Author: lquack
Date: Tue Feb 9 16:41:06 2016
New Revision: 1729408
URL: http://svn.apache.org/viewvc?rev=1729408&view=rev
Log:
QPID-7028: [Java Broker] OAuth2 improvements
* improve error handling
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2Utils.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java?rev=1729408&r1=1729407&r2=1729408&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProvider.java
Tue Feb 9 16:41:06 2016
@@ -24,6 +24,7 @@ import java.util.List;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.ManagedAttribute;
+import org.apache.qpid.server.model.ManagedContextDefault;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.security.auth.AuthenticationResult;
@@ -31,6 +32,14 @@ import org.apache.qpid.server.security.a
@ManagedObject( category = false, type = "OAuth2" )
public interface OAuth2AuthenticationProvider<T extends
OAuth2AuthenticationProvider<T>> extends AuthenticationProvider<T>
{
+ String AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT =
"qpid.authentication.oauth2.connectTimeout";
+ @ManagedContextDefault(name = AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT)
+ int DEFAULT_AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT = 60000;
+
+ String AUTHENTICATION_OAUTH2_READ_TIMEOUT =
"qpid.authentication.oauth2.readTimeout";
+ @ManagedContextDefault(name = AUTHENTICATION_OAUTH2_READ_TIMEOUT)
+ int DEFAULT_AUTHENTICATION_OAUTH2_READ_TIMEOUT = 60000;
+
@ManagedAttribute( description = "Redirect URI to obtain authorization
code grant", mandatory = true )
URI getAuthorizationEndpointURI();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java?rev=1729408&r1=1729407&r2=1729408&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
Tue Feb 9 16:41:06 2016
@@ -93,6 +93,8 @@ public class OAuth2AuthenticationProvide
private String _identityResolverType;
private OAuth2IdentityResolverService _identityResolverService;
+ private int _connectTimeout;
+ private int _readTimeout;
@ManagedObjectFactoryConstructor
protected OAuth2AuthenticationProviderImpl(final Map<String, Object>
attributes,
@@ -107,7 +109,8 @@ public class OAuth2AuthenticationProvide
super.onOpen();
String type = getIdentityResolverType();
_identityResolverService = new
QpidServiceLoader().getInstancesByType(OAuth2IdentityResolverService.class).get(type);
-
+ _connectTimeout = getContextValue(Integer.class,
AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
+ _readTimeout = getContextValue(Integer.class,
AUTHENTICATION_OAUTH2_READ_TIMEOUT);
}
@Override
@@ -200,6 +203,8 @@ public class OAuth2AuthenticationProvide
LOGGER.debug("About to call token endpoint '{}'", tokenEndpoint);
connection = (HttpsURLConnection) tokenEndpoint.openConnection();
+ connection.setConnectTimeout(_connectTimeout);
+ connection.setReadTimeout(_readTimeout);
if (getTrustStore() != null)
{
@@ -237,7 +242,7 @@ public class OAuth2AuthenticationProvide
output.write(body);
output.close();
- try (InputStream input = connection.getInputStream())
+ try (InputStream input = OAuth2Utils.getResponseStream(connection))
{
final int responseCode = connection.getResponseCode();
LOGGER.debug("Call to token endpoint '{}' complete, response
code : {}", tokenEndpoint, responseCode);
@@ -352,5 +357,4 @@ public class OAuth2AuthenticationProvide
{
return new
QpidServiceLoader().getInstancesByType(OAuth2IdentityResolverService.class).keySet();
}
-
}
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2Utils.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2Utils.java?rev=1729408&r1=1729407&r2=1729408&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2Utils.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2Utils.java
Tue Feb 9 16:41:06 2016
@@ -20,6 +20,8 @@
*/
package org.apache.qpid.server.security.auth.manager.oauth2;
+import java.io.IOException;
+import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
@@ -120,4 +122,21 @@ public class OAuth2Utils
throw new ServerScopedRuntimeException("Failed to encode as
UTF-8", e);
}
}
+
+ public static InputStream getResponseStream(final HttpsURLConnection
connection) throws IOException
+ {
+ try
+ {
+ return connection.getInputStream();
+ }
+ catch (IOException ioe)
+ {
+ InputStream errorStream = connection.getErrorStream();
+ if (errorStream != null)
+ {
+ return errorStream;
+ }
+ throw ioe;
+ }
+ }
}
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java?rev=1729408&r1=1729407&r2=1729408&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/cloudfoundry/CloudFoundryOAuth2IdentityResolverService.java
Tue Feb 9 16:41:06 2016
@@ -77,11 +77,17 @@ public class CloudFoundryOAuth2IdentityR
String clientId = authenticationProvider.getClientId();
String clientSecret = authenticationProvider.getClientSecret();
URL checkTokenEndpoint = checkTokenEndpointURI.toURL();
+ int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
+ int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
+
HttpsURLConnection connection;
LOGGER.debug("About to call identity service '{}'",
checkTokenEndpoint);
connection = (HttpsURLConnection) checkTokenEndpoint.openConnection();
+ connection.setConnectTimeout(connectTimeout);
+ connection.setReadTimeout(readTimeout);
+
if (trustStore != null)
{
OAuth2Utils.setTrustedCertificates(connection, trustStore);
@@ -102,7 +108,8 @@ public class CloudFoundryOAuth2IdentityR
{
output.write(OAuth2Utils.buildRequestQuery(requestParameters).getBytes(UTF8));
output.close();
- try (InputStream input = connection.getInputStream())
+
+ try (InputStream input = OAuth2Utils.getResponseStream(connection))
{
int responseCode = connection.getResponseCode();
LOGGER.debug("Call to identity service '{}' complete, response
code : {}", checkTokenEndpoint, responseCode);
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java?rev=1729408&r1=1729407&r2=1729408&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/facebook/FacebookIdentityResolverService.java
Tue Feb 9 16:41:06 2016
@@ -77,11 +77,16 @@ public class FacebookIdentityResolverSer
String accessToken) throws IOException,
IdentityResolverException
{
URI userInfoEndpoint =
authenticationProvider.getIdentityResolverEndpointURI();
+ int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
+ int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
TrustStore trustStore = authenticationProvider.getTrustStore();
HttpsURLConnection connection = (HttpsURLConnection)
userInfoEndpoint.toURL().openConnection();
+ connection.setConnectTimeout(connectTimeout);
+ connection.setReadTimeout(readTimeout);
+
if (trustStore != null)
{
OAuth2Utils.setTrustedCertificates(connection, trustStore);
@@ -94,7 +99,7 @@ public class FacebookIdentityResolverSer
connection.connect();
- try (InputStream input = connection.getInputStream())
+ try (InputStream input = OAuth2Utils.getResponseStream(connection))
{
int responseCode = connection.getResponseCode();
LOGGER.debug("Call to identity service '{}' complete, response
code : {}",
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java?rev=1729408&r1=1729407&r2=1729408&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/github/GitHubOAuth2IdentityResolverService.java
Tue Feb 9 16:41:06 2016
@@ -58,7 +58,7 @@ public class GitHubOAuth2IdentityResolve
private static final String UTF8 = StandardCharsets.UTF_8.name();
public static final String TYPE = "GitHubUser";
-
+
private final ObjectMapper _objectMapper = new ObjectMapper();
@Override
@@ -83,10 +83,15 @@ public class GitHubOAuth2IdentityResolve
{
URI userInfoEndpoint =
authenticationProvider.getIdentityResolverEndpointURI();
TrustStore trustStore = authenticationProvider.getTrustStore();
+ int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
+ int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpsURLConnection connection = (HttpsURLConnection)
userInfoEndpoint.toURL().openConnection();
+ connection.setConnectTimeout(connectTimeout);
+ connection.setReadTimeout(readTimeout);
+
if (trustStore != null)
{
OAuth2Utils.setTrustedCertificates(connection, trustStore);
@@ -99,7 +104,7 @@ public class GitHubOAuth2IdentityResolve
connection.connect();
- try (InputStream input = connection.getInputStream())
+ try (InputStream input = OAuth2Utils.getResponseStream(connection))
{
int responseCode = connection.getResponseCode();
LOGGER.debug("Call to identity service '{}' complete, response
code : {}",
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java?rev=1729408&r1=1729407&r2=1729408&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/google/GoogleOAuth2IdentityResolverService.java
Tue Feb 9 16:41:06 2016
@@ -85,13 +85,17 @@ public class GoogleOAuth2IdentityResolve
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?>
authenticationProvider,
String accessToken) throws IOException,
IdentityResolverException
{
-
URI userInfoEndpoint =
authenticationProvider.getIdentityResolverEndpointURI();
TrustStore trustStore = authenticationProvider.getTrustStore();
+ int connectTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_CONNECT_TIMEOUT);
+ int readTimeout =
authenticationProvider.getContextValue(Integer.class,
OAuth2AuthenticationProvider.AUTHENTICATION_OAUTH2_READ_TIMEOUT);
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpsURLConnection connection = (HttpsURLConnection)
userInfoEndpoint.toURL().openConnection();
+ connection.setConnectTimeout(connectTimeout);
+ connection.setReadTimeout(readTimeout);
+
if (trustStore != null)
{
OAuth2Utils.setTrustedCertificates(connection, trustStore);
@@ -104,7 +108,7 @@ public class GoogleOAuth2IdentityResolve
connection.connect();
- try (InputStream input = connection.getInputStream())
+ try (InputStream input = OAuth2Utils.getResponseStream(connection))
{
int responseCode = connection.getResponseCode();
LOGGER.debug("Call to identity service '{}' complete, response
code : {}",
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
