activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chir...@apache.org
Subject svn commit: r464659 - in /incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq: broker/ security/ transport/tcp/
Date Mon, 16 Oct 2006 20:54:25 GMT
Author: chirino
Date: Mon Oct 16 13:54:24 2006
New Revision: 464659

URL: http://svn.apache.org/viewvc?view=rev&rev=464659
Log:
Applying patch from https://issues.apache.org/activemq/browse/AMQ-960
Thanks Kelly Campbell!

Added:
    incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/JaasCertificateSecurityContext.java
Modified:
    incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/TransportConnector.java
    incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/JaasCertificateAuthenticationBroker.java
    incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
    incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java

Modified: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/TransportConnector.java
URL: http://svn.apache.org/viewvc/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/TransportConnector.java?view=diff&rev=464659&r1=464658&r2=464659
==============================================================================
--- incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/TransportConnector.java
(original)
+++ incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/TransportConnector.java
Mon Oct 16 13:54:24 2006
@@ -148,13 +148,20 @@
                     connection.start();
                 }
                 catch (Exception e) {
+                    String remoteHost = transport.getRemoteAddress();
                 	ServiceSupport.dispose(transport);
-                    onAcceptError(e);
+                    onAcceptError(e, remoteHost);
                 }
             }
 
             public void onAcceptError(Exception error) {
-                log.error("Could not accept connection: " + error, error);
+                onAcceptError(error,null);
+            }
+
+            private void onAcceptError(Exception error, String remoteHost) {
+                log.error("Could not accept connection "  +
+                    (remoteHost == null ? "" : "from " + remoteHost)
+                    + ": " + error, error);
             }
         });
         this.server.setBrokerInfo(brokerInfo);

Modified: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/JaasCertificateAuthenticationBroker.java
URL: http://svn.apache.org/viewvc/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/JaasCertificateAuthenticationBroker.java?view=diff&rev=464659&r1=464658&r2=464659
==============================================================================
--- incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/JaasCertificateAuthenticationBroker.java
(original)
+++ incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/JaasCertificateAuthenticationBroker.java
Mon Oct 16 13:54:24 2006
@@ -96,11 +96,11 @@
                             break;
                         }
                     }
-                    
-                    SecurityContext s = new JaasSecurityContext(dnName, subject);
+                    SecurityContext s = new JaasCertificateSecurityContext(
+                        dnName, subject, (X509Certificate[])info.getTransportContext());
                     context.setSecurityContext(s);
                 } catch (Exception e) {
-                    throw new SecurityException("User name or password is invalid.", e);
+                    throw new SecurityException("User name or password is invalid: " + e.getMessage(),
e);
                 }
             } finally {
                 Thread.currentThread().setContextClassLoader(original);

Added: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/JaasCertificateSecurityContext.java
URL: http://svn.apache.org/viewvc/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/JaasCertificateSecurityContext.java?view=auto&rev=464659
==============================================================================
--- incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/JaasCertificateSecurityContext.java
(added)
+++ incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/JaasCertificateSecurityContext.java
Mon Oct 16 13:54:24 2006
@@ -0,0 +1,53 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.activemq.security;
+
+import java.security.cert.X509Certificate;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+/**
+ * Extends the SecurityContext to provide a username which is the
+ * Distinguished Name from the certificate.
+ *
+ */
+public class JaasCertificateSecurityContext extends SecurityContext {
+
+    private Subject subject;
+    private X509Certificate[] certs;
+  
+    public JaasCertificateSecurityContext(String userName, Subject subject, X509Certificate[]
certs) {
+        super(userName);
+        this.subject = subject;
+        this.certs = certs;
+    }
+
+    public Set getPrincipals() {
+        return subject.getPrincipals();
+    }
+  
+    public String getUserName() {
+        if (certs != null && certs.length > 0) {
+            return certs[0].getSubjectDN().getName();
+        }
+        return super.getUserName();
+    }
+
+}

Modified: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
URL: http://svn.apache.org/viewvc/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java?view=diff&rev=464659&r1=464658&r2=464659
==============================================================================
--- incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
(original)
+++ incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
Mon Oct 16 13:54:24 2006
@@ -18,21 +18,19 @@
 
 package org.apache.activemq.transport.tcp;
 
-import org.apache.activemq.wireformat.WireFormat;
 import org.apache.activemq.command.Command;
 import org.apache.activemq.command.ConnectionInfo;
-import org.apache.activemq.util.IntrospectionSupport;
+import org.apache.activemq.wireformat.WireFormat;
 
 import java.io.IOException;
 import java.net.URI;
+import java.net.UnknownHostException;
 import java.security.cert.X509Certificate;
-import java.util.Map;
 
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
 
 /**
  * A Transport class that uses SSL and client-side certificate authentication.
@@ -44,7 +42,7 @@
  *      set before the socket is connected. Otherwise, unexpected situations may occur.
  * 
  */
-class SslTransport extends TcpTransport {
+public class SslTransport extends TcpTransport {
     /**
      * Connect to a remote node such as a Broker.
      * 
@@ -60,7 +58,9 @@
      */
     public SslTransport(WireFormat wireFormat, SSLSocketFactory socketFactory, URI remoteLocation,
URI localLocation, boolean needClientAuth) throws IOException {
         super(wireFormat, socketFactory, remoteLocation, localLocation);
-        ((SSLSocket)this.socket).setNeedClientAuth(needClientAuth);
+        if (this.socket != null) {
+            ((SSLSocket)this.socket).setNeedClientAuth(needClientAuth);
+        }
     }
     
     /**
@@ -106,5 +106,13 @@
 
         super.doConsume(command);
     }
+
+    /**
+     * @return pretty print of 'this'
+     */
+    public String toString() {
+        return "ssl://"+socket.getInetAddress()+":"+socket.getPort();
+    }
+
 }
 

Modified: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
URL: http://svn.apache.org/viewvc/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java?view=diff&rev=464659&r1=464658&r2=464659
==============================================================================
--- incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
(original)
+++ incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
Mon Oct 16 13:54:24 2006
@@ -48,12 +48,12 @@
     
     
     /**
-     * Constructor.
+     * Creates a ssl transport server for the specified url using the provided
+     * serverSocketFactory
      * 
      * @param transportFactory The factory used to create transports when connections arrive.
      * @param location The location of the broker to bind to.
      * @param serverSocketFactory The factory used to create this server.
-     * @param needClientAuth States if this server should needClientAuth.
      * @throws IOException passed up from TcpTransportFactory.
      * @throws URISyntaxException passed up from TcpTransportFactory.
      */
@@ -65,34 +65,34 @@
     }
     
     /**
-     * Setter for needClientAuth.
-     * 
-     * When set to true, needClientAuth will set SSLSockets' needClientAuth to true forcing
clients to provide
-     *      client certificates.
+     * Sets whether client authentication should be required
+     * Must be called before {@link #bind()}
+     * Note: Calling this method clears the wantClientAuth flag
+     * in the underlying implementation.
      */
     public void setNeedClientAuth(boolean needAuth) {
         this.needClientAuth = needAuth;
     }
     
     /**
-     * Getter for needClientAuth.
+     * Returns whether client authentication should be required.
      */
     public boolean getNeedClientAuth() {
         return this.needClientAuth;
     }
     
     /**
-     * Getter for wantClientAuth.
+     * Returns whether client authentication should be requested.
      */
     public boolean getWantClientAuth() {
         return this.wantClientAuth;
     }
     
     /**
-     * Setter for wantClientAuth.
-     * 
-     * When set to true, wantClientAuth will set SSLSockets' wantClientAuth to true forcing
clients to provide
-     *      client certificates.
+     * Sets whether client authentication should be requested.
+     * Must be called before {@link #bind()}
+     * Note: Calling this method clears the needClientAuth flag
+     * in the underlying implementation.
      */
     public void setWantClientAuth(boolean wantAuth) {
         this.wantClientAuth = wantAuth;



Mime
View raw message