From 3582d877deaafe065952dfc2c8f75c3eed69ff5d Mon Sep 17 00:00:00 2001 From: Alex Rudyy Date: Wed, 17 Apr 2013 10:53:55 +0000 Subject: QPID-4746, QPID-4747: remove the defaultAuthenticationProvider attribute from broker and add an overriding authentication provider for management mode git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1468830 13f79535-47bb-0310-9956-ffa450edef68 --- .../server/management/plugin/HttpManagement.java | 12 +++ .../plugin/HttpManagementConfiguration.java | 6 ++ .../management/plugin/HttpManagementUtil.java | 12 +-- .../src/main/java/resources/addPort.html | 14 +-- .../src/main/java/resources/index.html | 2 +- .../java/resources/js/qpid/management/Broker.js | 8 +- .../java/resources/js/qpid/management/addPort.js | 57 +++++++++-- .../management/plugin/HttpManagementTest.java | 105 +++++++++++++++++++++ .../qpid/server/jmx/JMXManagedObjectRegistry.java | 4 +- 9 files changed, 191 insertions(+), 29 deletions(-) create mode 100644 java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/HttpManagementTest.java (limited to 'java/broker-plugins') diff --git a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java index 3cc382596a..b87b1c76f0 100644 --- a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java +++ b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java @@ -22,6 +22,7 @@ package org.apache.qpid.server.management.plugin; import java.io.File; import java.lang.reflect.Type; +import java.net.SocketAddress; import java.util.Collection; import java.util.Collections; import java.util.EnumSet; @@ -67,6 +68,7 @@ import org.apache.qpid.server.model.User; import org.apache.qpid.server.model.VirtualHost; import org.apache.qpid.server.model.adapter.AbstractPluginAdapter; import org.apache.qpid.server.plugin.PluginFactory; +import org.apache.qpid.server.security.SubjectCreator; import org.apache.qpid.server.util.MapValueConverter; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.DispatcherType; @@ -407,24 +409,34 @@ public class HttpManagement extends AbstractPluginAdapter implements HttpManagem return Collections.unmodifiableCollection(AVAILABLE_ATTRIBUTES); } + @Override public boolean isHttpsSaslAuthenticationEnabled() { return (Boolean)getAttribute(HTTPS_SASL_AUTHENTICATION_ENABLED); } + @Override public boolean isHttpSaslAuthenticationEnabled() { return (Boolean)getAttribute(HTTP_SASL_AUTHENTICATION_ENABLED); } + @Override public boolean isHttpsBasicAuthenticationEnabled() { return (Boolean)getAttribute(HTTPS_BASIC_AUTHENTICATION_ENABLED); } + @Override public boolean isHttpBasicAuthenticationEnabled() { return (Boolean)getAttribute(HTTP_BASIC_AUTHENTICATION_ENABLED); } + @Override + public SubjectCreator getSubjectCreator(SocketAddress localAddress) + { + return _broker.getSubjectCreator(localAddress); + } + } diff --git a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementConfiguration.java b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementConfiguration.java index 104fe42f46..56919e2e6b 100644 --- a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementConfiguration.java +++ b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementConfiguration.java @@ -20,6 +20,10 @@ */ package org.apache.qpid.server.management.plugin; +import java.net.SocketAddress; + +import org.apache.qpid.server.security.SubjectCreator; + public interface HttpManagementConfiguration { boolean isHttpsSaslAuthenticationEnabled(); @@ -29,4 +33,6 @@ public interface HttpManagementConfiguration boolean isHttpsBasicAuthenticationEnabled(); boolean isHttpBasicAuthenticationEnabled(); + + SubjectCreator getSubjectCreator(SocketAddress localAddress); } diff --git a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java index 68ec9f532c..4c6e5bf63e 100644 --- a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java +++ b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java @@ -85,13 +85,13 @@ public class HttpManagementUtil } public static void checkRequestAuthenticatedAndAccessAuthorized(HttpServletRequest request, Broker broker, - HttpManagementConfiguration management) + HttpManagementConfiguration managementConfig) { HttpSession session = request.getSession(); Subject subject = getAuthorisedSubject(session); if (subject == null) { - subject = tryToAuthenticate(request, broker, management); + subject = tryToAuthenticate(request, managementConfig); if (subject == null) { throw new SecurityException("Only authenticated users can access the management interface"); @@ -164,11 +164,11 @@ public class HttpManagementUtil session.setAttribute(ATTR_LOGIN_LOGOUT_REPORTER, new LoginLogoutReporter(logActor, subject)); } - private static Subject tryToAuthenticate(HttpServletRequest request, Broker broker, HttpManagementConfiguration management) + private static Subject tryToAuthenticate(HttpServletRequest request, HttpManagementConfiguration managementConfig) { Subject subject = null; SocketAddress localAddress = getSocketAddress(request); - SubjectCreator subjectCreator = broker.getSubjectCreator(localAddress); + SubjectCreator subjectCreator = managementConfig.getSubjectCreator(localAddress); String remoteUser = request.getRemoteUser(); if (remoteUser != null || subjectCreator.isAnonymousAuthenticationAllowed()) @@ -186,11 +186,11 @@ public class HttpManagementUtil boolean isBasicAuthSupported = false; if (request.isSecure()) { - isBasicAuthSupported = management.isHttpsBasicAuthenticationEnabled(); + isBasicAuthSupported = managementConfig.isHttpsBasicAuthenticationEnabled(); } else { - isBasicAuthSupported = management.isHttpBasicAuthenticationEnabled(); + isBasicAuthSupported = managementConfig.isHttpBasicAuthenticationEnabled(); } if (isBasicAuthSupported) { diff --git a/java/broker-plugins/management-http/src/main/java/resources/addPort.html b/java/broker-plugins/management-http/src/main/java/resources/addPort.html index 391783c6d8..b800d8e067 100644 --- a/java/broker-plugins/management-http/src/main/java/resources/addPort.html +++ b/java/broker-plugins/management-http/src/main/java/resources/addPort.html @@ -26,19 +26,21 @@ - - +
+ +
@@ -82,7 +84,7 @@
-
+
-
+
diff --git a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js index b07b68c835..fe5f238148 100644 --- a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js +++ b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js @@ -233,7 +233,7 @@ define(["dojo/_base/xhr", checked: brokerData["queue.deadLetterQueueEnabled"], value: "true", label: "Dead letter queue enabled:", - name: "queue.deadLetterQueueEnabled", + name: "queue.deadLetterQueueEnabled" }); } }, { @@ -247,7 +247,7 @@ define(["dojo/_base/xhr", value: brokerData["queue.flowControlSizeBytes"], placeholder: "Size in bytes", label: "Flow control threshold (bytes):", - name: "queue.flowControlSizeBytes", + name: "queue.flowControlSizeBytes" }); } }, { @@ -261,7 +261,7 @@ define(["dojo/_base/xhr", value: brokerData["queue.flowResumeSizeBytes"], placeholder: "Size in bytes", label: "Flow resume threshold (bytes):", - name: "queue.flowResumeSizeBytes", + name: "queue.flowResumeSizeBytes" }); } }, { @@ -530,7 +530,7 @@ define(["dojo/_base/xhr", new UpdatableStore(that.brokerData.ports, query(".broker-ports")[0], [ { name: "Name", field: "name", width: "150px"}, { name: "State", field: "state", width: "60px"}, - { name: "Authentication", field: "authenticationProvider", width: "100px"}, + { name: "Auth Provider", field: "authenticationProvider", width: "100px"}, { name: "Address", field: "bindingAddress", width: "70px"}, { name: "Port", field: "port", width: "50px"}, { name: "Transports", field: "transports", width: "100px"}, diff --git a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js index c60ad5bb79..c3bfac5285 100644 --- a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js +++ b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js @@ -224,25 +224,47 @@ define(["dojo/_base/xhr", { protocolsWidget.set("disabled", (isAMQP && defaultsAMQPProtocols.checked)); } + var transportWidget = registry.byId("formAddPort.transports"); + var disableTransportWidget = false; + var toggleSsl = true; + var isRMI = (newValue == "JMX" && registry.byId("formAddPort.protocolsJMX").value == "RMI"); + if (isRMI) + { + if (transportWidget.value != "TCP") + { + transportWidget.set("value", "TCP"); - var disabled = (newValue == "JMX" && registry.byId("formAddPort.protocolsJMX").value == "RMI"); - if (disabled && transportWidget.value != "TCP") + // changing of transport widget value will cause the call to toggleSslWidgets + toggleSsl = false; + } + disableTransportWidget = true; + } + else if (newValue == "HTTP" && registry.byId("formAddPort.protocolsHTTP").value == "HTTPS") { - transportWidget.set("value", "TCP"); + if (transportWidget.value != "SSL") + { + transportWidget.set("value", "SSL"); + + // changing of transport widget value will cause the call to toggleSslWidgets + toggleSsl = false; + } + disableTransportWidget = true; } - else + if (toggleSsl) { - toggleSslWidgets(newValue, transportWidget.value); + toggleSslWidgets(newValue, transportWidget.value); } - transportWidget.set("disabled", disabled); - + transportWidget.set("disabled", disableTransportWidget); + registry.byId("formAddPort.authenticationProvider").set("disabled", isRMI); + registry.byId("formAddPort:fieldsAuthenticationProvider").domNode.style.display = isRMI? "none" : "block"; }); theForm = registry.byId("formAddPort"); var containers = ["formAddPort:fields", "formAddPort:fieldsTransportSSL", "formAddPort:fieldsAMQP", - "formAddPort:fieldsJMX", "formAddPort:fieldsHTTP", "formAddPort:transport", "formAddPort:fieldsClientAuth2"]; + "formAddPort:fieldsJMX", "formAddPort:fieldsHTTP", "formAddPort:transport", + "formAddPort:fieldsClientAuthCheckboxes", "formAddPort:fieldsAuthenticationProvider"]; var labelWidthValue = "200"; for(var i = 0; i < containers.length; i++) { @@ -258,9 +280,24 @@ define(["dojo/_base/xhr", } registry.byId("formAddPort.protocolsJMX").on("change", function(newValue){ + var isRMI = newValue == "RMI"; + var transportWidget = registry.byId("formAddPort.transports"); + if (isRMI && transportWidget.value != "TCP") + { + transportWidget.set("value", "TCP"); + } + transportWidget.set("disabled", isRMI); + registry.byId("formAddPort:fieldsAuthenticationProvider").domNode.style.display = isRMI? "none" : "block"; + registry.byId("formAddPort.authenticationProvider").set("disabled", isRMI); + }); + + registry.byId("formAddPort.protocolsHTTP").on("change", function(newValue){ + var isHTTPS = newValue == "HTTPS"; var transportWidget = registry.byId("formAddPort.transports"); - transportWidget.set("value", "TCP"); - transportWidget.set("disabled", newValue == "RMI"); + if (isHTTPS && transportWidget.value != "SSL") { + transportWidget.set("value", "SSL"); + } + transportWidget.set("disabled", isHTTPS); }); theForm.on("submit", function(e) { diff --git a/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/HttpManagementTest.java b/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/HttpManagementTest.java new file mode 100644 index 0000000000..55606af117 --- /dev/null +++ b/java/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/HttpManagementTest.java @@ -0,0 +1,105 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.management.plugin; + +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import java.net.InetSocketAddress; +import java.net.SocketAddress; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + +import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.security.SubjectCreator; +import org.apache.qpid.test.utils.QpidTestCase; + +public class HttpManagementTest extends QpidTestCase +{ + private UUID _id; + private Broker _broker; + private HttpManagement _management; + + @Override + public void setUp() throws Exception + { + super.setUp(); + _id = UUID.randomUUID(); + _broker = mock(Broker.class); + Map attributes = new HashMap(); + attributes.put(HttpManagement.HTTP_BASIC_AUTHENTICATION_ENABLED, false); + attributes.put(HttpManagement.HTTPS_BASIC_AUTHENTICATION_ENABLED, true); + attributes.put(HttpManagement.HTTP_SASL_AUTHENTICATION_ENABLED, false); + attributes.put(HttpManagement.HTTPS_SASL_AUTHENTICATION_ENABLED, true); + attributes.put(HttpManagement.NAME, getTestName()); + attributes.put(HttpManagement.TIME_OUT, 10000l); + _management = new HttpManagement(_id, _broker, attributes); + } + + public void testGetBroker() + { + assertEquals("Unexpected broker", _broker, _management.getBroker()); + } + + public void testGetSessionTimeout() + { + assertEquals("Unexpected session timeout", 10000l, _management.getSessionTimeout()); + } + + public void testGetName() + { + assertEquals("Unexpected name", getTestName(), _management.getName()); + } + + public void testIsHttpsSaslAuthenticationEnabled() + { + assertEquals("Unexpected value for the https sasl enabled attribute", true, + _management.isHttpsSaslAuthenticationEnabled()); + } + + public void testIsHttpSaslAuthenticationEnabled() + { + assertEquals("Unexpected value for the http sasl enabled attribute", false, _management.isHttpSaslAuthenticationEnabled()); + } + + public void testIsHttpsBasicAuthenticationEnabled() + { + assertEquals("Unexpected value for the https basic authentication enabled attribute", true, + _management.isHttpsBasicAuthenticationEnabled()); + } + + public void testIsHttpBasicAuthenticationEnabled() + { + assertEquals("Unexpected value for the http basic authentication enabled attribute", false, + _management.isHttpBasicAuthenticationEnabled()); + } + + public void testGetSubjectCreator() + { + SocketAddress localAddress = InetSocketAddress.createUnresolved("localhost", 8080); + SubjectCreator subjectCreator = mock(SubjectCreator.class); + when(_broker.getSubjectCreator(localAddress)).thenReturn(subjectCreator); + SubjectCreator httpManagementSubjectCreator = _management.getSubjectCreator(localAddress); + assertEquals("Unexpected subject creator", subjectCreator, httpManagementSubjectCreator); + } + +} diff --git a/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java b/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java index 62e88193bb..d094134e11 100644 --- a/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java +++ b/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java @@ -29,7 +29,7 @@ import org.apache.qpid.server.model.KeyStore; import org.apache.qpid.server.model.Port; import org.apache.qpid.server.model.Transport; -import org.apache.qpid.server.security.auth.rmi.RMIPasswordAuthenticator; +import org.apache.qpid.server.security.auth.jmx.JMXPasswordAuthenticator; import org.apache.qpid.ssl.SSLContextFactory; import javax.management.JMException; @@ -160,7 +160,7 @@ public class JMXManagedObjectRegistry implements ManagedObjectRegistry int jmxPortConnectorServer = _connectorPort.getPort(); //add a JMXAuthenticator implementation the env map to authenticate the RMI based JMX connector server - RMIPasswordAuthenticator rmipa = new RMIPasswordAuthenticator(_broker, new InetSocketAddress(jmxPortConnectorServer)); + JMXPasswordAuthenticator rmipa = new JMXPasswordAuthenticator(_broker, new InetSocketAddress(jmxPortConnectorServer)); HashMap connectorEnv = new HashMap(); connectorEnv.put(JMXConnectorServer.AUTHENTICATOR, rmipa); -- cgit v1.2.1