mirror of https://github.com/apache/activemq.git
AMQ-8987 EncryptableLDAPLoginModule support wider password encryption schemes
(cherry picked from commit 6e3b19bd59
)
This commit is contained in:
parent
130d17e133
commit
8e0d7eb19e
|
@ -23,6 +23,7 @@ import javax.security.auth.callback.CallbackHandler;
|
|||
|
||||
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
|
||||
import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;
|
||||
import org.jasypt.iv.RandomIvGenerator;
|
||||
import org.jasypt.properties.EncryptableProperties;
|
||||
|
||||
/**
|
||||
|
@ -50,6 +51,10 @@ public class EncryptableLDAPLoginModule extends LDAPLoginModule {
|
|||
EnvironmentStringPBEConfig envConfig = new EnvironmentStringPBEConfig();
|
||||
envConfig.setAlgorithm(passwordAlgorithm);
|
||||
|
||||
if (passwordAlgorithm.startsWith("PBE") && passwordAlgorithm.contains("AES")) {
|
||||
envConfig.setIvGenerator(new RandomIvGenerator());
|
||||
}
|
||||
|
||||
//If the password was set, use it
|
||||
//else look up the password from the environment
|
||||
if (encryptionPassword == null) {
|
||||
|
|
|
@ -145,6 +145,28 @@ public class LDAPLoginModuleTest extends AbstractLdapTestUnit {
|
|||
context.logout();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAESEncryptedLogin() throws LoginException {
|
||||
|
||||
LoginContext context = new LoginContext("EncryptedAESLDAPLogin", new CallbackHandler() {
|
||||
@Override
|
||||
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
|
||||
for (int i = 0; i < callbacks.length; i++) {
|
||||
if (callbacks[i] instanceof NameCallback) {
|
||||
((NameCallback) callbacks[i]).setName("first");
|
||||
} else if (callbacks[i] instanceof PasswordCallback) {
|
||||
((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
|
||||
} else {
|
||||
throw new UnsupportedCallbackException(callbacks[i]);
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
context.login();
|
||||
context.logout();
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testUnauthenticated() throws LoginException {
|
||||
LoginContext context = new LoginContext("UnAuthenticatedLDAPLogin", new CallbackHandler() {
|
||||
|
|
|
@ -86,6 +86,27 @@ EncryptedLDAPLogin {
|
|||
;
|
||||
};
|
||||
|
||||
EncryptedAESLDAPLogin {
|
||||
org.apache.activemq.jaas.EncryptableLDAPLoginModule required
|
||||
debug=true
|
||||
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
|
||||
connectionURL="ldap://localhost:1024"
|
||||
connectionUsername="uid=admin,ou=system"
|
||||
connectionPassword="ENC(l3ZDKzR+ADzlmYr2Csd/CBXnFRd5Jk02JGKaraMHc7NRQp5amOxvHbuUCQNUQ0cE)"
|
||||
connectionProtocol=s
|
||||
authentication=simple
|
||||
userBase="ou=system"
|
||||
userSearchMatching="(uid={0})"
|
||||
userSearchSubtree=false
|
||||
roleBase="ou=system"
|
||||
roleName=dummyRoleName
|
||||
roleSearchMatching="(uid={1})"
|
||||
roleSearchSubtree=false
|
||||
encryptionAlgorithm=PBEWITHHMACSHA256ANDAES_256
|
||||
encryptionPassword="activemq"
|
||||
;
|
||||
};
|
||||
|
||||
UnAuthenticatedLDAPLogin {
|
||||
org.apache.activemq.jaas.LDAPLoginModule required
|
||||
debug=true
|
||||
|
|
Loading…
Reference in New Issue