001/** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.activemq.security; 018 019import java.security.Principal; 020import java.util.HashSet; 021import java.util.Map; 022import java.util.Set; 023 024import org.apache.activemq.broker.Broker; 025import org.apache.activemq.broker.ConnectionContext; 026import org.apache.activemq.command.ConnectionInfo; 027import org.apache.activemq.jaas.GroupPrincipal; 028 029/** 030 * Handles authenticating a users against a simple user name/password map. 031 */ 032public class SimpleAuthenticationBroker extends AbstractAuthenticationBroker { 033 034 private boolean anonymousAccessAllowed = false; 035 private String anonymousUser; 036 private String anonymousGroup; 037 private Map<String,String> userPasswords; 038 private Map<String,Set<Principal>> userGroups; 039 040 public SimpleAuthenticationBroker(Broker next, Map<String,String> userPasswords, Map<String,Set<Principal>> userGroups) { 041 super(next); 042 this.userPasswords = userPasswords; 043 this.userGroups = userGroups; 044 } 045 046 public void setAnonymousAccessAllowed(boolean anonymousAccessAllowed) { 047 this.anonymousAccessAllowed = anonymousAccessAllowed; 048 } 049 050 public void setAnonymousUser(String anonymousUser) { 051 this.anonymousUser = anonymousUser; 052 } 053 054 public void setAnonymousGroup(String anonymousGroup) { 055 this.anonymousGroup = anonymousGroup; 056 } 057 058 public void setUserPasswords(Map<String,String> value) { 059 userPasswords = value; 060 } 061 062 public void setUserGroups(Map<String, Set<Principal>> value) { 063 userGroups = value; 064 } 065 066 @Override 067 public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { 068 069 SecurityContext s = context.getSecurityContext(); 070 if (s == null) { 071 // Check the username and password. 072 if (anonymousAccessAllowed && info.getUserName() == null && info.getPassword() == null) { 073 info.setUserName(anonymousUser); 074 s = new SecurityContext(info.getUserName()) { 075 @Override 076 public Set<Principal> getPrincipals() { 077 Set<Principal> groups = new HashSet<Principal>(); 078 groups.add(new GroupPrincipal(anonymousGroup)); 079 return groups; 080 } 081 }; 082 } else { 083 String pw = userPasswords.get(info.getUserName()); 084 if (pw == null || !pw.equals(info.getPassword())) { 085 throw new SecurityException( 086 "User name [" + info.getUserName() + "] or password is invalid."); 087 } 088 089 final Set<Principal> groups = userGroups.get(info.getUserName()); 090 s = new SecurityContext(info.getUserName()) { 091 @Override 092 public Set<Principal> getPrincipals() { 093 return groups; 094 } 095 }; 096 } 097 098 context.setSecurityContext(s); 099 securityContexts.add(s); 100 } 101 102 try { 103 super.addConnection(context, info); 104 } catch (Exception e) { 105 securityContexts.remove(s); 106 context.setSecurityContext(null); 107 throw e; 108 } 109 } 110}