Example 1 with ServletConnectionPrincipal
use of org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal in project qpid-broker-j by apache.
the class HttpManagementUtil method createServletConnectionSubject.
public static Subject createServletConnectionSubject(final HttpServletRequest request, Subject original) {
Subject subject = new Subject(false, original.getPrincipals(), original.getPublicCredentials(), original.getPrivateCredentials());
subject.getPrincipals().add(new ServletConnectionPrincipal(request));
subject.setReadOnly();
return subject;
}
Also used :
ServletConnectionPrincipal(org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal)
Subject(javax.security.auth.Subject)
Example 2 with ServletConnectionPrincipal
use of org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal in project qpid-broker-j by apache.
the class AuthenticationCheckFilter method doFilter.
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
boolean isPreemptiveAuthentication = false;
try {
Subject subject = HttpManagementUtil.getAuthorisedSubject(httpRequest);
if (subject == null) {
if (_allowed != null && httpRequest.getServletPath().startsWith(_allowed)) {
subject = new Subject(true, Collections.<Principal>singleton(new ServletConnectionPrincipal(httpRequest)), Collections.emptySet(), Collections.emptySet());
} else {
subject = tryPreemptiveAuthentication(httpRequest);
isPreemptiveAuthentication = true;
}
} else {
Set<Principal> principals = subject.getPrincipals();
Set<Principal> newPrincipals = new LinkedHashSet<>();
for (Principal principal : principals) {
if (!(principal instanceof ManagementConnectionPrincipal)) {
newPrincipals.add(principal);
}
}
subject = new Subject(false, principals, subject.getPublicCredentials(), subject.getPrivateCredentials());
ServletConnectionPrincipal principal = new ServletConnectionPrincipal(httpRequest);
subject.getPrincipals().add(principal);
subject.setReadOnly();
}
doFilterChainAs(request, response, chain, subject);
} catch (AccessControlException e) {
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
invalidateSession(httpRequest);
return;
} catch (SecurityException e) {
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
invalidateSession(httpRequest);
return;
} finally {
if (isPreemptiveAuthentication) {
invalidateSession(httpRequest);
}
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
LinkedHashSet(java.util.LinkedHashSet)
ServletConnectionPrincipal(org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AccessControlException(java.security.AccessControlException)
Subject(javax.security.auth.Subject)
Principal(java.security.Principal)
ManagementConnectionPrincipal(org.apache.qpid.server.security.auth.ManagementConnectionPrincipal)
ServletConnectionPrincipal(org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal)
ManagementConnectionPrincipal(org.apache.qpid.server.security.auth.ManagementConnectionPrincipal)
Aggregations
Subject (javax.security.auth.Subject)2
ServletConnectionPrincipal (org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal)2
AccessControlException (java.security.AccessControlException)1
Principal (java.security.Principal)1
LinkedHashSet (java.util.LinkedHashSet)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
ManagementConnectionPrincipal (org.apache.qpid.server.security.auth.ManagementConnectionPrincipal)1
