diff options
Diffstat (limited to 'qpid/java/common/src/main')
5 files changed, 24 insertions, 203 deletions
diff --git a/qpid/java/common/src/main/java/org/apache/qpid/security/AMQPCallbackHandler.java b/qpid/java/common/src/main/java/org/apache/qpid/security/AMQPCallbackHandler.java deleted file mode 100644 index a3dad9acdc..0000000000 --- a/qpid/java/common/src/main/java/org/apache/qpid/security/AMQPCallbackHandler.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.security; - -import javax.security.auth.callback.CallbackHandler; - -public interface AMQPCallbackHandler extends CallbackHandler -{ - void initialise(String username,String password); -} diff --git a/qpid/java/common/src/main/java/org/apache/qpid/security/UsernamePasswordCallbackHandler.java b/qpid/java/common/src/main/java/org/apache/qpid/security/UsernamePasswordCallbackHandler.java deleted file mode 100644 index 89a63abeab..0000000000 --- a/qpid/java/common/src/main/java/org/apache/qpid/security/UsernamePasswordCallbackHandler.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.security; - -import java.io.IOException; - -import javax.security.auth.callback.Callback; -import javax.security.auth.callback.NameCallback; -import javax.security.auth.callback.PasswordCallback; -import javax.security.auth.callback.UnsupportedCallbackException; - -public class UsernamePasswordCallbackHandler implements AMQPCallbackHandler -{ - private String _username; - private String _password; - - public void initialise(String username,String password) - { - _username = username; - _password = password; - } - - public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException - { - for (int i = 0; i < callbacks.length; i++) - { - Callback cb = callbacks[i]; - if (cb instanceof NameCallback) - { - ((NameCallback)cb).setName(_username); - } - else if (cb instanceof PasswordCallback) - { - ((PasswordCallback)cb).setPassword((_password).toCharArray()); - } - else - { - throw new UnsupportedCallbackException(cb); - } - } - } -} diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java index e421f06901..9bdad6b00e 100644 --- a/qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java +++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java @@ -20,28 +20,20 @@ */ package org.apache.qpid.transport; -import org.ietf.jgss.GSSContext; -import org.ietf.jgss.GSSException; -import org.ietf.jgss.GSSManager; -import org.ietf.jgss.GSSName; -import org.ietf.jgss.Oid; - -import org.apache.qpid.security.UsernamePasswordCallbackHandler; import static org.apache.qpid.transport.Connection.State.OPEN; import static org.apache.qpid.transport.Connection.State.RESUMING; -import org.apache.qpid.transport.util.Logger; -import javax.security.sasl.Sasl; -import javax.security.sasl.SaslClient; -import javax.security.sasl.SaslException; import java.lang.management.ManagementFactory; import java.lang.management.RuntimeMXBean; -import java.util.ArrayList; -import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; +import javax.security.sasl.SaslClient; +import javax.security.sasl.SaslException; + +import org.apache.qpid.transport.util.Logger; + /** * ClientDelegate @@ -52,31 +44,13 @@ public class ClientDelegate extends ConnectionDelegate { private static final Logger log = Logger.get(ClientDelegate.class); - private static final String KRB5_OID_STR = "1.2.840.113554.1.2.2"; - protected static final Oid KRB5_OID; - static - { - Oid oid; - try - { - oid = new Oid(KRB5_OID_STR); - } - catch (GSSException ignore) - { - oid = null; - } - KRB5_OID = oid; - } - - private List<String> clientMechs; - private ConnectionSettings conSettings; + protected final ConnectionSettings _conSettings; public ClientDelegate(ConnectionSettings settings) { - this.conSettings = settings; - this.clientMechs = Arrays.asList(settings.getSaslMechs().split(" ")); + this._conSettings = settings; } public void init(Connection conn, ProtocolHeader hdr) @@ -92,9 +66,9 @@ public class ClientDelegate extends ConnectionDelegate { Map<String,Object> clientProperties = new HashMap<String,Object>(); - if(this.conSettings.getClientProperties() != null) + if(this._conSettings.getClientProperties() != null) { - clientProperties.putAll(this.conSettings.getClientProperties()); + clientProperties.putAll(_conSettings.getClientProperties()); } clientProperties.put("qpid.session_flow", 1); @@ -109,41 +83,12 @@ public class ClientDelegate extends ConnectionDelegate (clientProperties, null, null, conn.getLocale()); return; } - - List<String> choosenMechs = new ArrayList<String>(); - for (String mech:clientMechs) - { - if (brokerMechs.contains(mech)) - { - choosenMechs.add(mech); - } - } - - if (choosenMechs.size() == 0) - { - conn.exception(new ConnectionException("The following SASL mechanisms " + - clientMechs.toString() + - " specified by the client are not supported by the broker")); - return; - } - - String[] mechs = new String[choosenMechs.size()]; - choosenMechs.toArray(mechs); - conn.setServerProperties(start.getServerProperties()); try { - Map<String,Object> saslProps = new HashMap<String,Object>(); - if (conSettings.isUseSASLEncryption()) - { - saslProps.put(Sasl.QOP, "auth-conf"); - } - UsernamePasswordCallbackHandler handler = - new UsernamePasswordCallbackHandler(); - handler.initialise(conSettings.getUsername(), conSettings.getPassword()); - SaslClient sc = Sasl.createSaslClient - (mechs, null, conSettings.getSaslProtocol(), conSettings.getSaslServerName(), saslProps, handler); + final SaslClient sc = createSaslClient(brokerMechs); + conn.setSaslClient(sc); byte[] response = sc.hasInitialResponse() ? @@ -152,12 +97,22 @@ public class ClientDelegate extends ConnectionDelegate (clientProperties, sc.getMechanismName(), response, conn.getLocale()); } + catch (ConnectionException ce) + { + conn.exception(ce); + } catch (SaslException e) { conn.exception(e); } } + + protected SaslClient createSaslClient(List<Object> brokerMechs) throws ConnectionException, SaslException + { + throw new UnsupportedOperationException(); + } + @Override public void connectionSecure(Connection conn, ConnectionSecure secure) { @@ -176,7 +131,7 @@ public class ClientDelegate extends ConnectionDelegate @Override public void connectionTune(Connection conn, ConnectionTune tune) { - int hb_interval = calculateHeartbeatInterval(conSettings.getHeartbeatInterval(), + int hb_interval = calculateHeartbeatInterval(_conSettings.getHeartbeatInterval(), tune.getHeartbeatMin(), tune.getHeartbeatMax() ); @@ -191,29 +146,12 @@ public class ClientDelegate extends ConnectionDelegate //(or that forced by protocol limitations [0xFFFF]) conn.setChannelMax(channelMax == 0 ? Connection.MAX_CHANNEL_MAX : channelMax); - conn.connectionOpen(conSettings.getVhost(), null, Option.INSIST); + conn.connectionOpen(_conSettings.getVhost(), null, Option.INSIST); } @Override public void connectionOpenOk(Connection conn, ConnectionOpenOk ok) { - SaslClient sc = conn.getSaslClient(); - if (sc != null) - { - if (sc.getMechanismName().equals("GSSAPI")) - { - String id = getKerberosUser(); - if (id != null) - { - conn.setUserID(id); - } - } - else if (sc.getMechanismName().equals("EXTERNAL")) - { - conn.setUserID(conn.getSecurityLayer().getUserID()); - } - } - if (conn.isConnectionResuming()) { conn.setState(RESUMING); @@ -283,35 +221,7 @@ public class ClientDelegate extends ConnectionDelegate } - private String getKerberosUser() - { - log.debug("Obtaining userID from kerberos"); - String service = conSettings.getSaslProtocol() + "@" + conSettings.getSaslServerName(); - GSSManager manager = GSSManager.getInstance(); - - try - { - GSSName acceptorName = manager.createName(service, - GSSName.NT_HOSTBASED_SERVICE, KRB5_OID); - - GSSContext secCtx = manager.createContext(acceptorName, - KRB5_OID, - null, - GSSContext.INDEFINITE_LIFETIME); - secCtx.initSecContext(new byte[0], 0, 1); - if (secCtx.getSrcName() != null) - { - return secCtx.getSrcName().toString(); - } - } - catch (GSSException e) - { - log.warn("Unable to retrieve userID from Kerberos due to error",e); - } - - return null; - } } diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/Connection.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/Connection.java index 469b007ab3..347bf8e649 100644 --- a/qpid/java/common/src/main/java/org/apache/qpid/transport/Connection.java +++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/Connection.java @@ -239,7 +239,6 @@ public class Connection extends ConnectionInvoker conSettings = settings; state = OPENING; userID = settings.getUsername(); - delegate = new ClientDelegate(settings); securityLayer = SecurityLayerFactory.newInstance(getConnectionSettings()); diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java index 2074c77a5b..37a8e594c0 100644 --- a/qpid/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java +++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java @@ -58,7 +58,7 @@ public class ConnectionSettings boolean verifyHostname; // SASL props - String saslMechs = System.getProperty("qpid.sasl_mechs", "PLAIN"); + String saslMechs = System.getProperty("qpid.sasl_mechs", null); String saslProtocol = System.getProperty("qpid.sasl_protocol", "AMQP"); String saslServerName = System.getProperty("qpid.sasl_server_name", "localhost"); boolean useSASLEncryption; |