Class CertificateLoginModule
- java.lang.Object
-
- org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
-
- org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule
-
- All Implemented Interfaces:
LoginModule,AuditLoginModule
- Direct Known Subclasses:
TextFileCertificateLoginModule
public abstract class CertificateLoginModule extends PropertiesLoader implements AuditLoginModule
A LoginModule that allows for authentication based on SSL certificates. Allows for subclasses to define methods used to verify user certificates and find user roles. Uses CertificateCallbacks to retrieve certificates.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
PropertiesLoader.FileNameKey
-
-
Field Summary
-
Fields inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
debug, LOGIN_CONFIG_SYS_PROP_NAME
-
-
Constructor Summary
Constructors Constructor Description CertificateLoginModule()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description booleanabort()Standard JAAS override.booleancommit()Overriding to complete login process.protected StringgetDistinguishedName(X509Certificate[] certs)protected abstract StringgetUserNameForCertificates(X509Certificate[] certs)Should return a unique name corresponding to the certificates given.protected abstract Set<String>getUserRoles(String username)Should return a set of the roles this user belongs to.voidinitialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)Overriding to allow for proper initialization.booleanlogin()Overriding to allow for certificate-based login.booleanlogout()Standard JAAS override.-
Methods inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
booleanOption, init, load, reload, resetUsersAndGroupsCache
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.activemq.artemis.spi.core.security.jaas.AuditLoginModule
registerFailureForAudit
-
-
-
-
Method Detail
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
Overriding to allow for proper initialization. Standard JAAS.- Specified by:
initializein interfaceLoginModule
-
login
public boolean login() throws LoginExceptionOverriding to allow for certificate-based login. Standard JAAS.- Specified by:
loginin interfaceLoginModule- Throws:
LoginException
-
commit
public boolean commit() throws LoginExceptionOverriding to complete login process. Standard JAAS.- Specified by:
commitin interfaceLoginModule- Throws:
LoginException
-
abort
public boolean abort() throws LoginExceptionStandard JAAS override.- Specified by:
abortin interfaceLoginModule- Throws:
LoginException
-
logout
public boolean logout()
Standard JAAS override.- Specified by:
logoutin interfaceLoginModule
-
getUserNameForCertificates
protected abstract String getUserNameForCertificates(X509Certificate[] certs) throws LoginException
Should return a unique name corresponding to the certificates given. The name returned will be used to look up access levels as well as role associations.- Parameters:
certs- The distinguished name.- Returns:
- The unique name if the certificate is recognized, null otherwise.
- Throws:
LoginException
-
getUserRoles
protected abstract Set<String> getUserRoles(String username) throws LoginException
Should return a set of the roles this user belongs to. The roles returned will be added to the user's credentials.- Parameters:
username- The username of the client. This is the same name that getUserNameForDn returned for the user's DN.- Returns:
- A Set of the names of the roles this user belongs to.
- Throws:
LoginException
-
getDistinguishedName
protected String getDistinguishedName(X509Certificate[] certs)
-
-