Commiting awesome patch by Sepand Mavandadi to add ActiveMQ support for SSL authentication and authorization: https://issues.apache.org/activemq/browse/AMQ-912

git-svn-id: https://svn.apache.org/repos/asf/incubator/activemq/trunk@447607 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Hiram R. Chirino 2006-09-18 22:42:30 +00:00
parent c9b89056f7
commit 4f945cf7e1
4 changed files with 186 additions and 12 deletions

View File

@ -211,6 +211,25 @@ public class ActiveMQConnectionFactory extends JNDIBaseStorable implements Conne
protected ActiveMQConnection createActiveMQConnection() throws JMSException { protected ActiveMQConnection createActiveMQConnection() throws JMSException {
return createActiveMQConnection(userName, password); return createActiveMQConnection(userName, password);
} }
/**
* Creates a Transport based on this object's connection settings.
*
* Separated from createActiveMQConnection to allow for subclasses to
* override.
*
* @return The newly created Transport.
* @throws JMSException If unable to create trasnport.
*
* @author sepandm@gmail.com
*/
protected Transport createTransport() throws JMSException {
try {
return TransportFactory.connect(brokerURL,DEFAULT_CONNECTION_EXECUTOR);
} catch (Exception e) {
throw JMSExceptionSupport.create("Could not create Transport. Reason: " + e, e);
}
}
/** /**
* @return Returns the Connection. * @return Returns the Connection.
@ -221,7 +240,7 @@ public class ActiveMQConnectionFactory extends JNDIBaseStorable implements Conne
} }
Transport transport; Transport transport;
try { try {
transport = TransportFactory.connect(brokerURL,DEFAULT_CONNECTION_EXECUTOR); transport = createTransport();
ActiveMQConnection connection = createActiveMQConnection(transport, factoryStats); ActiveMQConnection connection = createActiveMQConnection(transport, factoryStats);
connection.setUserName(userName); connection.setUserName(userName);

View File

@ -28,6 +28,8 @@ import org.apache.activemq.broker.BrokerFilter;
import org.apache.activemq.broker.ConnectionContext; import org.apache.activemq.broker.ConnectionContext;
import org.apache.activemq.command.ConnectionInfo; import org.apache.activemq.command.ConnectionInfo;
import org.apache.activemq.jaas.JassCredentialCallback;
import edu.emory.mathcs.backport.java.util.concurrent.CopyOnWriteArrayList; import edu.emory.mathcs.backport.java.util.concurrent.CopyOnWriteArrayList;

View File

@ -30,9 +30,8 @@ import java.net.URL;
* @version $Revision$ * @version $Revision$
*/ */
public class JaasAuthenticationPlugin implements BrokerPlugin { public class JaasAuthenticationPlugin implements BrokerPlugin {
protected String configuration = "activemq-domain";
private String configuration = "activemq-domain"; protected boolean discoverLoginConfig = true;
private boolean discoverLoginConfig = true;
public Broker installPlugin(Broker broker) { public Broker installPlugin(Broker broker) {
initialiseJaas(); initialiseJaas();

View File

@ -16,27 +16,181 @@
*/ */
package org.apache.activemq.transport.tcp; package org.apache.activemq.transport.tcp;
import org.apache.activemq.wireformat.WireFormat;
import org.apache.activemq.openwire.OpenWireFormat;
import org.apache.activemq.transport.InactivityMonitor;
import org.apache.activemq.transport.Transport;
import org.apache.activemq.transport.TransportLogger;
import org.apache.activemq.transport.TransportServer;
import org.apache.activemq.transport.WireFormatNegotiator;
import org.apache.activemq.util.IOExceptionSupport;
import org.apache.activemq.util.IntrospectionSupport;
import org.apache.activemq.util.URISupport;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.net.ServerSocketFactory; import javax.net.ServerSocketFactory;
import javax.net.SocketFactory; import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
/** /**
* An implementation of the TCP Transport using SSL * An implementation of the TcpTransportFactory using SSL.
* *
* The major contribution from this class is that it is aware of SslTransportServer and SslTransport classes.
* All Transports and TransportServers created from this factory will have their needClientAuth option set to false.
*
* @author sepandm@gmail.com (Sepand)
* @version $Revision: $ * @version $Revision: $
*/ */
public class SslTransportFactory extends TcpTransportFactory { public class SslTransportFactory extends TcpTransportFactory {
// The context used to creat ssl sockets.
private SSLContext sslContext = null;
// The log this uses.,
private static final Log log = LogFactory.getLog(SslTransportFactory.class);
/**
* Constructor. Nothing special.
*
*/
public SslTransportFactory() { public SslTransportFactory() {
} }
/**
* Overriding to use SslTransportServer and allow for proper reflection.
*/
public TransportServer doBind(String brokerId, final URI location) throws IOException {
try {
Map options = new HashMap(URISupport.parseParamters(location));
protected ServerSocketFactory createServerSocketFactory() { ServerSocketFactory serverSocketFactory = createServerSocketFactory();
return SSLServerSocketFactory.getDefault(); SslTransportServer server =
} new SslTransportServer(this, location, (SSLServerSocketFactory)serverSocketFactory);
server.setWireFormatFactory(createWireFormatFactory(options));
protected SocketFactory createSocketFactory() { IntrospectionSupport.setProperties(server, options);
return SSLSocketFactory.getDefault(); Map transportOptions = IntrospectionSupport.extractProperties(options, "transport.");
server.setTransportOption(transportOptions);
server.bind();
return server;
}
catch (URISyntaxException e) {
throw IOExceptionSupport.create(e);
}
} }
/**
* Overriding to allow for proper configuration through reflection.
*/
public Transport compositeConfigure(Transport transport, WireFormat format, Map options) {
SslTransport sslTransport = (SslTransport) transport.narrow(SslTransport.class);
IntrospectionSupport.setProperties(sslTransport, options);
Map socketOptions = IntrospectionSupport.extractProperties(options, "socket.");
sslTransport.setSocketOptions(socketOptions);
if (sslTransport.isTrace()) {
transport = new TransportLogger(transport);
}
transport = new InactivityMonitor(transport);
// Only need the WireFormatNegotiator if using openwire
if (format instanceof OpenWireFormat) {
transport = new WireFormatNegotiator(transport, (OpenWireFormat)format, sslTransport.getMinmumWireFormatVersion());
}
return transport;
}
/**
* Overriding to use SslTransports.
*/
protected Transport createTransport(URI location,WireFormat wf) throws UnknownHostException,IOException{
URI localLocation = null;
String path = location.getPath();
// see if the path is a local URI location
if (path != null && path.length() > 0) {
int localPortIndex = path.indexOf(':');
try {
Integer.parseInt(path.substring((localPortIndex + 1), path.length()));
String localString = location.getScheme() + ":/" + path;
localLocation = new URI(localString);
}
catch (Exception e) {
log.warn("path isn't a valid local location for SslTransport to use", e);
}
}
SocketFactory socketFactory = createSocketFactory();
return new SslTransport(wf, (SSLSocketFactory)socketFactory, location, localLocation, false);
}
/**
* Sets the key and trust managers used in constructed socket factories.
*
* Passes given arguments to SSLContext.init(...).
*
* @param km The sources of authentication keys or null.
* @param tm The sources of peer authentication trust decisions or null.
* @param random The source of randomness for this generator or null.
*/
public void setKeyAndTrustManagers(KeyManager[] km, TrustManager[] tm, SecureRandom random) throws KeyManagementException {
// Killing old context and making a new one just to be safe.
try {
sslContext = SSLContext.getInstance("TLS");
} catch (NoSuchAlgorithmException e) {
// This should not happen unless this class is improperly modified.
throw new RuntimeException("Unknown SSL algorithm encountered.", e);
}
sslContext.init(km, tm, random);
}
/**
* Creates a new SSL ServerSocketFactory.
*
* The given factory will use user-provided key and trust managers (if the user provided them).
*
* @return Newly created (Ssl)ServerSocketFactory.
*/
protected ServerSocketFactory createServerSocketFactory() {
if (sslContext == null) {
return SSLServerSocketFactory.getDefault();
}
else
return sslContext.getServerSocketFactory();
}
/**
* Creates a new SSL SocketFactory.
*
* The given factory will use user-provided key and trust managers (if the user provided them).
*
* @return Newly created (Ssl)SocketFactory.
*/
protected SocketFactory createSocketFactory() {
if ( sslContext == null ) {
return SSLSocketFactory.getDefault();
}
else
return sslContext.getSocketFactory();
}
} }