java.lang.Object
- org.apache.activemq.broker.BrokerFilter
- - org.apache.activemq.security.JaasCertificateAuthenticationBroker

All Implemented Interfaces:

Broker, Region, AuthenticationBroker, Service
```
public class JaasCertificateAuthenticationBroker
extends BrokerFilter
implements AuthenticationBroker
```
A JAAS Authentication Broker that uses SSL Certificates. This class will provide the JAAS framework with a JaasCertificateCallbackHandler that will grant JAAS access to incoming connections' SSL certificate chains. NOTE: There is a chance that the incoming connection does not have a valid certificate (has null).

Field Summary
- Fields inherited from class org.apache.activemq.broker.BrokerFilter
  next

Constructor Summary

Constructors
Constructor Description

JaasCertificateAuthenticationBroker(Broker next, String jaasConfiguration)
Simple constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`addConnection(ConnectionContext context, ConnectionInfo info)`	Overridden to allow for authentication based on client certificates.
`SecurityContext`	`authenticate(String username, String password, X509Certificate[] peerCertificates)`	Authenticate the given user using the mechanism provided by this service.
`void`	`removeConnection(ConnectionContext context, ConnectionInfo info, Throwable error)`	Overriding removeConnection to make sure the security context is cleaned.

Methods inherited from class org.apache.activemq.broker.BrokerFilter
acknowledge, addBroker, addConsumer, addDestination, addDestinationInfo, addProducer, addSession, beginTransaction, brokerServiceStarted, commitTransaction, fastProducer, forgetTransaction, gc, getAdaptor, getAdminConnectionContext, getBrokerId, getBrokerName, getBrokerSequenceId, getBrokerService, getClients, getDestinationMap, getDestinationMap, getDestinations, getDestinations, getDurableDestinations, getExecutor, getNext, getPeerBrokerInfos, getPreparedTransactions, getRoot, getScheduler, getTempDataStore, getVmConnectorURI, isExpired, isFaultTolerantConfiguration, isFull, isStopped, messageConsumed, messageDelivered, messageDiscarded, messageExpired, messagePull, networkBridgeStarted, networkBridgeStopped, nowMasterBroker, postProcessDispatch, prepareTransaction, preProcessDispatch, processConsumerControl, processDispatchNotification, reapplyInterceptor, removeBroker, removeConsumer, removeDestination, removeDestinationInfo, removeProducer, removeSession, removeSubscription, rollbackTransaction, send, sendToDeadLetterQueue, setAdminConnectionContext, slowConsumer, start, stop, virtualDestinationAdded, virtualDestinationRemoved

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - JaasCertificateAuthenticationBroker
```
public JaasCertificateAuthenticationBroker(Broker next,
                                           String jaasConfiguration)
```
    Simple constructor. Leaves everything to superclass.
    
    Parameters:
    
    next - The Broker that does the actual work for this Filter.
    
    jaasConfiguration - The JAAS domain configuration name (refere to JAAS documentation).
- Method Detail
  - addConnection
```
public void addConnection(ConnectionContext context,
                          ConnectionInfo info)
                   throws Exception
```
    Overridden to allow for authentication based on client certificates. Connections being added will be authenticated based on their certificate chain and the JAAS module specified through the JAAS framework. NOTE: The security context's username will be set to the first UserPrincipal created by the login module.
    
    Specified by:
    
    addConnection in interface Broker
    
    Overrides:
    
    addConnection in class BrokerFilter
    
    Parameters:
    
    context - The context for the incoming Connection.
    
    info - The ConnectionInfo Command representing the incoming connection.
    
    Throws:
    
    Exception - TODO
  - removeConnection
```
public void removeConnection(ConnectionContext context,
                             ConnectionInfo info,
                             Throwable error)
                      throws Exception
```
    Overriding removeConnection to make sure the security context is cleaned.
    
    Specified by:
    
    removeConnection in interface Broker
    
    Overrides:
    
    removeConnection in class BrokerFilter
    
    Parameters:
    
    context - the environment the operation is being executed under.
    
    error - null if the client requested the disconnect or the error that caused the client to disconnect.
    
    Throws:
    
    Exception - TODO
  - authenticate
```
public SecurityContext authenticate(String username,
                                    String password,
                                    X509Certificate[] peerCertificates)
                             throws SecurityException
```
    Description copied from interface: AuthenticationBroker
    
    Authenticate the given user using the mechanism provided by this service.
    
    Specified by:
    
    authenticate in interface AuthenticationBroker
    
    Parameters:
    
    username - the given user name to authenticate, null indicates an anonymous user.
    
    password - the given password for the user to authenticate.
    
    peerCertificates - for an SSL channel the certificates from remote peer.
    
    Returns:
    
    a new SecurityContext for the authenticated user.
    
    Throws:
    
    SecurityException - if the user cannot be authenticated.

Class JaasCertificateAuthenticationBroker

Field Summary

Fields inherited from class org.apache.activemq.broker.BrokerFilter

Constructor Summary

Method Summary

Methods inherited from class org.apache.activemq.broker.BrokerFilter

Methods inherited from class java.lang.Object

Constructor Detail

JaasCertificateAuthenticationBroker

Method Detail

addConnection

removeConnection

authenticate