mirror of https://github.com/apache/activemq.git
Additional fixes and tests for disable of non-SASL client connects.
This commit is contained in:
parent
cf750d5cee
commit
c5998444cf
|
@ -121,21 +121,30 @@ public class AmqpWireFormat implements WireFormat {
|
||||||
* Given an AMQP header validate that the AMQP magic is present and
|
* Given an AMQP header validate that the AMQP magic is present and
|
||||||
* if so that the version and protocol values align with what we support.
|
* if so that the version and protocol values align with what we support.
|
||||||
*
|
*
|
||||||
|
* In the case where authentication occurs the client sends us two AMQP
|
||||||
|
* headers, the first being the SASL initial header which triggers the
|
||||||
|
* authentication process and then if that succeeds we should get a second
|
||||||
|
* AMQP header that does not contain the SASL protocol ID indicating the
|
||||||
|
* connection process should follow the normal path. We validate that the
|
||||||
|
* header align with these expectations.
|
||||||
|
*
|
||||||
* @param header
|
* @param header
|
||||||
* the header instance received from the client.
|
* the header instance received from the client.
|
||||||
|
* @param authenticated
|
||||||
|
* has the client already authenticated already.
|
||||||
*
|
*
|
||||||
* @return true if the header is valid against the current WireFormat.
|
* @return true if the header is valid against the current WireFormat.
|
||||||
*/
|
*/
|
||||||
public boolean isHeaderValid(AmqpHeader header) {
|
public boolean isHeaderValid(AmqpHeader header, boolean authenticated) {
|
||||||
if (!header.hasValidPrefix()) {
|
if (!header.hasValidPrefix()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(header.getProtocolId() == 0 || header.getProtocolId() == 3)) {
|
if (!(header.getProtocolId() == 0 || header.getProtocolId() == SASL_PROTOCOL)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!isAllowNonSaslConnections() && header.getProtocolId() != SASL_PROTOCOL) {
|
if (!authenticated && !isAllowNonSaslConnections() && header.getProtocolId() != SASL_PROTOCOL) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -327,7 +327,7 @@ public class AmqpConnection implements AmqpProtocolConverter {
|
||||||
if (command.getClass() == AmqpHeader.class) {
|
if (command.getClass() == AmqpHeader.class) {
|
||||||
AmqpHeader header = (AmqpHeader) command;
|
AmqpHeader header = (AmqpHeader) command;
|
||||||
|
|
||||||
if (amqpWireFormat.isHeaderValid(header)) {
|
if (amqpWireFormat.isHeaderValid(header, authenticator != null)) {
|
||||||
LOG.trace("Connection from an AMQP v1.0 client initiated. {}", header);
|
LOG.trace("Connection from an AMQP v1.0 client initiated. {}", header);
|
||||||
} else {
|
} else {
|
||||||
LOG.warn("Connection attempt from non AMQP v1.0 client. {}", header);
|
LOG.warn("Connection attempt from non AMQP v1.0 client. {}", header);
|
||||||
|
|
|
@ -30,7 +30,7 @@ import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* SASL Authenitcation engine.
|
* SASL Authentication engine.
|
||||||
*/
|
*/
|
||||||
public class AmqpAuthenticator {
|
public class AmqpAuthenticator {
|
||||||
|
|
||||||
|
|
|
@ -35,10 +35,10 @@ public class AmqpWireFormatTest {
|
||||||
wireFormat.setAllowNonSaslConnections(false);
|
wireFormat.setAllowNonSaslConnections(false);
|
||||||
|
|
||||||
AmqpHeader nonSaslHeader = new AmqpHeader();
|
AmqpHeader nonSaslHeader = new AmqpHeader();
|
||||||
assertFalse(wireFormat.isHeaderValid(nonSaslHeader));
|
assertFalse(wireFormat.isHeaderValid(nonSaslHeader, false));
|
||||||
AmqpHeader saslHeader = new AmqpHeader();
|
AmqpHeader saslHeader = new AmqpHeader();
|
||||||
saslHeader.setProtocolId(3);
|
saslHeader.setProtocolId(3);
|
||||||
assertTrue(wireFormat.isHeaderValid(saslHeader));
|
assertTrue(wireFormat.isHeaderValid(saslHeader, false));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -46,10 +46,21 @@ public class AmqpWireFormatTest {
|
||||||
wireFormat.setAllowNonSaslConnections(true);
|
wireFormat.setAllowNonSaslConnections(true);
|
||||||
|
|
||||||
AmqpHeader nonSaslHeader = new AmqpHeader();
|
AmqpHeader nonSaslHeader = new AmqpHeader();
|
||||||
assertTrue(wireFormat.isHeaderValid(nonSaslHeader));
|
assertTrue(wireFormat.isHeaderValid(nonSaslHeader, false));
|
||||||
AmqpHeader saslHeader = new AmqpHeader();
|
AmqpHeader saslHeader = new AmqpHeader();
|
||||||
saslHeader.setProtocolId(3);
|
saslHeader.setProtocolId(3);
|
||||||
assertTrue(wireFormat.isHeaderValid(saslHeader));
|
assertTrue(wireFormat.isHeaderValid(saslHeader, false));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testNonSaslHeaderAfterSaslAuthenticationIsAccepted() {
|
||||||
|
wireFormat.setAllowNonSaslConnections(false);
|
||||||
|
|
||||||
|
AmqpHeader nonSaslHeader = new AmqpHeader();
|
||||||
|
assertTrue(wireFormat.isHeaderValid(nonSaslHeader, true));
|
||||||
|
AmqpHeader saslHeader = new AmqpHeader();
|
||||||
|
saslHeader.setProtocolId(3);
|
||||||
|
assertTrue(wireFormat.isHeaderValid(saslHeader, false));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
Loading…
Reference in New Issue