This is an automated email from the ASF dual-hosted git repository. orudyy pushed a commit to branch 8.0.x in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
The following commit(s) were added to refs/heads/8.0.x by this push: new 5c1b562 QPID-8529:[Broker-J] Make sure that subject is set for all http requests 5c1b562 is described below commit 5c1b5626ec2a53243bbfe84b560370fbc7475902 Author: Dedeepya T <dedeepy...@yahoo.co.in> AuthorDate: Tue Jun 1 20:24:45 2021 +0530 QPID-8529:[Broker-J] Make sure that subject is set for all http requests This closes #89 --- .../auth/manager/AuthenticationResultCacher.java | 34 ++++++++++++---------- .../manager/AuthenticationResultCacherTest.java | 13 +++++++++ .../filter/InteractiveAuthenticationFilter.java | 27 ++++++++++++++++- 3 files changed, 58 insertions(+), 16 deletions(-) diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacher.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacher.java index b18147d..70adba8 100644 --- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacher.java +++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacher.java @@ -115,23 +115,27 @@ public class AuthenticationResultCacher MessageDigest md = MessageDigest.getInstance("SHA-256"); Subject subject = Subject.getSubject(AccessController.getContext()); - Set<SocketConnectionPrincipal> connectionPrincipals = subject.getPrincipals(SocketConnectionPrincipal.class); - if (connectionPrincipals != null && !connectionPrincipals.isEmpty()) + if (subject != null) { - SocketConnectionPrincipal connectionPrincipal = connectionPrincipals.iterator().next(); - SocketAddress remoteAddress = connectionPrincipal.getRemoteAddress(); - String address; - if (remoteAddress instanceof InetSocketAddress) + Set<SocketConnectionPrincipal> connectionPrincipals = + subject.getPrincipals(SocketConnectionPrincipal.class); + if (!connectionPrincipals.isEmpty()) { - address = ((InetSocketAddress) remoteAddress).getHostString(); - } - else - { - address = remoteAddress.toString(); - } - if (address != null) - { - md.update(address.getBytes(UTF8)); + SocketConnectionPrincipal connectionPrincipal = connectionPrincipals.iterator().next(); + SocketAddress remoteAddress = connectionPrincipal.getRemoteAddress(); + String address; + if (remoteAddress instanceof InetSocketAddress) + { + address = ((InetSocketAddress) remoteAddress).getHostString(); + } + else + { + address = remoteAddress.toString(); + } + if (address != null) + { + md.update(address.getBytes(UTF8)); + } } } diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacherTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacherTest.java index 659fc91..82ac4f6 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacherTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacherTest.java @@ -135,6 +135,19 @@ public class AuthenticationResultCacherTest extends UnitTestBase assertGetOrLoad(credentials, expectedResult, expectedHitCount); } + @Test + public void testCacheHitNoSubject() + { + final String credentials = "credentials"; + final AuthenticationResult result1 = _authenticationResultCacher.getOrLoad(new String[]{credentials}, _loader); + assertEquals("Unexpected AuthenticationResult", _successfulAuthenticationResult, result1); + assertEquals("Unexpected number of loads before cache hit", 1, _loadCallCount); + + final AuthenticationResult result2 = _authenticationResultCacher.getOrLoad(new String[]{credentials}, _loader); + assertEquals("Unexpected AuthenticationResult", _successfulAuthenticationResult, result2); + assertEquals("Unexpected number of loads before cache hit", 1, _loadCallCount); + } + private void assertGetOrLoad(final String credentials, final AuthenticationResult expectedResult, final int expectedHitCount) diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/InteractiveAuthenticationFilter.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/InteractiveAuthenticationFilter.java index 5507959..1a5de7e 100644 --- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/InteractiveAuthenticationFilter.java +++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/InteractiveAuthenticationFilter.java @@ -21,6 +21,9 @@ package org.apache.qpid.server.management.plugin.filter; import java.io.IOException; +import java.security.Principal; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -40,6 +43,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.qpid.server.management.plugin.HttpManagementConfiguration; import org.apache.qpid.server.management.plugin.HttpManagementUtil; import org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator; +import org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal; import org.apache.qpid.server.plugin.QpidServiceLoader; import org.apache.qpid.server.security.auth.AuthenticatedPrincipal; @@ -96,7 +100,7 @@ public class InteractiveAuthenticationFilter implements Filter if(handler != null) { - handler.handleAuthentication(httpResponse); + invokeAuthenticationHandler(httpRequest, httpResponse, handler); } else { @@ -105,4 +109,25 @@ public class InteractiveAuthenticationFilter implements Filter } } + private void invokeAuthenticationHandler(final HttpServletRequest httpRequest, + final HttpServletResponse httpResponse, + final HttpRequestInteractiveAuthenticator.AuthenticationHandler handler) + throws ServletException + { + final Subject tempSubject = new Subject(true, + Collections.<Principal>singleton(new ServletConnectionPrincipal(httpRequest)), + Collections.emptySet(), + Collections.emptySet()); + try + { + Subject.doAs(tempSubject, (PrivilegedExceptionAction<Void>) () -> { + handler.handleAuthentication(httpResponse); + return null; + }); + } + catch (PrivilegedActionException e) + { + throw new ServletException(e); + } + } } --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org