Class TextFileCertificateLoginModule
- java.lang.Object
-
- org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
-
- org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule
-
- org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule
-
- All Implemented Interfaces:
LoginModule
,AuditLoginModule
public class TextFileCertificateLoginModule extends CertificateLoginModule
A LoginModule allowing for SSL certificate based authentication based on Distinguished Names (DN) stored in text files. The DNs are parsed using a Properties class where each line is <user_name>=<user_DN>. This class also uses a group definition file where each line is <role_name>=<user_name_1>,<user_name_2>,etc. The user and role files' locations must be specified in the org.apache.activemq.jaas.textfiledn.user and org.apache.activemq.jaas.textfiledn.role properties respectively. NOTE: This class will re-read user and group files if they have been modified and the "reload" option is true
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
PropertiesLoader.FileNameKey
-
-
Field Summary
-
Fields inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
debug, LOGIN_CONFIG_SYS_PROP_NAME
-
-
Constructor Summary
Constructors Constructor Description TextFileCertificateLoginModule()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected String
getUserNameForCertificates(X509Certificate[] certs)
Overriding to allow DN authorization based on DNs specified in text files.protected Set<String>
getUserRoles(String username)
Overriding to allow for role discovery based on text files.void
initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
Performs initialization of file paths.-
Methods inherited from class org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule
abort, commit, getDistinguishedName, login, logout
-
Methods inherited from class org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader
booleanOption, init, load, reload, resetUsersAndGroupsCache
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.activemq.artemis.spi.core.security.jaas.AuditLoginModule
registerFailureForAudit
-
-
-
-
Method Detail
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
Performs initialization of file paths. A standard JAAS override.- Specified by:
initialize
in interfaceLoginModule
- Overrides:
initialize
in classCertificateLoginModule
-
getUserNameForCertificates
protected String getUserNameForCertificates(X509Certificate[] certs) throws LoginException
Overriding to allow DN authorization based on DNs specified in text files.- Specified by:
getUserNameForCertificates
in classCertificateLoginModule
- Parameters:
certs
- The certificate the incoming connection provided.- Returns:
- The user's authenticated name or null if unable to authenticate the user.
- Throws:
LoginException
- Thrown if unable to find user file or connection certificate.
-
getUserRoles
protected Set<String> getUserRoles(String username) throws LoginException
Overriding to allow for role discovery based on text files.- Specified by:
getUserRoles
in classCertificateLoginModule
- Parameters:
username
- The name of the user being examined. This is the same name returned by getUserNameForCertificates.- Returns:
- A Set of name Strings for roles this user belongs to.
- Throws:
LoginException
- Thrown if unable to find role definition file.
-
-