KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > activemq > security > JaasCertificateAuthenticationBroker


1 /**
2  *
3  * Licensed to the Apache Software Foundation (ASF) under one or more
4  * contributor license agreements. See the NOTICE file distributed with
5  * this work for additional information regarding copyright ownership.
6  * The ASF licenses this file to You under the Apache License, Version 2.0
7  * (the "License"); you may not use this file except in compliance with
8  * the License. You may obtain a copy of the License at
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing, software
13  * distributed under the License is distributed on an "AS IS" BASIS,
14  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing permissions and
16  * limitations under the License.
17  */

18
19 package org.apache.activemq.security;
20
21 import org.apache.activemq.broker.Broker;
22 import org.apache.activemq.broker.BrokerFilter;
23 import org.apache.activemq.broker.ConnectionContext;
24 import org.apache.activemq.command.ConnectionInfo;
25 import org.apache.activemq.jaas.JaasCertificateCallbackHandler;
26 import org.apache.activemq.jaas.UserPrincipal;
27 import org.apache.activemq.security.JaasAuthenticationBroker.JaasSecurityContext;
28
29 import java.security.Principal JavaDoc;
30 import java.security.cert.X509Certificate JavaDoc;
31 import java.util.Iterator JavaDoc;
32
33 import javax.security.auth.Subject JavaDoc;
34 import javax.security.auth.callback.CallbackHandler JavaDoc;
35 import javax.security.auth.login.LoginContext JavaDoc;
36
37 /**
38  * A JAAS Authentication Broker that uses SSL Certificates.
39  *
40  * This class will provide the JAAS framework with a JaasCertificateCallbackHandler that will grant JAAS access to
41  * incoming connections' SSL certificate chains.
42  * NOTE: There is a chance that the incoming connection does not have a valid certificate (has null).
43  *
44  * @author sepandm@gmail.com (Sepand)
45  */

46 public class JaasCertificateAuthenticationBroker extends BrokerFilter {
47     private final String JavaDoc jaasConfiguration;
48     
49     /**
50      * Simple constructor. Leaves everything to superclass.
51      *
52      * @param next The Broker that does the actual work for this Filter.
53      * @param jassConfiguration The JAAS domain configuration name (refere to JAAS documentation).
54      */

55     public JaasCertificateAuthenticationBroker(Broker next, String JavaDoc jaasConfiguration) {
56         super(next);
57         
58         this.jaasConfiguration = jaasConfiguration;
59     }
60     
61     /**
62      * Overridden to allow for authentication based on client certificates.
63      *
64      * Connections being added will be authenticated based on their certificate chain and the JAAS module specified
65      * through the JAAS framework.
66      * NOTE: The security context's username will be set to the first UserPrincipal created by the login module.
67      *
68      * @param context The context for the incoming Connection.
69      * @param info The ConnectionInfo Command representing the incoming connection.
70      */

71     public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception JavaDoc {
72
73         if (context.getSecurityContext() == null) {
74             if (!( info.getTransportContext() instanceof X509Certificate JavaDoc[] )) {
75                 throw new SecurityException JavaDoc("Unable to authenticate transport without SSL certificate.");
76             }
77             
78             // Set the TCCL since it seems JAAS needs it to find the login module classes.
79
ClassLoader JavaDoc original = Thread.currentThread().getContextClassLoader();
80             Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader());
81             try {
82                 // Do the login.
83
try {
84                     CallbackHandler callback =
85                         new JaasCertificateCallbackHandler((X509Certificate JavaDoc[])info.getTransportContext());
86                     LoginContext JavaDoc lc = new LoginContext JavaDoc(jaasConfiguration, callback);
87                     lc.login();
88                     Subject JavaDoc subject = lc.getSubject();
89                     
90                     String JavaDoc dnName = "";
91                     
92                     for (Iterator JavaDoc iter = subject.getPrincipals().iterator(); iter.hasNext(); ) {
93                         Principal nextPrincipal = (Principal)iter.next();
94                         if (nextPrincipal instanceof UserPrincipal) {
95                             dnName = ((UserPrincipal)nextPrincipal).getName();
96                             break;
97                         }
98                     }
99                     SecurityContext s = new JaasCertificateSecurityContext(
100                         dnName, subject, (X509Certificate JavaDoc[])info.getTransportContext());
101                     context.setSecurityContext(s);
102                 } catch (Exception JavaDoc e) {
103                     throw new SecurityException JavaDoc("User name or password is invalid: " + e.getMessage(), e);
104                 }
105             } finally {
106                 Thread.currentThread().setContextClassLoader(original);
107             }
108         }
109         super.addConnection(context, info);
110     }
111     
112     /**
113      * Overriding removeConnection to make sure the security context is cleaned.
114      */

115     public void removeConnection(ConnectionContext context, ConnectionInfo info, Throwable JavaDoc error) throws Exception JavaDoc {
116         super.removeConnection(context, info, error);
117         
118         context.setSecurityContext(null);
119     }
120 }
121
Popular Tags