Applying patch from https://issues.apache.org/activemq/browse/AMQ-960

git-svn-id: https://svn.apache.org/repos/asf/incubator/activemq/trunk@465438 13f79535-47bb-0310-9956-ffa450edef68
2006-10-19 01:24:16 +00:00 · 2006-10-19 01:24:16 +00:00 · a8b1810141
parent 4e98feca92
commit a8b1810141
2 changed files with 15 additions and 10 deletions
--- a/activemq-jaas/src/main/java/org/apache/activemq/jaas/CertificateLoginModule.java
+++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/CertificateLoginModule.java
@ -18,28 +18,24 @@

 package org.apache.activemq.jaas;

-import java.io.File;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 import java.io.IOException;
-import java.util.Enumeration;
+import java.security.cert.X509Certificate;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Map;
 import java.util.Set;
-import java.security.cert.X509Certificate;

 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;

-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 /**
 * A LoginModule that allows for authentication based on SSL certificates.
 * 
@ -99,7 +95,8 @@ public abstract class CertificateLoginModule implements LoginModule {
        
        username = getUserNameForCertificates(certificates);
        if ( username == null )
-            throw new FailedLoginException("Unable to verify client certificates.");
+            throw new FailedLoginException("No user for client certificate: "
+                + getDistinguishedName(certificates));

        groups = getUserGroups(username);
        
@ -188,4 +185,12 @@ public abstract class CertificateLoginModule implements LoginModule {
     */
    protected abstract Set getUserGroups(final String username) throws LoginException;

+    protected String getDistinguishedName(final X509Certificate[] certs) {
+        if (certs != null && certs.length > 0 && certs[0] != null) {
+            return certs[0].getSubjectDN().getName();
+        } else {
+            return null;
+        }
+    }
+
 }
--- a/activemq-jaas/src/main/java/org/apache/activemq/jaas/TextFileCertificateLoginModule.java
+++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/TextFileCertificateLoginModule.java
@ -93,7 +93,7 @@ public class TextFileCertificateLoginModule extends CertificateLoginModule {
            throw new LoginException("Unable to load user properties file " + usersFile);
        }
        
-        String dn = certs[0].getSubjectDN().getName();
+        String dn = getDistinguishedName(certs);
        
        for(Enumeration vals = users.elements(), keys = users.keys(); vals.hasMoreElements(); ) {
            if ( ((String)vals.nextElement()).equals(dn) ) {