Interface ActiveMQSecurityManager5
- All Superinterfaces:
ActiveMQSecurityManager
- All Known Implementing Classes:
ActiveMQBasicSecurityManager
,ActiveMQJAASSecurityManager
Used to validate whether a user is authorized to connect to the
server and perform certain functions on certain addresses
This is an evolution of
ActiveMQSecurityManager4
that integrates with the new Subject caching functionality.-
Method Summary
Modifier and TypeMethodDescriptionauthenticate
(String user, String password, RemotingConnection remotingConnection, String securityDomain) is this a valid user.boolean
authorize
(Subject subject, Set<org.apache.activemq.artemis.core.security.Role> roles, org.apache.activemq.artemis.core.security.CheckType checkType, String address) Determine whether the given user has the correct role for the given check type.Methods inherited from interface org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
getDomain, getUserFromSubject, init, validateUser, validateUserAndRole
-
Method Details
-
authenticate
Subject authenticate(String user, String password, RemotingConnection remotingConnection, String securityDomain) throws NoCacheLoginException is this a valid user. This method is called instead ofActiveMQSecurityManager.validateUser(String, String)
.- Parameters:
user
- the userpassword
- the user's passwordremotingConnection
- the user's connection which contains any corresponding SSL certssecurityDomain
- the name of the JAAS security domain to use (can be null)- Returns:
- the Subject of the authenticated user, else null
- Throws:
NoCacheLoginException
-
authorize
boolean authorize(Subject subject, Set<org.apache.activemq.artemis.core.security.Role> roles, org.apache.activemq.artemis.core.security.CheckType checkType, String address) Determine whether the given user has the correct role for the given check type. This method is called instead ofActiveMQSecurityManager.validateUserAndRole(String, String, Set, CheckType)
.- Parameters:
subject
- the Subject to authorizeroles
- the roles configured in the security-settingscheckType
- which permission to validateaddress
- the address (or FQQN) to grant access to- Returns:
- true if the user is authorized, else false
-