use of org.apache.activemq.security.SecurityContext in project opennms by OpenNMS.
the class OpenNMSJaasAuthenticationBroker method authenticateUsingJaas.
private void authenticateUsingJaas(ConnectionContext context, ConnectionInfo info) {
// Set the TCCL since it seems JAAS needs it to find the login
// module classes.
ClassLoader original = Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader());
try {
SecurityContext s = authenticate(info.getUserName(), info.getPassword(), null);
context.setSecurityContext(s);
securityContexts.add(s);
} finally {
Thread.currentThread().setContextClassLoader(original);
}
}
use of org.apache.activemq.security.SecurityContext in project opennms by OpenNMS.
the class OpenNMSJaasAuthenticationBroker method authenticate.
@Override
public SecurityContext authenticate(String username, String password, X509Certificate[] certificates) throws SecurityException {
SecurityContext result = null;
JassCredentialCallbackHandler callback = new JassCredentialCallbackHandler(username, password);
try {
LoginContext lc = new LoginContext(JAAS_CONTEXT_NAME, callback);
lc.login();
Subject subject = lc.getSubject();
result = new JaasSecurityContext(username, subject);
} catch (Exception ex) {
throw new SecurityException("User name [" + username + "] or password is invalid.", ex);
}
return result;
}
use of org.apache.activemq.security.SecurityContext in project opennms by OpenNMS.
the class OpenNMSJaasAuthenticationBroker method authenticateBasedOnRemoteAddress.
private void authenticateBasedOnRemoteAddress(ConnectionContext context, ConnectionInfo info) {
boolean grant = false;
final String connectionString = context.getConnection().getRemoteAddress();
if (connectionString.startsWith("vm://")) {
// Always grant VM connections
grant = true;
} else {
final InetAddress remoteAddress = getAddressFromConnectionString(connectionString);
if (remoteAddress == null) {
LOG.warn("Unable to determine remote address from connection string: {}", connectionString);
} else if (trustedHosts.contains(remoteAddress)) {
grant = true;
}
}
if (!grant) {
LOG.info("Connection from '{}' is NOT trusted.", connectionString);
return;
} else {
LOG.info("Connection from '{}' is trusted.", connectionString);
// Always create a new security context, even if it contains the same attributes
// as the last context
final SecurityContext securityContext = new SecurityContext(usernameForTrustedHosts) {
@Override
public Set<Principal> getPrincipals() {
return principalsForTrustedHosts;
}
};
context.setSecurityContext(securityContext);
securityContexts.add(securityContext);
}
}
Aggregations