org.apache.activemq.jaas

Class TextFileCertificateLoginModule

java.lang.Object

org.apache.activemq.jaas.CertificateLoginModule

org.apache.activemq.jaas.TextFileCertificateLoginModule

All Implemented Interfaces:

javax.security.auth.spi.LoginModule

public class TextFileCertificateLoginModule
extends CertificateLoginModule

A LoginModule allowing for SSL certificate based authentication based on Distinguished Names (DN) stored in text files. The DNs are parsed using a Properties class where each line is =. This class also uses a group definition file where each line is =,,etc. The user and group files' locations must be specified in the org.apache.activemq.jaas.textfiledn.user and org.apache.activemq.jaas.textfiledn.user properties respectively. NOTE: This class will re-read user and group files for every authentication (i.e it does live updates of allowed groups and users).

Author:

sepandm@gmail.com (Sepand)

Constructor Summary

Constructors

Constructor and Description
TextFileCertificateLoginModule()

Method Summary

Methods

Modifier and Type	Method and Description
protected java.util.Set<java.lang.String>	getUserGroups(java.lang.String username) Overriding to allow for group discovery based on text files.
protected java.lang.String	getUserNameForCertificates(java.security.cert.X509Certificate[] certs) Overriding to allow DN authorization based on DNs specified in text files.
void	initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options) Performs initialization of file paths.

Methods inherited from class org.apache.activemq.jaas.CertificateLoginModule

abort, commit, getDistinguishedName, login, logout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TextFileCertificateLoginModule

public TextFileCertificateLoginModule()

Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
              javax.security.auth.callback.CallbackHandler callbackHandler,
              java.util.Map sharedState,
              java.util.Map options)

Performs initialization of file paths. A standard JAAS override.

Specified by:

initialize in interface javax.security.auth.spi.LoginModule

Overrides:

initialize in class CertificateLoginModule

getUserNameForCertificates

protected java.lang.String getUserNameForCertificates(java.security.cert.X509Certificate[] certs)
                                               throws javax.security.auth.login.LoginException

Overriding to allow DN authorization based on DNs specified in text files.

Specified by:

getUserNameForCertificates in class CertificateLoginModule

Parameters:

certs - The certificate the incoming connection provided.

Returns:

The user's authenticated name or null if unable to authenticate the user.

Throws:

javax.security.auth.login.LoginException - Thrown if unable to find user file or connection certificate.

getUserGroups

protected java.util.Set<java.lang.String> getUserGroups(java.lang.String username)
                                                 throws javax.security.auth.login.LoginException

Overriding to allow for group discovery based on text files.

Specified by:

getUserGroups in class CertificateLoginModule

Parameters:

username - The name of the user being examined. This is the same name returned by getUserNameForCertificates.

Returns:

A Set of name Strings for groups this user belongs to.

Throws:

javax.security.auth.login.LoginException - Thrown if unable to find group definition file.