|
ActiveMQ example source code file (JaasCertificateAuthenticationBroker.java)
The ActiveMQ JaasCertificateAuthenticationBroker.java source code/** * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.activemq.security; import java.security.Principal; import java.security.cert.X509Certificate; import java.util.Iterator; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginContext; import org.apache.activemq.broker.Broker; import org.apache.activemq.broker.BrokerFilter; import org.apache.activemq.broker.ConnectionContext; import org.apache.activemq.command.ConnectionInfo; import org.apache.activemq.jaas.JaasCertificateCallbackHandler; import org.apache.activemq.jaas.UserPrincipal; /** * A JAAS Authentication Broker that uses SSL Certificates. This class will * provide the JAAS framework with a JaasCertificateCallbackHandler that will * grant JAAS access to incoming connections' SSL certificate chains. NOTE: * There is a chance that the incoming connection does not have a valid * certificate (has null). * * @author sepandm@gmail.com (Sepand) */ public class JaasCertificateAuthenticationBroker extends BrokerFilter { private final String jaasConfiguration; /** * Simple constructor. Leaves everything to superclass. * * @param next The Broker that does the actual work for this Filter. * @param jassConfiguration The JAAS domain configuration name (refere to * JAAS documentation). */ public JaasCertificateAuthenticationBroker(Broker next, String jaasConfiguration) { super(next); this.jaasConfiguration = jaasConfiguration; } /** * Overridden to allow for authentication based on client certificates. * Connections being added will be authenticated based on their certificate * chain and the JAAS module specified through the JAAS framework. NOTE: The * security context's username will be set to the first UserPrincipal * created by the login module. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { if (!(info.getTransportContext() instanceof X509Certificate[])) { throw new SecurityException("Unable to authenticate transport without SSL certificate."); } // Set the TCCL since it seems JAAS needs it to find the login // module classes. ClassLoader original = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader()); try { // Do the login. try { CallbackHandler callback = new JaasCertificateCallbackHandler((X509Certificate[])info.getTransportContext()); LoginContext lc = new LoginContext(jaasConfiguration, callback); lc.login(); Subject subject = lc.getSubject(); String dnName = ""; for (Iterator iter = subject.getPrincipals().iterator(); iter.hasNext();) { Principal nextPrincipal = (Principal)iter.next(); if (nextPrincipal instanceof UserPrincipal) { dnName = ((UserPrincipal)nextPrincipal).getName(); break; } } SecurityContext s = new JaasCertificateSecurityContext(dnName, subject, (X509Certificate[])info.getTransportContext()); context.setSecurityContext(s); } catch (Exception e) { throw new SecurityException("User name or password is invalid: " + e.getMessage(), e); } } finally { Thread.currentThread().setContextClassLoader(original); } } super.addConnection(context, info); } /** * Overriding removeConnection to make sure the security context is cleaned. */ public void removeConnection(ConnectionContext context, ConnectionInfo info, Throwable error) throws Exception { super.removeConnection(context, info, error); context.setSecurityContext(null); } } Other ActiveMQ examples (source code examples)Here is a short list of links related to this ActiveMQ JaasCertificateAuthenticationBroker.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.