Author: robbie
Date: Wed Nov 28 18:53:54 2012
New Revision: 1414862
URL: http://svn.apache.org/viewvc?rev=1414862&view=rev
Log:
QPID-4476: ensure that the Principal in the AuthenticationResult has the same
format (the username) in both sasl and non-sasl cases, reworking handling of
authentication success/failure/error to improve user experience slightly
merged from trunk r1414257
Modified:
qpid/branches/0.20/qpid/java/broker/src/ (props changed)
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/message/MessageMetaData_1_0.java
(props changed)
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0.java
(props changed)
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0_SASL.java
(props changed)
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/v1_0/
(props changed)
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/queue/
(props changed)
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/
(props changed)
Propchange: qpid/branches/0.20/qpid/java/broker/src/
------------------------------------------------------------------------------
--- svn:mergeinfo (added)
+++ svn:mergeinfo Wed Nov 28 18:53:54 2012
@@ -0,0 +1,6 @@
+/qpid/branches/0.5.x-dev/qpid/java/broker/src:886720-886722,887145,892761,930288
+/qpid/branches/java-broker-0-10/qpid/java/broker/src:795950-829653
+/qpid/branches/java-network-refactor/qpid/java/broker/src:805429-821809
+/qpid/branches/jmx_mc_gsoc09/qpid/java/broker/src:787599
+/qpid/branches/qpid-2935/qpid/java/broker/src:1061302-1072333
+/qpid/trunk/qpid/java/broker/src:742626,743015,743028-743029,743304,743306,743311,743357,744113,747363,747367,747369-747370,747376,747783,747868-747870,747875,748561,748591,748641,748680,748686,749149,749282,749285,749315,749340,749572,753219-753220,753253,754934,754958,755256,757258,757270,758730,759097,760919,761721,762365,762992,763959,764026,764109,764140,764790,1412359,1414257
Propchange:
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/message/MessageMetaData_1_0.java
------------------------------------------------------------------------------
Merged
/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/message/MessageMetaData_1_0.java:r1414257
Propchange:
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0.java
------------------------------------------------------------------------------
Merged
/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0.java:r1414257
Propchange:
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0_SASL.java
------------------------------------------------------------------------------
Merged
/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0_SASL.java:r1414257
Propchange:
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/v1_0/
------------------------------------------------------------------------------
Merged
/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/v1_0:r1414257
Propchange:
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/queue/
------------------------------------------------------------------------------
Merged
/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/queue:r1414257
Modified:
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
URL:
http://svn.apache.org/viewvc/qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java?rev=1414862&r1=1414861&r2=1414862&view=diff
==============================================================================
---
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
(original)
+++
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
Wed Nov 28 18:53:54 2012
@@ -23,6 +23,8 @@ import java.io.IOException;
import java.security.Principal;
import java.util.HashMap;
import java.util.Hashtable;
+
+import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
@@ -40,6 +42,7 @@ import javax.security.sasl.SaslException
import javax.security.sasl.SaslServer;
import org.apache.log4j.Logger;
import org.apache.qpid.server.security.auth.AuthenticationResult;
+import
org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.plain.PlainPasswordCallback;
@@ -119,33 +122,74 @@ public class SimpleLDAPAuthenticationMan
@Override
public AuthenticationResult authenticate(String username, String password)
{
-
try
{
- return doLDAPNameAuthentication(getNameFromId(username), password);
+ AuthenticationResult result =
doLDAPNameAuthentication(getNameFromId(username), password);
+ if(result.getStatus() == AuthenticationStatus.SUCCESS)
+ {
+ //Return a result based on the supplied username rather than
the search name
+ return new AuthenticationResult(new
UsernamePrincipal(username));
+ }
+ else
+ {
+ return result;
+ }
}
catch (NamingException e)
{
-
return new
AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
-
}
}
- private AuthenticationResult doLDAPNameAuthentication(String username,
String password) throws NamingException
+ private AuthenticationResult doLDAPNameAuthentication(String name, String
password)
{
+ if(name == null)
+ {
+ //The search didn't return anything, class as not-authenticated
before it NPEs below
+ return new AuthenticationResult(AuthenticationStatus.CONTINUE);
+ }
+
Hashtable<Object,Object> env = new Hashtable<Object,Object>();
env.put(Context.INITIAL_CONTEXT_FACTORY, _ldapContextFactory);
env.put(Context.PROVIDER_URL, _providerAuthURL);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
- env.put(Context.SECURITY_PRINCIPAL, username);
+ env.put(Context.SECURITY_PRINCIPAL, name);
env.put(Context.SECURITY_CREDENTIALS, password);
- DirContext ctx = new InitialDirContext(env);
- ctx.close();
- return new AuthenticationResult(new UsernamePrincipal(username));
+ DirContext ctx = null;
+ try
+ {
+ ctx = new InitialDirContext(env);
+
+ //Authentication succeeded
+ return new AuthenticationResult(new UsernamePrincipal(name));
+ }
+ catch(AuthenticationException ae)
+ {
+ //Authentication failed
+ return new AuthenticationResult(AuthenticationStatus.CONTINUE);
+ }
+ catch (NamingException e)
+ {
+ //Some other failure
+ return new
AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
+ }
+ finally
+ {
+ if(ctx != null)
+ {
+ try
+ {
+ ctx.close();
+ }
+ catch (Exception e)
+ {
+ _logger.warn("Exception closing InitialDirContext", e);
+ }
+ }
+ }
}
@Override
@@ -190,19 +234,11 @@ public class SimpleLDAPAuthenticationMan
}
catch (NamingException e)
{
- _logger.info("SASL Authentication Error", e);
+ _logger.warn("SASL Authentication Exception", e);
}
if(password != null)
{
- try
- {
- authenticated = doLDAPNameAuthentication(name,
password);
-
- }
- catch (NamingException e)
- {
- authenticated = new
AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
- }
+ authenticated = doLDAPNameAuthentication(name,
password);
}
}
else if (callback instanceof PlainPasswordCallback)
@@ -210,17 +246,10 @@ public class SimpleLDAPAuthenticationMan
password =
((PlainPasswordCallback)callback).getPlainPassword();
if(name != null)
{
- try
- {
- authenticated = doLDAPNameAuthentication(name,
password);
- if(authenticated.getStatus()==
AuthenticationResult.AuthenticationStatus.SUCCESS)
- {
-
((PlainPasswordCallback)callback).setAuthenticated(true);
- }
- }
- catch (NamingException e)
+ authenticated = doLDAPNameAuthentication(name,
password);
+ if(authenticated.getStatus()==
AuthenticationResult.AuthenticationStatus.SUCCESS)
{
- authenticated = new
AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
+
((PlainPasswordCallback)callback).setAuthenticated(true);
}
}
}
@@ -242,7 +271,6 @@ public class SimpleLDAPAuthenticationMan
env.put(Context.INITIAL_CONTEXT_FACTORY, _ldapContextFactory);
env.put(Context.PROVIDER_URL, _providerSearchURL);
-
env.put(Context.SECURITY_AUTHENTICATION, "none");
DirContext ctx = null;
@@ -267,7 +295,14 @@ public class SimpleLDAPAuthenticationMan
}
finally
{
- ctx.close();
+ try
+ {
+ ctx.close();
+ }
+ catch (Exception e)
+ {
+ _logger.warn("Exception closing InitialDirContext", e);
+ }
}
}
Propchange:
qpid/branches/0.20/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/
------------------------------------------------------------------------------
Merged
/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost:r1414257
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
