diff options
Diffstat (limited to 'qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/ForbiddingAuthorisationFilter.java')
-rw-r--r-- | qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/ForbiddingAuthorisationFilter.java | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/ForbiddingAuthorisationFilter.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/ForbiddingAuthorisationFilter.java new file mode 100644 index 0000000000..b7f4b347c7 --- /dev/null +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/ForbiddingAuthorisationFilter.java @@ -0,0 +1,73 @@ +package org.apache.qpid.server.management.plugin.filter; + +import java.io.IOException; +import java.security.AccessControlException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.qpid.server.management.plugin.HttpManagementConfiguration; +import org.apache.qpid.server.management.plugin.HttpManagementUtil; +import org.apache.qpid.server.model.Broker; + +public class ForbiddingAuthorisationFilter implements Filter +{ + public static String INIT_PARAM_ALLOWED = "allowed"; + private String _allowed = null; + + private Broker _broker; + private HttpManagementConfiguration _managementConfiguration; + + @Override + public void destroy() + { + } + + @Override + public void init(FilterConfig config) throws ServletException + { + String allowed = config.getInitParameter(INIT_PARAM_ALLOWED); + if (allowed != null) + { + _allowed = allowed; + } + ServletContext servletContext = config.getServletContext(); + _broker = HttpManagementUtil.getBroker(servletContext); + _managementConfiguration = HttpManagementUtil.getManagementConfiguration(servletContext); + } + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, + ServletException + { + HttpServletRequest httpRequest = (HttpServletRequest) request; + HttpServletResponse httpResponse = (HttpServletResponse) response; + String servletPath = httpRequest.getServletPath(); + if (_allowed == null || "".equals(_allowed) || servletPath.indexOf(_allowed) == -1) + { + try + { + HttpManagementUtil.checkRequestAuthenticatedAndAccessAuthorized(httpRequest, _broker, _managementConfiguration); + } + catch(AccessControlException e) + { + httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN); + return; + } + catch(SecurityException e) + { + httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); + return; + } + } + chain.doFilter(request, response); + } + +} |