Search in sources :

Example 1 with SecurityContext

use of org.apache.activemq.security.SecurityContext in project opennms by OpenNMS.

the class OpenNMSJaasAuthenticationBroker method authenticateUsingJaas.

private void authenticateUsingJaas(ConnectionContext context, ConnectionInfo info) {
    // Set the TCCL since it seems JAAS needs it to find the login
    // module classes.
    ClassLoader original = Thread.currentThread().getContextClassLoader();
    Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader());
    try {
        SecurityContext s = authenticate(info.getUserName(), info.getPassword(), null);
        context.setSecurityContext(s);
        securityContexts.add(s);
    } finally {
        Thread.currentThread().setContextClassLoader(original);
    }
}
Also used : JaasAuthenticationBroker(org.apache.activemq.security.JaasAuthenticationBroker) SecurityContext(org.apache.activemq.security.SecurityContext)

Example 2 with SecurityContext

use of org.apache.activemq.security.SecurityContext in project opennms by OpenNMS.

the class OpenNMSJaasAuthenticationBroker method authenticate.

@Override
public SecurityContext authenticate(String username, String password, X509Certificate[] certificates) throws SecurityException {
    SecurityContext result = null;
    JassCredentialCallbackHandler callback = new JassCredentialCallbackHandler(username, password);
    try {
        LoginContext lc = new LoginContext(JAAS_CONTEXT_NAME, callback);
        lc.login();
        Subject subject = lc.getSubject();
        result = new JaasSecurityContext(username, subject);
    } catch (Exception ex) {
        throw new SecurityException("User name [" + username + "] or password is invalid.", ex);
    }
    return result;
}
Also used : JassCredentialCallbackHandler(org.apache.activemq.jaas.JassCredentialCallbackHandler) LoginContext(javax.security.auth.login.LoginContext) SecurityContext(org.apache.activemq.security.SecurityContext) Subject(javax.security.auth.Subject) LoginException(javax.security.auth.login.LoginException) UnknownHostException(java.net.UnknownHostException)

Example 3 with SecurityContext

use of org.apache.activemq.security.SecurityContext in project opennms by OpenNMS.

the class OpenNMSJaasAuthenticationBroker method authenticateBasedOnRemoteAddress.

private void authenticateBasedOnRemoteAddress(ConnectionContext context, ConnectionInfo info) {
    boolean grant = false;
    final String connectionString = context.getConnection().getRemoteAddress();
    if (connectionString.startsWith("vm://")) {
        // Always grant VM connections
        grant = true;
    } else {
        final InetAddress remoteAddress = getAddressFromConnectionString(connectionString);
        if (remoteAddress == null) {
            LOG.warn("Unable to determine remote address from connection string: {}", connectionString);
        } else if (trustedHosts.contains(remoteAddress)) {
            grant = true;
        }
    }
    if (!grant) {
        LOG.info("Connection from '{}' is NOT trusted.", connectionString);
        return;
    } else {
        LOG.info("Connection from '{}' is trusted.", connectionString);
        // Always create a new security context, even if it contains the same attributes
        // as the last context
        final SecurityContext securityContext = new SecurityContext(usernameForTrustedHosts) {

            @Override
            public Set<Principal> getPrincipals() {
                return principalsForTrustedHosts;
            }
        };
        context.setSecurityContext(securityContext);
        securityContexts.add(securityContext);
    }
}
Also used : SecurityContext(org.apache.activemq.security.SecurityContext) InetAddress(java.net.InetAddress) Principal(java.security.Principal)

Aggregations

SecurityContext (org.apache.activemq.security.SecurityContext)3 InetAddress (java.net.InetAddress)1 UnknownHostException (java.net.UnknownHostException)1 Principal (java.security.Principal)1 Subject (javax.security.auth.Subject)1 LoginContext (javax.security.auth.login.LoginContext)1 LoginException (javax.security.auth.login.LoginException)1 JassCredentialCallbackHandler (org.apache.activemq.jaas.JassCredentialCallbackHandler)1 JaasAuthenticationBroker (org.apache.activemq.security.JaasAuthenticationBroker)1