Package org.apache.activemq.shiro.authc

Class DefaultAuthenticationPolicy

    • Constructor Detail

      • DefaultAuthenticationPolicy

        public DefaultAuthenticationPolicy()

    • Method Detail

      • isVmConnectionAuthenticationRequired

        public boolean isVmConnectionAuthenticationRequired()

      • setVmConnectionAuthenticationRequired

        public void setVmConnectionAuthenticationRequired​(boolean vmConnectionAuthenticationRequired)

      • getSystemAccountUsername

        public String getSystemAccountUsername()

      • setSystemAccountUsername

        public void setSystemAccountUsername​(String systemAccountUsername)

      • getSystemAccountRealmName

        public String getSystemAccountRealmName()

      • setSystemAccountRealmName

        public void setSystemAccountRealmName​(String systemAccountRealmName)

      • isAnonymousAccessAllowed

        public boolean isAnonymousAccessAllowed()

      • setAnonymousAccessAllowed

        public void setAnonymousAccessAllowed​(boolean anonymousAccessAllowed)

      • getAnonymousAccountUsername

        public String getAnonymousAccountUsername()

      • setAnonymousAccountUsername

        public void setAnonymousAccountUsername​(String anonymousAccountUsername)

      • getAnonymousAccountRealmName

        public String getAnonymousAccountRealmName()

      • setAnonymousAccountRealmName

        public void setAnonymousAccountRealmName​(String anonymousAccountRealmName)

      • credentialsAvailable

        protected boolean credentialsAvailable​(ConnectionReference conn)
        Returns true if the client connection has supplied credentials to authenticate itself, false otherwise.
        Parameters:
        conn - the client's connection context
        Returns:
        true if the client connection has supplied credentials to authenticate itself, false otherwise.

      • isAuthenticationRequired

        public boolean isAuthenticationRequired​(SubjectConnectionReference conn)
        Description copied from interface: AuthenticationPolicy
        Returns true if the connection's Subject instance should be authenticated, false otherwise.
        Specified by:
        isAuthenticationRequired in interface AuthenticationPolicy
        Parameters:
        conn - the subject's connection
        Returns:
        true if the connection's Subject instance should be authenticated, false otherwise.

      • isAnonymousAccount

        protected boolean isAnonymousAccount​(org.apache.shiro.subject.Subject subject)

      • isSystemAccount

        protected boolean isSystemAccount​(org.apache.shiro.subject.Subject subject)

      • matches

        protected boolean matches​(org.apache.shiro.subject.PrincipalCollection principals,
                          String username,
                          String realmName)

      • customizeSubject

        public void customizeSubject​(org.apache.shiro.subject.Subject.Builder subjectBuilder,
                             ConnectionReference conn)
        Description copied from interface: AuthenticationPolicy
        Allows customization of the Subject being built for the specified client connection. This allows for any pre-existing connection-specific identity or state to be applied to the Subject.Builder before the Subject instance is actually created.

        NOTE: This method is called by the SubjectFilter before the filter chain is executed (and before an authentication attempt occurs). Implementations MUST NOT attempt to actually build the subject or perform an authentication attempt in this method.

        Specified by:
        customizeSubject in interface AuthenticationPolicy
        Parameters:
        subjectBuilder - the builder for the Subject that will be created representing the associated client connection
        conn - a reference to the client's connection metadata
        See Also:
        SubjectFilter

      • isAssumeIdentity

        protected boolean isAssumeIdentity​(ConnectionReference conn)
        Returns true if an unauthenticated connection should still assume a specific identity, false otherwise. This method will only be called if there are no connection credentialsAvailable. If a client supplies connection credentials, they will always be used to authenticate the client with that identity.

        If true is returned, the assumed identity will be returned by createAssumedIdentity.

        Warning

        This method exists primarily to support the system and anonymous accounts - it is probably unsafe to return true in most other scenarios.
        Parameters:
        conn - a reference to the client's connection
        Returns:
        true if an unauthenticated connection should still assume a specific identity, false otherwise.

      • createAssumedIdentity

        protected org.apache.shiro.subject.PrincipalCollection createAssumedIdentity​(ConnectionReference conn)
        Returns a Shiro PrincipalCollection representing the identity to assume (without true authentication) for the specified Connection.

        This method is only called if isAssumeIdentity(ConnectionReference) is true.

        Parameters:
        conn - a reference to the client's connection
        Returns:
        a Shiro PrincipalCollection representing the identity to assume (without true authentication) for the specified Connection.