Class CertificateLoginModule

java.lang.Object

org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader

org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule

All Implemented Interfaces:

LoginModule, AuditLoginModule

Direct Known Subclasses:

TextFileCertificateLoginModule

public abstract class CertificateLoginModule
extends PropertiesLoader
implements AuditLoginModule

A LoginModule that allows for authentication based on SSL certificates. Allows for subclasses to define methods used to verify user certificates and find user roles. Uses CertificateCallbacks to retrieve certificates.

Nested Class Summary

Nested classes/interfaces inherited from class PropertiesLoader

PropertiesLoader.FileNameKey

Field Summary

Fields inherited from class PropertiesLoader

debug, LOGIN_CONFIG_SYS_PROP_NAME

Constructor Summary

Constructors

Constructor	Description
CertificateLoginModule()

Method Summary

Modifier and Type	Method	Description
boolean	abort()	Standard JAAS override.
boolean	commit()	Overriding to complete login process.
protected String	getDistinguishedName(X509Certificate[] certs)
protected abstract String	getUserNameForCertificates(X509Certificate[] certs)	Should return a unique name corresponding to the certificates given.
protected abstract Set<String>	getUserRoles(String username)	Should return a set of the roles this user belongs to.
void	initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)	Overriding to allow for proper initialization.
boolean	login()	Overriding to allow for certificate-based login.
boolean	logout()	Standard JAAS override.

Methods inherited from class PropertiesLoader

booleanOption, init, load, load, reload, resetUsersAndGroupsCache

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface AuditLoginModule

registerFailureForAudit

Constructor Details

CertificateLoginModule

public CertificateLoginModule()

Method Details

initialize

public void initialize(Subject subject,
 CallbackHandler callbackHandler,
 Map<String,?> sharedState,
 Map<String,?> options)

Overriding to allow for proper initialization. Standard JAAS.

Specified by:

initialize in interface LoginModule

login

public boolean login()
              throws LoginException

Overriding to allow for certificate-based login. Standard JAAS.

Specified by:

login in interface LoginModule

Throws:

LoginException

commit

public boolean commit()
               throws LoginException

Overriding to complete login process. Standard JAAS.

Specified by:

commit in interface LoginModule

Throws:

LoginException

abort

public boolean abort()
              throws LoginException

Standard JAAS override.

Specified by:

abort in interface LoginModule

Throws:

LoginException

logout

public boolean logout()

Standard JAAS override.

Specified by:

logout in interface LoginModule

getUserNameForCertificates

protected abstract String getUserNameForCertificates(X509Certificate[] certs)
                                              throws LoginException

Should return a unique name corresponding to the certificates given. The name returned will be used to look up access levels as well as role associations.

Parameters:

certs - The distinguished name.

Returns:

The unique name if the certificate is recognized, null otherwise

Throws:

LoginException

getUserRoles

protected abstract Set<String> getUserRoles(String username)
                                     throws LoginException

Should return a set of the roles this user belongs to. The roles returned will be added to the user's credentials.

Parameters:

username - The username of the client. This is the same name that getUserNameForDn returned for the user's DN.

Returns:

A Set of the names of the roles this user belongs to

Throws:

LoginException

getDistinguishedName

protected String getDistinguishedName(X509Certificate[] certs)