Author: rgodfrey
Date: Sun Apr 7 20:57:23 2013
New Revision: 1465459
URL: http://svn.apache.org/r1465459
Log:
QPID-4726: [Java Broker] AMQP 1.0 : Improve SASL support
Modified:
qpid/trunk/qpid/java/amqp-1-0-common/src/main/java/org/apache/qpid/amqp_1_0/transport/ConnectionEndpoint.java
qpid/trunk/qpid/java/amqp-1-0-common/src/main/java/org/apache/qpid/amqp_1_0/transport/SaslServerProvider.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0_SASL.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java
Modified:
qpid/trunk/qpid/java/amqp-1-0-common/src/main/java/org/apache/qpid/amqp_1_0/transport/ConnectionEndpoint.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/amqp-1-0-common/src/main/java/org/apache/qpid/amqp_1_0/transport/ConnectionEndpoint.java?rev=1465459&r1=1465458&r2=1465459&view=diff
==============================================================================
---
qpid/trunk/qpid/java/amqp-1-0-common/src/main/java/org/apache/qpid/amqp_1_0/transport/ConnectionEndpoint.java
(original)
+++
qpid/trunk/qpid/java/amqp-1-0-common/src/main/java/org/apache/qpid/amqp_1_0/transport/ConnectionEndpoint.java
Sun Apr 7 20:57:23 2013
@@ -21,7 +21,8 @@
package org.apache.qpid.amqp_1_0.transport;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
import org.apache.qpid.amqp_1_0.codec.DescribedTypeConstructorRegistry;
import org.apache.qpid.amqp_1_0.codec.ValueWriter;
import org.apache.qpid.amqp_1_0.framing.AMQFrame;
@@ -59,12 +60,15 @@ public class ConnectionEndpoint implemen
{
private static final short CONNECTION_CONTROL_CHANNEL = (short) 0;
private static final ByteBuffer EMPTY_BYTE_BUFFER = ByteBuffer.wrap(new
byte[0]);
+ private static final Symbol SASL_PLAIN = Symbol.valueOf("PLAIN");
+ private static final Symbol SASL_ANONYMOUS = Symbol.valueOf("ANONYMOUS");
+ private static final Symbol SASL_EXTERNAL = Symbol.valueOf("EXTERNAL");
private final Container _container;
private Principal _user;
private static final short DEFAULT_CHANNEL_MAX = 255;
- private static final int DEFAULT_MAX_FRAME =
Integer.getInteger("amqp.max_frame_size",1<<15);
+ private static final int DEFAULT_MAX_FRAME =
Integer.getInteger("amqp.max_frame_size", 1 << 15);
private ConnectionState _state = ConnectionState.UNOPENED;
@@ -75,20 +79,20 @@ public class ConnectionEndpoint implemen
private SocketAddress _remoteAddress;
// positioned by the *outgoing* channel
- private SessionEndpoint[] _sendingSessions = new
SessionEndpoint[DEFAULT_CHANNEL_MAX+1];
+ private SessionEndpoint[] _sendingSessions = new
SessionEndpoint[DEFAULT_CHANNEL_MAX + 1];
// positioned by the *incoming* channel
- private SessionEndpoint[] _receivingSessions = new
SessionEndpoint[DEFAULT_CHANNEL_MAX+1];
+ private SessionEndpoint[] _receivingSessions = new
SessionEndpoint[DEFAULT_CHANNEL_MAX + 1];
private boolean _closedForInput;
private boolean _closedForOutput;
private long _idleTimeout;
private AMQPDescribedTypeRegistry _describedTypeRegistry =
AMQPDescribedTypeRegistry.newInstance()
- .registerTransportLayer()
- .registerMessagingLayer()
- .registerTransactionLayer()
- .registerSecurityLayer();
+ .registerTransportLayer()
+ .registerMessagingLayer()
+ .registerTransactionLayer()
+ .registerSecurityLayer();
private FrameOutputHandler<FrameBody> _frameOutputHandler;
@@ -135,11 +139,11 @@ public class ConnectionEndpoint implemen
public synchronized void open()
{
- if(_requiresSASLClient)
+ if (_requiresSASLClient)
{
synchronized (getLock())
{
- while(!_saslComplete)
+ while (!_saslComplete)
{
try
{
@@ -151,12 +155,12 @@ public class ConnectionEndpoint implemen
}
}
}
- if(!_authenticated)
+ if (!_authenticated)
{
throw new RuntimeException("Could not connect - authentication
error");
}
}
- if(_state == ConnectionState.UNOPENED)
+ if (_state == ConnectionState.UNOPENED)
{
sendOpen(DEFAULT_CHANNEL_MAX, DEFAULT_MAX_FRAME);
_state = ConnectionState.AWAITING_OPEN;
@@ -172,8 +176,8 @@ public class ConnectionEndpoint implemen
{
// todo assert connection state
SessionEndpoint endpoint = new SessionEndpoint(this);
- short channel = getFirstFreeChannel();
- if(channel != -1)
+ short channel = getFirstFreeChannel();
+ if (channel != -1)
{
_sendingSessions[channel] = endpoint;
endpoint.setSendingChannel(channel);
@@ -244,8 +248,6 @@ public class ConnectionEndpoint implemen
}
-
-
private void closeSender()
{
setClosedForOutput(true);
@@ -255,9 +257,9 @@ public class ConnectionEndpoint implemen
short getFirstFreeChannel()
{
- for(int i = 0; i<_sendingSessions.length;i++)
+ for (int i = 0; i < _sendingSessions.length; i++)
{
- if(_sendingSessions[i]==null)
+ if (_sendingSessions[i] == null)
{
return (short) i;
}
@@ -276,22 +278,25 @@ public class ConnectionEndpoint implemen
{
_channelMax = open.getChannelMax() == null ? DEFAULT_CHANNEL_MAX
- :
open.getChannelMax().shortValue() < DEFAULT_CHANNEL_MAX
- ? DEFAULT_CHANNEL_MAX
- :
open.getChannelMax().shortValue();
-
- UnsignedInteger remoteDesiredMaxFrameSize = open.getMaxFrameSize() ==
null ? UnsignedInteger.valueOf(DEFAULT_MAX_FRAME) : open.getMaxFrameSize();
-
- _maxFrameSize =
(remoteDesiredMaxFrameSize.compareTo(_desiredMaxFrameSize) < 0 ?
remoteDesiredMaxFrameSize : _desiredMaxFrameSize).intValue();
+ : open.getChannelMax().shortValue() < DEFAULT_CHANNEL_MAX
+ ? DEFAULT_CHANNEL_MAX
+ : open.getChannelMax().shortValue();
+
+ UnsignedInteger remoteDesiredMaxFrameSize =
+ open.getMaxFrameSize() == null ?
UnsignedInteger.valueOf(DEFAULT_MAX_FRAME) : open.getMaxFrameSize();
+
+ _maxFrameSize =
(remoteDesiredMaxFrameSize.compareTo(_desiredMaxFrameSize) < 0
+ ? remoteDesiredMaxFrameSize
+ : _desiredMaxFrameSize).intValue();
_remoteContainerId = open.getContainerId();
- if(open.getIdleTimeOut() != null)
+ if (open.getIdleTimeOut() != null)
{
_idleTimeout = open.getIdleTimeOut().longValue();
}
- switch(_state)
+ switch (_state)
{
case UNOPENED:
sendOpen(_channelMax, _maxFrameSize);
@@ -313,7 +318,7 @@ public class ConnectionEndpoint implemen
{
setClosedForInput(true);
_connectionEventListener.closeReceived();
- switch(_state)
+ switch (_state)
{
case UNOPENED:
case AWAITING_OPEN:
@@ -341,7 +346,7 @@ public class ConnectionEndpoint implemen
{
Close close = new Close();
close.setError(error);
- switch(_state)
+ switch (_state)
{
case UNOPENED:
_state = ConnectionState.CLOSED;
@@ -359,17 +364,17 @@ public class ConnectionEndpoint implemen
}
}
- public synchronized void inputClosed()
+ public synchronized void inputClosed()
{
- if(!_closedForInput)
+ if (!_closedForInput)
{
_closedForInput = true;
- for(int i = 0; i < _receivingSessions.length; i++)
+ for (int i = 0; i < _receivingSessions.length; i++)
{
- if(_receivingSessions[i] != null)
+ if (_receivingSessions[i] != null)
{
_receivingSessions[i].end();
- _receivingSessions[i]=null;
+ _receivingSessions[i] = null;
}
}
@@ -395,8 +400,7 @@ public class ConnectionEndpoint implemen
short myChannelId;
-
- if(begin.getRemoteChannel() != null)
+ if (begin.getRemoteChannel() != null)
{
myChannelId = begin.getRemoteChannel().shortValue();
SessionEndpoint endpoint;
@@ -404,7 +408,7 @@ public class ConnectionEndpoint implemen
{
endpoint = _sendingSessions[myChannelId];
}
- catch(IndexOutOfBoundsException e)
+ catch (IndexOutOfBoundsException e)
{
final Error error = new Error();
error.setCondition(ConnectionError.FRAMING_ERROR);
@@ -414,9 +418,9 @@ public class ConnectionEndpoint implemen
connectionError(error);
return;
}
- if(endpoint != null)
+ if (endpoint != null)
{
- if(_receivingSessions[channel] == null)
+ if (_receivingSessions[channel] == null)
{
_receivingSessions[channel] = endpoint;
endpoint.setReceivingChannel(channel);
@@ -446,16 +450,16 @@ public class ConnectionEndpoint implemen
{
myChannelId = getFirstFreeChannel();
- if(myChannelId == -1)
+ if (myChannelId == -1)
{
// close any half open channel
myChannelId = getFirstFreeChannel();
}
- if(_receivingSessions[channel] == null)
+ if (_receivingSessions[channel] == null)
{
- SessionEndpoint endpoint = new SessionEndpoint(this,begin);
+ SessionEndpoint endpoint = new SessionEndpoint(this, begin);
_receivingSessions[channel] = endpoint;
_sendingSessions[myChannelId] = endpoint;
@@ -483,15 +487,13 @@ public class ConnectionEndpoint implemen
}
-
}
-
public synchronized void receiveEnd(short channel, End end)
{
SessionEndpoint endpoint = _receivingSessions[channel];
- if(endpoint != null)
+ if (endpoint != null)
{
_receivingSessions[channel] = null;
@@ -551,18 +553,18 @@ public class ConnectionEndpoint implemen
public synchronized int send(short channel, FrameBody body, ByteBuffer
payload)
{
- if(!_closedForOutput)
+ if (!_closedForOutput)
{
ValueWriter<FrameBody> writer =
_describedTypeRegistry.getValueWriter(body);
int size = writer.writeToBuffer(EMPTY_BYTE_BUFFER);
ByteBuffer payloadDup = payload == null ? null :
payload.duplicate();
int payloadSent = getMaxFrameSize() - (size + 9);
- if(payloadSent < (payload == null ? 0 : payload.remaining()))
+ if (payloadSent < (payload == null ? 0 : payload.remaining()))
{
- if(body instanceof Transfer)
+ if (body instanceof Transfer)
{
- ((Transfer)body).setMore(Boolean.TRUE);
+ ((Transfer) body).setMore(Boolean.TRUE);
}
writer = _describedTypeRegistry.getValueWriter(body);
@@ -571,9 +573,9 @@ public class ConnectionEndpoint implemen
try
{
- payloadDup.limit(payloadDup.position()+payloadSent);
+ payloadDup.limit(payloadDup.position() + payloadSent);
}
- catch(NullPointerException npe)
+ catch (NullPointerException npe)
{
throw npe;
}
@@ -592,7 +594,6 @@ public class ConnectionEndpoint implemen
}
-
public void invalidHeaderReceived()
{
// TODO
@@ -606,7 +607,7 @@ public class ConnectionEndpoint implemen
public synchronized void protocolHeaderReceived(final byte major, final
byte minorVersion, final byte revision)
{
- if(_requiresSASLServer && _state != ConnectionState.UNOPENED)
+ if (_requiresSASLServer && _state != ConnectionState.UNOPENED)
{
// TODO - bad stuff
}
@@ -618,7 +619,7 @@ public class ConnectionEndpoint implemen
public synchronized void handleError(final Error error)
{
- if(!closedForOutput())
+ if (!closedForOutput())
{
Close close = new Close();
close.setError(error);
@@ -631,17 +632,17 @@ public class ConnectionEndpoint implemen
public synchronized void receive(final short channel, final Object frame)
{
- if(_logger.isLoggable(Level.FINE))
+ if (_logger.isLoggable(Level.FINE))
{
- _logger.fine("RECV["+ _remoteAddress + "|"+channel+"] : " + frame);
+ _logger.fine("RECV[" + _remoteAddress + "|" + channel + "] : " +
frame);
}
- if(frame instanceof FrameBody)
+ if (frame instanceof FrameBody)
{
- ((FrameBody)frame).invoke(channel, this);
+ ((FrameBody) frame).invoke(channel, this);
}
- else if(frame instanceof SaslFrameBody)
+ else if (frame instanceof SaslFrameBody)
{
- ((SaslFrameBody)frame).invoke(this);
+ ((SaslFrameBody) frame).invoke(this);
}
}
@@ -674,7 +675,7 @@ public class ConnectionEndpoint implemen
public synchronized void close()
{
- switch(_state)
+ switch (_state)
{
case AWAITING_OPEN:
case OPEN:
@@ -737,10 +738,11 @@ public class ConnectionEndpoint implemen
{
_saslComplete = true;
_authenticated = true;
+ _user =
_saslServerProvider.getAuthenticatedPrincipal(_saslServer);
getLock().notifyAll();
}
- if(_onSaslCompleteTask != null)
+ if (_onSaslCompleteTask != null)
{
_onSaslCompleteTask.run();
}
@@ -766,7 +768,7 @@ public class ConnectionEndpoint implemen
_authenticated = false;
getLock().notifyAll();
}
- if(_onSaslCompleteTask != null)
+ if (_onSaslCompleteTask != null)
{
_onSaslCompleteTask.run();
}
@@ -776,19 +778,32 @@ public class ConnectionEndpoint implemen
public void receiveSaslMechanisms(final SaslMechanisms saslMechanisms)
{
-
if(Arrays.asList(saslMechanisms.getSaslServerMechanisms()).contains(Symbol.valueOf("PLAIN")))
+ SaslInit init = new SaslInit();
+ init.setHostname(_remoteHostname);
+
+ Set<Symbol> mechanisms = new
HashSet<Symbol>(Arrays.asList(saslMechanisms.getSaslServerMechanisms()));
+ if (mechanisms.contains(SASL_PLAIN) && _password != null)
{
- SaslInit init = new SaslInit();
- init.setMechanism(Symbol.valueOf("PLAIN"));
- init.setHostname(_remoteHostname);
+
+ init.setMechanism(SASL_PLAIN);
+
byte[] usernameBytes =
_user.getName().getBytes(Charset.forName("UTF-8"));
byte[] passwordBytes =
_password.getBytes(Charset.forName("UTF-8"));
- byte[] initResponse = new
byte[usernameBytes.length+passwordBytes.length+2];
-
System.arraycopy(usernameBytes,0,initResponse,1,usernameBytes.length);
-
System.arraycopy(passwordBytes,0,initResponse,usernameBytes.length+2,passwordBytes.length);
+ byte[] initResponse = new byte[usernameBytes.length +
passwordBytes.length + 2];
+ System.arraycopy(usernameBytes, 0, initResponse, 1,
usernameBytes.length);
+ System.arraycopy(passwordBytes, 0, initResponse,
usernameBytes.length + 2, passwordBytes.length);
init.setInitialResponse(new Binary(initResponse));
- _saslFrameOutput.send(new SASLFrame(init),null);
+
}
+ else if (mechanisms.contains(SASL_ANONYMOUS))
+ {
+ init.setMechanism(SASL_ANONYMOUS);
+ }
+ else if (mechanisms.contains(SASL_EXTERNAL))
+ {
+ init.setMechanism(SASL_EXTERNAL);
+ }
+ _saslFrameOutput.send(new SASLFrame(init), null);
}
public void receiveSaslChallenge(final SaslChallenge saslChallenge)
@@ -798,65 +813,66 @@ public class ConnectionEndpoint implemen
public void receiveSaslResponse(final SaslResponse saslResponse)
{
- final Binary responseBinary = saslResponse.getResponse();
- byte[] response = responseBinary == null ? new byte[0] :
responseBinary.getArray();
-
+ final Binary responseBinary = saslResponse.getResponse();
+ byte[] response = responseBinary == null ? new byte[0] :
responseBinary.getArray();
- try
- {
- // Process response from the client
- byte[] challenge = _saslServer.evaluateResponse(response
!= null ? response : new byte[0]);
-
- if (_saslServer.isComplete())
- {
- SaslOutcome outcome = new SaslOutcome();
+ try
+ {
- outcome.setCode(SaslCode.OK);
- _saslFrameOutput.send(new SASLFrame(outcome),null);
- synchronized (getLock())
- {
- _saslComplete = true;
- _authenticated = true;
- getLock().notifyAll();
- }
- if(_onSaslCompleteTask != null)
- {
- _onSaslCompleteTask.run();
- }
+ // Process response from the client
+ byte[] challenge = _saslServer.evaluateResponse(response != null ?
response : new byte[0]);
- }
- else
- {
- SaslChallenge challengeBody = new SaslChallenge();
- challengeBody.setChallenge(new Binary(challenge));
- _saslFrameOutput.send(new SASLFrame(challengeBody),
null);
+ if (_saslServer.isComplete())
+ {
+ SaslOutcome outcome = new SaslOutcome();
- }
+ outcome.setCode(SaslCode.OK);
+ _saslFrameOutput.send(new SASLFrame(outcome), null);
+ synchronized (getLock())
+ {
+ _saslComplete = true;
+ _authenticated = true;
+ _user =
_saslServerProvider.getAuthenticatedPrincipal(_saslServer);
+ getLock().notifyAll();
}
- catch (SaslException e)
+ if (_onSaslCompleteTask != null)
{
- SaslOutcome outcome = new SaslOutcome();
+ _onSaslCompleteTask.run();
+ }
- outcome.setCode(SaslCode.AUTH);
- _saslFrameOutput.send(new SASLFrame(outcome),null);
- synchronized (getLock())
- {
- _saslComplete = true;
- _authenticated = false;
- getLock().notifyAll();
- }
- if(_onSaslCompleteTask != null)
- {
- _onSaslCompleteTask.run();
- }
+ }
+ else
+ {
+ SaslChallenge challengeBody = new SaslChallenge();
+ challengeBody.setChallenge(new Binary(challenge));
+ _saslFrameOutput.send(new SASLFrame(challengeBody), null);
- }
+ }
}
+ catch (SaslException e)
+ {
+ SaslOutcome outcome = new SaslOutcome();
+
+ outcome.setCode(SaslCode.AUTH);
+ _saslFrameOutput.send(new SASLFrame(outcome), null);
+ synchronized (getLock())
+ {
+ _saslComplete = true;
+ _authenticated = false;
+ getLock().notifyAll();
+ }
+ if (_onSaslCompleteTask != null)
+ {
+ _onSaslCompleteTask.run();
+ }
+
+ }
+ }
public void receiveSaslOutcome(final SaslOutcome saslOutcome)
{
- if(saslOutcome.getCode() == SaslCode.OK)
+ if (saslOutcome.getCode() == SaslCode.OK)
{
_saslFrameOutput.close();
synchronized (getLock())
@@ -865,7 +881,7 @@ public class ConnectionEndpoint implemen
_authenticated = true;
getLock().notifyAll();
}
- if(_onSaslCompleteTask != null)
+ if (_onSaslCompleteTask != null)
{
_onSaslCompleteTask.run();
}
@@ -904,22 +920,13 @@ public class ConnectionEndpoint implemen
return _authenticated;
}
- public void initiateSASL()
+ public void initiateSASL(String[] mechanismNames)
{
SaslMechanisms mechanisms = new SaslMechanisms();
- final Enumeration<SaslServerFactory> saslServerFactories =
Sasl.getSaslServerFactories();
-
- SaslServerFactory f;
ArrayList<Symbol> mechanismsList = new ArrayList<Symbol>();
- while(saslServerFactories.hasMoreElements())
+ for (String name : mechanismNames)
{
- f = saslServerFactories.nextElement();
- final String[] mechanismNames = f.getMechanismNames(null);
- for(String name : mechanismNames)
- {
- mechanismsList.add(Symbol.valueOf(name));
- }
-
+ mechanismsList.add(Symbol.valueOf(name));
}
mechanisms.setSaslServerMechanisms(mechanismsList.toArray(new
Symbol[mechanismsList.size()]));
_saslFrameOutput.send(new SASLFrame(mechanisms), null);
Modified:
qpid/trunk/qpid/java/amqp-1-0-common/src/main/java/org/apache/qpid/amqp_1_0/transport/SaslServerProvider.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/amqp-1-0-common/src/main/java/org/apache/qpid/amqp_1_0/transport/SaslServerProvider.java?rev=1465459&r1=1465458&r2=1465459&view=diff
==============================================================================
---
qpid/trunk/qpid/java/amqp-1-0-common/src/main/java/org/apache/qpid/amqp_1_0/transport/SaslServerProvider.java
(original)
+++
qpid/trunk/qpid/java/amqp-1-0-common/src/main/java/org/apache/qpid/amqp_1_0/transport/SaslServerProvider.java
Sun Apr 7 20:57:23 2013
@@ -20,10 +20,12 @@
package org.apache.qpid.amqp_1_0.transport;
+import java.security.Principal;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
public interface SaslServerProvider
{
SaslServer getSaslServer(String mechanism, String fqdn) throws
SaslException;
+ Principal getAuthenticatedPrincipal(SaslServer server);
}
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0.java?rev=1465459&r1=1465458&r2=1465459&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0.java
Sun Apr 7 20:57:23 2013
@@ -22,6 +22,7 @@ package org.apache.qpid.server.protocol;
import java.net.SocketAddress;
import java.nio.ByteBuffer;
+import java.security.Principal;
import java.util.concurrent.atomic.AtomicLong;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -41,6 +42,7 @@ import org.apache.qpid.protocol.ServerPr
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.protocol.v1_0.Connection_1_0;
import org.apache.qpid.server.security.SubjectCreator;
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.virtualhost.VirtualHost;
import org.apache.qpid.transport.Sender;
import org.apache.qpid.transport.network.NetworkConnection;
@@ -170,6 +172,12 @@ public class ProtocolEngine_1_0_0 implem
{
return subjectCreator.createSaslServer(mechanism, fqdn, null);
}
+
+ @Override
+ public Principal getAuthenticatedPrincipal(SaslServer server)
+ {
+ return new UsernamePrincipal(server.getAuthorizationID());
+ }
};
}
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0_SASL.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0_SASL.java?rev=1465459&r1=1465458&r2=1465459&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0_SASL.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/protocol/ProtocolEngine_1_0_0_SASL.java
Sun Apr 7 20:57:23 2013
@@ -23,6 +23,7 @@ package org.apache.qpid.server.protocol;
import java.io.PrintWriter;
import java.net.SocketAddress;
import java.nio.ByteBuffer;
+import java.security.Principal;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.sasl.SaslException;
@@ -42,6 +43,7 @@ import org.apache.qpid.protocol.ServerPr
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.protocol.v1_0.Connection_1_0;
import org.apache.qpid.server.security.SubjectCreator;
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.virtualhost.VirtualHost;
import org.apache.qpid.transport.Sender;
import org.apache.qpid.transport.network.NetworkConnection;
@@ -162,7 +164,8 @@ public class ProtocolEngine_1_0_0_SASL i
Container container = new Container(_broker.getId().toString());
VirtualHost virtualHost =
_broker.getVirtualHostRegistry().getVirtualHost((String)_broker.getAttribute(Broker.DEFAULT_VIRTUAL_HOST));
- _conn = new ConnectionEndpoint(container,
asSaslServerProvider(_broker.getSubjectCreator(getLocalAddress())));
+ SubjectCreator subjectCreator =
_broker.getSubjectCreator(getLocalAddress());
+ _conn = new ConnectionEndpoint(container,
asSaslServerProvider(subjectCreator));
_conn.setRemoteAddress(getRemoteAddress());
_conn.setConnectionEventListener(new Connection_1_0(virtualHost,
_conn, _connectionId));
_conn.setFrameOutputHandler(this);
@@ -189,7 +192,7 @@ public class ProtocolEngine_1_0_0_SASL i
_sender.send(HEADER.duplicate());
_sender.flush();
- _conn.initiateSASL();
+ _conn.initiateSASL(subjectCreator.getMechanisms().split(" "));
}
@@ -201,7 +204,13 @@ public class ProtocolEngine_1_0_0_SASL i
@Override
public SaslServer getSaslServer(String mechanism, String fqdn)
throws SaslException
{
- return subjectCreator.createSaslServer(mechanism, fqdn, null);
+ return subjectCreator.createSaslServer(mechanism, fqdn,
_network.getPeerPrincipal());
+ }
+
+ @Override
+ public Principal getAuthenticatedPrincipal(SaslServer server)
+ {
+ return new UsernamePrincipal(server.getAuthorizationID());
}
};
}
@@ -230,7 +239,7 @@ public class ProtocolEngine_1_0_0_SASL i
Binary bin = new Binary(data);
RAW_LOGGER.fine("RECV[" + getRemoteAddress() + "] : " +
bin.toString());
}
- _readBytes += msg.remaining();
+ _readBytes += msg.remaining();
switch(_state)
{
case A:
@@ -392,7 +401,6 @@ public class ProtocolEngine_1_0_0_SASL i
RAW_LOGGER.fine("SEND[" + getRemoteAddress() + "] : " +
bin.toString());
}
-
_sender.send(dup);
_sender.flush();
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java?rev=1465459&r1=1465458&r2=1465459&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java
Sun Apr 7 20:57:23 2013
@@ -61,7 +61,7 @@ public class ExternalSaslServer implemen
public String getAuthorizationID()
{
- return null;
+ return getAuthenticatedPrincipal().getName();
}
public byte[] unwrap(byte[] incoming, int offset, int len) throws
SaslException
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
