This is an automated email from the ASF dual-hosted git repository.
brusdev pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new 7ee72a5d25 ARTEMIS-5466 ClassCastException in AuthenticationFilter
after upgrade
7ee72a5d25 is described below
commit 7ee72a5d258a540f0220709a7a9d574d969439c5
Author: Justin Bertram <[email protected]>
AuthorDate: Thu May 8 15:11:35 2025 -0500
ARTEMIS-5466 ClassCastException in AuthenticationFilter after upgrade
---
.../artemis/component/AuthenticationFilter.java | 12 ++--
.../component/AuthenticationFilterTest.java | 84 ++++++++++++++++++++++
2 files changed, 90 insertions(+), 6 deletions(-)
diff --git
a/artemis-web/src/main/java/org/apache/activemq/artemis/component/AuthenticationFilter.java
b/artemis-web/src/main/java/org/apache/activemq/artemis/component/AuthenticationFilter.java
index b783507e5c..e78e400b32 100644
---
a/artemis-web/src/main/java/org/apache/activemq/artemis/component/AuthenticationFilter.java
+++
b/artemis-web/src/main/java/org/apache/activemq/artemis/component/AuthenticationFilter.java
@@ -17,18 +17,18 @@
package org.apache.activemq.artemis.component;
import javax.security.auth.Subject;
+import java.io.IOException;
+
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
-import java.io.IOException;
-
+import jakarta.servlet.http.HttpSession;
import org.apache.activemq.artemis.logs.AuditLogger;
-import org.eclipse.jetty.server.Request;
-import org.eclipse.jetty.server.Response;
-import org.eclipse.jetty.server.Session;
+import org.eclipse.jetty.ee9.nested.Request;
+import org.eclipse.jetty.ee9.nested.Response;
/**
* This filter intercepts the login and audits its results
@@ -47,7 +47,7 @@ public class AuthenticationFilter implements Filter {
//Successful responses (200 – 299)
//the user has been authenticated if the session isn't empty
//the hawtio logout servlet cleans the session and redirects to
the login servlet
- Session session = ((Request) servletRequest).getSession(false);
+ HttpSession session = ((Request) servletRequest).getSession(false);
if (session != null) {
AuditLogger.userSuccesfullyAuthenticatedInAudit((Subject)
session.getAttribute("subject"));
}
diff --git
a/artemis-web/src/test/java/org/apache/activemq/artemis/component/AuthenticationFilterTest.java
b/artemis-web/src/test/java/org/apache/activemq/artemis/component/AuthenticationFilterTest.java
new file mode 100644
index 0000000000..f1a0ad4966
--- /dev/null
+++
b/artemis-web/src/test/java/org/apache/activemq/artemis/component/AuthenticationFilterTest.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.component;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.apache.activemq.artemis.logs.AuditLogger;
+import org.apache.logging.log4j.Level;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.core.config.Configurator;
+import org.eclipse.jetty.ee9.servlet.FilterHolder;
+import org.eclipse.jetty.ee9.servlet.ServletContextHandler;
+import org.eclipse.jetty.ee9.servlet.ServletHolder;
+import org.eclipse.jetty.server.Server;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+public class AuthenticationFilterTest {
+
+ private final String TEXT = "Filter applied!";
+
+ private Server server;
+
+ @BeforeEach
+ public void setUp() throws Exception {
+ server = new Server(8080);
+
+ ServletContextHandler context = new
ServletContextHandler(ServletContextHandler.SESSIONS);
+ context.setContextPath("/");
+ server.setHandler(context);
+
+ FilterHolder filterHolder = new FilterHolder(new AuthenticationFilter());
+ context.addFilter(filterHolder, "/*", null);
+
+ ServletHolder servletHolder = new ServletHolder(new HttpServlet() {
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse
resp) throws IOException {
+ resp.getWriter().write(TEXT);
+ }
+ });
+ context.addServlet(servletHolder, "/");
+
+ server.start();
+
+ // turn on audit logging to fully exercise AuthenticationFilter
+
Configurator.setLevel(LogManager.getLogger(AuditLogger.BASE_LOGGER.getLogger().getName()),
Level.INFO);
+ }
+
+ @AfterEach
+ public void tearDown() throws Exception {
+ if (server != null) {
+ server.stop();
+ }
+ }
+
+ @Test
+ public void testAuthenticationFilter() throws IOException {
+ HttpURLConnection connection = (HttpURLConnection) new
URL("http://127.0.0.1:8080/";).openConnection();
+ connection.setRequestMethod("GET");
+ assertEquals(TEXT, new
String(connection.getInputStream().readAllBytes()));
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
