/** * Overridden to allow for authentication based on client certificates. * Connections being added will be authenticated based on their certificate * chain and the JAAS module specified through the JAAS framework. NOTE: The * security context's username will be set to the first UserPrincipal * created by the login module. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ @Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { if (!(info.getTransportContext() instanceof X509Certificate[])) { throw new SecurityException("Unable to authenticate transport without SSL certificate."); } // Set the TCCL since it seems JAAS needs it to find the login // module classes. ClassLoader original = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader()); try { SecurityContext s = authenticate(info.getUserName(), info.getPassword(), (X509Certificate[]) info.getTransportContext()); context.setSecurityContext(s); } finally { Thread.currentThread().setContextClassLoader(original); } } super.addConnection(context, info); }
@Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { super.addConnection(context, info); ActiveMQTopic topic = AdvisorySupport.getConnectionAdvisoryTopic(); // do not distribute passwords in advisory messages. usernames okay ConnectionInfo copy = info.copy(); copy.setPassword(""); fireAdvisory(context, topic, copy); connections.put(copy.getConnectionId(), copy); }
/** * Overridden to allow for authentication using different Jaas * configurations depending on if the connection is SSL or not. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ @Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { if (isSSL(context, info)) { this.sslBroker.addConnection(context, info); } else { this.nonSslBroker.addConnection(context, info); } super.addConnection(context, info); } }
@Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { Runnable work = addConnectionWork.poll(); if (work != null) { try { addConnectionBarrier.writeLock().lockInterruptibly(); do { work.run(); work = addConnectionWork.poll(); } while (work != null); super.addConnection(context, info); } finally { addConnectionBarrier.writeLock().unlock(); } } else { try { addConnectionBarrier.readLock().lockInterruptibly(); super.addConnection(context, info); } finally { addConnectionBarrier.readLock().unlock(); } } }
@Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if( info.isFaultTolerant() ) { ConnectionMonitor monitor = new ConnectionMonitor(context); monitors.put(info.getConnectionId(), monitor); super.addConnection(context, info); checkTarget(monitor); } else { super.addConnection(context, info); } }
public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { // Set the TCCL since it seems JAAS needs it to find the login // module classes. ClassLoader original = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader()); try { // Do the login. try { JassCredentialCallbackHandler callback = new JassCredentialCallbackHandler(info .getUserName(), info.getPassword()); LoginContext lc = new LoginContext(jassConfiguration, callback); lc.login(); Subject subject = lc.getSubject(); SecurityContext s = new JaasSecurityContext(info.getUserName(), subject); context.setSecurityContext(s); securityContexts.add(s); } catch (Exception e) { throw (SecurityException)new SecurityException("User name or password is invalid.") .initCause(e); } } finally { Thread.currentThread().setContextClassLoader(original); } } super.addConnection(context, info); }
@Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { super.addConnection(context, info); ActiveMQTopic topic = AdvisorySupport.getConnectionAdvisoryTopic(); // do not distribute passwords in advisory messages. usernames okay ConnectionInfo copy = info.copy(); copy.setPassword(""); fireAdvisory(context, topic, copy); connections.put(copy.getConnectionId(), copy); }
@Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { super.addConnection(context, info); ActiveMQTopic topic = AdvisorySupport.getConnectionAdvisoryTopic(); // do not distribute passwords in advisory messages. usernames okay ConnectionInfo copy = info.copy(); copy.setPassword(""); fireAdvisory(context, topic, copy); connections.put(copy.getConnectionId(), copy); }
@Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { super.addConnection(context, info); ActiveMQTopic topic = AdvisorySupport.getConnectionAdvisoryTopic(); // do not distribute passwords in advisory messages. usernames okay ConnectionInfo copy = info.copy(); copy.setPassword(""); fireAdvisory(context, topic, copy); connections.put(copy.getConnectionId(), copy); }
/** * Overridden to allow for authentication based on client certificates. * Connections being added will be authenticated based on their certificate * chain and the JAAS module specified through the JAAS framework. NOTE: The * security context's username will be set to the first UserPrincipal * created by the login module. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ @Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { if (!(info.getTransportContext() instanceof X509Certificate[])) { throw new SecurityException("Unable to authenticate transport without SSL certificate."); } // Set the TCCL since it seems JAAS needs it to find the login // module classes. ClassLoader original = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader()); try { SecurityContext s = authenticate(info.getUserName(), info.getPassword(), (X509Certificate[]) info.getTransportContext()); context.setSecurityContext(s); } finally { Thread.currentThread().setContextClassLoader(original); } } super.addConnection(context, info); }
/** * Add connection. * If connection is not a pass through connection check username/password credential and device limits and then register the connection into kapua environment * <p> * Return error code is compliant to fix ENTMQ-731 * Extract of MQTTProtocolConverter.java * <p> * if (exception instanceof InvalidClientIDException) { * ack.code(CONNACK.Code.CONNECTION_REFUSED_IDENTIFIER_REJECTED); * } * else if (exception instanceof SecurityException) { * ack.code(CONNACK.Code.CONNECTION_REFUSED_NOT_AUTHORIZED); * } * else if (exception instanceof CredentialException) { * ack.code(CONNACK.Code.CONNECTION_REFUSED_BAD_USERNAME_OR_PASSWORD); * } * else { * ack.code(CONNACK.Code.CONNECTION_REFUSED_SERVER_UNAVAILABLE); * } */ @Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (!isPassThroughConnection(context)) { addExternalConnection(context, info); loginMetric.getSuccess().inc(); } super.addConnection(context, info); }
/** * Overridden to allow for authentication based on client certificates. * Connections being added will be authenticated based on their certificate * chain and the JAAS module specified through the JAAS framework. NOTE: The * security context's username will be set to the first UserPrincipal * created by the login module. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ @Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { if (!(info.getTransportContext() instanceof X509Certificate[])) { throw new SecurityException("Unable to authenticate transport without SSL certificate."); } // Set the TCCL since it seems JAAS needs it to find the login // module classes. ClassLoader original = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader()); try { SecurityContext s = authenticate(info.getUserName(), info.getPassword(), (X509Certificate[]) info.getTransportContext()); context.setSecurityContext(s); } finally { Thread.currentThread().setContextClassLoader(original); } } super.addConnection(context, info); }
/** * Overridden to allow for authentication based on client certificates. * Connections being added will be authenticated based on their certificate * chain and the JAAS module specified through the JAAS framework. NOTE: The * security context's username will be set to the first UserPrincipal * created by the login module. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ @Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { if (!(info.getTransportContext() instanceof X509Certificate[])) { throw new SecurityException("Unable to authenticate transport without SSL certificate."); } // Set the TCCL since it seems JAAS needs it to find the login // module classes. ClassLoader original = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader()); try { SecurityContext s = authenticate(info.getUserName(), info.getPassword(), (X509Certificate[]) info.getTransportContext()); context.setSecurityContext(s); } finally { Thread.currentThread().setContextClassLoader(original); } } super.addConnection(context, info); }
@Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { super.addConnection(context, info); ActiveMQTopic topic = AdvisorySupport.getConnectionAdvisoryTopic(); //do not distribute usernames or passwords in advisory ConnectionInfo copy = info.copy(); copy.setUserName(""); copy.setPassword(""); fireAdvisory(context, topic, copy); connections.put(copy.getConnectionId(), copy); }
/** * Overridden to allow for authentication using different Jaas * configurations depending on if the connection is SSL or not. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ @Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { if (isSSL(context, info)) { this.sslBroker.addConnection(context, info); } else { this.nonSslBroker.addConnection(context, info); } super.addConnection(context, info); } }
/** * Overridden to allow for authentication using different Jaas * configurations depending on if the connection is SSL or not. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ @Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { if (isSSL(context, info)) { this.sslBroker.addConnection(context, info); } else { this.nonSslBroker.addConnection(context, info); } super.addConnection(context, info); } }
/** * Overridden to allow for authentication using different Jaas * configurations depending on if the connection is SSL or not. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ @Override public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { if (isSSL(context, info)) { this.sslBroker.addConnection(context, info); } else { this.nonSslBroker.addConnection(context, info); } super.addConnection(context, info); } }
public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if(api!=null&&api.getIsStarted()) { connect(); } if (context.getSecurityContext() == null) { URI uri=authenticationService.authenticateUser(info.getUserName(), info.getPassword()); if (uri!=null) { final Set<URI> groups = authenticationService.getRolesForUser(uri); SecurityContext s = new BocaSecurityContext(info.getUserName(), info.getPassword(), groups); context.setSecurityContext(s); securityContexts.add(s); userSecurityContextMap.put(info.getUserName(), s); Set<ConnectionContext> conns = userConnection.get(info.getUserName()); if (conns == null) { conns = new HashSet<ConnectionContext>(); userConnection.put(info.getUserName(), conns); } conns.add(context); } else { throw new SecurityException("User name or password is invalid."); } } super.addConnection(context, info); }
super.addConnection(context, info); } catch (Exception e) { securityContexts.remove(s);
/** * Overridden to allow for authentication using different Jaas * configurations depending on if the connection is SSL or not. * * @param context The context for the incoming Connection. * @param info The ConnectionInfo Command representing the incoming * connection. */ public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { if (context.getSecurityContext() == null) { boolean isSSL; Connector connector = context.getConnector(); if (connector instanceof TransportConnector) { TransportConnector transportConnector = (TransportConnector) connector; isSSL = (transportConnector.getServer() instanceof SslTransportServer); } else { isSSL = false; } if (isSSL) { this.sslBroker.addConnection(context, info); } else { this.nonSslBroker.addConnection(context, info); } super.addConnection(context, info); } }