This closes #1703
This commit is contained in:
Justin Bertram
commit
a3e3adf894
|
|
@ -74,7 +74,10 @@ public class GSSAPIServerSASL implements ServerSASL {
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
byte[] challenge = Subject.doAs(jaasId, (PrivilegedExceptionAction<byte[]>) () -> saslServer.evaluateResponse(bytes));
|
byte[] challenge = null;
|
||||||
|
if (bytes.length > 0) {
|
||||||
|
challenge = Subject.doAs(jaasId, (PrivilegedExceptionAction<byte[]>) () -> saslServer.evaluateResponse(bytes));
|
||||||
|
}
|
||||||
if (saslServer.isComplete()) {
|
if (saslServer.isComplete()) {
|
||||||
result = new GSSAPISASLResult(true, new KerberosPrincipal(saslServer.getAuthorizationID()));
|
result = new GSSAPISASLResult(true, new KerberosPrincipal(saslServer.getAuthorizationID()));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -25,16 +25,34 @@ import javax.jms.TextMessage;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
|
import java.util.Collections;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
|
import java.util.LinkedHashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Optional;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
import java.util.concurrent.TimeUnit;
|
||||||
|
import java.util.concurrent.atomic.AtomicBoolean;
|
||||||
|
|
||||||
|
import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector;
|
||||||
|
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
|
||||||
import org.apache.activemq.artemis.core.security.Role;
|
import org.apache.activemq.artemis.core.security.Role;
|
||||||
import org.apache.activemq.artemis.core.server.ActiveMQServer;
|
import org.apache.activemq.artemis.core.server.ActiveMQServer;
|
||||||
|
import org.apache.activemq.artemis.protocol.amqp.broker.ProtonProtocolManagerFactory;
|
||||||
|
import org.apache.activemq.artemis.protocol.amqp.client.AMQPClientConnectionFactory;
|
||||||
|
import org.apache.activemq.artemis.protocol.amqp.client.ProtonClientConnectionManager;
|
||||||
|
import org.apache.activemq.artemis.protocol.amqp.client.ProtonClientProtocolManager;
|
||||||
|
import org.apache.activemq.artemis.protocol.amqp.proton.handler.EventHandler;
|
||||||
|
import org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler;
|
||||||
|
import org.apache.activemq.artemis.protocol.amqp.sasl.ClientSASL;
|
||||||
|
import org.apache.activemq.artemis.protocol.amqp.sasl.ClientSASLFactory;
|
||||||
import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
|
import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
|
||||||
|
import org.apache.activemq.artemis.tests.util.Wait;
|
||||||
import org.apache.activemq.artemis.utils.RandomUtil;
|
import org.apache.activemq.artemis.utils.RandomUtil;
|
||||||
import org.apache.hadoop.minikdc.MiniKdc;
|
import org.apache.hadoop.minikdc.MiniKdc;
|
||||||
import org.apache.qpid.jms.JmsConnectionFactory;
|
import org.apache.qpid.jms.JmsConnectionFactory;
|
||||||
|
import org.apache.qpid.jms.sasl.GssapiMechanism;
|
||||||
|
import org.apache.qpid.proton.amqp.Symbol;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
@ -164,4 +182,83 @@ public class JMSSaslGssapiTest extends JMSClientTestSupport {
|
||||||
assertTrue(expected.getMessage().contains("SASL"));
|
assertTrue(expected.getMessage().contains("SASL"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testOutboundWithSlowMech() throws Exception {
|
||||||
|
final Map<String, Object> config = new LinkedHashMap<>(); config.put(TransportConstants.HOST_PROP_NAME, "localhost");
|
||||||
|
config.put(TransportConstants.PORT_PROP_NAME, String.valueOf(AMQP_PORT));
|
||||||
|
final ClientSASLFactory clientSASLFactory = new ClientSASLFactory() {
|
||||||
|
@Override
|
||||||
|
public ClientSASL chooseMechanism(String[] availableMechanims) {
|
||||||
|
GssapiMechanism gssapiMechanism = new GssapiMechanism();
|
||||||
|
return new ClientSASL() {
|
||||||
|
@Override
|
||||||
|
public String getName() {
|
||||||
|
return gssapiMechanism.getName();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public byte[] getInitialResponse() {
|
||||||
|
gssapiMechanism.setUsername("client");
|
||||||
|
gssapiMechanism.setServerName("localhost");
|
||||||
|
try {
|
||||||
|
return gssapiMechanism.getInitialResponse();
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
return new byte[0];
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public byte[] getResponse(byte[] challenge) {
|
||||||
|
try {
|
||||||
|
// simulate a slow client
|
||||||
|
TimeUnit.SECONDS.sleep(4);
|
||||||
|
} catch (InterruptedException e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
return gssapiMechanism.getChallengeResponse(challenge);
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
return new byte[0];
|
||||||
|
}
|
||||||
|
};
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
final AtomicBoolean connectionOpened = new AtomicBoolean();
|
||||||
|
final AtomicBoolean authFailed = new AtomicBoolean();
|
||||||
|
|
||||||
|
EventHandler eventHandler = new EventHandler() {
|
||||||
|
@Override
|
||||||
|
public void onRemoteOpen(org.apache.qpid.proton.engine.Connection connection) throws Exception {
|
||||||
|
connectionOpened.set(true);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void onAuthFailed(ProtonHandler protonHandler, org.apache.qpid.proton.engine.Connection connection) {
|
||||||
|
authFailed.set(true);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
ProtonClientConnectionManager lifeCycleListener = new ProtonClientConnectionManager(new AMQPClientConnectionFactory(server, "myid", Collections.singletonMap(Symbol.getSymbol("myprop"), "propvalue"), 5000), Optional.of(eventHandler), clientSASLFactory);
|
||||||
|
ProtonClientProtocolManager protocolManager = new ProtonClientProtocolManager(new ProtonProtocolManagerFactory(), server);
|
||||||
|
NettyConnector connector = new NettyConnector(config, lifeCycleListener, lifeCycleListener, server.getExecutorFactory().getExecutor(), server.getExecutorFactory().getExecutor(), server.getScheduledPool(), protocolManager);
|
||||||
|
connector.start();
|
||||||
|
connector.createConnection();
|
||||||
|
|
||||||
|
try {
|
||||||
|
Wait.assertEquals(1, server::getConnectionCount);
|
||||||
|
Wait.assertTrue(connectionOpened::get);
|
||||||
|
Wait.assertFalse(authFailed::get);
|
||||||
|
|
||||||
|
lifeCycleListener.stop();
|
||||||
|
|
||||||
|
Wait.assertEquals(0, server::getConnectionCount);
|
||||||
|
} finally {
|
||||||
|
lifeCycleListener.stop();
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue