From e870e4eb47d21e926af67976d5fddabfdc12a68a Mon Sep 17 00:00:00 2001 From: Gerd Behrmann Date: Wed, 12 Oct 2016 10:10:24 +0200 Subject: [PATCH] xrootd4j: Enable HAProxy aware authorization Authorization plugins can authorize by local and remote socket address. E.g. the alice authorization token plugin verifies that the token is for a TURL for the destination address. In the pressence of an HAProxy in front of the server, the destination address is different from the local address of the channel and thus the alice token plugin fails. This patch injects the actual source and destination address into the authorization plugin. Target: master,3.2 Acked-by: Anupam Ashish Reviewed at https://rb.dcache.org/r/9832/ --- .../xrootd/core/XrootdAuthorizationHandler.java | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/xrootd4j/src/main/java/org/dcache/xrootd/core/XrootdAuthorizationHandler.java b/xrootd4j/src/main/java/org/dcache/xrootd/core/XrootdAuthorizationHandler.java index 9e78c00c..f1814470 100644 --- a/xrootd4j/src/main/java/org/dcache/xrootd/core/XrootdAuthorizationHandler.java +++ b/xrootd4j/src/main/java/org/dcache/xrootd/core/XrootdAuthorizationHandler.java @@ -315,17 +315,14 @@ private String authorize(ChannelHandlerContext ctx, throws XrootdException { try { - Channel channel = ctx.channel(); - InetSocketAddress localAddress = - (InetSocketAddress) channel.localAddress(); - InetSocketAddress remoteAddress = - (InetSocketAddress) channel.remoteAddress(); + InetSocketAddress destinationAddress = getDestinationAddress(); + InetSocketAddress sourceAddress = getSourceAddress(); AuthorizationHandler handler = _authorizationFactory.createHandler(); return handler.authorize(request.getSubject(), - localAddress, - remoteAddress, + destinationAddress, + sourceAddress, path, OpaqueStringParser.getOpaqueMap(opaque), request.getRequestId(),