Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Solution to problem that Kubernetes proxy strips standard Authorizati…
…on header
- Loading branch information
Showing
11 changed files
with
95 additions
and
39 deletions.
There are no files selected for viewing
2 changes: 1 addition & 1 deletion
2
...i/security/AuthorizationHeaderParser.java → ...lokia/util/AuthorizationHeaderParser.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
package org.jolokia.osgi.security; | ||
package org.jolokia.util; | ||
|
||
/* | ||
* Copyright 2009-2013 Roland Huss | ||
|
10 changes: 5 additions & 5 deletions
10
...curity/AuthorizationHeaderParserTest.java → ...a/util/AuthorizationHeaderParserTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
63 changes: 45 additions & 18 deletions
63
agent/jvm/src/main/java/org/jolokia/jvmagent/security/UserPasswordAuthenticator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,32 +1,59 @@ | ||
package org.jolokia.jvmagent.security; | ||
|
||
import com.sun.net.httpserver.Authenticator; | ||
import com.sun.net.httpserver.BasicAuthenticator; | ||
import com.sun.net.httpserver.HttpExchange; | ||
import com.sun.net.httpserver.HttpPrincipal; | ||
import java.util.Base64; | ||
import org.jolokia.util.AuthorizationHeaderParser; | ||
import org.jolokia.util.AuthorizationHeaderParser.Result; | ||
import org.jolokia.util.Base64Util; | ||
|
||
/** | ||
* Simple authenticator using user and password for basic authentication. | ||
* | ||
* @author roland | ||
* @since 07.06.13 | ||
*/ | ||
*/ | ||
public class UserPasswordAuthenticator extends BasicAuthenticator { | ||
private String user; | ||
private String password; | ||
|
||
/** | ||
* Authenticator which checks against a given user and password | ||
* | ||
* @param pRealm realm for this authentication | ||
* @param pUser user to check again | ||
* @param pPassword her password | ||
*/ | ||
public UserPasswordAuthenticator(String pRealm, String pUser, String pPassword) { | ||
super(pRealm); | ||
user = pUser; | ||
password = pPassword; | ||
} | ||
private String user; | ||
private String password; | ||
|
||
/** | ||
* Authenticator which checks against a given user and password | ||
* | ||
* @param pRealm realm for this authentication | ||
* @param pUser user to check again | ||
* @param pPassword her password | ||
*/ | ||
public UserPasswordAuthenticator(String pRealm, String pUser, String pPassword) { | ||
super(pRealm); | ||
user = pUser; | ||
password = pPassword; | ||
} | ||
|
||
/** | ||
* {@inheritDoc} | ||
*/ | ||
public boolean checkCredentials(String pUserGiven, String pPasswordGiven) { | ||
return user.equals(pUserGiven) && password.equals(pPasswordGiven); | ||
} | ||
|
||
/** {@inheritDoc} */ | ||
public boolean checkCredentials(String pUserGiven, String pPasswordGiven) { | ||
return user.equals(pUserGiven) && password.equals(pPasswordGiven); | ||
@Override | ||
public Result authenticate(HttpExchange httpExchange) { | ||
String auth = httpExchange.getRequestHeaders().getFirst("Authorization"); | ||
if (auth == null) {//in the case where the alternate header is used | ||
final String alternateAuth = httpExchange.getRequestHeaders() | ||
.getFirst("X-jolokia-authorization"); | ||
if (alternateAuth != null) { | ||
final AuthorizationHeaderParser.Result parsed = AuthorizationHeaderParser | ||
.parse(alternateAuth); | ||
if(parsed.isValid()&&checkCredentials(parsed.getUser(), parsed.getPassword())){ | ||
return new Success(new HttpPrincipal(parsed.getUser(), this.realm)); | ||
} | ||
} | ||
} | ||
return super.authenticate(httpExchange); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 comment
on commit 373fb85
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe not the most elegant solution, but we somehow need to bypass the kuberntes proxy handling in order to secure Jolokia endpoints.
Can we put this into a constant ? thx!