summaryrefslogtreecommitdiff
path: root/java/broker/src/main/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticator.java
blob: 2e21cfbb07152892f0a736b9ca5a117b0de7e84e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

/*
 *
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 *
 */
package org.apache.qpid.server.security.auth.rmi;

import java.net.SocketAddress;

import org.apache.qpid.server.registry.ApplicationRegistry;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
import org.apache.qpid.server.security.auth.manager.AuthenticationManager;

import javax.management.remote.JMXAuthenticator;
import javax.management.remote.JMXPrincipal;
import javax.security.auth.Subject;

public class RMIPasswordAuthenticator implements JMXAuthenticator
{
    static final String UNABLE_TO_LOOKUP = "The broker was unable to lookup the user details";
    static final String SHOULD_BE_STRING_ARRAY = "User details should be String[]";
    static final String SHOULD_HAVE_2_ELEMENTS = "User details should have 2 elements, username, password";
    static final String SHOULD_BE_NON_NULL = "Supplied username and password should be non-null";
    static final String INVALID_CREDENTIALS = "Invalid user details supplied";
    static final String CREDENTIALS_REQUIRED = "User details are required. " +
    		            "Please ensure you are using an up to date management console to connect.";

    private AuthenticationManager _authenticationManager = null;
    private SocketAddress _socketAddress;

    public RMIPasswordAuthenticator(SocketAddress socketAddress)
    {
        _socketAddress = socketAddress;
    }

    public void setAuthenticationManager(final AuthenticationManager authenticationManager)
    {
        _authenticationManager = authenticationManager;
    }

    public Subject authenticate(Object credentials) throws SecurityException
    {
        // Verify that credential's are of type String[].
        if (!(credentials instanceof String[]))
        {
            if (credentials == null)
            {
                throw new SecurityException(CREDENTIALS_REQUIRED);
            }
            else
            {
                throw new SecurityException(SHOULD_BE_STRING_ARRAY);
            }
        }

        // Verify that required number of credentials.
        final String[] userCredentials = (String[]) credentials;
        if (userCredentials.length != 2)
        {
            throw new SecurityException(SHOULD_HAVE_2_ELEMENTS);
        }

        final String username = (String) userCredentials[0];
        final String password = (String) userCredentials[1];

        // Verify that all required credentials are actually present.
        if (username == null || password == null)
        {
            throw new SecurityException(SHOULD_BE_NON_NULL);
        }

        // Verify that an AuthenticationManager has been set.
        if (_authenticationManager == null)
        {
            try
            {
                if(ApplicationRegistry.getInstance().getAuthenticationManager(_socketAddress) != null)
                {
                    _authenticationManager = ApplicationRegistry.getInstance().getAuthenticationManager(_socketAddress);
                }
                else
                {
                    throw new SecurityException(UNABLE_TO_LOOKUP);
                }
            }
            catch(IllegalStateException e)
            {
                throw new SecurityException(UNABLE_TO_LOOKUP);
            }
        }
        final AuthenticationResult result = _authenticationManager.authenticate(username, password);

        if (AuthenticationStatus.ERROR.equals(result.getStatus()))
        {
            throw new SecurityException("Authentication manager failed", result.getCause());
        }
        else if (AuthenticationStatus.SUCCESS.equals(result.getStatus()))
        {
            final Subject subject = result.getSubject();
            subject.getPrincipals().add(new JMXPrincipal(username));
            subject.setReadOnly();
            return subject;
        }
        else
        {
            throw new SecurityException(INVALID_CREDENTIALS);
        }
    }

}
View Lorry Controller Status