Package org.apache.activemq.artemis.spi.core.security.jaas

Class TextFileCertificateLoginModule

  • All Implemented Interfaces:
    javax.security.auth.spi.LoginModule, AuditLoginModule
    public class TextFileCertificateLoginModule
extends CertificateLoginModule
    A LoginModule allowing for SSL certificate based authentication based on Distinguished Names (DN) stored in text files. The DNs are parsed using a Properties class where each line is <user_name>=<user_DN>. This class also uses a group definition file where each line is <role_name>=<user_name_1>,<user_name_2>,etc. The user and role files' locations must be specified in the org.apache.activemq.jaas.textfiledn.user and org.apache.activemq.jaas.textfiledn.role properties respectively. NOTE: This class will re-read user and group files if they have been modified and the "reload" option is true

    • Constructor Detail

      • TextFileCertificateLoginModule

        public TextFileCertificateLoginModule()

    • Method Detail

      • initialize

        public void initialize​(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map<java.lang.String,​?> sharedState,
                       java.util.Map<java.lang.String,​?> options)
        Performs initialization of file paths. A standard JAAS override.
        Specified by:
        initialize in interface javax.security.auth.spi.LoginModule
        Overrides:
        initialize in class CertificateLoginModule

      • getUserNameForCertificates

        protected java.lang.String getUserNameForCertificates​(java.security.cert.X509Certificate[] certs)
                                               throws javax.security.auth.login.LoginException
        Overriding to allow DN authorization based on DNs specified in text files.
        Specified by:
        getUserNameForCertificates in class CertificateLoginModule
        Parameters:
        certs - The certificate the incoming connection provided.
        Returns:
        The user's authenticated name or null if unable to authenticate the user.
        Throws:
        javax.security.auth.login.LoginException - Thrown if unable to find user file or connection certificate.

      • getUserRoles

        protected java.util.Set<java.lang.String> getUserRoles​(java.lang.String username)
                                                throws javax.security.auth.login.LoginException
        Overriding to allow for role discovery based on text files.
        Specified by:
        getUserRoles in class CertificateLoginModule
        Parameters:
        username - The name of the user being examined. This is the same name returned by getUserNameForCertificates.
        Returns:
        A Set of name Strings for roles this user belongs to.
        Throws:
        javax.security.auth.login.LoginException - Thrown if unable to find role definition file.