In order to let ActiveMQ to use the existing authentication repository, I created a JAAS plugin for ActiveMQ serve the purpose.
1. change <ActiveMQ_HOME>/conf/activemq.xml to enable JAAS authentication.
<!-- comment out simpleAuthenticationPlugin-->
<jaasAuthenticationPlugin configuration="activemq-domain" />
2. change <ActiveMQ_HOME>/conf/loging.conf, add login module definition.
activemq-domain {
com.zeon.auth.CmdJdbcLoginModule Sufficient
debug=true
com.zeon.db.url="jdbc:mysql://localhost:3306/userdb"
com.zeon.db.driver="com.mysql.jdbc.Driver"
com.zeon.db.username="user"
com.zeon.db.password="pass";
org.apache.activemq.jaas.PropertiesLoginModule Sufficient
debug=true
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};
3. finally, the class that extended from javax.security.auth.spi.LoginModule
package com.zeon.sync.auth;
import java.io.IOException;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.activemq.jaas.GroupPrincipal;
import org.apache.activemq.jaas.UserPrincipal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.zeon.jdbc.JDBCException;
import com.zeon.jdbc.JDBCUtils;
import com.zeon.jdbc.UniqueResultHandler;
public class CmdJdbcLoginModule implements LoginModule {
private static final Log log = LogFactory.getLog(CmdJdbcLoginModule.class);
private static final String[] ROLE = {"hs", "users"};
private Subject subject;
private CallbackHandler callbackHandler;
private boolean debug;
private String user;
private Set principals;
private JDBCUtils jdbcUtils;
public CmdJdbcLoginModule() {
principals = new HashSet();
}
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
debug = "true".equalsIgnoreCase((String) options.get("debug"));
String url = (new StringBuilder()).append(
(String) options.get("com.hs.db.url"))
.append("").toString();
String username = (new StringBuilder()).append(
(String) options.get("com.hs.db.username"))
.append("").toString();
String password = (new StringBuilder()).append((String)options
.get("com.zeon.db.password")).append("").toString();
String driver = (new StringBuilder()).append((String)options
.get("com.zeon.db.driver")).append("").toString();
Properties props = new Properties();
props.setProperty("jdbc.user", username);
props.setProperty("jdbc.password", password);
props.setProperty("jdbc.driver", driver);
props.setProperty("jdbc.url", url);
try {
jdbcUtils = new JDBCUtils(props);
} catch (SQLException e) {
log.error("connect to db failed.", e);
}
if (debug)
log.debug((new StringBuilder()).append("Initialized debug=")
.append(debug));
}
public boolean login() throws LoginException {
Callback callbacks[] = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException((new StringBuilder()).append(
uce.getMessage()).append(
" not available to obtain information from user")
.toString());
}
user = ((NameCallback) callbacks[0]).getName();
char tmpPassword[] = ((PasswordCallback) callbacks[1]).getPassword();
if (tmpPassword == null)
tmpPassword = new char[0];
String password = null;
try {
password = findPassword(user);
log.debug("=============the password for user " + user + " is " + password);
} catch (JDBCException e) {
throw new FailedLoginException("DB access failed.");
}
if (password == null)
throw new FailedLoginException("User does exist");
if (!password.equals(new String(tmpPassword)))
throw new FailedLoginException("Password does not match");
if (debug)
log.debug((new StringBuilder()).append("login ").append(user)
.toString());
return true;
}
@SuppressWarnings("unchecked")
private String findPassword(String user) throws JDBCException {
String sql = "select JMSpassword from DoctorSyncMap where DoctorID='" + user + "'";
String result = (String)jdbcUtils.query(sql, new UniqueResultHandler() {
@Override
public Object handle(ResultSet rs) throws JDBCException {
String result = "";
try {
if (rs.next()) {
result = rs.getString(1);
}
} catch (Exception e) {
log.error("query db failed.", e);
throw new JDBCException(e);
}
return result;
}
});
return result;
}
@SuppressWarnings("unchecked")
public boolean commit() throws LoginException {
principals.add(new UserPrincipal(user));
for (String r : ROLE) {
principals.add(new GroupPrincipal(r));
}
subject.getPrincipals().addAll(principals);
log.debug("commit");
return true;
}
public boolean abort() throws LoginException {
user = null;
if (debug)
log.debug("abort");
return true;
}
public boolean logout() throws LoginException {
subject.getPrincipals().removeAll(principals);
principals.clear();
if (debug)
log.debug("logout");
return true;
}
}
No comments:
Post a Comment