} catch (OutOfMemoryError err) {
// packet is re-processed
throw err;
} catch (Throwable w) {
logger.log(Logger.ERROR, Globals.getBrokerResources().getKString(BrokerResources.E_GET_CHALLENGE_FAILED) + " - " + w.getMessage(), w);
status = Status.FORBIDDEN;
}
try {
if (destprov != null && !destprov.equals(CoreLifecycleSpi.GFMQ)) {
CoreLifecycleSpi clc = Globals.getCorePlugin(destprov);
((IMQBasicConnection) con).setPacketRouter(clc.getPacketRouter());
con.setCoreLifecycle(clc);
}
} catch (Exception e) {
status = Status.ERROR;
logger.logStack(logger.ERROR, e.getMessage(), e);
}
hash.put("JMQStatus", Integer.valueOf(status));
if (((IMQBasicConnection) con).getDumpPacket() || ((IMQBasicConnection) con).getDumpOutPacket()) {
hash.put("JMQReqID", msg.getSysMessageID().toString());
}
pkt.setProperties(hash);
if (req != null) {
pkt.setMessageBody(req);
}
con.sendControlMessage(pkt);
if (DEBUG) {
logger.log(Logger.DEBUG, "HelloHandler: handle() [ sent challenge ]" + ":status=" + Status.getString(status));
}
if (status != Status.OK && status != Status.MOVED_PERMANENTLY && status != Status.NOT_FOUND && status != Status.TIMEOUT) {
// destroy the connection !!! (should be ok if destroy twice)
con.closeConnection(true, GoodbyeReason.CON_FATAL_ERROR, Globals.getBrokerResources().getKString(BrokerResources.M_INIT_FAIL_CLOSE));
connectionList.removeConnection(con.getConnectionUID(), false, GoodbyeReason.CON_FATAL_ERROR, Globals.getBrokerResources().getKString(BrokerResources.M_INIT_FAIL_CLOSE));
}
return true;
}
Also used :
BrokerException(com.sun.messaging.jmq.jmsserver.util.BrokerException)
CoreLifecycleSpi(com.sun.messaging.jmq.jmsserver.plugin.spi.CoreLifecycleSpi)
IMQService(com.sun.messaging.jmq.jmsserver.service.imq.IMQService)
IMQBasicConnection(com.sun.messaging.jmq.jmsserver.service.imq.IMQBasicConnection)
HAMonitorService(com.sun.messaging.jmq.jmsserver.cluster.api.ha.HAMonitorService)
IMQBasicConnection(com.sun.messaging.jmq.jmsserver.service.imq.IMQBasicConnection)
Connection(com.sun.messaging.jmq.jmsserver.service.Connection)
IMQConnection(com.sun.messaging.jmq.jmsserver.service.imq.IMQConnection)
BrokerException(com.sun.messaging.jmq.jmsserver.util.BrokerException)
FailedLoginException(com.sun.messaging.jmq.auth.api.FailedLoginException)
ConnectionUID(com.sun.messaging.jmq.jmsserver.service.ConnectionUID)
UID(com.sun.messaging.jmq.util.UID)
AccessController(com.sun.messaging.jmq.jmsserver.auth.AccessController)
AuthCacheData(com.sun.messaging.jmq.jmsserver.auth.AuthCacheData)
FailedLoginException(com.sun.messaging.jmq.auth.api.FailedLoginException)
ConnectionUID(com.sun.messaging.jmq.jmsserver.service.ConnectionUID)
Example 5 with AccessController
use of com.sun.messaging.jmq.jmsserver.auth.AccessController in project openmq by eclipse-ee4j.
the class MQJMXAuthenticator method authenticate.
@Override
public Subject authenticate(Object credentials) {
if (credentials == null) {
String errStr = rb.getString(rb.W_JMX_CONNECTOR_CREDENTIALS_NEEDED, csi.getName());
logger.log(Logger.WARNING, errStr);
throw new SecurityException(errStr);
}
if (!(credentials instanceof String[])) {
String errStr = rb.getString(rb.W_JMX_CONNECTOR_CREDENTIALS_WRONG_TYPE, csi.getName());
logger.log(Logger.WARNING, errStr);
throw new SecurityException(errStr);
}
String[] up = (String[]) credentials;
String username = up[0], passwd = up[1];
String clientIP = null;
MQAuthenticator a = null;
try {
a = new MQAuthenticator("admin", ServiceType.ADMIN);
} catch (Exception e) {
String errStr = rb.getString(rb.W_JMX_AUTHENTICATOR_INIT_FAILED, e.toString());
logger.log(Logger.WARNING, errStr);
throw new SecurityException(errStr);
}
/*
* For RMI based connectors, we can get to the client host IP This can be used for auth/access control if needed
*/
if (csi.getConfiguredJMXServiceURL().getProtocol().equals("rmi")) {
try {
clientIP = RemoteServer.getClientHost();
/*
* We need the IP address. The following guarantees that.
*/
InetAddress clientHostIA = InetAddress.getByName(clientIP);
clientIP = clientHostIA.getHostAddress();
} catch (Exception e) {
String errStr = rb.getString(rb.W_JMX_FAILED_TO_GET_IP, csi.getName(), e.toString());
logger.log(Logger.WARNING, errStr);
/*
* XXX: Should a SecurityException be thrown here ? ie is it necessary for most cases ?
*/
throw new SecurityException(errStr);
}
AccessController ac = a.getAccessController();
if (ac != null) {
ac.setClientIP(clientIP);
}
}
try {
a.authenticate(username, passwd);
} catch (Exception e) {
String errStr = rb.getString(rb.W_JMX_CONNECTOR_AUTH_FAILED, csi.getName(), e.toString());
logger.log(Logger.WARNING, errStr);
throw new SecurityException(errStr);
}
return new Subject();
}
Also used :
AccessController(com.sun.messaging.jmq.jmsserver.auth.AccessController)
MQAuthenticator(com.sun.messaging.jmq.jmsserver.auth.MQAuthenticator)
InetAddress(java.net.InetAddress)
Subject(javax.security.auth.Subject)
Aggregations
AccessController (com.sun.messaging.jmq.jmsserver.auth.AccessController)5
BrokerException (com.sun.messaging.jmq.jmsserver.util.BrokerException)3
FailedLoginException (com.sun.messaging.jmq.auth.api.FailedLoginException)2
AuthCacheData (com.sun.messaging.jmq.jmsserver.auth.AuthCacheData)2
IMQService (com.sun.messaging.jmq.jmsserver.service.imq.IMQService)2
AccessControlException (java.security.AccessControlException)2
MQAuthenticator (com.sun.messaging.jmq.jmsserver.auth.MQAuthenticator)1
HAMonitorService (com.sun.messaging.jmq.jmsserver.cluster.api.ha.HAMonitorService)1
Agent (com.sun.messaging.jmq.jmsserver.management.agent.Agent)1
CoreLifecycleSpi (com.sun.messaging.jmq.jmsserver.plugin.spi.CoreLifecycleSpi)1
Connection (com.sun.messaging.jmq.jmsserver.service.Connection)1
ConnectionUID (com.sun.messaging.jmq.jmsserver.service.ConnectionUID)1
IMQBasicConnection (com.sun.messaging.jmq.jmsserver.service.imq.IMQBasicConnection)1
IMQConnection (com.sun.messaging.jmq.jmsserver.service.imq.IMQConnection)1
ServiceRestrictionException (com.sun.messaging.jmq.jmsserver.util.ServiceRestrictionException)1
ServiceRestrictionWaitException (com.sun.messaging.jmq.jmsserver.util.ServiceRestrictionWaitException)1
UID (com.sun.messaging.jmq.util.UID)1
InetAddress (java.net.InetAddress)1
Subject (javax.security.auth.Subject)1
