Example 11 with SaslNegotiator
use of org.apache.qpid.server.security.auth.sasl.SaslNegotiator in project qpid-broker-j by apache.
the class AMQPConnection_0_8Test method setUp.
@Override
public void setUp() throws Exception {
super.setUp();
EventLogger value = new EventLogger();
SystemConfig systemConfig = mock(SystemConfig.class);
when(systemConfig.getEventLogger()).thenReturn(mock(EventLogger.class));
_taskExecutor = new TaskExecutorImpl();
_taskExecutor.start();
Model model = BrokerModel.getInstance();
_broker = mock(Broker.class);
when(_broker.getParent()).thenReturn(systemConfig);
when(_broker.getModel()).thenReturn(model);
when(_broker.getCategoryClass()).thenReturn(Broker.class);
when(_broker.getTaskExecutor()).thenReturn(_taskExecutor);
when(_broker.getChildExecutor()).thenReturn(_taskExecutor);
when(_broker.getEventLogger()).thenReturn(value);
when(_broker.getContextValue(eq(Long.class), eq(Broker.CHANNEL_FLOW_CONTROL_ENFORCEMENT_TIMEOUT))).thenReturn(0l);
_virtualHostNode = mock(VirtualHostNode.class);
when(_virtualHostNode.getParent()).thenReturn(_broker);
when(_virtualHostNode.getModel()).thenReturn(model);
when(_virtualHostNode.getCategoryClass()).thenReturn(VirtualHostNode.class);
when(_virtualHostNode.getTaskExecutor()).thenReturn(_taskExecutor);
when(_virtualHostNode.getChildExecutor()).thenReturn(_taskExecutor);
_virtualHost = mock(QueueManagingVirtualHost.class);
VirtualHostPrincipal virtualHostPrincipal = new VirtualHostPrincipal(_virtualHost);
when(_virtualHost.getParent()).thenReturn(_virtualHostNode);
when(_virtualHost.getModel()).thenReturn(model);
when(_virtualHost.getCategoryClass()).thenReturn(VirtualHost.class);
when(_virtualHost.getState()).thenReturn(State.ACTIVE);
when(_virtualHost.isActive()).thenReturn(true);
when(_virtualHost.getTaskExecutor()).thenReturn(_taskExecutor);
when(_virtualHost.getPrincipal()).thenReturn(virtualHostPrincipal);
when(_virtualHost.getContextValue(Integer.class, Broker.MESSAGE_COMPRESSION_THRESHOLD_SIZE)).thenReturn(1024);
when(_virtualHost.getContextValue(Long.class, Connection.MAX_UNCOMMITTED_IN_MEMORY_SIZE)).thenReturn(1024l);
when(_virtualHost.getContextValue(Boolean.class, Broker.BROKER_MSG_AUTH)).thenReturn(false);
when(_virtualHost.authoriseCreateConnection(any(AMQPConnection.class))).thenReturn(true);
when(_virtualHost.getEventLogger()).thenReturn(value);
SubjectCreator subjectCreator = mock(SubjectCreator.class);
SaslNegotiator saslNegotiator = mock(SaslNegotiator.class);
when(subjectCreator.createSaslNegotiator(eq(SASL_MECH.toString()), any(SaslSettings.class))).thenReturn(saslNegotiator);
when(subjectCreator.authenticate(saslNegotiator, SASL_RESPONSE)).thenReturn(new SubjectAuthenticationResult(new AuthenticationResult(new AuthenticatedPrincipal(new UsernamePrincipal("username", null))), new Subject()));
AuthenticationProvider authenticationProvider = mock(AuthenticationProvider.class);
when(authenticationProvider.getAvailableMechanisms(anyBoolean())).thenReturn(Collections.singletonList(SASL_MECH.toString()));
_port = mock(AmqpPort.class);
when(_port.getParent()).thenReturn(_broker);
when(_port.getCategoryClass()).thenReturn(Port.class);
when(_port.getChildExecutor()).thenReturn(_taskExecutor);
when(_port.getModel()).thenReturn(model);
when(_port.getAuthenticationProvider()).thenReturn(authenticationProvider);
when(_port.getAddressSpace(VIRTUAL_HOST_NAME)).thenReturn(_virtualHost);
when(_port.getContextValue(Long.class, Port.CONNECTION_MAXIMUM_AUTHENTICATION_DELAY)).thenReturn(2500l);
when(_port.getContextValue(Integer.class, Connection.MAX_MESSAGE_SIZE)).thenReturn(Connection.DEFAULT_MAX_MESSAGE_SIZE);
when(_port.getSubjectCreator(eq(false), anyString())).thenReturn(subjectCreator);
_sender = mock(ByteBufferSender.class);
_network = mock(ServerNetworkConnection.class);
when(_network.getSender()).thenReturn(_sender);
when(_network.getLocalAddress()).thenReturn(new InetSocketAddress("localhost", 12345));
_transport = Transport.TCP;
_protocol = Protocol.AMQP_0_8;
_ticker = new AggregateTicker();
}
Also used :
ByteBufferSender(org.apache.qpid.server.transport.ByteBufferSender)
ServerNetworkConnection(org.apache.qpid.server.transport.ServerNetworkConnection)
SystemConfig(org.apache.qpid.server.model.SystemConfig)
TaskExecutorImpl(org.apache.qpid.server.configuration.updater.TaskExecutorImpl)
Broker(org.apache.qpid.server.model.Broker)
QueueManagingVirtualHost(org.apache.qpid.server.virtualhost.QueueManagingVirtualHost)
EventLogger(org.apache.qpid.server.logging.EventLogger)
InetSocketAddress(java.net.InetSocketAddress)
AuthenticationProvider(org.apache.qpid.server.model.AuthenticationProvider)
AggregateTicker(org.apache.qpid.server.transport.AggregateTicker)
SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult)
Subject(javax.security.auth.Subject)
AuthenticationResult(org.apache.qpid.server.security.auth.AuthenticationResult)
SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult)
AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal)
SaslSettings(org.apache.qpid.server.security.auth.sasl.SaslSettings)
UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal)
AMQPConnection(org.apache.qpid.server.transport.AMQPConnection)
BrokerModel(org.apache.qpid.server.model.BrokerModel)
Model(org.apache.qpid.server.model.Model)
VirtualHostPrincipal(org.apache.qpid.server.virtualhost.VirtualHostPrincipal)
SaslNegotiator(org.apache.qpid.server.security.auth.sasl.SaslNegotiator)
AmqpPort(org.apache.qpid.server.model.port.AmqpPort)
SubjectCreator(org.apache.qpid.server.security.SubjectCreator)
VirtualHostNode(org.apache.qpid.server.model.VirtualHostNode)
Example 12 with SaslNegotiator
use of org.apache.qpid.server.security.auth.sasl.SaslNegotiator in project qpid-broker-j by apache.
the class SaslServlet method cleanup.
private void cleanup(final HttpServletRequest request, final HttpSession session) {
final SaslNegotiator negotiator = (SaslNegotiator) HttpManagementUtil.getSessionAttribute(ATTR_SASL_NEGOTIATOR, session, request);
if (negotiator != null) {
negotiator.dispose();
}
HttpManagementUtil.removeAttribute(ATTR_ID, session, request);
HttpManagementUtil.removeAttribute(ATTR_SASL_NEGOTIATOR, session, request);
HttpManagementUtil.removeAttribute(ATTR_EXPIRY, session, request);
}
Also used :
SaslNegotiator(org.apache.qpid.server.security.auth.sasl.SaslNegotiator)
Example 13 with SaslNegotiator
use of org.apache.qpid.server.security.auth.sasl.SaslNegotiator in project qpid-broker-j by apache.
the class SaslServlet method doPost.
@Override
protected void doPost(final HttpServletRequest request, final HttpServletResponse response, final ConfiguredObject<?> managedObject) throws IOException {
checkSaslAuthEnabled(request);
final HttpSession session = request.getSession();
try {
String mechanism = request.getParameter("mechanism");
String id = request.getParameter("id");
String saslResponse = request.getParameter("response");
SubjectCreator subjectCreator = getSubjectCreator(request);
AuthenticationProvider<?> authenticationProvider = getAuthenticationProvider(request);
SaslNegotiator saslNegotiator = null;
if (mechanism != null) {
if (id == null && authenticationProvider.getAvailableMechanisms(request.isSecure()).contains(mechanism)) {
LOGGER.debug("Creating SaslServer for mechanism: {}", mechanism);
saslNegotiator = subjectCreator.createSaslNegotiator(mechanism, new SaslSettings() {
@Override
public String getLocalFQDN() {
return request.getServerName();
}
@Override
public Principal getExternalPrincipal() {
return null;
}
});
}
} else {
if (id != null) {
if (id.equals(HttpManagementUtil.getSessionAttribute(ATTR_ID, session, request)) && System.currentTimeMillis() < (Long) HttpManagementUtil.getSessionAttribute(ATTR_EXPIRY, session, request)) {
saslNegotiator = (SaslNegotiator) HttpManagementUtil.getSessionAttribute(ATTR_SASL_NEGOTIATOR, session, request);
}
}
}
if (saslNegotiator != null) {
evaluateSaslResponse(request, response, session, saslResponse, saslNegotiator, subjectCreator);
} else {
cleanup(request, session);
response.setStatus(HttpServletResponse.SC_EXPECTATION_FAILED);
}
} catch (SessionInvalidatedException e) {
response.setStatus(HttpServletResponse.SC_PRECONDITION_FAILED);
} finally {
if (response.getStatus() != HttpServletResponse.SC_OK) {
HttpManagementUtil.invalidateSession(session);
}
}
}
Also used :
SaslSettings(org.apache.qpid.server.security.auth.sasl.SaslSettings)
SessionInvalidatedException(org.apache.qpid.server.management.plugin.SessionInvalidatedException)
HttpSession(javax.servlet.http.HttpSession)
SaslNegotiator(org.apache.qpid.server.security.auth.sasl.SaslNegotiator)
SubjectCreator(org.apache.qpid.server.security.SubjectCreator)
Example 14 with SaslNegotiator
use of org.apache.qpid.server.security.auth.sasl.SaslNegotiator in project qpid-broker-j by apache.
the class AnonymousAuthenticationManagerTest method testAuthenticate.
public void testAuthenticate() throws Exception {
SaslNegotiator negotiator = _manager.createSaslNegotiator("ANONYMOUS", null, null);
AuthenticationResult result = negotiator.handleResponse(new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be successful", AuthenticationResult.AuthenticationStatus.SUCCESS, result.getStatus());
assertOnlyContainsWrapped(_manager.getAnonymousPrincipal(), result.getPrincipals());
}
Also used :
SaslNegotiator(org.apache.qpid.server.security.auth.sasl.SaslNegotiator)
AuthenticationResult(org.apache.qpid.server.security.auth.AuthenticationResult)
Example 15 with SaslNegotiator
use of org.apache.qpid.server.security.auth.sasl.SaslNegotiator in project qpid-broker-j by apache.
the class ExternalAuthenticationManagerTest method testAuthenticatePrincipalNull_CausesAuthError.
public void testAuthenticatePrincipalNull_CausesAuthError() throws Exception {
SaslNegotiator negotiator = _manager.createSaslNegotiator("EXTERNAL", _saslSettings, null);
AuthenticationResult result = negotiator.handleResponse(new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be unsuccessful", AuthenticationResult.AuthenticationStatus.ERROR, result.getStatus());
assertNull(result.getMainPrincipal());
}
Also used :
SaslNegotiator(org.apache.qpid.server.security.auth.sasl.SaslNegotiator)
AuthenticationResult(org.apache.qpid.server.security.auth.AuthenticationResult)
Aggregations
SaslNegotiator (org.apache.qpid.server.security.auth.sasl.SaslNegotiator)22
AuthenticationResult (org.apache.qpid.server.security.auth.AuthenticationResult)13
X500Principal (javax.security.auth.x500.X500Principal)7
SaslSettings (org.apache.qpid.server.security.auth.sasl.SaslSettings)7
UsernamePrincipal (org.apache.qpid.server.security.auth.UsernamePrincipal)5
SubjectCreator (org.apache.qpid.server.security.SubjectCreator)2
InetSocketAddress (java.net.InetSocketAddress)1
Subject (javax.security.auth.Subject)1
HttpSession (javax.servlet.http.HttpSession)1
TaskExecutorImpl (org.apache.qpid.server.configuration.updater.TaskExecutorImpl)1
EventLogger (org.apache.qpid.server.logging.EventLogger)1
SessionInvalidatedException (org.apache.qpid.server.management.plugin.SessionInvalidatedException)1
AuthenticationProvider (org.apache.qpid.server.model.AuthenticationProvider)1
Broker (org.apache.qpid.server.model.Broker)1
BrokerModel (org.apache.qpid.server.model.BrokerModel)1
Model (org.apache.qpid.server.model.Model)1
SystemConfig (org.apache.qpid.server.model.SystemConfig)1
VirtualHostNode (org.apache.qpid.server.model.VirtualHostNode)1
AmqpPort (org.apache.qpid.server.model.port.AmqpPort)1
AuthenticatedPrincipal (org.apache.qpid.server.security.auth.AuthenticatedPrincipal)1
