Package org.apache.activemq.jaas
Class CertificateLoginModule
- java.lang.Object
-
- org.apache.activemq.jaas.PropertiesLoader
-
- org.apache.activemq.jaas.CertificateLoginModule
-
- All Implemented Interfaces:
LoginModule
- Direct Known Subclasses:
TextFileCertificateLoginModule
public abstract class CertificateLoginModule extends PropertiesLoader implements LoginModule
A LoginModule that allows for authentication based on SSL certificates. Allows for subclasses to define methods used to verify user certificates and find user groups. Uses CertificateCallbacks to retrieve certificates.- Author:
- sepandm@gmail.com (Sepand)
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.apache.activemq.jaas.PropertiesLoader
PropertiesLoader.FileNameKey
-
-
Field Summary
-
Fields inherited from class org.apache.activemq.jaas.PropertiesLoader
debug
-
-
Constructor Summary
Constructors Constructor Description CertificateLoginModule()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description booleanabort()Standard JAAS override.booleancommit()Overriding to complete login process.protected StringgetDistinguishedName(X509Certificate[] certs)protected abstract Set<String>getUserGroups(String username)Should return a set of the groups this user belongs to.protected abstract StringgetUserNameForCertificates(X509Certificate[] certs)Should return a unique name corresponding to the certificates given.voidinitialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)Overriding to allow for proper initialization.booleanlogin()Overriding to allow for certificate-based login.booleanlogout()Standard JAAS override.-
Methods inherited from class org.apache.activemq.jaas.PropertiesLoader
init, load, resetUsersAndGroupsCache
-
-
-
-
Method Detail
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
Overriding to allow for proper initialization. Standard JAAS.- Specified by:
initializein interfaceLoginModule
-
login
public boolean login() throws LoginExceptionOverriding to allow for certificate-based login. Standard JAAS.- Specified by:
loginin interfaceLoginModule- Throws:
LoginException
-
commit
public boolean commit() throws LoginExceptionOverriding to complete login process. Standard JAAS.- Specified by:
commitin interfaceLoginModule- Throws:
LoginException
-
abort
public boolean abort() throws LoginExceptionStandard JAAS override.- Specified by:
abortin interfaceLoginModule- Throws:
LoginException
-
logout
public boolean logout()
Standard JAAS override.- Specified by:
logoutin interfaceLoginModule
-
getUserNameForCertificates
protected abstract String getUserNameForCertificates(X509Certificate[] certs) throws LoginException
Should return a unique name corresponding to the certificates given. The name returned will be used to look up access levels as well as group associations.- Parameters:
certs- The distinguished name.- Returns:
- The unique name if the certificate is recognized, null otherwise.
- Throws:
LoginException
-
getUserGroups
protected abstract Set<String> getUserGroups(String username) throws LoginException
Should return a set of the groups this user belongs to. The groups returned will be added to the user's credentials.- Parameters:
username- The username of the client. This is the same name that getUserNameForDn returned for the user's DN.- Returns:
- A Set of the names of the groups this user belongs to.
- Throws:
LoginException
-
getDistinguishedName
protected String getDistinguishedName(X509Certificate[] certs)
-
-