summaryrefslogtreecommitdiff
path: root/qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java
diff options
context:
space:
mode:
Diffstat (limited to 'qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java')
-rw-r--r--qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java136
1 files changed, 23 insertions, 113 deletions
diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java
index e421f06901..9bdad6b00e 100644
--- a/qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java
+++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java
@@ -20,28 +20,20 @@
*/
package org.apache.qpid.transport;
-import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.GSSName;
-import org.ietf.jgss.Oid;
-
-import org.apache.qpid.security.UsernamePasswordCallbackHandler;
import static org.apache.qpid.transport.Connection.State.OPEN;
import static org.apache.qpid.transport.Connection.State.RESUMING;
-import org.apache.qpid.transport.util.Logger;
-import javax.security.sasl.Sasl;
-import javax.security.sasl.SaslClient;
-import javax.security.sasl.SaslException;
import java.lang.management.ManagementFactory;
import java.lang.management.RuntimeMXBean;
-import java.util.ArrayList;
-import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import javax.security.sasl.SaslClient;
+import javax.security.sasl.SaslException;
+
+import org.apache.qpid.transport.util.Logger;
+
/**
* ClientDelegate
@@ -52,31 +44,13 @@ public class ClientDelegate extends ConnectionDelegate
{
private static final Logger log = Logger.get(ClientDelegate.class);
- private static final String KRB5_OID_STR = "1.2.840.113554.1.2.2";
- protected static final Oid KRB5_OID;
- static
- {
- Oid oid;
- try
- {
- oid = new Oid(KRB5_OID_STR);
- }
- catch (GSSException ignore)
- {
- oid = null;
- }
- KRB5_OID = oid;
- }
-
- private List<String> clientMechs;
- private ConnectionSettings conSettings;
+ protected final ConnectionSettings _conSettings;
public ClientDelegate(ConnectionSettings settings)
{
- this.conSettings = settings;
- this.clientMechs = Arrays.asList(settings.getSaslMechs().split(" "));
+ this._conSettings = settings;
}
public void init(Connection conn, ProtocolHeader hdr)
@@ -92,9 +66,9 @@ public class ClientDelegate extends ConnectionDelegate
{
Map<String,Object> clientProperties = new HashMap<String,Object>();
- if(this.conSettings.getClientProperties() != null)
+ if(this._conSettings.getClientProperties() != null)
{
- clientProperties.putAll(this.conSettings.getClientProperties());
+ clientProperties.putAll(_conSettings.getClientProperties());
}
clientProperties.put("qpid.session_flow", 1);
@@ -109,41 +83,12 @@ public class ClientDelegate extends ConnectionDelegate
(clientProperties, null, null, conn.getLocale());
return;
}
-
- List<String> choosenMechs = new ArrayList<String>();
- for (String mech:clientMechs)
- {
- if (brokerMechs.contains(mech))
- {
- choosenMechs.add(mech);
- }
- }
-
- if (choosenMechs.size() == 0)
- {
- conn.exception(new ConnectionException("The following SASL mechanisms " +
- clientMechs.toString() +
- " specified by the client are not supported by the broker"));
- return;
- }
-
- String[] mechs = new String[choosenMechs.size()];
- choosenMechs.toArray(mechs);
-
conn.setServerProperties(start.getServerProperties());
try
{
- Map<String,Object> saslProps = new HashMap<String,Object>();
- if (conSettings.isUseSASLEncryption())
- {
- saslProps.put(Sasl.QOP, "auth-conf");
- }
- UsernamePasswordCallbackHandler handler =
- new UsernamePasswordCallbackHandler();
- handler.initialise(conSettings.getUsername(), conSettings.getPassword());
- SaslClient sc = Sasl.createSaslClient
- (mechs, null, conSettings.getSaslProtocol(), conSettings.getSaslServerName(), saslProps, handler);
+ final SaslClient sc = createSaslClient(brokerMechs);
+
conn.setSaslClient(sc);
byte[] response = sc.hasInitialResponse() ?
@@ -152,12 +97,22 @@ public class ClientDelegate extends ConnectionDelegate
(clientProperties, sc.getMechanismName(), response,
conn.getLocale());
}
+ catch (ConnectionException ce)
+ {
+ conn.exception(ce);
+ }
catch (SaslException e)
{
conn.exception(e);
}
}
+
+ protected SaslClient createSaslClient(List<Object> brokerMechs) throws ConnectionException, SaslException
+ {
+ throw new UnsupportedOperationException();
+ }
+
@Override
public void connectionSecure(Connection conn, ConnectionSecure secure)
{
@@ -176,7 +131,7 @@ public class ClientDelegate extends ConnectionDelegate
@Override
public void connectionTune(Connection conn, ConnectionTune tune)
{
- int hb_interval = calculateHeartbeatInterval(conSettings.getHeartbeatInterval(),
+ int hb_interval = calculateHeartbeatInterval(_conSettings.getHeartbeatInterval(),
tune.getHeartbeatMin(),
tune.getHeartbeatMax()
);
@@ -191,29 +146,12 @@ public class ClientDelegate extends ConnectionDelegate
//(or that forced by protocol limitations [0xFFFF])
conn.setChannelMax(channelMax == 0 ? Connection.MAX_CHANNEL_MAX : channelMax);
- conn.connectionOpen(conSettings.getVhost(), null, Option.INSIST);
+ conn.connectionOpen(_conSettings.getVhost(), null, Option.INSIST);
}
@Override
public void connectionOpenOk(Connection conn, ConnectionOpenOk ok)
{
- SaslClient sc = conn.getSaslClient();
- if (sc != null)
- {
- if (sc.getMechanismName().equals("GSSAPI"))
- {
- String id = getKerberosUser();
- if (id != null)
- {
- conn.setUserID(id);
- }
- }
- else if (sc.getMechanismName().equals("EXTERNAL"))
- {
- conn.setUserID(conn.getSecurityLayer().getUserID());
- }
- }
-
if (conn.isConnectionResuming())
{
conn.setState(RESUMING);
@@ -283,35 +221,7 @@ public class ClientDelegate extends ConnectionDelegate
}
- private String getKerberosUser()
- {
- log.debug("Obtaining userID from kerberos");
- String service = conSettings.getSaslProtocol() + "@" + conSettings.getSaslServerName();
- GSSManager manager = GSSManager.getInstance();
-
- try
- {
- GSSName acceptorName = manager.createName(service,
- GSSName.NT_HOSTBASED_SERVICE, KRB5_OID);
-
- GSSContext secCtx = manager.createContext(acceptorName,
- KRB5_OID,
- null,
- GSSContext.INDEFINITE_LIFETIME);
- secCtx.initSecContext(new byte[0], 0, 1);
- if (secCtx.getSrcName() != null)
- {
- return secCtx.getSrcName().toString();
- }
- }
- catch (GSSException e)
- {
- log.warn("Unable to retrieve userID from Kerberos due to error",e);
- }
-
- return null;
- }
}
View Lorry Controller Status