Author: lquack
Date: Thu Mar 17 17:12:47 2016
New Revision: 1735461
URL: http://svn.apache.org/viewvc?rev=1735461&view=rev
Log:
QPID-7151: [Java Broker] Improve error handling in OAuth2 AuthenticationProvider
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java?rev=1735461&r1=1735460&r2=1735461&view=diff
==============================================================================
---
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
(original)
+++
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImpl.java
Thu Mar 17 17:12:47 2016
@@ -302,13 +302,13 @@ public class OAuth2AuthenticationProvide
LOGGER.debug("Call to token endpoint '{}' complete, response
code : {}", tokenEndpoint, responseCode);
Map<String, Object> responseMap =
_objectMapper.readValue(input, Map.class);
- if (responseCode != 200)
+ if (responseCode != 200 || responseMap.containsKey("error"))
{
IllegalStateException e = new
IllegalStateException(String.format("Token endpoint failed, response code %d,
error '%s', description '%s'",
responseCode,
responseMap.get("error"),
responseMap.get("error_description")));
- LOGGER.error("Call to token endpoint failed", e);
+ LOGGER.error(e.getMessage());
return new
AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
}
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java?rev=1735461&r1=1735460&r2=1735461&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
Thu Mar 17 17:12:47 2016
@@ -173,10 +173,18 @@ public class OAuth2InteractiveAuthentica
LOGGER.debug("Successful login. Redirect to
original resource {}", originalRequestUri);
response.sendRedirect(originalRequestUri);
}
- catch (AccessControlException e)
+ catch (SecurityException e)
{
- LOGGER.info("User '{}' is not authorised for
management", authenticationResult.getMainPrincipal());
- response.sendError(403, "User is not authorised
for management");
+ if (e instanceof AccessControlException)
+ {
+ LOGGER.info("User '{}' is not authorised for
management", authenticationResult.getMainPrincipal());
+ response.sendError(403, "User is not
authorised for management");
+ }
+ else
+ {
+ LOGGER.info("Authentication failed",
authenticationResult.getCause());
+ response.sendError(401);
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
