summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java4
-rw-r--r--qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java196
2 files changed, 105 insertions, 95 deletions
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java
index e1007d91e0..5f5ee08c21 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java
@@ -36,7 +36,7 @@ public class ExternalSaslServer implements SaslServer
private boolean _complete = false;
private final Principal _externalPrincipal;
- private boolean _useFullDN = false;
+ private final boolean _useFullDN;
public ExternalSaslServer(Principal externalPrincipal, boolean useFullDN)
{
@@ -62,7 +62,7 @@ public class ExternalSaslServer implements SaslServer
public String getAuthorizationID()
{
- return getAuthenticatedPrincipal().getName();
+ return getAuthenticatedPrincipal() == null ? null : getAuthenticatedPrincipal().getName();
}
public byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java
index 61506777c5..586bff5683 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java
@@ -43,141 +43,151 @@ public class ExternalAuthenticationManagerTest extends QpidTestCase
createSaslServerTestImpl(_manager);
}
- public void testCreateSaslServerUsingFullDN() throws Exception
+ public void testAuthenticatePrincipalNull_CausesAuthError() throws Exception
{
- createSaslServerTestImpl(_managerUsingFullDN);
- }
-
- public void createSaslServerTestImpl(AuthenticationManager manager) throws Exception
- {
- SaslServer server = manager.createSaslServer("EXTERNAL", "example.example.com", null);
-
- assertEquals("Sasl Server mechanism name is not as expected", "EXTERNAL", server.getMechanismName());
-
- try
- {
- server = manager.createSaslServer("PLAIN", "example.example.com", null);
- fail("Expected creating SaslServer with incorrect mechanism to throw an exception");
- }
- catch (SaslException e)
- {
- // pass
- }
- }
-
- /**
- * Test behaviour of the authentication when the useFullDN attribute is set true
- * and the username is taken directly as the externally supplied Principal
- */
- public void testAuthenticateWithFullDN() throws Exception
- {
- X500Principal principal = new X500Principal("CN=person, DC=example, DC=com");
- SaslServer saslServer = _managerUsingFullDN.createSaslServer("EXTERNAL", "example.example.com", principal);
-
- AuthenticationResult result = _managerUsingFullDN.authenticate(saslServer, new byte[0]);
- assertNotNull(result);
- assertEquals("Expected authentication to be successful",
- AuthenticationResult.AuthenticationStatus.SUCCESS,
- result.getStatus());
-
- assertOnlyContainsWrapped(principal, result.getPrincipals());
-
- saslServer = _managerUsingFullDN.createSaslServer("EXTERNAL", "example.example.com", null);
- result = _managerUsingFullDN.authenticate(saslServer, new byte[0]);
+ SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", null);
+ AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be unsuccessful",
- AuthenticationResult.AuthenticationStatus.ERROR,
- result.getStatus());
+ AuthenticationResult.AuthenticationStatus.ERROR,
+ result.getStatus());
+ assertNull(saslServer.getAuthorizationID());
}
- /**
- * Test behaviour of the authentication when parsing the username from
- * the Principals DN as <CN>@<DC1>.<DC2>.<DC3>....<DCN>
- */
- public void testAuthenticateWithUsernameBasedOnCNAndDC() throws Exception
+ public void testAuthenticatePrincipalNoCn_CausesAuthError() throws Exception
{
- X500Principal principal;
- SaslServer saslServer;
- AuthenticationResult result;
- UsernamePrincipal expectedPrincipal;
-
- // DN contains only CN
- principal = new X500Principal("CN=person");
- expectedPrincipal = new UsernamePrincipal("person");
- saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
-
- result = _manager.authenticate(saslServer, new byte[0]);
- assertNotNull(result);
- assertEquals("Expected authentication to be successful",
- AuthenticationResult.AuthenticationStatus.SUCCESS,
- result.getStatus());
- assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
-
- // Null principal
- saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", null);
- result = _manager.authenticate(saslServer, new byte[0]);
+ X500Principal principal = new X500Principal("DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
+ SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+ AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be unsuccessful",
AuthenticationResult.AuthenticationStatus.ERROR,
result.getStatus());
+ assertNull(saslServer.getAuthorizationID());
+ }
- // DN doesn't contain CN
- principal = new X500Principal("DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
- saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
- result = _manager.authenticate(saslServer, new byte[0]);
+ public void testAuthenticatePrincipalEmptyCn_CausesAuthError() throws Exception
+ {
+ X500Principal principal = new X500Principal("CN=, DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
+ SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+ AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be unsuccessful",
AuthenticationResult.AuthenticationStatus.ERROR,
result.getStatus());
+ assertNull(saslServer.getAuthorizationID());
+ }
- // DN contains empty CN
- principal = new X500Principal("CN=, DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
- saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
- result = _manager.authenticate(saslServer, new byte[0]);
+ public void testAuthenticatePrincipalCnOnly() throws Exception
+ {
+ X500Principal principal = new X500Principal("CN=person");
+ UsernamePrincipal expectedPrincipal = new UsernamePrincipal("person");
+ SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+ AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
assertNotNull(result);
- assertEquals("Expected authentication to be unsuccessful",
- AuthenticationResult.AuthenticationStatus.ERROR,
- result.getStatus());
+ assertEquals("Expected authentication to be successful",
+ AuthenticationResult.AuthenticationStatus.SUCCESS,
+ result.getStatus());
+ assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
+ assertEquals("person", saslServer.getAuthorizationID());
+ }
- // DN contains CN and DC
- principal = new X500Principal("CN=person, DC=example, DC=com");
- expectedPrincipal = new UsernamePrincipal("person@example.com");
- saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+ public void testAuthenticatePrinicpalCnAndDc() throws Exception
+ {
+ X500Principal principal = new X500Principal("CN=person, DC=example, DC=com");
+ UsernamePrincipal expectedPrincipal = new UsernamePrincipal("person@example.com");
+ SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
- result = _manager.authenticate(saslServer, new byte[0]);
+ AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be successful",
AuthenticationResult.AuthenticationStatus.SUCCESS,
result.getStatus());
assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
+ assertEquals("person@example.com", saslServer.getAuthorizationID());
+ }
- // DN contains CN and DC and other components
- principal = new X500Principal("CN=person, DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
- expectedPrincipal = new UsernamePrincipal("person@example.com");
- saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+ public void testAuthenticatePrinicpalCnDc_OtherComponentsIgnored() throws Exception
+ {
+ X500Principal principal = new X500Principal("CN=person, DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
+ UsernamePrincipal expectedPrincipal = new UsernamePrincipal("person@example.com");
+ SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
- result = _manager.authenticate(saslServer, new byte[0]);
+ AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be successful",
AuthenticationResult.AuthenticationStatus.SUCCESS,
result.getStatus());
assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
+ assertEquals("person@example.com", saslServer.getAuthorizationID());
+ }
- // DN contains CN and DC and other components
- principal = new X500Principal("CN=person, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
- expectedPrincipal = new UsernamePrincipal("person");
- saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+ public void testAuthenticatePrincipalCn_OtherComponentsIgnored() throws Exception
+ {
+ X500Principal principal = new X500Principal("CN=person, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
+ UsernamePrincipal expectedPrincipal = new UsernamePrincipal("person");
+ SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
- result = _manager.authenticate(saslServer, new byte[0]);
+ AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be successful",
AuthenticationResult.AuthenticationStatus.SUCCESS,
result.getStatus());
assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
+ assertEquals("person", saslServer.getAuthorizationID());
+ }
+
+ public void testFullDNMode_CreateSaslServer() throws Exception
+ {
+ createSaslServerTestImpl(_managerUsingFullDN);
+ }
+
+ public void testFullDNMode_Authenticate() throws Exception
+ {
+ X500Principal principal = new X500Principal("CN=person, DC=example, DC=com");
+ SaslServer saslServer = _managerUsingFullDN.createSaslServer("EXTERNAL", "example.example.com", principal);
+
+ AuthenticationResult result = _managerUsingFullDN.authenticate(saslServer, new byte[0]);
+ assertNotNull(result);
+ assertEquals("Expected authentication to be successful",
+ AuthenticationResult.AuthenticationStatus.SUCCESS,
+ result.getStatus());
+
+ assertOnlyContainsWrapped(principal, result.getPrincipals());
+ assertEquals("CN=person,DC=example,DC=com", saslServer.getAuthorizationID());
+ }
+
+ public void testFullDNMode_AuthenticatePrincipalNull_CausesAuthError() throws Exception
+ {
+ SaslServer saslServer = _managerUsingFullDN.createSaslServer("EXTERNAL", "example.example.com", null);
+ AuthenticationResult result = _managerUsingFullDN.authenticate(saslServer, new byte[0]);
+
+ assertNotNull(result);
+ assertEquals("Expected authentication to be unsuccessful",
+ AuthenticationResult.AuthenticationStatus.ERROR,
+ result.getStatus());
+ assertNull(saslServer.getAuthorizationID());
+ }
+
+ private void createSaslServerTestImpl(AuthenticationManager manager) throws Exception
+ {
+ SaslServer server = manager.createSaslServer("EXTERNAL", "example.example.com", null);
+
+ assertEquals("Sasl Server mechanism name is not as expected", "EXTERNAL", server.getMechanismName());
+
+ try
+ {
+ server = manager.createSaslServer("PLAIN", "example.example.com", null);
+ fail("Expected creating SaslServer with incorrect mechanism to throw an exception");
+ }
+ catch (SaslException e)
+ {
+ // pass
+ }
}
}
View Lorry Controller Status