org.apache.activemq.jaas

Class CertificateLoginModule

java.lang.Object

org.apache.activemq.jaas.CertificateLoginModule

All Implemented Interfaces:

LoginModule

Direct Known Subclasses:

TextFileCertificateLoginModule

public abstract class CertificateLoginModule
extends Object
implements LoginModule

A LoginModule that allows for authentication based on SSL certificates. Allows for subclasses to define methods used to verify user certificates and find user groups. Uses CertificateCallbacks to retrieve certificates.

Author:

sepandm@gmail.com (Sepand)

Constructor Summary

Constructors

Constructor and Description
CertificateLoginModule()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	abort() Standard JAAS override.
boolean	commit() Overriding to complete login process.
protected String	getDistinguishedName(X509Certificate[] certs)
protected abstract Set<String>	getUserGroups(String username) Should return a set of the groups this user belongs to.
protected abstract String	getUserNameForCertificates(X509Certificate[] certs) Should return a unique name corresponding to the certificates given.
void	initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) Overriding to allow for proper initialization.
boolean	login() Overriding to allow for certificate-based login.
boolean	logout() Standard JAAS override.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CertificateLoginModule

public CertificateLoginModule()

Method Detail

initialize

public void initialize(Subject subject,
              CallbackHandler callbackHandler,
              Map sharedState,
              Map options)

Overriding to allow for proper initialization. Standard JAAS.

Specified by:

initialize in interface LoginModule

login

public boolean login()
              throws LoginException

Overriding to allow for certificate-based login. Standard JAAS.

Specified by:

login in interface LoginModule

Throws:

LoginException

commit

public boolean commit()
               throws LoginException

Overriding to complete login process. Standard JAAS.

Specified by:

commit in interface LoginModule

Throws:

LoginException

abort

public boolean abort()
              throws LoginException

Standard JAAS override.

Specified by:

abort in interface LoginModule

Throws:

LoginException

logout

public boolean logout()

Standard JAAS override.

Specified by:

logout in interface LoginModule

getUserNameForCertificates

protected abstract String getUserNameForCertificates(X509Certificate[] certs)
                                              throws LoginException

Should return a unique name corresponding to the certificates given. The name returned will be used to look up access levels as well as group associations.

Parameters:

certs - The distinguished name.

Returns:

The unique name if the certificate is recognized, null otherwise.

Throws:

LoginException

getUserGroups

protected abstract Set<String> getUserGroups(String username)
                                      throws LoginException

Should return a set of the groups this user belongs to. The groups returned will be added to the user's credentials.

Parameters:

username - The username of the client. This is the same name that getUserNameForDn returned for the user's DN.

Returns:

A Set of the names of the groups this user belongs to.

Throws:

LoginException

getDistinguishedName

protected String getDistinguishedName(X509Certificate[] certs)