use of org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager in project qpid-broker-j by apache.
the class ProtocolEngine_1_0_0Test method testProtocolEngineWithNoSaslNonTLSandAnon.
public void testProtocolEngineWithNoSaslNonTLSandAnon() throws Exception {
final Map<String, Object> attrs = Collections.singletonMap(ConfiguredObject.NAME, getTestName());
final AnonymousAuthenticationManager anonymousAuthenticationManager = (new AnonymousAuthenticationManagerFactory()).create(null, attrs, _broker);
when(_port.getAuthenticationProvider()).thenReturn(anonymousAuthenticationManager);
allowMechanisms(AnonymousAuthenticationManager.MECHANISM_NAME);
createEngine(Transport.TCP);
_protocolEngine_1_0_0.received(QpidByteBuffer.wrap(ProtocolEngineCreator_1_0_0.getInstance().getHeaderIdentifier()));
Open open = new Open();
open.setContainerId("testContainerId");
_frameWriter.send(AMQFrame.createAMQFrame((short) 0, open));
verify(_virtualHost).registerConnection(any(AMQPConnection.class), any(ConnectionEstablishmentPolicy.class));
AuthenticatedPrincipal principal = (AuthenticatedPrincipal) _connection.getAuthorizedPrincipal();
assertNotNull(principal);
assertEquals(principal, new AuthenticatedPrincipal(anonymousAuthenticationManager.getAnonymousPrincipal()));
}
use of org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager in project qpid-broker-j by apache.
the class AMQPConnection_1_0Impl method processProtocolHeader.
private void processProtocolHeader(final QpidByteBuffer msg) {
if (msg.remaining() >= 8) {
byte[] header = new byte[8];
msg.get(header);
final AuthenticationProvider<?> authenticationProvider = getPort().getAuthenticationProvider();
if (Arrays.equals(header, SASL_HEADER)) {
if (_saslComplete) {
throw new ConnectionScopedRuntimeException("SASL Layer header received after SASL already established");
}
try (QpidByteBuffer protocolHeader = QpidByteBuffer.wrap(SASL_HEADER)) {
getSender().send(protocolHeader);
}
SaslMechanisms mechanisms = new SaslMechanisms();
ArrayList<Symbol> mechanismsList = new ArrayList<>();
for (String name : authenticationProvider.getAvailableMechanisms(getTransport().isSecure())) {
mechanismsList.add(Symbol.valueOf(name));
}
mechanisms.setSaslServerMechanisms(mechanismsList.toArray(new Symbol[mechanismsList.size()]));
send(new SASLFrame(mechanisms), null);
_connectionState = ConnectionState.AWAIT_SASL_INIT;
_frameHandler = getFrameHandler(true);
} else if (Arrays.equals(header, AMQP_HEADER)) {
if (!_saslComplete) {
final List<String> mechanisms = authenticationProvider.getAvailableMechanisms(getTransport().isSecure());
if (mechanisms.contains(ExternalAuthenticationManagerImpl.MECHANISM_NAME) && getNetwork().getPeerPrincipal() != null) {
setUserPrincipal(new AuthenticatedPrincipal(getNetwork().getPeerPrincipal()));
} else if (mechanisms.contains(AnonymousAuthenticationManager.MECHANISM_NAME)) {
setUserPrincipal(new AuthenticatedPrincipal(((AnonymousAuthenticationManager) authenticationProvider).getAnonymousPrincipal()));
} else {
LOGGER.warn("{} : attempt to initiate AMQP connection without correctly authenticating", getLogSubject());
_connectionState = ConnectionState.CLOSED;
getNetwork().close();
}
}
try (QpidByteBuffer protocolHeader = QpidByteBuffer.wrap(AMQP_HEADER)) {
getSender().send(protocolHeader);
}
_connectionState = ConnectionState.AWAIT_OPEN;
_frameHandler = getFrameHandler(false);
} else {
LOGGER.warn("{} : unknown AMQP header {}", getLogSubject(), Functions.str(header));
_connectionState = ConnectionState.CLOSED;
getNetwork().close();
}
}
}
use of org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager in project qpid-broker-j by apache.
the class ProtocolEngine_1_0_0Test method testProtocolEngineWithSaslNonTLSandAnon.
public void testProtocolEngineWithSaslNonTLSandAnon() throws Exception {
final Map<String, Object> attrs = Collections.singletonMap(ConfiguredObject.NAME, getTestName());
final AnonymousAuthenticationManager anonymousAuthenticationManager = (new AnonymousAuthenticationManagerFactory()).create(null, attrs, _broker);
when(_port.getAuthenticationProvider()).thenReturn(anonymousAuthenticationManager);
when(_port.getSubjectCreator(anyBoolean(), anyString())).thenReturn(new SubjectCreator(anonymousAuthenticationManager, Collections.emptyList(), null));
allowMechanisms(AnonymousAuthenticationManager.MECHANISM_NAME);
createEngine(Transport.TCP);
_protocolEngine_1_0_0.received(QpidByteBuffer.wrap(ProtocolEngineCreator_1_0_0_SASL.getInstance().getHeaderIdentifier()));
SaslInit init = new SaslInit();
init.setMechanism(Symbol.valueOf("ANONYMOUS"));
_frameWriter.send(new SASLFrame(init));
_protocolEngine_1_0_0.received(QpidByteBuffer.wrap(ProtocolEngineCreator_1_0_0.getInstance().getHeaderIdentifier()));
Open open = new Open();
open.setContainerId("testContainerId");
_frameWriter.send(AMQFrame.createAMQFrame((short) 0, open));
verify(_virtualHost).registerConnection(any(AMQPConnection.class), any(ConnectionEstablishmentPolicy.class));
AuthenticatedPrincipal principal = (AuthenticatedPrincipal) _connection.getAuthorizedPrincipal();
assertNotNull(principal);
assertEquals(principal, new AuthenticatedPrincipal(anonymousAuthenticationManager.getAnonymousPrincipal()));
}
use of org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager in project qpid-broker-j by apache.
the class AnonymousPreemptiveAuthenticator method attemptAuthentication.
@Override
public Subject attemptAuthentication(final HttpServletRequest request, final HttpManagementConfiguration managementConfig) {
final Port<?> port = managementConfig.getPort(request);
final AuthenticationProvider authenticationProvider = managementConfig.getAuthenticationProvider(request);
SubjectCreator subjectCreator = port.getSubjectCreator(request.isSecure(), request.getServerName());
if (authenticationProvider instanceof AnonymousAuthenticationManager) {
return subjectCreator.createResultWithGroups(((AnonymousAuthenticationManager) authenticationProvider).getAnonymousAuthenticationResult()).getSubject();
}
return null;
}
Aggregations