Search in sources :

Example 1 with AnonymousAuthenticationManager

use of org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager in project qpid-broker-j by apache.

the class ProtocolEngine_1_0_0Test method testProtocolEngineWithNoSaslNonTLSandAnon.

public void testProtocolEngineWithNoSaslNonTLSandAnon() throws Exception {
    final Map<String, Object> attrs = Collections.singletonMap(ConfiguredObject.NAME, getTestName());
    final AnonymousAuthenticationManager anonymousAuthenticationManager = (new AnonymousAuthenticationManagerFactory()).create(null, attrs, _broker);
    when(_port.getAuthenticationProvider()).thenReturn(anonymousAuthenticationManager);
    allowMechanisms(AnonymousAuthenticationManager.MECHANISM_NAME);
    createEngine(Transport.TCP);
    _protocolEngine_1_0_0.received(QpidByteBuffer.wrap(ProtocolEngineCreator_1_0_0.getInstance().getHeaderIdentifier()));
    Open open = new Open();
    open.setContainerId("testContainerId");
    _frameWriter.send(AMQFrame.createAMQFrame((short) 0, open));
    verify(_virtualHost).registerConnection(any(AMQPConnection.class), any(ConnectionEstablishmentPolicy.class));
    AuthenticatedPrincipal principal = (AuthenticatedPrincipal) _connection.getAuthorizedPrincipal();
    assertNotNull(principal);
    assertEquals(principal, new AuthenticatedPrincipal(anonymousAuthenticationManager.getAnonymousPrincipal()));
}
Also used : ConnectionEstablishmentPolicy(org.apache.qpid.server.virtualhost.ConnectionEstablishmentPolicy) AnonymousAuthenticationManagerFactory(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory) AnonymousAuthenticationManager(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager) AMQPConnection(org.apache.qpid.server.transport.AMQPConnection) ConfiguredObject(org.apache.qpid.server.model.ConfiguredObject) Matchers.anyString(org.mockito.Matchers.anyString) Open(org.apache.qpid.server.protocol.v1_0.type.transport.Open) AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal)

Example 2 with AnonymousAuthenticationManager

use of org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager in project qpid-broker-j by apache.

the class AMQPConnection_1_0Impl method processProtocolHeader.

private void processProtocolHeader(final QpidByteBuffer msg) {
    if (msg.remaining() >= 8) {
        byte[] header = new byte[8];
        msg.get(header);
        final AuthenticationProvider<?> authenticationProvider = getPort().getAuthenticationProvider();
        if (Arrays.equals(header, SASL_HEADER)) {
            if (_saslComplete) {
                throw new ConnectionScopedRuntimeException("SASL Layer header received after SASL already established");
            }
            try (QpidByteBuffer protocolHeader = QpidByteBuffer.wrap(SASL_HEADER)) {
                getSender().send(protocolHeader);
            }
            SaslMechanisms mechanisms = new SaslMechanisms();
            ArrayList<Symbol> mechanismsList = new ArrayList<>();
            for (String name : authenticationProvider.getAvailableMechanisms(getTransport().isSecure())) {
                mechanismsList.add(Symbol.valueOf(name));
            }
            mechanisms.setSaslServerMechanisms(mechanismsList.toArray(new Symbol[mechanismsList.size()]));
            send(new SASLFrame(mechanisms), null);
            _connectionState = ConnectionState.AWAIT_SASL_INIT;
            _frameHandler = getFrameHandler(true);
        } else if (Arrays.equals(header, AMQP_HEADER)) {
            if (!_saslComplete) {
                final List<String> mechanisms = authenticationProvider.getAvailableMechanisms(getTransport().isSecure());
                if (mechanisms.contains(ExternalAuthenticationManagerImpl.MECHANISM_NAME) && getNetwork().getPeerPrincipal() != null) {
                    setUserPrincipal(new AuthenticatedPrincipal(getNetwork().getPeerPrincipal()));
                } else if (mechanisms.contains(AnonymousAuthenticationManager.MECHANISM_NAME)) {
                    setUserPrincipal(new AuthenticatedPrincipal(((AnonymousAuthenticationManager) authenticationProvider).getAnonymousPrincipal()));
                } else {
                    LOGGER.warn("{} : attempt to initiate AMQP connection without correctly authenticating", getLogSubject());
                    _connectionState = ConnectionState.CLOSED;
                    getNetwork().close();
                }
            }
            try (QpidByteBuffer protocolHeader = QpidByteBuffer.wrap(AMQP_HEADER)) {
                getSender().send(protocolHeader);
            }
            _connectionState = ConnectionState.AWAIT_OPEN;
            _frameHandler = getFrameHandler(false);
        } else {
            LOGGER.warn("{} : unknown AMQP header {}", getLogSubject(), Functions.str(header));
            _connectionState = ConnectionState.CLOSED;
            getNetwork().close();
        }
    }
}
Also used : Symbol(org.apache.qpid.server.protocol.v1_0.type.Symbol) SASLFrame(org.apache.qpid.server.protocol.v1_0.framing.SASLFrame) ArrayList(java.util.ArrayList) SaslMechanisms(org.apache.qpid.server.protocol.v1_0.type.security.SaslMechanisms) AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal) AnonymousAuthenticationManager(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager) ConnectionScopedRuntimeException(org.apache.qpid.server.util.ConnectionScopedRuntimeException) QpidByteBuffer(org.apache.qpid.server.bytebuffer.QpidByteBuffer) Futures.allAsList(com.google.common.util.concurrent.Futures.allAsList) ArrayList(java.util.ArrayList) List(java.util.List)

Example 3 with AnonymousAuthenticationManager

use of org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager in project qpid-broker-j by apache.

the class ProtocolEngine_1_0_0Test method testProtocolEngineWithSaslNonTLSandAnon.

public void testProtocolEngineWithSaslNonTLSandAnon() throws Exception {
    final Map<String, Object> attrs = Collections.singletonMap(ConfiguredObject.NAME, getTestName());
    final AnonymousAuthenticationManager anonymousAuthenticationManager = (new AnonymousAuthenticationManagerFactory()).create(null, attrs, _broker);
    when(_port.getAuthenticationProvider()).thenReturn(anonymousAuthenticationManager);
    when(_port.getSubjectCreator(anyBoolean(), anyString())).thenReturn(new SubjectCreator(anonymousAuthenticationManager, Collections.emptyList(), null));
    allowMechanisms(AnonymousAuthenticationManager.MECHANISM_NAME);
    createEngine(Transport.TCP);
    _protocolEngine_1_0_0.received(QpidByteBuffer.wrap(ProtocolEngineCreator_1_0_0_SASL.getInstance().getHeaderIdentifier()));
    SaslInit init = new SaslInit();
    init.setMechanism(Symbol.valueOf("ANONYMOUS"));
    _frameWriter.send(new SASLFrame(init));
    _protocolEngine_1_0_0.received(QpidByteBuffer.wrap(ProtocolEngineCreator_1_0_0.getInstance().getHeaderIdentifier()));
    Open open = new Open();
    open.setContainerId("testContainerId");
    _frameWriter.send(AMQFrame.createAMQFrame((short) 0, open));
    verify(_virtualHost).registerConnection(any(AMQPConnection.class), any(ConnectionEstablishmentPolicy.class));
    AuthenticatedPrincipal principal = (AuthenticatedPrincipal) _connection.getAuthorizedPrincipal();
    assertNotNull(principal);
    assertEquals(principal, new AuthenticatedPrincipal(anonymousAuthenticationManager.getAnonymousPrincipal()));
}
Also used : ConnectionEstablishmentPolicy(org.apache.qpid.server.virtualhost.ConnectionEstablishmentPolicy) AnonymousAuthenticationManagerFactory(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory) AnonymousAuthenticationManager(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager) AMQPConnection(org.apache.qpid.server.transport.AMQPConnection) SaslInit(org.apache.qpid.server.protocol.v1_0.type.security.SaslInit) SASLFrame(org.apache.qpid.server.protocol.v1_0.framing.SASLFrame) ConfiguredObject(org.apache.qpid.server.model.ConfiguredObject) Matchers.anyString(org.mockito.Matchers.anyString) SubjectCreator(org.apache.qpid.server.security.SubjectCreator) Open(org.apache.qpid.server.protocol.v1_0.type.transport.Open) AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal)

Example 4 with AnonymousAuthenticationManager

use of org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager in project qpid-broker-j by apache.

the class AnonymousPreemptiveAuthenticator method attemptAuthentication.

@Override
public Subject attemptAuthentication(final HttpServletRequest request, final HttpManagementConfiguration managementConfig) {
    final Port<?> port = managementConfig.getPort(request);
    final AuthenticationProvider authenticationProvider = managementConfig.getAuthenticationProvider(request);
    SubjectCreator subjectCreator = port.getSubjectCreator(request.isSecure(), request.getServerName());
    if (authenticationProvider instanceof AnonymousAuthenticationManager) {
        return subjectCreator.createResultWithGroups(((AnonymousAuthenticationManager) authenticationProvider).getAnonymousAuthenticationResult()).getSubject();
    }
    return null;
}
Also used : AnonymousAuthenticationManager(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager) AuthenticationProvider(org.apache.qpid.server.model.AuthenticationProvider) SubjectCreator(org.apache.qpid.server.security.SubjectCreator)

Aggregations

AnonymousAuthenticationManager (org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager)4 AuthenticatedPrincipal (org.apache.qpid.server.security.auth.AuthenticatedPrincipal)3 ConfiguredObject (org.apache.qpid.server.model.ConfiguredObject)2 SASLFrame (org.apache.qpid.server.protocol.v1_0.framing.SASLFrame)2 Open (org.apache.qpid.server.protocol.v1_0.type.transport.Open)2 SubjectCreator (org.apache.qpid.server.security.SubjectCreator)2 AnonymousAuthenticationManagerFactory (org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory)2 AMQPConnection (org.apache.qpid.server.transport.AMQPConnection)2 ConnectionEstablishmentPolicy (org.apache.qpid.server.virtualhost.ConnectionEstablishmentPolicy)2 Matchers.anyString (org.mockito.Matchers.anyString)2 Futures.allAsList (com.google.common.util.concurrent.Futures.allAsList)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 QpidByteBuffer (org.apache.qpid.server.bytebuffer.QpidByteBuffer)1 AuthenticationProvider (org.apache.qpid.server.model.AuthenticationProvider)1 Symbol (org.apache.qpid.server.protocol.v1_0.type.Symbol)1 SaslInit (org.apache.qpid.server.protocol.v1_0.type.security.SaslInit)1 SaslMechanisms (org.apache.qpid.server.protocol.v1_0.type.security.SaslMechanisms)1 ConnectionScopedRuntimeException (org.apache.qpid.server.util.ConnectionScopedRuntimeException)1