Class CertificateLoginModule

java.lang.Object
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule
All Implemented Interfaces:
LoginModule, AuditLoginModule
Direct Known Subclasses:
TextFileCertificateLoginModule

public abstract class CertificateLoginModule extends PropertiesLoader implements AuditLoginModule
A LoginModule that allows for authentication based on SSL certificates. Allows for subclasses to define methods used to verify user certificates and find user roles. Uses CertificateCallbacks to retrieve certificates.
  • Constructor Details

    • CertificateLoginModule

      public CertificateLoginModule()
  • Method Details

    • initialize

      public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
      Overriding to allow for proper initialization. Standard JAAS.
      Specified by:
      initialize in interface LoginModule
    • login

      public boolean login() throws LoginException
      Overriding to allow for certificate-based login. Standard JAAS.
      Specified by:
      login in interface LoginModule
      Throws:
      LoginException
    • commit

      public boolean commit() throws LoginException
      Overriding to complete login process. Standard JAAS.
      Specified by:
      commit in interface LoginModule
      Throws:
      LoginException
    • abort

      public boolean abort() throws LoginException
      Standard JAAS override.
      Specified by:
      abort in interface LoginModule
      Throws:
      LoginException
    • logout

      public boolean logout()
      Standard JAAS override.
      Specified by:
      logout in interface LoginModule
    • getUserNameForCertificates

      protected abstract String getUserNameForCertificates(X509Certificate[] certs) throws LoginException
      Should return a unique name corresponding to the certificates given. The name returned will be used to look up access levels as well as role associations.
      Parameters:
      certs - The distinguished name.
      Returns:
      The unique name if the certificate is recognized, null otherwise.
      Throws:
      LoginException
    • getUserRoles

      protected abstract Set<String> getUserRoles(String username) throws LoginException
      Should return a set of the roles this user belongs to. The roles returned will be added to the user's credentials.
      Parameters:
      username - The username of the client. This is the same name that getUserNameForDn returned for the user's DN.
      Returns:
      A Set of the names of the roles this user belongs to.
      Throws:
      LoginException
    • getDistinguishedName

      protected String getDistinguishedName(X509Certificate[] certs)