xrootd4j: Enable HAProxy aware authorization

Authorization plugins can authorize by local and remote socket address. E.g. the alice authorization token plugin verifies that the token is for a TURL for the destination address. In the pressence of an HAProxy in front of the server, the destination address is different from the local address of the channel and thus the alice token plugin fails. This patch injects the actual source and destination address into the authorization plugin. Target: master,3.2 Acked-by: Anupam Ashish <[email protected]> Reviewed at https://rb.dcache.org/r/9832/
vingar · Oct 12, 2016 · e870e4e · e870e4e
1 parent 609a55c
commit e870e4e
Showing 1 changed file with 4 additions and 7 deletions.
diff --git a/xrootd4j/src/main/java/org/dcache/xrootd/core/XrootdAuthorizationHandler.java b/xrootd4j/src/main/java/org/dcache/xrootd/core/XrootdAuthorizationHandler.java
@@ -315,17 +315,14 @@ private String authorize(ChannelHandlerContext ctx,
         throws XrootdException
     {
         try {
-            Channel channel = ctx.channel();
-            InetSocketAddress localAddress =
-                (InetSocketAddress) channel.localAddress();
-            InetSocketAddress remoteAddress =
-                (InetSocketAddress) channel.remoteAddress();
+            InetSocketAddress destinationAddress = getDestinationAddress();
+            InetSocketAddress sourceAddress = getSourceAddress();
 
             AuthorizationHandler handler =
                 _authorizationFactory.createHandler();
             return handler.authorize(request.getSubject(),
-                                     localAddress,
-                                     remoteAddress,
+                                     destinationAddress,
+                                     sourceAddress,
                                      path,
                                      OpaqueStringParser.getOpaqueMap(opaque),
                                      request.getRequestId(),