Author: lquack
Date: Tue Feb 9 17:10:24 2016
New Revision: 1729412
URL: http://svn.apache.org/viewvc?rev=1729412&view=rev
Log:
QPID-7055: [Java Broker] Improve GroupProvider API to use Principals instead of
username Strings
Added:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2UserPrincipal.java
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/GroupProvider.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/FileBasedGroupProviderImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/group/GroupProviderImpl.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/AnonymousPreemptiveAuthenticator.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/BasicAuthPreemptiveAuthenticator.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2PreemptiveAuthenticator.java
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/GroupProvider.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/GroupProvider.java?rev=1729412&r1=1729411&r2=1729412&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/GroupProvider.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/GroupProvider.java
Tue Feb 9 17:10:24 2016
@@ -25,5 +25,5 @@ import java.util.Set;
@ManagedObject
public interface GroupProvider<X extends GroupProvider<X>> extends
ConfiguredObject<X>
{
- Set<Principal> getGroupPrincipalsForUser(String username);
+ Set<Principal> getGroupPrincipalsForUser(Principal userPrincipal);
}
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/FileBasedGroupProviderImpl.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/FileBasedGroupProviderImpl.java?rev=1729412&r1=1729411&r2=1729412&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/FileBasedGroupProviderImpl.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/adapter/FileBasedGroupProviderImpl.java
Tue Feb 9 17:10:24 2016
@@ -33,7 +33,6 @@ import java.util.UUID;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
-import com.google.common.util.concurrent.SettableFuture;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -313,9 +312,10 @@ public class FileBasedGroupProviderImpl
return Futures.immediateFuture(null);
}
- public Set<Principal> getGroupPrincipalsForUser(String username)
+ @Override
+ public Set<Principal> getGroupPrincipalsForUser(Principal userPrincipal)
{
- Set<String> groups = _groupDatabase == null ?
Collections.<String>emptySet(): _groupDatabase.getGroupsForUser(username);
+ Set<String> groups = _groupDatabase == null ?
Collections.<String>emptySet() :
_groupDatabase.getGroupsForUser(userPrincipal.getName());
if (groups.isEmpty())
{
return Collections.emptySet();
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java?rev=1729412&r1=1729411&r2=1729412&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SubjectCreator.java
Tue Feb 9 17:10:24 2016
@@ -115,9 +115,7 @@ public class SubjectCreator
AuthenticationResult authenticationResult =
_authenticationProvider.authenticate(server, response);
if(server.isComplete())
{
- String username = server.getAuthorizationID();
-
- return createResultWithGroups(username, authenticationResult);
+ return createResultWithGroups(authenticationResult);
}
else
{
@@ -125,14 +123,15 @@ public class SubjectCreator
}
}
- public SubjectAuthenticationResult createResultWithGroups(String username,
final AuthenticationResult authenticationResult)
+ public SubjectAuthenticationResult createResultWithGroups(final
AuthenticationResult authenticationResult)
{
if(authenticationResult.getStatus() == AuthenticationStatus.SUCCESS)
{
final Subject authenticationSubject = new Subject();
authenticationSubject.getPrincipals().addAll(authenticationResult.getPrincipals());
-
authenticationSubject.getPrincipals().addAll(getGroupPrincipals(username));
+ final Set<Principal> groupPrincipals =
getGroupPrincipals(authenticationResult.getMainPrincipal());
+ authenticationSubject.getPrincipals().addAll(groupPrincipals);
authenticationSubject.setReadOnly();
@@ -146,23 +145,23 @@ public class SubjectCreator
- public Subject createSubjectWithGroups(Principal principal)
+ public Subject createSubjectWithGroups(Principal userPrincipal)
{
Subject authenticationSubject = new Subject();
- authenticationSubject.getPrincipals().add(principal);
-
authenticationSubject.getPrincipals().addAll(getGroupPrincipals(principal.getName()));
+ authenticationSubject.getPrincipals().add(userPrincipal);
+
authenticationSubject.getPrincipals().addAll(getGroupPrincipals(userPrincipal));
authenticationSubject.setReadOnly();
return authenticationSubject;
}
- Set<Principal> getGroupPrincipals(String username)
+ Set<Principal> getGroupPrincipals(Principal userPrincipal)
{
Set<Principal> principals = new HashSet<Principal>();
for (GroupProvider groupProvider : _groupProviders)
{
- Set<Principal> groups =
groupProvider.getGroupPrincipalsForUser(username);
+ Set<Principal> groups =
groupProvider.getGroupPrincipalsForUser(userPrincipal);
if (groups != null)
{
principals.addAll(groups);
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java?rev=1729412&r1=1729411&r2=1729412&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
Tue Feb 9 17:10:24 2016
@@ -256,7 +256,16 @@ public class OAuth2AuthenticationProvide
responseMap.get("error_description")));
return new
AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
}
- return getAuthenticationResult(responseMap);
+
+ Object accessTokenObject = responseMap.get("access_token");
+ if (accessTokenObject == null)
+ {
+ IllegalStateException e = new IllegalStateException("Token
endpoint response did not include 'access_token'");
+ return new
AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
+ }
+ String accessToken = String.valueOf(accessTokenObject);
+
+ return authenticateViaAccessToken(accessToken);
}
catch (JsonProcessingException e)
{
@@ -266,7 +275,7 @@ public class OAuth2AuthenticationProvide
return new
AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, ise);
}
}
- catch (IOException | IdentityResolverException e)
+ catch (IOException e)
{
return new
AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
}
@@ -277,7 +286,9 @@ public class OAuth2AuthenticationProvide
{
try
{
- return new AuthenticationResult(new
AuthenticatedPrincipal(_identityResolverService.getUserPrincipal(this,
accessToken)));
+ final Principal userPrincipal =
_identityResolverService.getUserPrincipal(this, accessToken);
+ OAuth2UserPrincipal oauthUserPrincipal = new
OAuth2UserPrincipal(userPrincipal.getName(), accessToken);
+ return new AuthenticationResult(oauthUserPrincipal);
}
catch (IOException | IdentityResolverException e)
{
@@ -339,20 +350,7 @@ public class OAuth2AuthenticationProvide
return _scope;
}
- private AuthenticationResult getAuthenticationResult(Map<String, Object>
tokenEndpointResponse)
- throws IOException, IdentityResolverException
- {
- final Object accessTokenObject =
tokenEndpointResponse.get("access_token");
- if (accessTokenObject == null)
- {
- final IllegalStateException e = new IllegalStateException("Token
endpoint response did not include 'access_token'");
- return new
AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
- }
- String accessToken = String.valueOf(accessTokenObject);
-
- return new AuthenticationResult(new
AuthenticatedPrincipal(_identityResolverService.getUserPrincipal(this,
accessToken)));
- }
-
+ @SuppressWarnings("unused")
public static Collection<String> validIdentityResolvers()
{
return new
QpidServiceLoader().getInstancesByType(OAuth2IdentityResolverService.class).keySet();
Added:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2UserPrincipal.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2UserPrincipal.java?rev=1729412&view=auto
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2UserPrincipal.java
(added)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2UserPrincipal.java
Tue Feb 9 17:10:24 2016
@@ -0,0 +1,85 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.security.auth.manager.oauth2;
+
+import java.security.Principal;
+
+
+public class OAuth2UserPrincipal implements Principal
+{
+ private final String _accessToken;
+ private final String _name;
+
+ public OAuth2UserPrincipal(final String name, final String accessToken)
+ {
+ if (name == null)
+ {
+ throw new IllegalArgumentException("name cannot be null");
+ }
+ if (accessToken == null)
+ {
+ throw new IllegalArgumentException("accessToken cannot be null");
+ }
+ _name = name;
+ _accessToken = accessToken;
+ }
+
+ public String getAccessToken()
+ {
+ return _accessToken;
+ }
+
+ @Override
+ public String getName()
+ {
+ return _name;
+ }
+
+ @Override
+ public boolean equals(final Object o)
+ {
+ if (this == o)
+ {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass())
+ {
+ return false;
+ }
+
+ final OAuth2UserPrincipal that = (OAuth2UserPrincipal) o;
+
+ if (!_accessToken.equals(that._accessToken))
+ {
+ return false;
+ }
+ return _name.equals(that._name);
+
+ }
+
+ @Override
+ public int hashCode()
+ {
+ int result = _accessToken.hashCode();
+ result = 31 * result + _name.hashCode();
+ return result;
+ }
+}
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/group/GroupProviderImpl.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/group/GroupProviderImpl.java?rev=1729412&r1=1729411&r2=1729412&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/group/GroupProviderImpl.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/group/GroupProviderImpl.java
Tue Feb 9 17:10:24 2016
@@ -56,7 +56,7 @@ public class GroupProviderImpl extends A
@Override
- public Set<Principal> getGroupPrincipalsForUser(final String username)
+ public Set<Principal> getGroupPrincipalsForUser(final Principal
userPrincipal)
{
Set<Principal> principals = new HashSet<>();
@@ -65,7 +65,7 @@ public class GroupProviderImpl extends A
{
for(GroupMember<?> member : group.getChildren(GroupMember.class))
{
- if(member.getPrincipal().getName().equals(username))
+
if(member.getPrincipal().getName().equals(userPrincipal.getName()))
{
principals.add(group.getGroupPrincipal());
}
Modified:
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java?rev=1729412&r1=1729411&r2=1729412&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
(original)
+++
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/SubjectCreatorTest.java
Tue Feb 9 17:10:24 2016
@@ -36,11 +36,12 @@ import org.apache.qpid.server.security.a
import org.apache.qpid.server.security.auth.AuthenticationResult;
import
org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.test.utils.QpidTestCase;
public class SubjectCreatorTest extends QpidTestCase
{
- private static final String USERNAME = "username";
+ private static final UsernamePrincipal USERNAME_PRINCIPAL = new
UsernamePrincipal("username");
private static final String PASSWORD = "password";
private AuthenticationProvider<?> _authenticationProvider =
mock(AuthenticationProvider.class);
@@ -48,7 +49,6 @@ public class SubjectCreatorTest extends
private GroupProvider<?> _groupManager1 = mock(GroupProvider.class);
private GroupProvider<?> _groupManager2 = mock(GroupProvider.class);
- private Principal _userPrincipal = mock(Principal.class);
private Principal _group1 = mock(Principal.class);
private Principal _group2 = mock(Principal.class);
@@ -60,26 +60,26 @@ public class SubjectCreatorTest extends
@Override
public void setUp()
{
-
when(_groupManager1.getGroupPrincipalsForUser(USERNAME)).thenReturn(Collections.singleton(_group1));
-
when(_groupManager2.getGroupPrincipalsForUser(USERNAME)).thenReturn(Collections.singleton(_group2));
+
when(_groupManager1.getGroupPrincipalsForUser(USERNAME_PRINCIPAL)).thenReturn(Collections.singleton(_group1));
+
when(_groupManager2.getGroupPrincipalsForUser(USERNAME_PRINCIPAL)).thenReturn(Collections.singleton(_group2));
_subjectCreator = new SubjectCreator(_authenticationProvider, new
HashSet<GroupProvider<?>>(Arrays.asList(_groupManager1, _groupManager2)),
false);
- _authenticationResult = new AuthenticationResult(_userPrincipal);
+ _authenticationResult = new AuthenticationResult(USERNAME_PRINCIPAL);
}
public void
testSaslAuthenticationSuccessReturnsSubjectWithUserAndGroupPrincipals() throws
Exception
{
when(_authenticationProvider.authenticate(_testSaslServer,
_saslResponseBytes)).thenReturn(_authenticationResult);
when(_testSaslServer.isComplete()).thenReturn(true);
- when(_testSaslServer.getAuthorizationID()).thenReturn(USERNAME);
+
when(_testSaslServer.getAuthorizationID()).thenReturn(USERNAME_PRINCIPAL.getName());
SubjectAuthenticationResult result =
_subjectCreator.authenticate(_testSaslServer, _saslResponseBytes);
final Subject actualSubject = result.getSubject();
assertEquals("Should contain one user principal and two groups ", 3,
actualSubject.getPrincipals().size());
- assertTrue(actualSubject.getPrincipals().contains(new
AuthenticatedPrincipal(_userPrincipal)));
+ assertTrue(actualSubject.getPrincipals().contains(new
AuthenticatedPrincipal(USERNAME_PRINCIPAL)));
assertTrue(actualSubject.getPrincipals().contains(_group1));
assertTrue(actualSubject.getPrincipals().contains(_group2));
@@ -113,21 +113,21 @@ public class SubjectCreatorTest extends
public void testGetGroupPrincipalsWhenAGroupManagerReturnsNull()
{
-
when(_groupManager1.getGroupPrincipalsForUser(USERNAME)).thenReturn(null);
+
when(_groupManager1.getGroupPrincipalsForUser(USERNAME_PRINCIPAL)).thenReturn(null);
getAndAssertGroupPrincipals(_group2);
}
public void testGetGroupPrincipalsWhenAGroupManagerReturnsEmptySet()
{
-
when(_groupManager2.getGroupPrincipalsForUser(USERNAME)).thenReturn(new
HashSet<Principal>());
+
when(_groupManager2.getGroupPrincipalsForUser(USERNAME_PRINCIPAL)).thenReturn(new
HashSet<Principal>());
getAndAssertGroupPrincipals(_group1);
}
private void getAndAssertGroupPrincipals(Principal... expectedGroups)
{
- Set<Principal> actualGroupPrincipals =
_subjectCreator.getGroupPrincipals(USERNAME);
+ Set<Principal> actualGroupPrincipals =
_subjectCreator.getGroupPrincipals(USERNAME_PRINCIPAL);
Set<Principal> expectedGroupPrincipals = new
HashSet<Principal>(Arrays.asList(expectedGroups));
assertEquals(expectedGroupPrincipals, actualGroupPrincipals);
}
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/AnonymousPreemptiveAuthenticator.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/AnonymousPreemptiveAuthenticator.java?rev=1729412&r1=1729411&r2=1729412&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/AnonymousPreemptiveAuthenticator.java
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/AnonymousPreemptiveAuthenticator.java
Tue Feb 9 17:10:24 2016
@@ -44,8 +44,7 @@ public class AnonymousPreemptiveAuthenti
SubjectCreator subjectCreator =
authenticationProvider.getSubjectCreator(request.isSecure());
if(authenticationProvider instanceof AnonymousAuthenticationManager)
{
- return
subjectCreator.createResultWithGroups(AnonymousAuthenticationManager.ANONYMOUS_USERNAME,
-
AnonymousAuthenticationManager.ANONYMOUS_AUTHENTICATION).getSubject();
+ return
subjectCreator.createResultWithGroups(AnonymousAuthenticationManager.ANONYMOUS_AUTHENTICATION).getSubject();
}
return null;
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/BasicAuthPreemptiveAuthenticator.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/BasicAuthPreemptiveAuthenticator.java?rev=1729412&r1=1729411&r2=1729412&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/BasicAuthPreemptiveAuthenticator.java
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/BasicAuthPreemptiveAuthenticator.java
Tue Feb 9 17:10:24 2016
@@ -29,7 +29,6 @@ import javax.xml.bind.DatatypeConverter;
import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
import
org.apache.qpid.server.management.plugin.HttpRequestPreemptiveAuthenticator;
import org.apache.qpid.server.model.AuthenticationProvider;
-import org.apache.qpid.server.model.port.HttpPort;
import org.apache.qpid.server.plugin.PluggableService;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticationResult;
@@ -75,8 +74,7 @@ public class BasicAuthPreemptiveAuthenti
String username = credentials[0];
String password = credentials[1];
AuthenticationResult authenticationResult =
namePasswdAuthProvider.authenticate(username, password);
- SubjectAuthenticationResult result =
subjectCreator.createResultWithGroups(username,
-
authenticationResult);
+ SubjectAuthenticationResult result =
subjectCreator.createResultWithGroups(authenticationResult);
return result.getSubject();
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java?rev=1729412&r1=1729411&r2=1729412&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
Tue Feb 9 17:10:24 2016
@@ -125,11 +125,8 @@ public class OAuth2InteractiveAuthentica
private void createSubject(final AuthenticationResult
authenticationResult)
{
- String username =
authenticationResult.getMainPrincipal().getName();
-
SubjectCreator subjectCreator =
oauth2Provider.getSubjectCreator(request.isSecure());
- SubjectAuthenticationResult
- result =
subjectCreator.createResultWithGroups(username, authenticationResult);
+ SubjectAuthenticationResult result =
subjectCreator.createResultWithGroups(authenticationResult);
Subject subject = result.getSubject();
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2PreemptiveAuthenticator.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2PreemptiveAuthenticator.java?rev=1729412&r1=1729411&r2=1729412&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2PreemptiveAuthenticator.java
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2PreemptiveAuthenticator.java
Tue Feb 9 17:10:24 2016
@@ -61,15 +61,9 @@ public class OAuth2PreemptiveAuthenticat
{
OAuth2AuthenticationProvider<?> oAuth2AuthProvider =
(OAuth2AuthenticationProvider<?>) authenticationProvider;
AuthenticationResult authenticationResult =
oAuth2AuthProvider.authenticateViaAccessToken(accessToken);
- Principal mainPrincipal = authenticationResult.getMainPrincipal();
- if (mainPrincipal == null)
- {
- LOGGER.debug("Preemptive OAuth2 authentication failed",
authenticationResult.getCause());
- return null;
- }
SubjectCreator subjectCreator =
authenticationProvider.getSubjectCreator(request.isSecure());
- SubjectAuthenticationResult result =
subjectCreator.createResultWithGroups(mainPrincipal.getName(),
authenticationResult);
+ SubjectAuthenticationResult result =
subjectCreator.createResultWithGroups(authenticationResult);
return result.getSubject();
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
