org.apache.activemq.jaas
Class CertificateLoginModule

java.lang.Object
  extended by org.apache.activemq.jaas.CertificateLoginModule
All Implemented Interfaces:
LoginModule
Direct Known Subclasses:
TextFileCertificateLoginModule

public abstract class CertificateLoginModule
extends Object
implements LoginModule

A LoginModule that allows for authentication based on SSL certificates. Allows for subclasses to define methods used to verify user certificates and find user groups. Uses CertificateCallbacks to retrieve certificates.

Author:
sepandm@gmail.com (Sepand)

Constructor Summary
CertificateLoginModule()
           
 
Method Summary
 boolean abort()
          Standard JAAS override.
 boolean commit()
          Overriding to complete login process.
protected  String getDistinguishedName(X509Certificate[] certs)
           
protected abstract  Set<String> getUserGroups(String username)
          Should return a set of the groups this user belongs to.
protected abstract  String getUserNameForCertificates(X509Certificate[] certs)
          Should return a unique name corresponding to the certificates given.
 void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
          Overriding to allow for proper initialization.
 boolean login()
          Overriding to allow for certificate-based login.
 boolean logout()
          Standard JAAS override.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CertificateLoginModule

public CertificateLoginModule()
Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map sharedState,
                       Map options)
Overriding to allow for proper initialization. Standard JAAS.

Specified by:
initialize in interface LoginModule

login

public boolean login()
              throws LoginException
Overriding to allow for certificate-based login. Standard JAAS.

Specified by:
login in interface LoginModule
Throws:
LoginException

commit

public boolean commit()
               throws LoginException
Overriding to complete login process. Standard JAAS.

Specified by:
commit in interface LoginModule
Throws:
LoginException

abort

public boolean abort()
              throws LoginException
Standard JAAS override.

Specified by:
abort in interface LoginModule
Throws:
LoginException

logout

public boolean logout()
Standard JAAS override.

Specified by:
logout in interface LoginModule

getUserNameForCertificates

protected abstract String getUserNameForCertificates(X509Certificate[] certs)
                                              throws LoginException
Should return a unique name corresponding to the certificates given. The name returned will be used to look up access levels as well as group associations.

Parameters:
certs - The distinguished name.
Returns:
The unique name if the certificate is recognized, null otherwise.
Throws:
LoginException

getUserGroups

protected abstract Set<String> getUserGroups(String username)
                                      throws LoginException
Should return a set of the groups this user belongs to. The groups returned will be added to the user's credentials.

Parameters:
username - The username of the client. This is the same name that getUserNameForDn returned for the user's DN.
Returns:
A Set of the names of the groups this user belongs to.
Throws:
LoginException

getDistinguishedName

protected String getDistinguishedName(X509Certificate[] certs)


Copyright © 2005–2013 The Apache Software Foundation. All rights reserved.