private void validateAuthenticationMechanisms(final AuthenticationProvider<?> authenticationProvider, final Set<Transport> transports) { List<String> availableMechanisms = new ArrayList<>(authenticationProvider.getMechanisms()); if(authenticationProvider.getDisabledMechanisms() != null) { availableMechanisms.removeAll(authenticationProvider.getDisabledMechanisms()); } if (availableMechanisms.isEmpty()) { throw new IllegalConfigurationException("The authentication provider '" + authenticationProvider.getName() + "' on port '" + getName() + "' has all authentication mechanisms disabled."); } if (hasNonTLSTransport(transports) && authenticationProvider.getSecureOnlyMechanisms() != null) { availableMechanisms.removeAll(authenticationProvider.getSecureOnlyMechanisms()); if(availableMechanisms.isEmpty()) { throw new IllegalConfigurationException("The port '" + getName() + "' allows for non TLS connections, but all authentication " + "mechanisms of the authentication provider '" + authenticationProvider.getName() + "' are disabled on non-secure connections."); } } }
@Override public ProtocolEngine newProtocolEngine(Broker<?> broker, ServerNetworkConnection network, AmqpPort<?> port, Transport transport, long id, final AggregateTicker aggregateTicker) { final AuthenticationProvider<?> authenticationProvider = port.getAuthenticationProvider(); Set<String> supportedMechanisms = new HashSet<>(authenticationProvider.getMechanisms()); supportedMechanisms.removeAll(authenticationProvider.getDisabledMechanisms()); if(!transport.isSecure()) { supportedMechanisms.removeAll(authenticationProvider.getSecureOnlyMechanisms()); } if(supportedMechanisms.contains(AnonymousAuthenticationManager.MECHANISM_NAME) || (supportedMechanisms.contains(ExternalAuthenticationManagerImpl.MECHANISM_NAME) && network.getPeerPrincipal() != null)) { final AMQPConnection_1_0Impl amqpConnection_1_0 = new AMQPConnection_1_0Impl(broker, network, port, transport, id, aggregateTicker); amqpConnection_1_0.create(); return amqpConnection_1_0; } else { LOGGER.info( "Attempt to connect using AMQP 1.0 without using SASL authentication on a port which does not support ANONYMOUS or EXTERNAL by " + network.getRemoteAddress()); return null; } }