You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ch...@apache.org on 2011/02/23 01:33:04 UTC
svn commit: r1073559 - in /activemq/activemq-apollo/trunk:
apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/GuestLoginModule.scala
apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/login.config
Author: chirino
Date: Wed Feb 23 00:33:03 2011
New Revision: 1073559
URL: http://svn.apache.org/viewvc?rev=1073559&view=rev
Log:
Added a new guest login module.
Added:
activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/GuestLoginModule.scala
Modified:
activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/login.config
Added: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/GuestLoginModule.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/GuestLoginModule.scala?rev=1073559&view=auto
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/GuestLoginModule.scala (added)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/GuestLoginModule.scala Wed Feb 23 00:33:03 2011
@@ -0,0 +1,128 @@
+package org.apache.activemq.apollo.broker.security
+
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import java.io.IOException
+import java.security.Principal
+import javax.security.auth.Subject
+import javax.security.auth.callback.CallbackHandler
+import javax.security.auth.callback.NameCallback
+import javax.security.auth.callback.PasswordCallback
+import javax.security.auth.callback.UnsupportedCallbackException
+import javax.security.auth.login.LoginException
+import javax.security.auth.spi.LoginModule
+
+import java.{util => ju}
+import org.apache.activemq.apollo.util.Log
+import org.apache.activemq.jaas.{GroupPrincipal, UserPrincipal}
+
+object GuestLoginModule extends Log {
+ val USER_OPTION = "user"
+ val GROUP_OPTION = "group"
+}
+
+/**
+ * <p>
+ * A login module which only succeeds if no id/password credentials
+ * were given. It can be configured to add a guest UserPrincipal
+ * and GroupPrincipal.
+ * </p>
+ *
+ * @author <a href="http://hiramchirino.com">Hiram Chirino</a>
+ */
+class GuestLoginModule extends LoginModule {
+
+ import GuestLoginModule._
+
+ private var subject: Subject = _
+ private var callback_handler: CallbackHandler = _
+
+ private var user: String = _
+ private var group: String = _
+ private val principals = new ju.HashSet[Principal]()
+
+ def initialize(subject: Subject, callback_handler: CallbackHandler, shared_state: ju.Map[String, _], options: ju.Map[String, _]): Unit = {
+ this.subject = subject
+ this.callback_handler = callback_handler
+
+ user = options.get(USER_OPTION).asInstanceOf[String]
+ group = options.get(GROUP_OPTION).asInstanceOf[String]
+ debug("Initialized user=%s, group=%s", user, group)
+ }
+
+ def login: Boolean = {
+
+ try {
+ val callback = new NameCallback("Username: ")
+ callback_handler.handle(Array(callback))
+ if( callback.getName!=null && callback.getName.size>=0 ) {
+ throw new LoginException("User supplied a user name, not a guest")
+ }
+ } catch {
+ case ioe: IOException =>
+ throw new LoginException(ioe.getMessage())
+ case uce: UnsupportedCallbackException =>
+ }
+
+ try {
+ val callback = new PasswordCallback("Password: ", false)
+ callback_handler.handle(Array(callback))
+ if( callback.getPassword!=null && callback.getPassword.size>=0 ) {
+ throw new LoginException("User supplied a password, not a guest")
+ }
+ } catch {
+ case ioe: IOException =>
+ throw new LoginException(ioe.getMessage())
+ case uce: UnsupportedCallbackException =>
+ }
+
+ if( user!=null ) {
+ principals.add(new UserPrincipal(user))
+ }
+ if( group!=null ) {
+ principals.add(new GroupPrincipal(group))
+ }
+ debug("guest login: principals %s", principals)
+ true
+ }
+
+ def commit: Boolean = {
+ if( subject.getPrincipals().isEmpty ) {
+ subject.getPrincipals().addAll(principals)
+ } else {
+ principals.clear
+ }
+ debug("commit")
+ return true
+ }
+
+ def abort: Boolean = {
+ principals.clear
+ debug("abort")
+ return true
+ }
+
+ def logout: Boolean = {
+ subject.getPrincipals().removeAll(principals)
+ principals.clear
+ debug("logout")
+ return true
+ }
+
+
+}
\ No newline at end of file
Modified: activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/login.config
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/login.config?rev=1073559&r1=1073558&r2=1073559&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/login.config (original)
+++ activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/login.config Wed Feb 23 00:33:03 2011
@@ -49,11 +49,12 @@ apollo {
file="groups.properties";
- // If you want to make users that fail to authenticate a
- // guest then uncomment the following:
+ // If you want to support guests, then uncomment the GuestLoginModule. It
+ // will only kick in if the user does not supply a user id and password and
+ // none of the previous login modules added any principals to the subject.
- // org.apache.activemq.jaas.GuestLoginModule optional
- // debug=true
- // org.apache.activemq.jaas.guest.user="guest"
- // org.apache.activemq.jaas.guest.group="guests";
+ // org.apache.activemq.apollo.broker.security.GuestLoginModule optional
+ // user="guest" // Keep commented out if you don't want to add a "guest" UserPrincipal
+ // group="guests" // Keep commented out if you don't want to add a "guests" GroupPrincipal
+ // ;
};
\ No newline at end of file