org.apache.activemq.jaas
Class TextFileCertificateLoginModule

java.lang.Object
  extended by org.apache.activemq.jaas.CertificateLoginModule
      extended by org.apache.activemq.jaas.TextFileCertificateLoginModule
All Implemented Interfaces:
LoginModule

public class TextFileCertificateLoginModule
extends CertificateLoginModule

A LoginModule allowing for SSL certificate based authentication based on Distinguished Names (DN) stored in text files. The DNs are parsed using a Properties class where each line is =. This class also uses a group definition file where each line is =,,etc. The user and group files' locations must be specified in the org.apache.activemq.jaas.textfiledn.user and org.apache.activemq.jaas.textfiledn.user properties respectively. NOTE: This class will re-read user and group files for every authentication (i.e it does live updates of allowed groups and users).

Author:
sepandm@gmail.com (Sepand)

Constructor Summary
TextFileCertificateLoginModule()
           
 
Method Summary
protected  Set<String> getUserGroups(String username)
          Overriding to allow for group discovery based on text files.
protected  String getUserNameForCertificates(X509Certificate[] certs)
          Overriding to allow DN authorization based on DNs specified in text files.
 void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
          Performs initialization of file paths.
 
Methods inherited from class org.apache.activemq.jaas.CertificateLoginModule
abort, commit, getDistinguishedName, login, logout
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

TextFileCertificateLoginModule

public TextFileCertificateLoginModule()
Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map sharedState,
                       Map options)
Performs initialization of file paths. A standard JAAS override.

Specified by:
initialize in interface LoginModule
Overrides:
initialize in class CertificateLoginModule

getUserNameForCertificates

protected String getUserNameForCertificates(X509Certificate[] certs)
                                     throws LoginException
Overriding to allow DN authorization based on DNs specified in text files.

Specified by:
getUserNameForCertificates in class CertificateLoginModule
Parameters:
certs - The certificate the incoming connection provided.
Returns:
The user's authenticated name or null if unable to authenticate the user.
Throws:
LoginException - Thrown if unable to find user file or connection certificate.

getUserGroups

protected Set<String> getUserGroups(String username)
                             throws LoginException
Overriding to allow for group discovery based on text files.

Specified by:
getUserGroups in class CertificateLoginModule
Parameters:
username - The name of the user being examined. This is the same name returned by getUserNameForCertificates.
Returns:
A Set of name Strings for groups this user belongs to.
Throws:
LoginException - Thrown if unable to find group definition file.


Copyright © 2005–2013 The Apache Software Foundation. All rights reserved.