You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ch...@apache.org on 2011/02/23 01:33:04 UTC

svn commit: r1073559 - in /activemq/activemq-apollo/trunk: apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/GuestLoginModule.scala apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/login.config

Author: chirino
Date: Wed Feb 23 00:33:03 2011
New Revision: 1073559

URL: http://svn.apache.org/viewvc?rev=1073559&view=rev
Log:
Added a new guest login module.

Added:
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/GuestLoginModule.scala
Modified:
    activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/login.config

Added: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/GuestLoginModule.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/GuestLoginModule.scala?rev=1073559&view=auto
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/GuestLoginModule.scala (added)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/security/GuestLoginModule.scala Wed Feb 23 00:33:03 2011
@@ -0,0 +1,128 @@
+package org.apache.activemq.apollo.broker.security
+
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import java.io.IOException
+import java.security.Principal
+import javax.security.auth.Subject
+import javax.security.auth.callback.CallbackHandler
+import javax.security.auth.callback.NameCallback
+import javax.security.auth.callback.PasswordCallback
+import javax.security.auth.callback.UnsupportedCallbackException
+import javax.security.auth.login.LoginException
+import javax.security.auth.spi.LoginModule
+
+import java.{util => ju}
+import org.apache.activemq.apollo.util.Log
+import org.apache.activemq.jaas.{GroupPrincipal, UserPrincipal}
+
+object GuestLoginModule extends Log {
+  val USER_OPTION = "user"
+  val GROUP_OPTION = "group"
+}
+
+/**
+ * <p>
+ * A login module which only succeeds if no id/password credentials
+ * were given.  It can be configured to add a guest UserPrincipal
+ * and GroupPrincipal.
+ * </p>
+ *
+ * @author <a href="http://hiramchirino.com">Hiram Chirino</a>
+ */
+class GuestLoginModule extends LoginModule {
+
+  import GuestLoginModule._
+
+  private var subject: Subject = _
+  private var callback_handler: CallbackHandler = _
+
+  private var user: String = _
+  private var group: String = _
+  private val principals = new ju.HashSet[Principal]()
+
+  def initialize(subject: Subject, callback_handler: CallbackHandler, shared_state: ju.Map[String, _], options: ju.Map[String, _]): Unit = {
+    this.subject = subject
+    this.callback_handler = callback_handler
+
+    user = options.get(USER_OPTION).asInstanceOf[String]
+    group = options.get(GROUP_OPTION).asInstanceOf[String]
+    debug("Initialized user=%s, group=%s", user, group)
+  }
+
+  def login: Boolean = {
+
+    try {
+      val callback = new NameCallback("Username: ")
+      callback_handler.handle(Array(callback))
+      if( callback.getName!=null && callback.getName.size>=0 ) {
+        throw new LoginException("User supplied a user name, not a guest")
+      }
+    } catch {
+      case ioe: IOException =>
+        throw new LoginException(ioe.getMessage())
+      case uce: UnsupportedCallbackException =>
+    }
+
+    try {
+      val callback = new PasswordCallback("Password: ", false)
+      callback_handler.handle(Array(callback))
+      if( callback.getPassword!=null && callback.getPassword.size>=0 ) {
+        throw new LoginException("User supplied a password, not a guest")
+      }
+    } catch {
+      case ioe: IOException =>
+        throw new LoginException(ioe.getMessage())
+      case uce: UnsupportedCallbackException =>
+    }
+
+    if( user!=null ) {
+      principals.add(new UserPrincipal(user))
+    }
+    if( group!=null ) {
+      principals.add(new GroupPrincipal(group))
+    }
+    debug("guest login: principals %s", principals)
+    true
+  }
+
+  def commit: Boolean = {
+    if( subject.getPrincipals().isEmpty ) {
+      subject.getPrincipals().addAll(principals)
+    } else {
+      principals.clear
+    }
+    debug("commit")
+    return true
+  }
+
+  def abort: Boolean = {
+    principals.clear
+    debug("abort")
+    return true
+  }
+
+  def logout: Boolean = {
+    subject.getPrincipals().removeAll(principals)
+    principals.clear
+    debug("logout")
+    return true
+  }
+
+
+}
\ No newline at end of file

Modified: activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/login.config
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/login.config?rev=1073559&r1=1073558&r2=1073559&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/login.config (original)
+++ activemq/activemq-apollo/trunk/apollo-cli/src/main/resources/org/apache/activemq/apollo/cli/commands/etc/login.config Wed Feb 23 00:33:03 2011
@@ -49,11 +49,12 @@ apollo {
     file="groups.properties";
 
 
-  // If you want to make users that fail to authenticate a
-  // guest then uncomment the following:
+  // If you want to support guests, then uncomment the GuestLoginModule. It
+  // will only kick in if the user does not supply a user id and password and
+  // none of the previous login modules added any principals to the subject.
 
-  // org.apache.activemq.jaas.GuestLoginModule optional
-  //   debug=true
-  //   org.apache.activemq.jaas.guest.user="guest"
-  //   org.apache.activemq.jaas.guest.group="guests";
+  // org.apache.activemq.apollo.broker.security.GuestLoginModule optional
+  //   user="guest"    // Keep commented out if you don't want to add a "guest" UserPrincipal
+  //   group="guests"  // Keep commented out if you don't want to add a "guests" GroupPrincipal
+  // ;
 };
\ No newline at end of file