Author: rgodfrey
Date: Fri Jan 29 11:12:59 2016
New Revision: 1727532
URL: http://svn.apache.org/viewvc?rev=1727532&view=rev
Log:
QPID-7027 : make interactive HTTP authentication pliggable
Added:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestInteractiveAuthenticator.java
- copied, changed from r1727364,
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestPreemptiveAuthenticator.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
(with props)
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingAuthorisationFilter.java
Copied:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestInteractiveAuthenticator.java
(from r1727364,
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestPreemptiveAuthenticator.java)
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestInteractiveAuthenticator.java?p2=qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestInteractiveAuthenticator.java&p1=qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestPreemptiveAuthenticator.java&r1=1727364&r2=1727532&rev=1727532&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestPreemptiveAuthenticator.java
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpRequestInteractiveAuthenticator.java
Fri Jan 29 11:12:59 2016
@@ -20,13 +20,21 @@
*/
package org.apache.qpid.server.management.plugin;
-import javax.security.auth.Subject;
+import java.io.IOException;
+
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
-import org.apache.qpid.server.model.port.HttpPort;
import org.apache.qpid.server.plugin.Pluggable;
-public interface HttpRequestPreemptiveAuthenticator extends Pluggable
+public interface HttpRequestInteractiveAuthenticator extends Pluggable
{
- Subject attemptAuthentication(HttpServletRequest request,
HttpManagementConfiguration configuration);
+ interface AuthenticationHandler
+ {
+ void handleAuthentication(HttpServletResponse response) throws
IOException;
+ }
+
+ AuthenticationHandler getAuthenticationHandler(HttpServletRequest request,
+ HttpManagementConfiguration
configuration);
+
}
Added:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java?rev=1727532&view=auto
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
(added)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
Fri Jan 29 11:12:59 2016
@@ -0,0 +1,66 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.management.plugin.auth;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
+import
org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator;
+import org.apache.qpid.server.plugin.PluggableService;
+import
org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider;
+
+@PluggableService
+public class UsernamePasswordInteractiveLogin implements
HttpRequestInteractiveAuthenticator
+{
+ private static String DEFAULT_LOGIN_URL = "login.html";
+
+ private static final AuthenticationHandler REDIRECT_HANDLER = new
AuthenticationHandler()
+ {
+ @Override
+ public void handleAuthentication(final HttpServletResponse response)
throws IOException
+ {
+ response.sendRedirect(DEFAULT_LOGIN_URL);
+ }
+ };
+
+ @Override
+ public AuthenticationHandler getAuthenticationHandler(final
HttpServletRequest request,
+ final
HttpManagementConfiguration configuration)
+ {
+ if(configuration.getAuthenticationProvider(request) instanceof
UsernamePasswordAuthenticationProvider)
+ {
+ return REDIRECT_HANDLER;
+ }
+ else
+ {
+ return null;
+ }
+ }
+
+ @Override
+ public String getType()
+ {
+ return "UsernamePassword";
+ }
+}
Propchange:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/UsernamePasswordInteractiveLogin.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingAuthorisationFilter.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingAuthorisationFilter.java?rev=1727532&r1=1727531&r2=1727532&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingAuthorisationFilter.java
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/RedirectingAuthorisationFilter.java
Fri Jan 29 11:12:59 2016
@@ -21,6 +21,10 @@
package org.apache.qpid.server.management.plugin.filter;
import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
@@ -34,14 +38,25 @@ import javax.servlet.http.HttpServletRes
import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
import org.apache.qpid.server.management.plugin.HttpManagementUtil;
+import
org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator;
import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.plugin.QpidServiceLoader;
public class RedirectingAuthorisationFilter implements Filter
{
- public static String DEFAULT_LOGIN_URL = "login.html";
- public static String INIT_PARAM_LOGIN_URL = "login-url";
- private String _loginUrl = DEFAULT_LOGIN_URL;
+ private static final Collection<HttpRequestInteractiveAuthenticator>
AUTHENTICATORS;
+ static
+ {
+ List<HttpRequestInteractiveAuthenticator> authenticators = new
ArrayList<>();
+ for(HttpRequestInteractiveAuthenticator authenticator : (new
QpidServiceLoader()).instancesOf(HttpRequestInteractiveAuthenticator.class))
+ {
+ authenticators.add(authenticator);
+ }
+ AUTHENTICATORS = Collections.unmodifiableList(authenticators);
+ }
+
+
private Broker _broker;
private HttpManagementConfiguration _managementConfiguration;
@@ -53,11 +68,6 @@ public class RedirectingAuthorisationFil
@Override
public void init(FilterConfig config) throws ServletException
{
- String loginUrl = config.getInitParameter(INIT_PARAM_LOGIN_URL);
- if (loginUrl != null)
- {
- _loginUrl = loginUrl;
- }
ServletContext servletContext = config.getServletContext();
_broker = HttpManagementUtil.getBroker(servletContext);
_managementConfiguration =
HttpManagementUtil.getManagementConfiguration(servletContext);
@@ -76,7 +86,24 @@ public class RedirectingAuthorisationFil
}
catch(SecurityException e)
{
- httpResponse.sendRedirect(_loginUrl);
+ HttpRequestInteractiveAuthenticator.AuthenticationHandler handler
= null;
+ for(HttpRequestInteractiveAuthenticator authenticator :
AUTHENTICATORS)
+ {
+ handler = authenticator.getAuthenticationHandler(httpRequest,
_managementConfiguration);
+ if(handler != null)
+ {
+ break;
+ };
+ }
+
+ if(handler != null)
+ {
+ handler.handleAuthentication(httpResponse);
+ }
+ else
+ {
+ httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
