qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Wall (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-7562) Ensure that HTTP threads always carry a ManagementConnectionPrincipal
Date Thu, 01 Dec 2016 19:47:59 GMT

     [ https://issues.apache.org/jira/browse/QPID-7562?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Keith Wall updated QPID-7562:
-----------------------------
    Description: 
QPID-7549 exposed a defect that HTTP threads are not always carrying a Subject.

* We should ensure that HTTP threads always carry a Subject. If the user is not yet authenticated,
this will simple be a Subject containing a ManagementConnectionPrincipal. If think this is
best done once in a filter, towards the front of the filter chain.
* Is there a reason why AuthenticationResultCacher should not consider all SocketConnectionPrincipal
rather than just ConnectionPrincipal. I realise that if Qpid were to be behind a web proxy,
then there would be not uniqueness added (as the end point would be same), but the same argument
could be made about AMQP if it were using a AMQP proxy.
* I think the responsibilities for preemptive authentication and possibly sasl authentication
should be refactored into filters. I think the current code is hard to follow (separate JIRA).

The simply fix for qpid-java-6.1.x will be carried out under QPID-7549.


  was:.


> Ensure that HTTP threads always carry a ManagementConnectionPrincipal
> ---------------------------------------------------------------------
>
>                 Key: QPID-7562
>                 URL: https://issues.apache.org/jira/browse/QPID-7562
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>            Reporter: Keith Wall
>             Fix For: qpid-java-6.2
>
>
> QPID-7549 exposed a defect that HTTP threads are not always carrying a Subject.
> * We should ensure that HTTP threads always carry a Subject. If the user is not yet authenticated,
this will simple be a Subject containing a ManagementConnectionPrincipal. If think this is
best done once in a filter, towards the front of the filter chain.
> * Is there a reason why AuthenticationResultCacher should not consider all SocketConnectionPrincipal
rather than just ConnectionPrincipal. I realise that if Qpid were to be behind a web proxy,
then there would be not uniqueness added (as the end point would be same), but the same argument
could be made about AMQP if it were using a AMQP proxy.
> * I think the responsibilities for preemptive authentication and possibly sasl authentication
should be refactored into filters. I think the current code is hard to follow (separate JIRA).
> The simply fix for qpid-java-6.1.x will be carried out under QPID-7549.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message