Example 1 with AnonymousAuthenticationManager
use of org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager in project qpid-broker-j by apache.
the class ProtocolEngine_1_0_0Test method testProtocolEngineWithNoSaslNonTLSandAnon.
public void testProtocolEngineWithNoSaslNonTLSandAnon() throws Exception {
final Map<String, Object> attrs = Collections.singletonMap(ConfiguredObject.NAME, getTestName());
final AnonymousAuthenticationManager anonymousAuthenticationManager = (new AnonymousAuthenticationManagerFactory()).create(null, attrs, _broker);
when(_port.getAuthenticationProvider()).thenReturn(anonymousAuthenticationManager);
allowMechanisms(AnonymousAuthenticationManager.MECHANISM_NAME);
createEngine(Transport.TCP);
_protocolEngine_1_0_0.received(QpidByteBuffer.wrap(ProtocolEngineCreator_1_0_0.getInstance().getHeaderIdentifier()));
Open open = new Open();
open.setContainerId("testContainerId");
_frameWriter.send(AMQFrame.createAMQFrame((short) 0, open));
verify(_virtualHost).registerConnection(any(AMQPConnection.class), any(ConnectionEstablishmentPolicy.class));
AuthenticatedPrincipal principal = (AuthenticatedPrincipal) _connection.getAuthorizedPrincipal();
assertNotNull(principal);
assertEquals(principal, new AuthenticatedPrincipal(anonymousAuthenticationManager.getAnonymousPrincipal()));
}
Also used :
ConnectionEstablishmentPolicy(org.apache.qpid.server.virtualhost.ConnectionEstablishmentPolicy)
AnonymousAuthenticationManagerFactory(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory)
AnonymousAuthenticationManager(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager)
AMQPConnection(org.apache.qpid.server.transport.AMQPConnection)
ConfiguredObject(org.apache.qpid.server.model.ConfiguredObject)
Matchers.anyString(org.mockito.Matchers.anyString)
Open(org.apache.qpid.server.protocol.v1_0.type.transport.Open)
AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal)
Example 2 with AnonymousAuthenticationManager
use of org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager in project qpid-broker-j by apache.
the class AMQPConnection_1_0Impl method processProtocolHeader.
private void processProtocolHeader(final QpidByteBuffer msg) {
if (msg.remaining() >= 8) {
byte[] header = new byte[8];
msg.get(header);
final AuthenticationProvider<?> authenticationProvider = getPort().getAuthenticationProvider();
if (Arrays.equals(header, SASL_HEADER)) {
if (_saslComplete) {
throw new ConnectionScopedRuntimeException("SASL Layer header received after SASL already established");
}
try (QpidByteBuffer protocolHeader = QpidByteBuffer.wrap(SASL_HEADER)) {
getSender().send(protocolHeader);
}
SaslMechanisms mechanisms = new SaslMechanisms();
ArrayList<Symbol> mechanismsList = new ArrayList<>();
for (String name : authenticationProvider.getAvailableMechanisms(getTransport().isSecure())) {
mechanismsList.add(Symbol.valueOf(name));
}
mechanisms.setSaslServerMechanisms(mechanismsList.toArray(new Symbol[mechanismsList.size()]));
send(new SASLFrame(mechanisms), null);
_connectionState = ConnectionState.AWAIT_SASL_INIT;
_frameHandler = getFrameHandler(true);
} else if (Arrays.equals(header, AMQP_HEADER)) {
if (!_saslComplete) {
final List<String> mechanisms = authenticationProvider.getAvailableMechanisms(getTransport().isSecure());
if (mechanisms.contains(ExternalAuthenticationManagerImpl.MECHANISM_NAME) && getNetwork().getPeerPrincipal() != null) {
setUserPrincipal(new AuthenticatedPrincipal(getNetwork().getPeerPrincipal()));
} else if (mechanisms.contains(AnonymousAuthenticationManager.MECHANISM_NAME)) {
setUserPrincipal(new AuthenticatedPrincipal(((AnonymousAuthenticationManager) authenticationProvider).getAnonymousPrincipal()));
} else {
LOGGER.warn("{} : attempt to initiate AMQP connection without correctly authenticating", getLogSubject());
_connectionState = ConnectionState.CLOSED;
getNetwork().close();
}
}
try (QpidByteBuffer protocolHeader = QpidByteBuffer.wrap(AMQP_HEADER)) {
getSender().send(protocolHeader);
}
_connectionState = ConnectionState.AWAIT_OPEN;
_frameHandler = getFrameHandler(false);
} else {
LOGGER.warn("{} : unknown AMQP header {}", getLogSubject(), Functions.str(header));
_connectionState = ConnectionState.CLOSED;
getNetwork().close();
}
}
}
Also used :
Symbol(org.apache.qpid.server.protocol.v1_0.type.Symbol)
SASLFrame(org.apache.qpid.server.protocol.v1_0.framing.SASLFrame)
ArrayList(java.util.ArrayList)
SaslMechanisms(org.apache.qpid.server.protocol.v1_0.type.security.SaslMechanisms)
AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal)
AnonymousAuthenticationManager(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager)
ConnectionScopedRuntimeException(org.apache.qpid.server.util.ConnectionScopedRuntimeException)
QpidByteBuffer(org.apache.qpid.server.bytebuffer.QpidByteBuffer)
Futures.allAsList(com.google.common.util.concurrent.Futures.allAsList)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 3 with AnonymousAuthenticationManager
use of org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager in project qpid-broker-j by apache.
the class ProtocolEngine_1_0_0Test method testProtocolEngineWithSaslNonTLSandAnon.
public void testProtocolEngineWithSaslNonTLSandAnon() throws Exception {
final Map<String, Object> attrs = Collections.singletonMap(ConfiguredObject.NAME, getTestName());
final AnonymousAuthenticationManager anonymousAuthenticationManager = (new AnonymousAuthenticationManagerFactory()).create(null, attrs, _broker);
when(_port.getAuthenticationProvider()).thenReturn(anonymousAuthenticationManager);
when(_port.getSubjectCreator(anyBoolean(), anyString())).thenReturn(new SubjectCreator(anonymousAuthenticationManager, Collections.emptyList(), null));
allowMechanisms(AnonymousAuthenticationManager.MECHANISM_NAME);
createEngine(Transport.TCP);
_protocolEngine_1_0_0.received(QpidByteBuffer.wrap(ProtocolEngineCreator_1_0_0_SASL.getInstance().getHeaderIdentifier()));
SaslInit init = new SaslInit();
init.setMechanism(Symbol.valueOf("ANONYMOUS"));
_frameWriter.send(new SASLFrame(init));
_protocolEngine_1_0_0.received(QpidByteBuffer.wrap(ProtocolEngineCreator_1_0_0.getInstance().getHeaderIdentifier()));
Open open = new Open();
open.setContainerId("testContainerId");
_frameWriter.send(AMQFrame.createAMQFrame((short) 0, open));
verify(_virtualHost).registerConnection(any(AMQPConnection.class), any(ConnectionEstablishmentPolicy.class));
AuthenticatedPrincipal principal = (AuthenticatedPrincipal) _connection.getAuthorizedPrincipal();
assertNotNull(principal);
assertEquals(principal, new AuthenticatedPrincipal(anonymousAuthenticationManager.getAnonymousPrincipal()));
}
Also used :
ConnectionEstablishmentPolicy(org.apache.qpid.server.virtualhost.ConnectionEstablishmentPolicy)
AnonymousAuthenticationManagerFactory(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory)
AnonymousAuthenticationManager(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager)
AMQPConnection(org.apache.qpid.server.transport.AMQPConnection)
SaslInit(org.apache.qpid.server.protocol.v1_0.type.security.SaslInit)
SASLFrame(org.apache.qpid.server.protocol.v1_0.framing.SASLFrame)
ConfiguredObject(org.apache.qpid.server.model.ConfiguredObject)
Matchers.anyString(org.mockito.Matchers.anyString)
SubjectCreator(org.apache.qpid.server.security.SubjectCreator)
Open(org.apache.qpid.server.protocol.v1_0.type.transport.Open)
AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal)
Example 4 with AnonymousAuthenticationManager
use of org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager in project qpid-broker-j by apache.
the class AnonymousPreemptiveAuthenticator method attemptAuthentication.
@Override
public Subject attemptAuthentication(final HttpServletRequest request, final HttpManagementConfiguration managementConfig) {
final Port<?> port = managementConfig.getPort(request);
final AuthenticationProvider authenticationProvider = managementConfig.getAuthenticationProvider(request);
SubjectCreator subjectCreator = port.getSubjectCreator(request.isSecure(), request.getServerName());
if (authenticationProvider instanceof AnonymousAuthenticationManager) {
return subjectCreator.createResultWithGroups(((AnonymousAuthenticationManager) authenticationProvider).getAnonymousAuthenticationResult()).getSubject();
}
return null;
}
Also used :
AnonymousAuthenticationManager(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager)
AuthenticationProvider(org.apache.qpid.server.model.AuthenticationProvider)
SubjectCreator(org.apache.qpid.server.security.SubjectCreator)
Aggregations
AnonymousAuthenticationManager (org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager)4
AuthenticatedPrincipal (org.apache.qpid.server.security.auth.AuthenticatedPrincipal)3
ConfiguredObject (org.apache.qpid.server.model.ConfiguredObject)2
SASLFrame (org.apache.qpid.server.protocol.v1_0.framing.SASLFrame)2
Open (org.apache.qpid.server.protocol.v1_0.type.transport.Open)2
SubjectCreator (org.apache.qpid.server.security.SubjectCreator)2
AnonymousAuthenticationManagerFactory (org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory)2
AMQPConnection (org.apache.qpid.server.transport.AMQPConnection)2
ConnectionEstablishmentPolicy (org.apache.qpid.server.virtualhost.ConnectionEstablishmentPolicy)2
Matchers.anyString (org.mockito.Matchers.anyString)2
Futures.allAsList (com.google.common.util.concurrent.Futures.allAsList)1
ArrayList (java.util.ArrayList)1
List (java.util.List)1
QpidByteBuffer (org.apache.qpid.server.bytebuffer.QpidByteBuffer)1
AuthenticationProvider (org.apache.qpid.server.model.AuthenticationProvider)1
Symbol (org.apache.qpid.server.protocol.v1_0.type.Symbol)1
SaslInit (org.apache.qpid.server.protocol.v1_0.type.security.SaslInit)1
SaslMechanisms (org.apache.qpid.server.protocol.v1_0.type.security.SaslMechanisms)1
ConnectionScopedRuntimeException (org.apache.qpid.server.util.ConnectionScopedRuntimeException)1
