Class TextFileCertificateLoginModule

  extended by org.apache.activemq.jaas.CertificateLoginModule
      extended by org.apache.activemq.jaas.TextFileCertificateLoginModule
All Implemented Interfaces:

public class TextFileCertificateLoginModule
extends CertificateLoginModule

A LoginModule allowing for SSL certificate based authentication based on Distinguished Names (DN) stored in text files. The DNs are parsed using a Properties class where each line is =. This class also uses a group definition file where each line is =,,etc. The user and group files' locations must be specified in the org.apache.activemq.jaas.textfiledn.user and org.apache.activemq.jaas.textfiledn.user properties respectively. NOTE: This class will re-read user and group files for every authentication (i.e it does live updates of allowed groups and users).

Author: (Sepand)

Constructor Summary
Method Summary
protected  Set<String> getUserGroups(String username)
          Overriding to allow for group discovery based on text files.
protected  String getUserNameForCertificates(X509Certificate[] certs)
          Overriding to allow DN authorization based on DNs specified in text files.
 void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
          Performs initialization of file paths.
Methods inherited from class org.apache.activemq.jaas.CertificateLoginModule
abort, commit, getDistinguishedName, login, logout
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail


public TextFileCertificateLoginModule()
Method Detail


public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map sharedState,
                       Map options)
Performs initialization of file paths. A standard JAAS override.

Specified by:
initialize in interface LoginModule
initialize in class CertificateLoginModule


protected String getUserNameForCertificates(X509Certificate[] certs)
                                     throws LoginException
Overriding to allow DN authorization based on DNs specified in text files.

Specified by:
getUserNameForCertificates in class CertificateLoginModule
certs - The certificate the incoming connection provided.
The user's authenticated name or null if unable to authenticate the user.
LoginException - Thrown if unable to find user file or connection certificate.


protected Set<String> getUserGroups(String username)
                             throws LoginException
Overriding to allow for group discovery based on text files.

Specified by:
getUserGroups in class CertificateLoginModule
username - The name of the user being examined. This is the same name returned by getUserNameForCertificates.
A Set of name Strings for groups this user belongs to.
LoginException - Thrown if unable to find group definition file.

Copyright © 2005–2013 The Apache Software Foundation. All rights reserved.