diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacher.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacher.java index b18147df91..70adba8f8e 100644 --- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacher.java +++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacher.java @@ -115,23 +115,27 @@ private String digestCredentials(final String... content) MessageDigest md = MessageDigest.getInstance("SHA-256"); Subject subject = Subject.getSubject(AccessController.getContext()); - Set connectionPrincipals = subject.getPrincipals(SocketConnectionPrincipal.class); - if (connectionPrincipals != null && !connectionPrincipals.isEmpty()) + if (subject != null) { - SocketConnectionPrincipal connectionPrincipal = connectionPrincipals.iterator().next(); - SocketAddress remoteAddress = connectionPrincipal.getRemoteAddress(); - String address; - if (remoteAddress instanceof InetSocketAddress) + Set connectionPrincipals = + subject.getPrincipals(SocketConnectionPrincipal.class); + if (!connectionPrincipals.isEmpty()) { - address = ((InetSocketAddress) remoteAddress).getHostString(); - } - else - { - address = remoteAddress.toString(); - } - if (address != null) - { - md.update(address.getBytes(UTF8)); + SocketConnectionPrincipal connectionPrincipal = connectionPrincipals.iterator().next(); + SocketAddress remoteAddress = connectionPrincipal.getRemoteAddress(); + String address; + if (remoteAddress instanceof InetSocketAddress) + { + address = ((InetSocketAddress) remoteAddress).getHostString(); + } + else + { + address = remoteAddress.toString(); + } + if (address != null) + { + md.update(address.getBytes(UTF8)); + } } } diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacherTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacherTest.java index 659fc912b7..82ac4f6cf0 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacherTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationResultCacherTest.java @@ -135,6 +135,19 @@ public void testCacheHitDifferentRemoteAddressPorts() throws Exception assertGetOrLoad(credentials, expectedResult, expectedHitCount); } + @Test + public void testCacheHitNoSubject() + { + final String credentials = "credentials"; + final AuthenticationResult result1 = _authenticationResultCacher.getOrLoad(new String[]{credentials}, _loader); + assertEquals("Unexpected AuthenticationResult", _successfulAuthenticationResult, result1); + assertEquals("Unexpected number of loads before cache hit", 1, _loadCallCount); + + final AuthenticationResult result2 = _authenticationResultCacher.getOrLoad(new String[]{credentials}, _loader); + assertEquals("Unexpected AuthenticationResult", _successfulAuthenticationResult, result2); + assertEquals("Unexpected number of loads before cache hit", 1, _loadCallCount); + } + private void assertGetOrLoad(final String credentials, final AuthenticationResult expectedResult, final int expectedHitCount) diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/InteractiveAuthenticationFilter.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/InteractiveAuthenticationFilter.java index 55079599fb..1a5de7ee2c 100644 --- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/InteractiveAuthenticationFilter.java +++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/InteractiveAuthenticationFilter.java @@ -21,6 +21,9 @@ package org.apache.qpid.server.management.plugin.filter; import java.io.IOException; +import java.security.Principal; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -40,6 +43,7 @@ import org.apache.qpid.server.management.plugin.HttpManagementConfiguration; import org.apache.qpid.server.management.plugin.HttpManagementUtil; import org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator; +import org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal; import org.apache.qpid.server.plugin.QpidServiceLoader; import org.apache.qpid.server.security.auth.AuthenticatedPrincipal; @@ -96,7 +100,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha if(handler != null) { - handler.handleAuthentication(httpResponse); + invokeAuthenticationHandler(httpRequest, httpResponse, handler); } else { @@ -105,4 +109,25 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha } } + private void invokeAuthenticationHandler(final HttpServletRequest httpRequest, + final HttpServletResponse httpResponse, + final HttpRequestInteractiveAuthenticator.AuthenticationHandler handler) + throws ServletException + { + final Subject tempSubject = new Subject(true, + Collections.singleton(new ServletConnectionPrincipal(httpRequest)), + Collections.emptySet(), + Collections.emptySet()); + try + { + Subject.doAs(tempSubject, (PrivilegedExceptionAction) () -> { + handler.handleAuthentication(httpResponse); + return null; + }); + } + catch (PrivilegedActionException e) + { + throw new ServletException(e); + } + } }