org.apache.activemq.artemis.spi.core.security.jaas

Class TextFileCertificateLoginModule

java.lang.Object

org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader

org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule

org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule

All Implemented Interfaces:

LoginModule, AuditLoginModule

public class TextFileCertificateLoginModule
extends CertificateLoginModule

A LoginModule allowing for SSL certificate based authentication based on Distinguished Names (DN) stored in text files. The DNs are parsed using a Properties class where each line is <user_name>=<user_DN>. This class also uses a group definition file where each line is <role_name>=<user_name_1>,<user_name_2>,etc. The user and role files' locations must be specified in the org.apache.activemq.jaas.textfiledn.user and org.apache.activemq.jaas.textfiledn.role properties respectively. NOTE: This class will re-read user and group files if they have been modified and the "reload" option is true

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader

PropertiesLoader.FileNameKey

Field Summary

Fields inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader

debug

Constructor Summary

Constructors

Constructor and Description
TextFileCertificateLoginModule()

Method Summary

Modifier and Type	Method and Description
protected String	getUserNameForCertificates(X509Certificate[] certs) Overriding to allow DN authorization based on DNs specified in text files.
protected Set<String>	getUserRoles(String username) Overriding to allow for role discovery based on text files.
void	initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options) Performs initialization of file paths.

Methods inherited from class org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule

abort, commit, getDistinguishedName, login, logout

Methods inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader

init, load, resetUsersAndGroupsCache

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.activemq.artemis.spi.core.security.jaas.AuditLoginModule

registerFailureForAudit

Constructor Detail

TextFileCertificateLoginModule

public TextFileCertificateLoginModule()

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)

Performs initialization of file paths. A standard JAAS override.

Specified by:

initialize in interface LoginModule

Overrides:

initialize in class CertificateLoginModule

getUserNameForCertificates

protected String getUserNameForCertificates(X509Certificate[] certs)
                                     throws LoginException

Overriding to allow DN authorization based on DNs specified in text files.

Specified by:

getUserNameForCertificates in class CertificateLoginModule

Parameters:

certs - The certificate the incoming connection provided.

Returns:

The user's authenticated name or null if unable to authenticate the user.

Throws:

LoginException - Thrown if unable to find user file or connection certificate.

getUserRoles

protected Set<String> getUserRoles(String username)
                            throws LoginException

Overriding to allow for role discovery based on text files.

Specified by:

getUserRoles in class CertificateLoginModule

Parameters:

username - The name of the user being examined. This is the same name returned by getUserNameForCertificates.

Returns:

A Set of name Strings for roles this user belongs to.

Throws:

LoginException - Thrown if unable to find role definition file.