Class TextFileCertificateLoginModule
java.lang.Object
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule
org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule
- All Implemented Interfaces:
LoginModule
,AuditLoginModule
A LoginModule allowing for SSL certificate based authentication based on
Distinguished Names (DN) stored in text files. The DNs are parsed using a
Properties class where each line is <user_name>=<user_DN>. This class also
uses a group definition file where each line is <role_name>=<user_name_1>,<user_name_2>,etc.
The user and role files' locations must be specified in the
org.apache.activemq.jaas.textfiledn.user and
org.apache.activemq.jaas.textfiledn.role properties respectively. NOTE: This
class will re-read user and group files if they have been modified and the "reload"
option is true
-
Nested Class Summary
Nested classes/interfaces inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
PropertiesLoader.FileNameKey
-
Field Summary
Fields inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
debug, LOGIN_CONFIG_SYS_PROP_NAME
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected String
Overriding to allow DN authorization based on DNs specified in text files.getUserRoles
(String username) Overriding to allow for role discovery based on text files.void
initialize
(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) Performs initialization of file paths.Methods inherited from class org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule
abort, commit, getDistinguishedName, login, logout
Methods inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
booleanOption, init, load, load, reload, resetUsersAndGroupsCache
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.apache.activemq.artemis.spi.core.security.jaas.AuditLoginModule
registerFailureForAudit
-
Constructor Details
-
TextFileCertificateLoginModule
public TextFileCertificateLoginModule()
-
-
Method Details
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) Performs initialization of file paths. A standard JAAS override.- Specified by:
initialize
in interfaceLoginModule
- Overrides:
initialize
in classCertificateLoginModule
-
getUserNameForCertificates
Overriding to allow DN authorization based on DNs specified in text files.- Specified by:
getUserNameForCertificates
in classCertificateLoginModule
- Parameters:
certs
- The certificate the incoming connection provided.- Returns:
- The user's authenticated name or null if unable to authenticate the user.
- Throws:
LoginException
- Thrown if unable to find user file or connection certificate.
-
getUserRoles
Overriding to allow for role discovery based on text files.- Specified by:
getUserRoles
in classCertificateLoginModule
- Parameters:
username
- The name of the user being examined. This is the same name returned by getUserNameForCertificates.- Returns:
- A Set of name Strings for roles this user belongs to.
- Throws:
LoginException
- Thrown if unable to find role definition file.
-