Class CertificateLoginModule
java.lang.Object
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule
- All Implemented Interfaces:
LoginModule
,AuditLoginModule
- Direct Known Subclasses:
TextFileCertificateLoginModule
A LoginModule that allows for authentication based on SSL certificates.
Allows for subclasses to define methods used to verify user certificates and
find user roles. Uses CertificateCallbacks to retrieve certificates.
-
Nested Class Summary
Nested classes/interfaces inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
PropertiesLoader.FileNameKey
-
Field Summary
Fields inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
debug, LOGIN_CONFIG_SYS_PROP_NAME
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionboolean
abort()
Standard JAAS override.boolean
commit()
Overriding to complete login process.protected String
getDistinguishedName
(X509Certificate[] certs) protected abstract String
Should return a unique name corresponding to the certificates given.getUserRoles
(String username) Should return a set of the roles this user belongs to.void
initialize
(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) Overriding to allow for proper initialization.boolean
login()
Overriding to allow for certificate-based login.boolean
logout()
Standard JAAS override.Methods inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
booleanOption, init, load, load, reload, resetUsersAndGroupsCache
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.apache.activemq.artemis.spi.core.security.jaas.AuditLoginModule
registerFailureForAudit
-
Constructor Details
-
CertificateLoginModule
public CertificateLoginModule()
-
-
Method Details
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) Overriding to allow for proper initialization. Standard JAAS.- Specified by:
initialize
in interfaceLoginModule
-
login
Overriding to allow for certificate-based login. Standard JAAS.- Specified by:
login
in interfaceLoginModule
- Throws:
LoginException
-
commit
Overriding to complete login process. Standard JAAS.- Specified by:
commit
in interfaceLoginModule
- Throws:
LoginException
-
abort
Standard JAAS override.- Specified by:
abort
in interfaceLoginModule
- Throws:
LoginException
-
logout
public boolean logout()Standard JAAS override.- Specified by:
logout
in interfaceLoginModule
-
getUserNameForCertificates
Should return a unique name corresponding to the certificates given. The name returned will be used to look up access levels as well as role associations.- Parameters:
certs
- The distinguished name.- Returns:
- The unique name if the certificate is recognized, null otherwise.
- Throws:
LoginException
-
getUserRoles
Should return a set of the roles this user belongs to. The roles returned will be added to the user's credentials.- Parameters:
username
- The username of the client. This is the same name that getUserNameForDn returned for the user's DN.- Returns:
- A Set of the names of the roles this user belongs to.
- Throws:
LoginException
-
getDistinguishedName
-