Class TextFileCertificateLoginModule

java.lang.Object

org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader

org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule

org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule

All Implemented Interfaces:

LoginModule, AuditLoginModule

public class TextFileCertificateLoginModule
extends CertificateLoginModule

A LoginModule allowing for SSL certificate based authentication based on Distinguished Names (DN) stored in text files. The DNs are parsed using a Properties class where each line is <user_name>=<user_DN>. This class also uses a group definition file where each line is <role_name>=<user_name_1>,<user_name_2>,etc. The user and role files' locations must be specified in the org.apache.activemq.jaas.textfiledn.user and org.apache.activemq.jaas.textfiledn.role properties respectively. NOTE: This class will re-read user and group files if they have been modified and the "reload" option is true

Nested Class Summary

Nested classes/interfaces inherited from class PropertiesLoader

PropertiesLoader.FileNameKey

Field Summary

Fields inherited from class PropertiesLoader

debug, LOGIN_CONFIG_SYS_PROP_NAME

Constructor Summary

Constructors

Constructor	Description
TextFileCertificateLoginModule()

Method Summary

Modifier and Type	Method	Description
protected String	getUserNameForCertificates(X509Certificate[] certs)	Overriding to allow DN authorization based on DNs specified in text files.
protected Set<String>	getUserRoles(String username)	Overriding to allow for role discovery based on text files.
void	initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)	Performs initialization of file paths.

Methods inherited from class CertificateLoginModule

abort, commit, getDistinguishedName, login, logout

Methods inherited from class PropertiesLoader

booleanOption, init, load, load, reload, resetUsersAndGroupsCache

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface AuditLoginModule

registerFailureForAudit

Constructor Details

TextFileCertificateLoginModule

public TextFileCertificateLoginModule()

Method Details

initialize

public void initialize(Subject subject,
 CallbackHandler callbackHandler,
 Map<String,?> sharedState,
 Map<String,?> options)

Performs initialization of file paths. A standard JAAS override.

Specified by:

initialize in interface LoginModule

Overrides:

initialize in class CertificateLoginModule

getUserNameForCertificates

protected String getUserNameForCertificates(X509Certificate[] certs)
                                     throws LoginException

Overriding to allow DN authorization based on DNs specified in text files.

Specified by:

getUserNameForCertificates in class CertificateLoginModule

Parameters:

certs - The certificate the incoming connection provided.

Returns:

The user's authenticated name or null if unable to authenticate the user.

Throws:

LoginException - Thrown if unable to find user file or connection certificate.

getUserRoles

protected Set<String> getUserRoles(String username)
                            throws LoginException

Overriding to allow for role discovery based on text files.

Specified by:

getUserRoles in class CertificateLoginModule

Parameters:

username - The name of the user being examined. This is the same name returned by getUserNameForCertificates.

Returns:

A Set of name Strings for roles this user belongs to

Throws:

LoginException - Thrown if unable to find role definition file.