Package org.apache.activemq.artemis.spi.core.security.jaas

Class CertificateLoginModule

  • All Implemented Interfaces:
    javax.security.auth.spi.LoginModule, AuditLoginModule
    Direct Known Subclasses:
    TextFileCertificateLoginModule
    public abstract class CertificateLoginModule
extends PropertiesLoader
implements AuditLoginModule
    A LoginModule that allows for authentication based on SSL certificates. Allows for subclasses to define methods used to verify user certificates and find user roles. Uses CertificateCallbacks to retrieve certificates.

    • Field Summary

    • Method Summary

      All Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      boolean abort()
      Standard JAAS override.
      boolean commit()
      Overriding to complete login process.
      protected java.lang.String getDistinguishedName​(java.security.cert.X509Certificate[] certs)  
      protected abstract java.lang.String getUserNameForCertificates​(java.security.cert.X509Certificate[] certs)
      Should return a unique name corresponding to the certificates given.
      protected abstract java.util.Set<java.lang.String> getUserRoles​(java.lang.String username)
      Should return a set of the roles this user belongs to.
      void initialize​(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map<java.lang.String,​?> sharedState, java.util.Map<java.lang.String,​?> options)
      Overriding to allow for proper initialization.
      boolean login()
      Overriding to allow for certificate-based login.
      boolean logout()
      Standard JAAS override.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • CertificateLoginModule

        public CertificateLoginModule()

    • Method Detail

      • initialize

        public void initialize​(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map<java.lang.String,​?> sharedState,
                       java.util.Map<java.lang.String,​?> options)
        Overriding to allow for proper initialization. Standard JAAS.
        Specified by:
        initialize in interface javax.security.auth.spi.LoginModule

      • login

        public boolean login()
              throws javax.security.auth.login.LoginException
        Overriding to allow for certificate-based login. Standard JAAS.
        Specified by:
        login in interface javax.security.auth.spi.LoginModule
        Throws:
        javax.security.auth.login.LoginException

      • commit

        public boolean commit()
               throws javax.security.auth.login.LoginException
        Overriding to complete login process. Standard JAAS.
        Specified by:
        commit in interface javax.security.auth.spi.LoginModule
        Throws:
        javax.security.auth.login.LoginException

      • abort

        public boolean abort()
              throws javax.security.auth.login.LoginException
        Standard JAAS override.
        Specified by:
        abort in interface javax.security.auth.spi.LoginModule
        Throws:
        javax.security.auth.login.LoginException

      • logout

        public boolean logout()
        Standard JAAS override.
        Specified by:
        logout in interface javax.security.auth.spi.LoginModule

      • getUserNameForCertificates

        protected abstract java.lang.String getUserNameForCertificates​(java.security.cert.X509Certificate[] certs)
                                                        throws javax.security.auth.login.LoginException
        Should return a unique name corresponding to the certificates given. The name returned will be used to look up access levels as well as role associations.
        Parameters:
        certs - The distinguished name.
        Returns:
        The unique name if the certificate is recognized, null otherwise.
        Throws:
        javax.security.auth.login.LoginException

      • getUserRoles

        protected abstract java.util.Set<java.lang.String> getUserRoles​(java.lang.String username)
                                                         throws javax.security.auth.login.LoginException
        Should return a set of the roles this user belongs to. The roles returned will be added to the user's credentials.
        Parameters:
        username - The username of the client. This is the same name that getUserNameForDn returned for the user's DN.
        Returns:
        A Set of the names of the roles this user belongs to.
        Throws:
        javax.security.auth.login.LoginException

      • getDistinguishedName

        protected java.lang.String getDistinguishedName​(java.security.cert.X509Certificate[] certs)