Package org.apache.activemq.security
Class JaasDualAuthenticationBroker
- java.lang.Object
-
- org.apache.activemq.broker.BrokerFilter
-
- org.apache.activemq.security.JaasDualAuthenticationBroker
-
- All Implemented Interfaces:
Broker
,Region
,AuthenticationBroker
,Service
public class JaasDualAuthenticationBroker extends BrokerFilter implements AuthenticationBroker
A JAAS Authentication Broker that uses different JAAS domain configurations depending if the connection is over an SSL enabled Connector or not. This allows you to, for instance, do DN based authentication for SSL connections and use a mixture of username/passwords and simple guest authentication for non-SSL connections.An example
login.config
to do do this is:activemq-domain { org.apache.activemq.jaas.PropertiesLoginModule sufficient debug=true org.apache.activemq.jaas.properties.user="users.properties" org.apache.activemq.jaas.properties.group="groups.properties"; org.apache.activemq.jaas.GuestLoginModule sufficient debug=true org.apache.activemq.jaas.guest.user="guest" org.apache.activemq.jaas.guest.group="guests"; }; activemq-ssl-domain { org.apache.activemq.jaas.TextFileCertificateLoginModule required debug=true org.apache.activemq.jaas.textfiledn.user="dns.properties" org.apache.activemq.jaas.textfiledn.group="groups.properties"; };
-
-
Field Summary
-
Fields inherited from class org.apache.activemq.broker.BrokerFilter
next
-
-
Constructor Summary
Constructors Constructor Description JaasDualAuthenticationBroker(Broker next, String jaasConfiguration, String jaasSslConfiguration)
Simple constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addConnection(ConnectionContext context, ConnectionInfo info)
Overridden to allow for authentication using different Jaas configurations depending on if the connection is SSL or not.SecurityContext
authenticate(String username, String password, X509Certificate[] peerCertificates)
Authenticate the given user using the mechanism provided by this service.void
removeConnection(ConnectionContext context, ConnectionInfo info, Throwable error)
Overriding removeConnection to make sure the security context is cleaned.void
removeDestination(ConnectionContext context, ActiveMQDestination destination, long timeout)
Used to destroy a destination.-
Methods inherited from class org.apache.activemq.broker.BrokerFilter
acknowledge, addBroker, addConsumer, addDestination, addDestinationInfo, addProducer, addSession, beginTransaction, brokerServiceStarted, commitTransaction, fastProducer, forgetTransaction, gc, getAdaptor, getAdminConnectionContext, getBrokerId, getBrokerName, getBrokerSequenceId, getBrokerService, getClients, getDestinationMap, getDestinationMap, getDestinations, getDestinations, getDurableDestinations, getExecutor, getNext, getPeerBrokerInfos, getPreparedTransactions, getRoot, getScheduler, getTempDataStore, getVmConnectorURI, isExpired, isFaultTolerantConfiguration, isFull, isStopped, messageConsumed, messageDelivered, messageDiscarded, messageExpired, messagePull, networkBridgeStarted, networkBridgeStopped, nowMasterBroker, postProcessDispatch, prepareTransaction, preProcessDispatch, processConsumerControl, processDispatchNotification, reapplyInterceptor, removeBroker, removeConsumer, removeDestinationInfo, removeProducer, removeSession, removeSubscription, rollbackTransaction, send, sendToDeadLetterQueue, setAdminConnectionContext, slowConsumer, start, stop, virtualDestinationAdded, virtualDestinationRemoved
-
-
-
-
Constructor Detail
-
JaasDualAuthenticationBroker
public JaasDualAuthenticationBroker(Broker next, String jaasConfiguration, String jaasSslConfiguration)
Simple constructor. Leaves everything to superclass.- Parameters:
next
- The Broker that does the actual work for this Filter.jaasConfiguration
- The JAAS domain configuration name for non-SSL connections (refer to JAAS documentation).jaasSslConfiguration
- The JAAS domain configuration name for SSL connections (refer to JAAS documentation).
-
-
Method Detail
-
addConnection
public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception
Overridden to allow for authentication using different Jaas configurations depending on if the connection is SSL or not.- Specified by:
addConnection
in interfaceBroker
- Overrides:
addConnection
in classBrokerFilter
- Parameters:
context
- The context for the incoming Connection.info
- The ConnectionInfo Command representing the incoming connection.- Throws:
Exception
- TODO
-
removeConnection
public void removeConnection(ConnectionContext context, ConnectionInfo info, Throwable error) throws Exception
Overriding removeConnection to make sure the security context is cleaned.- Specified by:
removeConnection
in interfaceBroker
- Overrides:
removeConnection
in classBrokerFilter
- Parameters:
context
- the environment the operation is being executed under.error
- null if the client requested the disconnect or the error that caused the client to disconnect.- Throws:
Exception
- TODO
-
removeDestination
public void removeDestination(ConnectionContext context, ActiveMQDestination destination, long timeout) throws Exception
Description copied from interface:Region
Used to destroy a destination. This should try to quiesce use of the destination up to the timeout allotted time before removing the destination. This will remove all persistent messages associated with the destination.- Specified by:
removeDestination
in interfaceRegion
- Overrides:
removeDestination
in classBrokerFilter
- Parameters:
context
- the environment the operation is being executed under.destination
- what is being removed from the broker.timeout
- the max amount of time to wait for the destination to quiesce- Throws:
Exception
- TODO
-
authenticate
public SecurityContext authenticate(String username, String password, X509Certificate[] peerCertificates) throws SecurityException
Description copied from interface:AuthenticationBroker
Authenticate the given user using the mechanism provided by this service.- Specified by:
authenticate
in interfaceAuthenticationBroker
- Parameters:
username
- the given user name to authenticate, null indicates an anonymous user.password
- the given password for the user to authenticate.peerCertificates
- for an SSL channel the certificates from remote peer.- Returns:
- a new SecurityContext for the authenticated user.
- Throws:
SecurityException
- if the user cannot be authenticated.
-
-