Example 1 with SecurityContext
use of org.apache.activemq.security.SecurityContext in project opennms by OpenNMS.
the class OpenNMSJaasAuthenticationBroker method authenticateUsingJaas.
private void authenticateUsingJaas(ConnectionContext context, ConnectionInfo info) {
// Set the TCCL since it seems JAAS needs it to find the login
// module classes.
ClassLoader original = Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader());
try {
SecurityContext s = authenticate(info.getUserName(), info.getPassword(), null);
context.setSecurityContext(s);
securityContexts.add(s);
} finally {
Thread.currentThread().setContextClassLoader(original);
}
}
Also used :
JaasAuthenticationBroker(org.apache.activemq.security.JaasAuthenticationBroker)
SecurityContext(org.apache.activemq.security.SecurityContext)
Example 2 with SecurityContext
use of org.apache.activemq.security.SecurityContext in project opennms by OpenNMS.
the class OpenNMSJaasAuthenticationBroker method authenticate.
@Override
public SecurityContext authenticate(String username, String password, X509Certificate[] certificates) throws SecurityException {
SecurityContext result = null;
JassCredentialCallbackHandler callback = new JassCredentialCallbackHandler(username, password);
try {
LoginContext lc = new LoginContext(JAAS_CONTEXT_NAME, callback);
lc.login();
Subject subject = lc.getSubject();
result = new JaasSecurityContext(username, subject);
} catch (Exception ex) {
throw new SecurityException("User name [" + username + "] or password is invalid.", ex);
}
return result;
}
Also used :
JassCredentialCallbackHandler(org.apache.activemq.jaas.JassCredentialCallbackHandler)
LoginContext(javax.security.auth.login.LoginContext)
SecurityContext(org.apache.activemq.security.SecurityContext)
Subject(javax.security.auth.Subject)
LoginException(javax.security.auth.login.LoginException)
UnknownHostException(java.net.UnknownHostException)
Example 3 with SecurityContext
use of org.apache.activemq.security.SecurityContext in project opennms by OpenNMS.
the class OpenNMSJaasAuthenticationBroker method authenticateBasedOnRemoteAddress.
private void authenticateBasedOnRemoteAddress(ConnectionContext context, ConnectionInfo info) {
boolean grant = false;
final String connectionString = context.getConnection().getRemoteAddress();
if (connectionString.startsWith("vm://")) {
// Always grant VM connections
grant = true;
} else {
final InetAddress remoteAddress = getAddressFromConnectionString(connectionString);
if (remoteAddress == null) {
LOG.warn("Unable to determine remote address from connection string: {}", connectionString);
} else if (trustedHosts.contains(remoteAddress)) {
grant = true;
}
}
if (!grant) {
LOG.info("Connection from '{}' is NOT trusted.", connectionString);
return;
} else {
LOG.info("Connection from '{}' is trusted.", connectionString);
// Always create a new security context, even if it contains the same attributes
// as the last context
final SecurityContext securityContext = new SecurityContext(usernameForTrustedHosts) {
@Override
public Set<Principal> getPrincipals() {
return principalsForTrustedHosts;
}
};
context.setSecurityContext(securityContext);
securityContexts.add(securityContext);
}
}
Also used :
SecurityContext(org.apache.activemq.security.SecurityContext)
InetAddress(java.net.InetAddress)
Principal(java.security.Principal)
Aggregations
SecurityContext (org.apache.activemq.security.SecurityContext)3
InetAddress (java.net.InetAddress)1
UnknownHostException (java.net.UnknownHostException)1
Principal (java.security.Principal)1
Subject (javax.security.auth.Subject)1
LoginContext (javax.security.auth.login.LoginContext)1
LoginException (javax.security.auth.login.LoginException)1
JassCredentialCallbackHandler (org.apache.activemq.jaas.JassCredentialCallbackHandler)1
JaasAuthenticationBroker (org.apache.activemq.security.JaasAuthenticationBroker)1
