Package org.apache.activemq.artemis.spi.core.security

Class ActiveMQBasicSecurityManager

java.lang.Object

org.apache.activemq.artemis.spi.core.security.ActiveMQBasicSecurityManager

All Implemented Interfaces:

ActiveMQSecurityManager, ActiveMQSecurityManager5, UserManagement

public class ActiveMQBasicSecurityManager
extends Object
implements ActiveMQSecurityManager5, UserManagement

All user and role state (both in memory and on disk) is maintained by the underlying StorageManager

Field Summary

Fields

Modifier and Type	Field	Description
static String	BOOTSTRAP_PASSWORD
static String	BOOTSTRAP_ROLE
static String	BOOTSTRAP_ROLE_FILE
static String	BOOTSTRAP_USER
static String	BOOTSTRAP_USER_FILE

Constructor Summary

Constructors

Constructor	Description
ActiveMQBasicSecurityManager()

Method Summary

Modifier and Type	Method	Description
void	addNewUser(String user, String password, String... roles)
Subject	authenticate(String userToAuthenticate, String passwordToAuthenticate, RemotingConnection remotingConnection, String securityDomain)	is this a valid user.
boolean	authorize(Subject subject, Set<org.apache.activemq.artemis.core.security.Role> roles, org.apache.activemq.artemis.core.security.CheckType checkType, String address)	Determine whether the given user has the correct role for the given check type.
void	completeInit(org.apache.activemq.artemis.core.persistence.StorageManager storageManager)
ActiveMQBasicSecurityManager	init(Map<String,String> properties)	Initialize the manager with the given configuration properties.
Map<String,Set<String>>	listUser(String user)
void	removeUser(String user)
void	updateUser(String user, String password, String... roles)
boolean	validateUser(String user, String password)	is this a valid user.
boolean	validateUserAndRole(String user, String password, Set<org.apache.activemq.artemis.core.security.Role> roles, org.apache.activemq.artemis.core.security.CheckType checkType)	is this a valid user and do they have the correct role

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager

getDomain, getUserFromSubject

Field Detail

BOOTSTRAP_USER

public static final String BOOTSTRAP_USER

See Also:

Constant Field Values

BOOTSTRAP_PASSWORD

public static final String BOOTSTRAP_PASSWORD

See Also:

Constant Field Values

BOOTSTRAP_ROLE

public static final String BOOTSTRAP_ROLE

See Also:

Constant Field Values

BOOTSTRAP_USER_FILE

public static final String BOOTSTRAP_USER_FILE

See Also:

Constant Field Values

BOOTSTRAP_ROLE_FILE

public static final String BOOTSTRAP_ROLE_FILE

See Also:

Constant Field Values

Constructor Detail

ActiveMQBasicSecurityManager

public ActiveMQBasicSecurityManager()

Method Detail

init

public ActiveMQBasicSecurityManager init(Map<String,String> properties)

Description copied from interface: ActiveMQSecurityManager

Initialize the manager with the given configuration properties. This method is called by the broker when the file-based configuration is read. If you're creating/configuring the plugin programmatically then the recommended approach is to simply use the manager's getters/setters rather than this method.

Specified by:

init in interface ActiveMQSecurityManager

Parameters:

properties - name/value pairs used to configure the ActiveMQSecurityManager instance

Returns:

this instance

validateUser

public boolean validateUser(String user,
                            String password)

Description copied from interface: ActiveMQSecurityManager

is this a valid user.

Specified by:

validateUser in interface ActiveMQSecurityManager

Parameters:

user - the user

password - the users password

Returns:

true if a valid user

authenticate

public Subject authenticate(String userToAuthenticate,
                            String passwordToAuthenticate,
                            RemotingConnection remotingConnection,
                            String securityDomain)

Description copied from interface: ActiveMQSecurityManager5

is this a valid user. This method is called instead of ActiveMQSecurityManager.validateUser(String, String).

Specified by:

authenticate in interface ActiveMQSecurityManager5

Parameters:

userToAuthenticate - the user

passwordToAuthenticate - the user's password

remotingConnection - the user's connection which contains any corresponding SSL certs

securityDomain - the name of the JAAS security domain to use (can be null)

Returns:

the Subject of the authenticated user, else null

validateUserAndRole

public boolean validateUserAndRole(String user,
                                   String password,
                                   Set<org.apache.activemq.artemis.core.security.Role> roles,
                                   org.apache.activemq.artemis.core.security.CheckType checkType)

Description copied from interface: ActiveMQSecurityManager

is this a valid user and do they have the correct role

Specified by:

validateUserAndRole in interface ActiveMQSecurityManager

Parameters:

user - the user

password - the users password

roles - the roles the user has

checkType - the type of check to perform

Returns:

true if the user is valid and they have the correct roles

authorize

public boolean authorize(Subject subject,
                         Set<org.apache.activemq.artemis.core.security.Role> roles,
                         org.apache.activemq.artemis.core.security.CheckType checkType,
                         String address)

Description copied from interface: ActiveMQSecurityManager5

Determine whether the given user has the correct role for the given check type. This method is called instead of ActiveMQSecurityManager.validateUserAndRole(String, String, Set, CheckType).

Specified by:

authorize in interface ActiveMQSecurityManager5

Parameters:

subject - the Subject to authorize

roles - the roles configured in the security-settings

checkType - which permission to validate

address - the address (or FQQN) to grant access to

Returns:

true if the user is authorized, else false

addNewUser

public void addNewUser(String user,
                       String password,
                       String... roles)
                throws Exception

Specified by:

addNewUser in interface UserManagement

Throws:

Exception

removeUser

public void removeUser(String user)
                throws Exception

Specified by:

removeUser in interface UserManagement

Throws:

Exception

listUser

public Map<String,Set<String>> listUser(String user)

Specified by:

listUser in interface UserManagement

updateUser

public void updateUser(String user,
                       String password,
                       String... roles)
                throws Exception

Specified by:

updateUser in interface UserManagement

Throws:

Exception

completeInit

public void completeInit(org.apache.activemq.artemis.core.persistence.StorageManager storageManager)