Class CertificateLoginModule
- java.lang.Object
-
- org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
-
- org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule
-
- All Implemented Interfaces:
LoginModule
,AuditLoginModule
- Direct Known Subclasses:
TextFileCertificateLoginModule
public abstract class CertificateLoginModule extends PropertiesLoader implements AuditLoginModule
A LoginModule that allows for authentication based on SSL certificates. Allows for subclasses to define methods used to verify user certificates and find user roles. Uses CertificateCallbacks to retrieve certificates.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
PropertiesLoader.FileNameKey
-
-
Field Summary
-
Fields inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
debug, LOGIN_CONFIG_SYS_PROP_NAME
-
-
Constructor Summary
Constructors Constructor Description CertificateLoginModule()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description boolean
abort()
Standard JAAS override.boolean
commit()
Overriding to complete login process.protected String
getDistinguishedName(X509Certificate[] certs)
protected abstract String
getUserNameForCertificates(X509Certificate[] certs)
Should return a unique name corresponding to the certificates given.protected abstract Set<String>
getUserRoles(String username)
Should return a set of the roles this user belongs to.void
initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
Overriding to allow for proper initialization.boolean
login()
Overriding to allow for certificate-based login.boolean
logout()
Standard JAAS override.-
Methods inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
booleanOption, init, load, reload, resetUsersAndGroupsCache
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.activemq.artemis.spi.core.security.jaas.AuditLoginModule
registerFailureForAudit
-
-
-
-
Method Detail
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
Overriding to allow for proper initialization. Standard JAAS.- Specified by:
initialize
in interfaceLoginModule
-
login
public boolean login() throws LoginException
Overriding to allow for certificate-based login. Standard JAAS.- Specified by:
login
in interfaceLoginModule
- Throws:
LoginException
-
commit
public boolean commit() throws LoginException
Overriding to complete login process. Standard JAAS.- Specified by:
commit
in interfaceLoginModule
- Throws:
LoginException
-
abort
public boolean abort() throws LoginException
Standard JAAS override.- Specified by:
abort
in interfaceLoginModule
- Throws:
LoginException
-
logout
public boolean logout()
Standard JAAS override.- Specified by:
logout
in interfaceLoginModule
-
getUserNameForCertificates
protected abstract String getUserNameForCertificates(X509Certificate[] certs) throws LoginException
Should return a unique name corresponding to the certificates given. The name returned will be used to look up access levels as well as role associations.- Parameters:
certs
- The distinguished name.- Returns:
- The unique name if the certificate is recognized, null otherwise.
- Throws:
LoginException
-
getUserRoles
protected abstract Set<String> getUserRoles(String username) throws LoginException
Should return a set of the roles this user belongs to. The roles returned will be added to the user's credentials.- Parameters:
username
- The username of the client. This is the same name that getUserNameForDn returned for the user's DN.- Returns:
- A Set of the names of the roles this user belongs to.
- Throws:
LoginException
-
getDistinguishedName
protected String getDistinguishedName(X509Certificate[] certs)
-
-