summaryrefslogtreecommitdiff
path: root/java/broker-plugins
diff options
context:
space:
mode:
authorAlex Rudyy <orudyy@apache.org>2013-04-17 10:53:55 +0000
committerAlex Rudyy <orudyy@apache.org>2013-04-17 10:53:55 +0000
commit3582d877deaafe065952dfc2c8f75c3eed69ff5d (patch)
treecb30fcd27abfa0d6bdd9c511eaa930271035c028 /java/broker-plugins
parentc403e5f5fbb433807d3ea867a26bea3cc6961ecc (diff)
downloadqpid-python-3582d877deaafe065952dfc2c8f75c3eed69ff5d.tar.gz
QPID-4746, QPID-4747: remove the defaultAuthenticationProvider attribute from broker and add an overriding authentication provider for management mode
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1468830 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'java/broker-plugins')
-rw-r--r--java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java12
-rw-r--r--java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementConfiguration.java6
-rw-r--r--java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java12
-rw-r--r--java/broker-plugins/management-http/src/main/java/resources/addPort.html14
-rw-r--r--java/broker-plugins/management-http/src/main/java/resources/index.html2
-rw-r--r--java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js8
-rw-r--r--java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js57
-rw-r--r--java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/HttpManagementTest.java105
-rw-r--r--java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java4
9 files changed, 191 insertions, 29 deletions
diff --git a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
index 3cc382596a..b87b1c76f0 100644
--- a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
+++ b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java
@@ -22,6 +22,7 @@ package org.apache.qpid.server.management.plugin;
import java.io.File;
import java.lang.reflect.Type;
+import java.net.SocketAddress;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
@@ -67,6 +68,7 @@ import org.apache.qpid.server.model.User;
import org.apache.qpid.server.model.VirtualHost;
import org.apache.qpid.server.model.adapter.AbstractPluginAdapter;
import org.apache.qpid.server.plugin.PluginFactory;
+import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.util.MapValueConverter;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.DispatcherType;
@@ -407,24 +409,34 @@ public class HttpManagement extends AbstractPluginAdapter implements HttpManagem
return Collections.unmodifiableCollection(AVAILABLE_ATTRIBUTES);
}
+ @Override
public boolean isHttpsSaslAuthenticationEnabled()
{
return (Boolean)getAttribute(HTTPS_SASL_AUTHENTICATION_ENABLED);
}
+ @Override
public boolean isHttpSaslAuthenticationEnabled()
{
return (Boolean)getAttribute(HTTP_SASL_AUTHENTICATION_ENABLED);
}
+ @Override
public boolean isHttpsBasicAuthenticationEnabled()
{
return (Boolean)getAttribute(HTTPS_BASIC_AUTHENTICATION_ENABLED);
}
+ @Override
public boolean isHttpBasicAuthenticationEnabled()
{
return (Boolean)getAttribute(HTTP_BASIC_AUTHENTICATION_ENABLED);
}
+ @Override
+ public SubjectCreator getSubjectCreator(SocketAddress localAddress)
+ {
+ return _broker.getSubjectCreator(localAddress);
+ }
+
}
diff --git a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementConfiguration.java b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementConfiguration.java
index 104fe42f46..56919e2e6b 100644
--- a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementConfiguration.java
+++ b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementConfiguration.java
@@ -20,6 +20,10 @@
*/
package org.apache.qpid.server.management.plugin;
+import java.net.SocketAddress;
+
+import org.apache.qpid.server.security.SubjectCreator;
+
public interface HttpManagementConfiguration
{
boolean isHttpsSaslAuthenticationEnabled();
@@ -29,4 +33,6 @@ public interface HttpManagementConfiguration
boolean isHttpsBasicAuthenticationEnabled();
boolean isHttpBasicAuthenticationEnabled();
+
+ SubjectCreator getSubjectCreator(SocketAddress localAddress);
}
diff --git a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
index 68ec9f532c..4c6e5bf63e 100644
--- a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
+++ b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
@@ -85,13 +85,13 @@ public class HttpManagementUtil
}
public static void checkRequestAuthenticatedAndAccessAuthorized(HttpServletRequest request, Broker broker,
- HttpManagementConfiguration management)
+ HttpManagementConfiguration managementConfig)
{
HttpSession session = request.getSession();
Subject subject = getAuthorisedSubject(session);
if (subject == null)
{
- subject = tryToAuthenticate(request, broker, management);
+ subject = tryToAuthenticate(request, managementConfig);
if (subject == null)
{
throw new SecurityException("Only authenticated users can access the management interface");
@@ -164,11 +164,11 @@ public class HttpManagementUtil
session.setAttribute(ATTR_LOGIN_LOGOUT_REPORTER, new LoginLogoutReporter(logActor, subject));
}
- private static Subject tryToAuthenticate(HttpServletRequest request, Broker broker, HttpManagementConfiguration management)
+ private static Subject tryToAuthenticate(HttpServletRequest request, HttpManagementConfiguration managementConfig)
{
Subject subject = null;
SocketAddress localAddress = getSocketAddress(request);
- SubjectCreator subjectCreator = broker.getSubjectCreator(localAddress);
+ SubjectCreator subjectCreator = managementConfig.getSubjectCreator(localAddress);
String remoteUser = request.getRemoteUser();
if (remoteUser != null || subjectCreator.isAnonymousAuthenticationAllowed())
@@ -186,11 +186,11 @@ public class HttpManagementUtil
boolean isBasicAuthSupported = false;
if (request.isSecure())
{
- isBasicAuthSupported = management.isHttpsBasicAuthenticationEnabled();
+ isBasicAuthSupported = managementConfig.isHttpsBasicAuthenticationEnabled();
}
else
{
- isBasicAuthSupported = management.isHttpBasicAuthenticationEnabled();
+ isBasicAuthSupported = managementConfig.isHttpBasicAuthenticationEnabled();
}
if (isBasicAuthSupported)
{
diff --git a/java/broker-plugins/management-http/src/main/java/resources/addPort.html b/java/broker-plugins/management-http/src/main/java/resources/addPort.html
index 391783c6d8..b800d8e067 100644
--- a/java/broker-plugins/management-http/src/main/java/resources/addPort.html
+++ b/java/broker-plugins/management-http/src/main/java/resources/addPort.html
@@ -26,19 +26,21 @@
<input type="text" required="true" name="name" id="formAddPort.name" placeholder="Name"
data-dojo-props="label: 'Name*:'" dojoType="dijit.form.ValidationTextBox"
missingMessage="A name must be supplied" regexp="^[\x20-\x2e\x30-\x7F]{1,255}$"/>
- <input data-dojo-type="dijit.form.NumberSpinner" id="formAddPort.port" required="true" data-dojo-props="label: 'Port Number*:'"
+ <input data-dojo-type="dijit.form.NumberSpinner" id="formAddPort.port" required="true" data-dojo-props="label: 'Port Number*:', placeHolder: 'Enter port number'"
name="port" smallDelta="1" constraints="{min:1,max:65535,places:0, pattern: '#####'}"
missingMessage="A port number must be supplied" />
- <select id="formAddPort.authenticationProvider" data-dojo-type="dijit.form.FilteringSelect"
- data-dojo-props="name:'authenticationProvider',label:'Authentication Provider:', searchAttr: 'name', required: false, placeHolder: 'Default', value: '' ">
- </select>
<select id="formAddPort.type" data-dojo-type="dijit.form.FilteringSelect"
- data-dojo-props="name: 'type', value: '',placeHolder: 'Select Port Type', label: 'Port Type:'">
+ data-dojo-props="name: 'type', value: '',placeHolder: 'Select Port Type', label: 'Port Type*:'">
<option value="AMQP" selected="selected">AMQP</option>
<option value="JMX">JMX</option>
<option value="HTTP">HTTP</option>
</select>
</div>
+ <div id="formAddPort:fieldsAuthenticationProvider">
+ <select id="formAddPort.authenticationProvider" data-dojo-type="dijit.form.FilteringSelect"
+ data-dojo-props="name:'authenticationProvider',label:'Authentication Provider*:', searchAttr: 'name', required: true, placeHolder: 'Select Provider'">
+ </select>
+ </div>
<div id="formAddPort:fieldsAMQP">
<input id="formAddPort.bindingAddress" type="text" name="bindingAddress" placeholder="*"
dojoType="dijit.form.TextBox" data-dojo-props="label: 'Binding address:'"/>
@@ -82,7 +84,7 @@
</select>
</div>
<div id="formAddPort:fieldsClientAuth">
- <div id="formAddPort:fieldsClientAuth2">
+ <div id="formAddPort:fieldsClientAuthCheckboxes">
<input id="formAddPort.needClientAuth" type="checkbox" name="needClientAuth"
dojoType="dijit.form.CheckBox" data-dojo-props="label: 'Need SSL Client Certificate:'" />
<input id="formAddPort.wantClientAuth" type="checkbox" name="wantClientAuth"
diff --git a/java/broker-plugins/management-http/src/main/java/resources/index.html b/java/broker-plugins/management-http/src/main/java/resources/index.html
index c4fbe77b08..c0a512d829 100644
--- a/java/broker-plugins/management-http/src/main/java/resources/index.html
+++ b/java/broker-plugins/management-http/src/main/java/resources/index.html
@@ -77,7 +77,7 @@
<div id="header" class="header" style="float: left; width: 300px"></div>
<div id="login" style="float: right"></div>
</div>
- <div data-dojo-type="dijit.layout.ContentPane" data-dojo-props="region:'leading', splitter: true">
+ <div data-dojo-type="dijit.layout.ContentPane" data-dojo-props="region:'leading', splitter: true" style="width:20%">
<div qpid-type="treeView" qpid-props="query: 'rest/structure'" ></div>
</div>
<div id="managedViews" data-dojo-type="dijit.layout.TabContainer" data-dojo-props="region:'center', tabPosition: 'top'">
diff --git a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js
index b07b68c835..fe5f238148 100644
--- a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js
+++ b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js
@@ -233,7 +233,7 @@ define(["dojo/_base/xhr",
checked: brokerData["queue.deadLetterQueueEnabled"],
value: "true",
label: "Dead letter queue enabled:",
- name: "queue.deadLetterQueueEnabled",
+ name: "queue.deadLetterQueueEnabled"
});
}
}, {
@@ -247,7 +247,7 @@ define(["dojo/_base/xhr",
value: brokerData["queue.flowControlSizeBytes"],
placeholder: "Size in bytes",
label: "Flow control threshold (bytes):",
- name: "queue.flowControlSizeBytes",
+ name: "queue.flowControlSizeBytes"
});
}
}, {
@@ -261,7 +261,7 @@ define(["dojo/_base/xhr",
value: brokerData["queue.flowResumeSizeBytes"],
placeholder: "Size in bytes",
label: "Flow resume threshold (bytes):",
- name: "queue.flowResumeSizeBytes",
+ name: "queue.flowResumeSizeBytes"
});
}
}, {
@@ -530,7 +530,7 @@ define(["dojo/_base/xhr",
new UpdatableStore(that.brokerData.ports, query(".broker-ports")[0],
[ { name: "Name", field: "name", width: "150px"},
{ name: "State", field: "state", width: "60px"},
- { name: "Authentication", field: "authenticationProvider", width: "100px"},
+ { name: "Auth Provider", field: "authenticationProvider", width: "100px"},
{ name: "Address", field: "bindingAddress", width: "70px"},
{ name: "Port", field: "port", width: "50px"},
{ name: "Transports", field: "transports", width: "100px"},
diff --git a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
index c60ad5bb79..c3bfac5285 100644
--- a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
+++ b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
@@ -224,25 +224,47 @@ define(["dojo/_base/xhr",
{
protocolsWidget.set("disabled", (isAMQP && defaultsAMQPProtocols.checked));
}
+
var transportWidget = registry.byId("formAddPort.transports");
+ var disableTransportWidget = false;
+ var toggleSsl = true;
+ var isRMI = (newValue == "JMX" && registry.byId("formAddPort.protocolsJMX").value == "RMI");
+ if (isRMI)
+ {
+ if (transportWidget.value != "TCP")
+ {
+ transportWidget.set("value", "TCP");
- var disabled = (newValue == "JMX" && registry.byId("formAddPort.protocolsJMX").value == "RMI");
- if (disabled && transportWidget.value != "TCP")
+ // changing of transport widget value will cause the call to toggleSslWidgets
+ toggleSsl = false;
+ }
+ disableTransportWidget = true;
+ }
+ else if (newValue == "HTTP" && registry.byId("formAddPort.protocolsHTTP").value == "HTTPS")
{
- transportWidget.set("value", "TCP");
+ if (transportWidget.value != "SSL")
+ {
+ transportWidget.set("value", "SSL");
+
+ // changing of transport widget value will cause the call to toggleSslWidgets
+ toggleSsl = false;
+ }
+ disableTransportWidget = true;
}
- else
+ if (toggleSsl)
{
- toggleSslWidgets(newValue, transportWidget.value);
+ toggleSslWidgets(newValue, transportWidget.value);
}
- transportWidget.set("disabled", disabled);
-
+ transportWidget.set("disabled", disableTransportWidget);
+ registry.byId("formAddPort.authenticationProvider").set("disabled", isRMI);
+ registry.byId("formAddPort:fieldsAuthenticationProvider").domNode.style.display = isRMI? "none" : "block";
});
theForm = registry.byId("formAddPort");
var containers = ["formAddPort:fields", "formAddPort:fieldsTransportSSL", "formAddPort:fieldsAMQP",
- "formAddPort:fieldsJMX", "formAddPort:fieldsHTTP", "formAddPort:transport", "formAddPort:fieldsClientAuth2"];
+ "formAddPort:fieldsJMX", "formAddPort:fieldsHTTP", "formAddPort:transport",
+ "formAddPort:fieldsClientAuthCheckboxes", "formAddPort:fieldsAuthenticationProvider"];
var labelWidthValue = "200";
for(var i = 0; i < containers.length; i++)
{
@@ -258,9 +280,24 @@ define(["dojo/_base/xhr",
}
registry.byId("formAddPort.protocolsJMX").on("change", function(newValue){
+ var isRMI = newValue == "RMI";
+ var transportWidget = registry.byId("formAddPort.transports");
+ if (isRMI && transportWidget.value != "TCP")
+ {
+ transportWidget.set("value", "TCP");
+ }
+ transportWidget.set("disabled", isRMI);
+ registry.byId("formAddPort:fieldsAuthenticationProvider").domNode.style.display = isRMI? "none" : "block";
+ registry.byId("formAddPort.authenticationProvider").set("disabled", isRMI);
+ });
+
+ registry.byId("formAddPort.protocolsHTTP").on("change", function(newValue){
+ var isHTTPS = newValue == "HTTPS";
var transportWidget = registry.byId("formAddPort.transports");
- transportWidget.set("value", "TCP");
- transportWidget.set("disabled", newValue == "RMI");
+ if (isHTTPS && transportWidget.value != "SSL") {
+ transportWidget.set("value", "SSL");
+ }
+ transportWidget.set("disabled", isHTTPS);
});
theForm.on("submit", function(e) {
diff --git a/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/HttpManagementTest.java b/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/HttpManagementTest.java
new file mode 100644
index 0000000000..55606af117
--- /dev/null
+++ b/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/HttpManagementTest.java
@@ -0,0 +1,105 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.management.plugin;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
+import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.security.SubjectCreator;
+import org.apache.qpid.test.utils.QpidTestCase;
+
+public class HttpManagementTest extends QpidTestCase
+{
+ private UUID _id;
+ private Broker _broker;
+ private HttpManagement _management;
+
+ @Override
+ public void setUp() throws Exception
+ {
+ super.setUp();
+ _id = UUID.randomUUID();
+ _broker = mock(Broker.class);
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(HttpManagement.HTTP_BASIC_AUTHENTICATION_ENABLED, false);
+ attributes.put(HttpManagement.HTTPS_BASIC_AUTHENTICATION_ENABLED, true);
+ attributes.put(HttpManagement.HTTP_SASL_AUTHENTICATION_ENABLED, false);
+ attributes.put(HttpManagement.HTTPS_SASL_AUTHENTICATION_ENABLED, true);
+ attributes.put(HttpManagement.NAME, getTestName());
+ attributes.put(HttpManagement.TIME_OUT, 10000l);
+ _management = new HttpManagement(_id, _broker, attributes);
+ }
+
+ public void testGetBroker()
+ {
+ assertEquals("Unexpected broker", _broker, _management.getBroker());
+ }
+
+ public void testGetSessionTimeout()
+ {
+ assertEquals("Unexpected session timeout", 10000l, _management.getSessionTimeout());
+ }
+
+ public void testGetName()
+ {
+ assertEquals("Unexpected name", getTestName(), _management.getName());
+ }
+
+ public void testIsHttpsSaslAuthenticationEnabled()
+ {
+ assertEquals("Unexpected value for the https sasl enabled attribute", true,
+ _management.isHttpsSaslAuthenticationEnabled());
+ }
+
+ public void testIsHttpSaslAuthenticationEnabled()
+ {
+ assertEquals("Unexpected value for the http sasl enabled attribute", false, _management.isHttpSaslAuthenticationEnabled());
+ }
+
+ public void testIsHttpsBasicAuthenticationEnabled()
+ {
+ assertEquals("Unexpected value for the https basic authentication enabled attribute", true,
+ _management.isHttpsBasicAuthenticationEnabled());
+ }
+
+ public void testIsHttpBasicAuthenticationEnabled()
+ {
+ assertEquals("Unexpected value for the http basic authentication enabled attribute", false,
+ _management.isHttpBasicAuthenticationEnabled());
+ }
+
+ public void testGetSubjectCreator()
+ {
+ SocketAddress localAddress = InetSocketAddress.createUnresolved("localhost", 8080);
+ SubjectCreator subjectCreator = mock(SubjectCreator.class);
+ when(_broker.getSubjectCreator(localAddress)).thenReturn(subjectCreator);
+ SubjectCreator httpManagementSubjectCreator = _management.getSubjectCreator(localAddress);
+ assertEquals("Unexpected subject creator", subjectCreator, httpManagementSubjectCreator);
+ }
+
+}
diff --git a/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java b/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java
index 62e88193bb..d094134e11 100644
--- a/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java
+++ b/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java
@@ -29,7 +29,7 @@ import org.apache.qpid.server.model.KeyStore;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.Transport;
-import org.apache.qpid.server.security.auth.rmi.RMIPasswordAuthenticator;
+import org.apache.qpid.server.security.auth.jmx.JMXPasswordAuthenticator;
import org.apache.qpid.ssl.SSLContextFactory;
import javax.management.JMException;
@@ -160,7 +160,7 @@ public class JMXManagedObjectRegistry implements ManagedObjectRegistry
int jmxPortConnectorServer = _connectorPort.getPort();
//add a JMXAuthenticator implementation the env map to authenticate the RMI based JMX connector server
- RMIPasswordAuthenticator rmipa = new RMIPasswordAuthenticator(_broker, new InetSocketAddress(jmxPortConnectorServer));
+ JMXPasswordAuthenticator rmipa = new JMXPasswordAuthenticator(_broker, new InetSocketAddress(jmxPortConnectorServer));
HashMap<String,Object> connectorEnv = new HashMap<String,Object>();
connectorEnv.put(JMXConnectorServer.AUTHENTICATOR, rmipa);
View Lorry Controller Status