This commit is contained in:
Clebert Suconic 2017-07-28 18:00:06 -04:00
commit abaccaab56
2 changed files with 10 additions and 3 deletions

View File

@ -16,6 +16,7 @@
*/
package org.apache.activemq.artemis.core.security.impl;
import javax.security.cert.X509Certificate;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
@ -142,7 +143,13 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC
notificationService.sendNotification(notification);
}
throw ActiveMQMessageBundle.BUNDLE.unableToValidateUser();
String certSubjectDN = "unavailable";
X509Certificate[] certs = CertificateUtil.getCertsFromConnection(connection);
if (certs != null && certs.length > 0 && certs[0] != null) {
certSubjectDN = certs[0].getSubjectDN().getName();
}
throw ActiveMQMessageBundle.BUNDLE.unableToValidateUser(connection.getRemoteAddress(), user, certSubjectDN);
}
return validatedUser;

View File

@ -157,8 +157,8 @@ public interface ActiveMQMessageBundle {
@Message(id = 119030, value = "large-message not initialized on server")
ActiveMQIllegalStateException largeMessageNotInitialised();
@Message(id = 119031, value = "Unable to validate user", format = Message.Format.MESSAGE_FORMAT)
ActiveMQSecurityException unableToValidateUser();
@Message(id = 119031, value = "Unable to validate user from {0}. Username: {1}; SSL certificate subject DN: {2}", format = Message.Format.MESSAGE_FORMAT)
ActiveMQSecurityException unableToValidateUser(String remoteAddress, String user, String certMessage);
@Message(id = 119032, value = "User: {0} does not have permission=''{1}'' on address {2}", format = Message.Format.MESSAGE_FORMAT)
ActiveMQSecurityException userNoPermissions(String username, CheckType checkType, String saddress);