Package org.apache.activemq.security

Class JaasDualAuthenticationBroker

java.lang.Object
org.apache.activemq.broker.BrokerFilter
org.apache.activemq.security.JaasDualAuthenticationBroker
All Implemented Interfaces:
Broker, Region, AuthenticationBroker, org.apache.activemq.Service
public class JaasDualAuthenticationBroker extends BrokerFilter implements AuthenticationBroker
A JAAS Authentication Broker that uses different JAAS domain configurations depending if the connection is over an SSL enabled Connector or not. This allows you to, for instance, do DN based authentication for SSL connections and use a mixture of username/passwords and simple guest authentication for non-SSL connections.

An example login.config to do do this is: 

 activemq-domain {
   org.apache.activemq.jaas.PropertiesLoginModule sufficient
       debug=true
       org.apache.activemq.jaas.properties.user="users.properties"
       org.apache.activemq.jaas.properties.group="groups.properties";
   org.apache.activemq.jaas.GuestLoginModule sufficient
       debug=true
       org.apache.activemq.jaas.guest.user="guest"
       org.apache.activemq.jaas.guest.group="guests";
 };

 activemq-ssl-domain {
   org.apache.activemq.jaas.TextFileCertificateLoginModule required
       debug=true
       org.apache.activemq.jaas.textfiledn.user="dns.properties"
       org.apache.activemq.jaas.textfiledn.group="groups.properties";
 };

  • Constructor Details

    • JaasDualAuthenticationBroker

      public JaasDualAuthenticationBroker(Broker next, String jaasConfiguration, String jaasSslConfiguration)
      Simple constructor. Leaves everything to superclass.
      Parameters:
      next - The Broker that does the actual work for this Filter.
      jaasConfiguration - The JAAS domain configuration name for non-SSL connections (refer to JAAS documentation).
      jaasSslConfiguration - The JAAS domain configuration name for SSL connections (refer to JAAS documentation).

  • Method Details

    • addConnection

      public void addConnection(ConnectionContext context, org.apache.activemq.command.ConnectionInfo info) throws Exception
      Overridden to allow for authentication using different Jaas configurations depending on if the connection is SSL or not.
      Specified by:
      addConnection in interface Broker
      Overrides:
      addConnection in class BrokerFilter
      Parameters:
      context - The context for the incoming Connection.
      info - The ConnectionInfo Command representing the incoming connection.
      Throws:
      Exception - TODO

    • removeConnection

      public void removeConnection(ConnectionContext context, org.apache.activemq.command.ConnectionInfo info, Throwable error) throws Exception
      Overriding removeConnection to make sure the security context is cleaned.
      Specified by:
      removeConnection in interface Broker
      Overrides:
      removeConnection in class BrokerFilter
      Parameters:
      context - the environment the operation is being executed under.
      info - metadata about the Broker
      error - null if the client requested the disconnect or the error that caused the client to disconnect.
      Throws:
      Exception - TODO

    • isSSL

      protected boolean isSSL(ConnectionContext context, org.apache.activemq.command.ConnectionInfo info) throws Exception
      Throws:
      Exception

    • removeDestination

      public void removeDestination(ConnectionContext context, org.apache.activemq.command.ActiveMQDestination destination, long timeout) throws Exception
      Description copied from interface: Region
      Used to destroy a destination. This should try to quiesce use of the destination up to the timeout allotted time before removing the destination. This will remove all persistent messages associated with the destination.
      Specified by:
      removeDestination in interface Region
      Overrides:
      removeDestination in class BrokerFilter
      Parameters:
      context - the environment the operation is being executed under.
      destination - what is being removed from the broker.
      timeout - the max amount of time to wait for the destination to quiesce
      Throws:
      Exception - TODO

    • authenticate

      public SecurityContext authenticate(String username, String password, X509Certificate[] peerCertificates) throws SecurityException
      Description copied from interface: AuthenticationBroker
      Authenticate the given user using the mechanism provided by this service.
      Specified by:
      authenticate in interface AuthenticationBroker
      Parameters:
      username - the given user name to authenticate, null indicates an anonymous user.
      password - the given password for the user to authenticate.
      peerCertificates - for an SSL channel the certificates from remote peer.
      Returns:
      a new SecurityContext for the authenticated user.
      Throws:
      SecurityException - if the user cannot be authenticated.