Package org.apache.activemq.artemis.spi.core.security

Interface ActiveMQSecurityManager5

All Superinterfaces:

ActiveMQSecurityManager

All Known Implementing Classes:

ActiveMQBasicSecurityManager, ActiveMQJAASSecurityManager

public interface ActiveMQSecurityManager5
extends ActiveMQSecurityManager

Used to validate whether a user is authorized to connect to the server and perform certain functions on certain addresses This is an evolution of ActiveMQSecurityManager4 that integrates with the new Subject caching functionality.

Method Summary

Modifier and Type	Method	Description
javax.security.auth.Subject	authenticate(java.lang.String user, java.lang.String password, RemotingConnection remotingConnection, java.lang.String securityDomain)	is this a valid user.
boolean	authorize(javax.security.auth.Subject subject, java.util.Set<org.apache.activemq.artemis.core.security.Role> roles, org.apache.activemq.artemis.core.security.CheckType checkType, java.lang.String address)	Determine whether the given user has the correct role for the given check type.

Methods inherited from interface org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager

getDomain, init, validateUser, validateUserAndRole

Method Detail

authenticate

javax.security.auth.Subject authenticate(java.lang.String user,
                                         java.lang.String password,
                                         RemotingConnection remotingConnection,
                                         java.lang.String securityDomain)

is this a valid user. This method is called instead of ActiveMQSecurityManager.validateUser(String, String).

Parameters:

user - the user

password - the user's password

remotingConnection - the user's connection which contains any corresponding SSL certs

securityDomain - the name of the JAAS security domain to use (can be null)

Returns:

the Subject of the authenticated user, else null

authorize

boolean authorize(javax.security.auth.Subject subject,
                  java.util.Set<org.apache.activemq.artemis.core.security.Role> roles,
                  org.apache.activemq.artemis.core.security.CheckType checkType,
                  java.lang.String address)

Determine whether the given user has the correct role for the given check type. This method is called instead of ActiveMQSecurityManager.validateUserAndRole(String, String, Set, CheckType).

Parameters:

subject - the Subject to authorize

roles - the roles configured in the security-settings

checkType - which permission to validate

address - the address (or FQQN) to grant access to

Returns:

true if the user is authorized, else false