diff options
Diffstat (limited to 'qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticator.java')
| -rw-r--r-- | qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticator.java | 54 |
1 files changed, 33 insertions, 21 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticator.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticator.java index b7985ad972..0cbbccb3b8 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticator.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticator.java @@ -20,13 +20,14 @@ */ package org.apache.qpid.server.security.auth.rmi; +import java.util.Collections; + import javax.management.remote.JMXAuthenticator; import javax.management.remote.JMXPrincipal; import javax.security.auth.Subject; +import javax.security.auth.login.AccountNotFoundException; -import org.apache.qpid.server.security.auth.AuthenticationResult; -import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; -import org.apache.qpid.server.security.auth.manager.AuthenticationManager; +import org.apache.qpid.server.security.auth.database.PrincipalDatabase; public class RMIPasswordAuthenticator implements JMXAuthenticator { @@ -38,15 +39,15 @@ public class RMIPasswordAuthenticator implements JMXAuthenticator static final String CREDENTIALS_REQUIRED = "User details are required. " + "Please ensure you are using an up to date management console to connect."; - private AuthenticationManager _authenticationManager = null; + private PrincipalDatabase _db = null; public RMIPasswordAuthenticator() { } - - public void setAuthenticationManager(final AuthenticationManager authenticationManager) + + public void setPrincipalDatabase(PrincipalDatabase pd) { - _authenticationManager = authenticationManager; + this._db = pd; } public Subject authenticate(Object credentials) throws SecurityException @@ -64,39 +65,50 @@ public class RMIPasswordAuthenticator implements JMXAuthenticator } } - // Verify that required number of credentials. + // Verify that required number of credential's. final String[] userCredentials = (String[]) credentials; if (userCredentials.length != 2) { throw new SecurityException(SHOULD_HAVE_2_ELEMENTS); } - final String username = (String) userCredentials[0]; - final String password = (String) userCredentials[1]; + String username = (String) userCredentials[0]; + String password = (String) userCredentials[1]; - // Verify that all required credentials are actually present. + // Verify that all required credential's are actually present. if (username == null || password == null) { throw new SecurityException(SHOULD_BE_NON_NULL); } - // Verify that an AuthenticationManager has been set. - if (_authenticationManager == null) + // Verify that a PD has been set. + if (_db == null) { throw new SecurityException(UNABLE_TO_LOOKUP); } - final AuthenticationResult result = _authenticationManager.authenticate(username, password); + + boolean authenticated = false; - if (AuthenticationStatus.ERROR.equals(result.getStatus())) + // Perform authentication + try { - throw new SecurityException("Authentication manager failed", result.getCause()); + if (_db.verifyPassword(username, password.toCharArray())) + { + authenticated = true; + } + } + catch (AccountNotFoundException e) + { + throw new SecurityException(INVALID_CREDENTIALS); // XXX } - else if (AuthenticationStatus.SUCCESS.equals(result.getStatus())) + + if (authenticated) { - final Subject subject = result.getSubject(); - subject.getPrincipals().add(new JMXPrincipal(username)); - subject.setReadOnly(); - return subject; + //credential's check out, return the appropriate JAAS Subject + return new Subject(true, + Collections.singleton(new JMXPrincipal(username)), + Collections.EMPTY_SET, + Collections.EMPTY_SET); } else { |