Skip to content

Commit

Permalink
QPID-8529:[Broker-J] Make sure that subject is set for all http requests
Browse files Browse the repository at this point in the history
This closes apache#89
  • Loading branch information
Dedeepya-T authored and alex-rufous committed Jun 2, 2021
1 parent d8c2596 commit 5c59535
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 16 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -115,23 +115,27 @@ private String digestCredentials(final String... content)
MessageDigest md = MessageDigest.getInstance("SHA-256");

Subject subject = Subject.getSubject(AccessController.getContext());
Set<SocketConnectionPrincipal> connectionPrincipals = subject.getPrincipals(SocketConnectionPrincipal.class);
if (connectionPrincipals != null && !connectionPrincipals.isEmpty())
if (subject != null)
{
SocketConnectionPrincipal connectionPrincipal = connectionPrincipals.iterator().next();
SocketAddress remoteAddress = connectionPrincipal.getRemoteAddress();
String address;
if (remoteAddress instanceof InetSocketAddress)
Set<SocketConnectionPrincipal> connectionPrincipals =
subject.getPrincipals(SocketConnectionPrincipal.class);
if (!connectionPrincipals.isEmpty())
{
address = ((InetSocketAddress) remoteAddress).getHostString();
}
else
{
address = remoteAddress.toString();
}
if (address != null)
{
md.update(address.getBytes(UTF8));
SocketConnectionPrincipal connectionPrincipal = connectionPrincipals.iterator().next();
SocketAddress remoteAddress = connectionPrincipal.getRemoteAddress();
String address;
if (remoteAddress instanceof InetSocketAddress)
{
address = ((InetSocketAddress) remoteAddress).getHostString();
}
else
{
address = remoteAddress.toString();
}
if (address != null)
{
md.update(address.getBytes(UTF8));
}
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,19 @@ public void testCacheHitDifferentRemoteAddressPorts() throws Exception
assertGetOrLoad(credentials, expectedResult, expectedHitCount);
}

@Test
public void testCacheHitNoSubject()
{
final String credentials = "credentials";
final AuthenticationResult result1 = _authenticationResultCacher.getOrLoad(new String[]{credentials}, _loader);
assertEquals("Unexpected AuthenticationResult", _successfulAuthenticationResult, result1);
assertEquals("Unexpected number of loads before cache hit", 1, _loadCallCount);

final AuthenticationResult result2 = _authenticationResultCacher.getOrLoad(new String[]{credentials}, _loader);
assertEquals("Unexpected AuthenticationResult", _successfulAuthenticationResult, result2);
assertEquals("Unexpected number of loads before cache hit", 1, _loadCallCount);
}

private void assertGetOrLoad(final String credentials,
final AuthenticationResult expectedResult,
final int expectedHitCount)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@
package org.apache.qpid.server.management.plugin.filter;

import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
Expand All @@ -40,6 +43,7 @@
import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
import org.apache.qpid.server.management.plugin.HttpManagementUtil;
import org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator;
import org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal;
import org.apache.qpid.server.plugin.QpidServiceLoader;
import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;

Expand Down Expand Up @@ -96,7 +100,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha

if(handler != null)
{
handler.handleAuthentication(httpResponse);
invokeAuthenticationHandler(httpRequest, httpResponse, handler);
}
else
{
Expand All @@ -105,4 +109,25 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
}
}

private void invokeAuthenticationHandler(final HttpServletRequest httpRequest,
final HttpServletResponse httpResponse,
final HttpRequestInteractiveAuthenticator.AuthenticationHandler handler)
throws ServletException
{
final Subject tempSubject = new Subject(true,
Collections.<Principal>singleton(new ServletConnectionPrincipal(httpRequest)),
Collections.emptySet(),
Collections.emptySet());
try
{
Subject.doAs(tempSubject, (PrivilegedExceptionAction<Void>) () -> {
handler.handleAuthentication(httpResponse);
return null;
});
}
catch (PrivilegedActionException e)
{
throw new ServletException(e);
}
}
}

0 comments on commit 5c59535

Please sign in to comment.