org.apache.activemq.jaas
Class TextFileCertificateLoginModule
java.lang.Object
org.apache.activemq.jaas.CertificateLoginModule
org.apache.activemq.jaas.TextFileCertificateLoginModule
- All Implemented Interfaces:
- javax.security.auth.spi.LoginModule
public class TextFileCertificateLoginModule
- extends CertificateLoginModule
A LoginModule allowing for SSL certificate based authentication based on
Distinguished Names (DN) stored in text files. The DNs are parsed using a
Properties class where each line is =. This class also
uses a group definition file where each line is =,,etc.
The user and group files' locations must be specified in the
org.apache.activemq.jaas.textfiledn.user and
org.apache.activemq.jaas.textfiledn.user properties respectively. NOTE: This
class will re-read user and group files for every authentication (i.e it does
live updates of allowed groups and users).
- Author:
- sepandm@gmail.com (Sepand)
Method Summary |
protected java.util.Set<java.lang.String> |
getUserGroups(java.lang.String username)
Overriding to allow for group discovery based on text files. |
protected java.lang.String |
getUserNameForCertificates(java.security.cert.X509Certificate[] certs)
Overriding to allow DN authorization based on DNs specified in text
files. |
void |
initialize(javax.security.auth.Subject subject,
javax.security.auth.callback.CallbackHandler callbackHandler,
java.util.Map sharedState,
java.util.Map options)
Performs initialization of file paths. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
TextFileCertificateLoginModule
public TextFileCertificateLoginModule()
initialize
public void initialize(javax.security.auth.Subject subject,
javax.security.auth.callback.CallbackHandler callbackHandler,
java.util.Map sharedState,
java.util.Map options)
- Performs initialization of file paths. A standard JAAS override.
- Specified by:
initialize
in interface javax.security.auth.spi.LoginModule
- Overrides:
initialize
in class CertificateLoginModule
getUserNameForCertificates
protected java.lang.String getUserNameForCertificates(java.security.cert.X509Certificate[] certs)
throws javax.security.auth.login.LoginException
- Overriding to allow DN authorization based on DNs specified in text
files.
- Specified by:
getUserNameForCertificates
in class CertificateLoginModule
- Parameters:
certs
- The certificate the incoming connection provided.
- Returns:
- The user's authenticated name or null if unable to authenticate
the user.
- Throws:
javax.security.auth.login.LoginException
- Thrown if unable to find user file or connection
certificate.
getUserGroups
protected java.util.Set<java.lang.String> getUserGroups(java.lang.String username)
throws javax.security.auth.login.LoginException
- Overriding to allow for group discovery based on text files.
- Specified by:
getUserGroups
in class CertificateLoginModule
- Parameters:
username
- The name of the user being examined. This is the same
name returned by getUserNameForCertificates.
- Returns:
- A Set of name Strings for groups this user belongs to.
- Throws:
javax.security.auth.login.LoginException
- Thrown if unable to find group definition file.
Copyright © 2005-2015. All Rights Reserved.