diff options
Diffstat (limited to 'qpid')
10 files changed, 87 insertions, 342 deletions
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java index cdb5e0607c..0dc1800577 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java @@ -32,8 +32,6 @@ import org.apache.qpid.server.logging.actors.CurrentActor; import org.apache.qpid.server.logging.messages.ManagementConsoleMessages; import org.apache.qpid.server.management.plugin.servlet.DefinedFileServlet; import org.apache.qpid.server.management.plugin.servlet.FileServlet; -import org.apache.qpid.server.management.plugin.servlet.api.ExchangesServlet; -import org.apache.qpid.server.management.plugin.servlet.api.VhostsServlet; import org.apache.qpid.server.management.plugin.servlet.rest.LogRecordsServlet; import org.apache.qpid.server.management.plugin.servlet.rest.MessageContentServlet; import org.apache.qpid.server.management.plugin.servlet.rest.MessageServlet; @@ -158,9 +156,6 @@ public class Management root.setContextPath("/"); server.setHandler(root); - root.addServlet(new ServletHolder(new VhostsServlet(_broker)), "/api/vhosts/*"); - root.addServlet(new ServletHolder(new ExchangesServlet(_broker)), "/api/exchanges/*"); - addRestServlet(root, "broker"); addRestServlet(root, "virtualhost", VirtualHost.class); addRestServlet(root, "authenticationprovider", AuthenticationProvider.class); @@ -183,7 +178,7 @@ public class Management root.addServlet(new ServletHolder(new SaslServlet(_broker)), "/rest/sasl"); - root.addServlet(new ServletHolder(new DefinedFileServlet("management.html")), "/management"); + root.addServlet(new ServletHolder(new DefinedFileServlet("index.html")), "/management"); root.addServlet(new ServletHolder(FileServlet.INSTANCE), "*.js"); root.addServlet(new ServletHolder(FileServlet.INSTANCE), "*.css"); diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/api/ExchangesServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/api/ExchangesServlet.java deleted file mode 100644 index a3c5ec68a2..0000000000 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/api/ExchangesServlet.java +++ /dev/null @@ -1,208 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.server.management.plugin.servlet.api; - -import org.codehaus.jackson.map.ObjectMapper; -import org.codehaus.jackson.map.ObjectReader; - -import org.apache.qpid.server.model.Broker; -import org.apache.qpid.server.model.Exchange; -import org.apache.qpid.server.model.LifetimePolicy; -import org.apache.qpid.server.model.State; -import org.apache.qpid.server.model.VirtualHost; -import org.apache.qpid.server.registry.ApplicationRegistry; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.io.PrintWriter; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; - -public class ExchangesServlet extends HttpServlet -{ - - - private Broker _broker; - - public ExchangesServlet() - { - super(); - _broker = ApplicationRegistry.getInstance().getBroker(); - } - - public ExchangesServlet(Broker broker) - { - _broker = broker; - } - - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException - { - response.setContentType("application/json"); - response.setStatus(HttpServletResponse.SC_OK); - - Collection<VirtualHost> vhosts = _broker.getVirtualHosts(); - Collection<Exchange> exchanges = new ArrayList<Exchange>(); - Collection<Map<String,Object>> outputObject = new ArrayList<Map<String,Object>>(); - - final PrintWriter writer = response.getWriter(); - - ObjectMapper mapper = new ObjectMapper(); - String vhostName = null; - String exchangeName = null; - - if(request.getPathInfo() != null && request.getPathInfo().length()>0) - { - String path = request.getPathInfo().substring(1); - String[] parts = path.split("/"); - vhostName = parts.length == 0 ? "" : parts[0]; - if(parts.length > 1) - { - exchangeName = parts[1]; - } - } - - for(VirtualHost vhost : vhosts) - { - if(vhostName == null || vhostName.equals(vhost.getName())) - { - for(Exchange exchange : vhost.getExchanges()) - { - if(exchangeName == null || exchangeName.equals(exchange.getName())) - { - outputObject.add(convertToObject(exchange)); - if(exchangeName != null) - { - break; - } - } - } - if(vhostName != null) - { - break; - } - } - } - - mapper.writeValue(writer, outputObject); - - } - - private Map<String,Object> convertToObject(final Exchange exchange) - { - Map<String, Object> object = new LinkedHashMap<String, Object>(); - object.put("name",exchange.getName()); - object.put("type", exchange.getExchangeType()); - object.put("durable", exchange.isDurable()); - object.put("auto-delete", exchange.getLifetimePolicy() == LifetimePolicy.AUTO_DELETE); - - Map<String,Object> arguments = new HashMap<String, Object>(); - for(String key : exchange.getAttributeNames()) - { - if(!key.equals(Exchange.TYPE)) - { - arguments.put(key, exchange.getAttribute(key)); - } - } - object.put("arguments", arguments); - return object; - } - - protected void doPut(final HttpServletRequest request, final HttpServletResponse response) - throws ServletException, IOException - { - - response.setContentType("application/json"); - - - String vhostName = null; - String exchangeName = null; - if(request.getPathInfo() != null && request.getPathInfo().length()>0) - { - String path = request.getPathInfo().substring(1); - String[] parts = path.split("/"); - vhostName = parts.length == 0 ? "" : parts[0]; - if(parts.length > 1) - { - exchangeName = parts[1]; - } - } - if(vhostName == null) - { - response.setStatus(HttpServletResponse.SC_PRECONDITION_FAILED); - } - else if (exchangeName == null) - { - response.setStatus(HttpServletResponse.SC_PRECONDITION_FAILED); - } - else - { - VirtualHost vhost = null; - for(VirtualHost host : _broker.getVirtualHosts()) - { - if(host.getName().equals(vhostName)) - { - vhost = host; - } - } - if(vhost == null) - { - response.setStatus(HttpServletResponse.SC_PRECONDITION_FAILED); - } - else - { - response.setStatus(HttpServletResponse.SC_NO_CONTENT); - ObjectMapper mapper = new ObjectMapper(); - Map<String,Object> exchangeObject = mapper.readValue(request.getInputStream(), LinkedHashMap.class); - - final boolean isDurable = exchangeObject.get("durable") instanceof Boolean - && ((Boolean)exchangeObject.get("durable")); - final boolean isAutoDelete = exchangeObject.get("auto_delete") instanceof Boolean - && ((Boolean)exchangeObject.get("auto_delete")); - - final String type = (String) exchangeObject.get("type"); - final Map<String, Object> attributes = new HashMap<String, Object>(exchangeObject); - attributes.remove("durable"); - attributes.remove("auto_delete"); - attributes.remove("type"); - - vhost.createExchange(exchangeName, State.ACTIVE, isDurable, - isAutoDelete ? LifetimePolicy.AUTO_DELETE : LifetimePolicy.PERMANENT, - 0l, - type, - attributes); - } - - - - } - - - - } -} diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/api/VhostsServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/api/VhostsServlet.java deleted file mode 100644 index b2c0fcfe52..0000000000 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/api/VhostsServlet.java +++ /dev/null @@ -1,118 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.server.management.plugin.servlet.api; - -import org.codehaus.jackson.map.ObjectMapper; - -import org.apache.qpid.common.QpidProperties; -import org.apache.qpid.server.model.Broker; -import org.apache.qpid.server.model.LifetimePolicy; -import org.apache.qpid.server.model.State; -import org.apache.qpid.server.model.VirtualHost; -import org.apache.qpid.server.protocol.AMQConnectionModel; -import org.apache.qpid.server.registry.ApplicationRegistry; - - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.io.PrintWriter; -import java.util.*; - -public class VhostsServlet extends HttpServlet -{ - - - private Broker _broker; - - public VhostsServlet() - { - super(); - _broker = ApplicationRegistry.getInstance().getBroker(); - } - - public VhostsServlet(Broker broker) - { - _broker = broker; - } - - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException - { -System.out.println("Get /api/vhosts"); - response.setContentType("application/json"); - response.setStatus(HttpServletResponse.SC_OK); - - Collection<VirtualHost> vhosts = _broker.getVirtualHosts(); - - - - final PrintWriter writer = response.getWriter(); - - ObjectMapper mapper = new ObjectMapper(); - - if(request.getPathInfo() == null || request.getPathInfo().length()==0) - { - - LinkedHashMap<String, Object> vhostObject = new LinkedHashMap<String, Object>(); - List<Map> vhostList = new ArrayList<Map>(); - - for(VirtualHost vhost : vhosts) - { - vhostList.add(Collections.singletonMap("name", vhost.getName())); - } - mapper.writeValue(writer, vhostList); - } - else - { - LinkedHashMap<String, Object> vhostObject = new LinkedHashMap<String, Object>(); - String vhostName = request.getPathInfo().substring(1); - - for(VirtualHost vhost : vhosts) - { - if(vhostName.equals(vhost.getName())) - { - vhostObject.put("name", vhost.getName()); - break; - } - } - mapper.writeValue(writer, vhostObject); - } - } - - - protected void doPut(final HttpServletRequest request, final HttpServletResponse response) - throws ServletException, IOException - { - - response.setContentType("application/json"); - response.setStatus(HttpServletResponse.SC_NO_CONTENT); - - if(request.getPathInfo() != null && request.getPathInfo().length()>0) - { - String vhostName = request.getPathInfo().substring(1); - _broker.createVirtualHost(vhostName, State.ACTIVE, true, LifetimePolicy.PERMANENT, 0L, Collections.EMPTY_MAP); - } - - - } -} diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java index 521ad69abe..77725f6e0c 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java @@ -257,7 +257,7 @@ public abstract class AbstractServlet extends HttpServlet String remoteUser = request.getRemoteUser(); if(remoteUser != null) { - subject = subjectCreator.createSubjectWithGroups(remoteUser); + subject = authenticateUserAndGetSubject(subjectCreator, remoteUser, null); } else { @@ -278,13 +278,7 @@ public abstract class AbstractServlet extends HttpServlet String[] credentials = (new String(Base64.decodeBase64(tokens[1].getBytes()))).split(":",2); if(credentials.length == 2) { - SubjectAuthenticationResult authResult = subjectCreator.authenticate(credentials[0], credentials[1]); - if( authResult.getStatus() != AuthenticationStatus.SUCCESS) - { - //TODO: write a return response indicating failure? - throw new AccessControlException("Incorrect username or password"); - } - subject = authResult.getSubject(); + subject = authenticateUserAndGetSubject(subjectCreator, credentials[0], credentials[1]); } else { @@ -308,6 +302,18 @@ public abstract class AbstractServlet extends HttpServlet return subject; } + private Subject authenticateUserAndGetSubject(SubjectCreator subjectCreator, String username, String password) + { + SubjectAuthenticationResult authResult = subjectCreator.authenticate(username, password); + if( authResult.getStatus() != AuthenticationStatus.SUCCESS) + { + //TODO: write a return response indicating failure? + throw new AccessControlException("Incorrect username or password"); + } + Subject subject = authResult.getSubject(); + return subject; + } + private boolean isBasicAuthSupported(HttpServletRequest req) { return req.isSecure() ? ApplicationRegistry.getInstance().getConfiguration().getHTTPSManagementBasicAuth() diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java index b5929875ff..e6cfade772 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java @@ -124,6 +124,8 @@ public class SaslServlet extends AbstractServlet @Override protected void doPostWithSubjectAndActor(final HttpServletRequest request, final HttpServletResponse response) throws IOException { + checkSaslAuthEnabled(request); + try { response.setContentType("application/json"); @@ -190,7 +192,24 @@ public class SaslServlet extends AbstractServlet LOGGER.error("Error processing SASL request", e); throw e; } + } + private void checkSaslAuthEnabled(HttpServletRequest request) + { + boolean saslAuthEnabled; + if (request.isSecure()) + { + saslAuthEnabled = ApplicationRegistry.getInstance().getConfiguration().getHTTPSManagementSaslAuthEnabled(); + } + else + { + saslAuthEnabled = ApplicationRegistry.getInstance().getConfiguration().getHTTPManagementSaslAuthEnabled(); + } + + if (!saslAuthEnabled) + { + throw new RuntimeException("Sasl authentication disabled."); + } } private void evaluateSaslResponse(final HttpServletResponse response, diff --git a/qpid/java/broker-plugins/management-http/src/main/java/resources/management.html b/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html index a8345a8503..a8345a8503 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/resources/management.html +++ b/qpid/java/broker-plugins/management-http/src/main/java/resources/index.html diff --git a/qpid/java/broker/etc/config.xml b/qpid/java/broker/etc/config.xml index 7bd4ceb128..7301d9eefd 100644 --- a/qpid/java/broker/etc/config.xml +++ b/qpid/java/broker/etc/config.xml @@ -48,7 +48,7 @@ <registryServer>8999</registryServer> <!-- If unspecified, connectorServer defaults to 100 + registryServer port. - <connectorServer>9099</connectionServer> + <connectorServer>9099</connectorServer> --> </jmxport> <ssl> diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java index f94bd684e9..de34ed1fad 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java @@ -620,6 +620,16 @@ public class ServerConfiguration extends ConfigurationPlugin return getBooleanValue("management.https.basic-auth", true); } + public boolean getHTTPManagementSaslAuthEnabled() + { + return getBooleanValue("management.http.sasl-auth", true); + } + + public boolean getHTTPSManagementSaslAuthEnabled() + { + return getBooleanValue("management.https.sasl-auth", true); + } + public String[] getVirtualHosts() { return _virtualHosts.keySet().toArray(new String[_virtualHosts.size()]); @@ -1053,4 +1063,5 @@ public class ServerConfiguration extends ConfigurationPlugin _qpidHome = path; } + } diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java index a1328ca0de..7ca296cc47 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java @@ -29,6 +29,7 @@ import org.apache.log4j.Logger; import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin; import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory; import org.apache.qpid.server.security.auth.AuthenticationResult; +import org.apache.qpid.server.security.auth.UsernamePrincipal; import org.apache.qpid.server.security.auth.sasl.external.ExternalSaslServer; public class ExternalAuthenticationManager implements AuthenticationManager @@ -159,7 +160,7 @@ public class ExternalAuthenticationManager implements AuthenticationManager @Override public AuthenticationResult authenticate(String username, String password) { - return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR); + return new AuthenticationResult(new UsernamePrincipal(username)); } @Override diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java index 660ff5e7d4..5d4e0edcc9 100644 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java @@ -300,6 +300,45 @@ public class ServerConfigurationTest extends QpidTestCase assertEquals(false, _serverConfig.getJMXManagementEnabled()); } + public void testGetHTTPManagementEnabled() throws ConfigurationException + { + // Check default + _serverConfig.initialise(); + assertEquals(true, _serverConfig.getHTTPManagementEnabled()); + + // Check value we set + _config.setProperty("management.http.enabled", false); + _serverConfig = new ServerConfiguration(_config); + _serverConfig.initialise(); + assertEquals(false, _serverConfig.getHTTPManagementEnabled()); + } + + public void testGetHTTPManagementSaslAuthEnabled() throws ConfigurationException + { + // Check default + _serverConfig.initialise(); + assertEquals(true, _serverConfig.getHTTPManagementSaslAuthEnabled()); + + // Check value we set + _config.setProperty("management.http.sasl-auth", false); + _serverConfig = new ServerConfiguration(_config); + _serverConfig.initialise(); + assertEquals(false, _serverConfig.getHTTPManagementSaslAuthEnabled()); + } + + public void testGetHTTPSManagementSaslAuthEnabled() throws ConfigurationException + { + // Check default + _serverConfig.initialise(); + assertEquals(true, _serverConfig.getHTTPSManagementSaslAuthEnabled()); + + // Check value we set + _config.setProperty("management.https.sasl-auth", false); + _serverConfig = new ServerConfiguration(_config); + _serverConfig.initialise(); + assertEquals(false, _serverConfig.getHTTPSManagementSaslAuthEnabled()); + } + public void testGetManagementRightsInferAllAccess() throws Exception { _serverConfig.initialise(); |