Package org.apache.activemq.jaas

Class TextFileCertificateLoginModule

java.lang.Object

org.apache.activemq.jaas.PropertiesLoader

org.apache.activemq.jaas.CertificateLoginModule

org.apache.activemq.jaas.TextFileCertificateLoginModule

All Implemented Interfaces:

LoginModule

public class TextFileCertificateLoginModule
extends CertificateLoginModule

A LoginModule allowing for SSL certificate based authentication based on Distinguished Names (DN) stored in text files. The DNs are parsed using a Properties class where each line is either = or =//. This class also uses a group definition file where each line is =,,etc. The user and group files' locations must be specified in the org.apache.activemq.jaas.textfiledn.user and org.apache.activemq.jaas.textfiledn.group properties respectively. NOTE: This class will re-read user and group files for every authentication (i.e it does live updates of allowed groups and users).

Author:

sepandm@gmail.com (Sepand)

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.activemq.jaas.PropertiesLoader

PropertiesLoader.FileNameKey

Field Summary

Fields inherited from class org.apache.activemq.jaas.PropertiesLoader

debug

Constructor Summary

Constructors

Constructor	Description
TextFileCertificateLoginModule()

Method Summary

Modifier and Type	Method	Description
protected Set<String>	getUserGroups(String username)	Overriding to allow for group discovery based on text files.
protected String	getUserNameForCertificates(X509Certificate[] certs)	Overriding to allow DN authorization based on DNs specified in text files.
void	initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)	Performs initialization of file paths.

Methods inherited from class org.apache.activemq.jaas.CertificateLoginModule

abort, commit, getDistinguishedName, login, logout

Methods inherited from class org.apache.activemq.jaas.PropertiesLoader

init, load, resetUsersAndGroupsCache

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TextFileCertificateLoginModule

public TextFileCertificateLoginModule()

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map sharedState,
                       Map options)

Performs initialization of file paths. A standard JAAS override.

Specified by:

initialize in interface LoginModule

Overrides:

initialize in class CertificateLoginModule

getUserNameForCertificates

protected String getUserNameForCertificates(X509Certificate[] certs)
                                     throws LoginException

Overriding to allow DN authorization based on DNs specified in text files.

Specified by:

getUserNameForCertificates in class CertificateLoginModule

Parameters:

certs - The certificate the incoming connection provided.

Returns:

The user's authenticated name or null if unable to authenticate the user.

Throws:

LoginException - Thrown if unable to find user file or connection certificate.

getUserGroups

protected Set<String> getUserGroups(String username)
                             throws LoginException

Overriding to allow for group discovery based on text files.

Specified by:

getUserGroups in class CertificateLoginModule

Parameters:

username - The name of the user being examined. This is the same name returned by getUserNameForCertificates.

Returns:

A Set of name Strings for groups this user belongs to.

Throws:

LoginException - Thrown if unable to find group definition file.