Class ActiveMQBasicSecurityManager
java.lang.Object
org.apache.activemq.artemis.spi.core.security.ActiveMQBasicSecurityManager
- All Implemented Interfaces:
ActiveMQSecurityManager,ActiveMQSecurityManager5,UserManagement
public class ActiveMQBasicSecurityManager
extends Object
implements ActiveMQSecurityManager5, UserManagement
All user and role state (both in memory and on disk) is maintained by the underlying StorageManager
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidaddNewUser(String user, String password, String... roles) authenticate(String userToAuthenticate, String passwordToAuthenticate, RemotingConnection remotingConnection, String securityDomain) is this a valid user.booleanDetermine whether the given user has the correct role for the given check type.voidcompleteInit(StorageManager storageManager) Initialize the manager with the given configuration properties.voidremoveUser(String user) voidupdateUser(String user, String password, String... roles) booleanvalidateUser(String user, String password) is this a valid user.booleanis this a valid user and do they have the correct roleMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
getDomain, getUserFromSubject
-
Field Details
-
BOOTSTRAP_USER
- See Also:
-
BOOTSTRAP_PASSWORD
- See Also:
-
BOOTSTRAP_ROLE
- See Also:
-
BOOTSTRAP_USER_FILE
- See Also:
-
BOOTSTRAP_ROLE_FILE
- See Also:
-
-
Constructor Details
-
ActiveMQBasicSecurityManager
public ActiveMQBasicSecurityManager()
-
-
Method Details
-
init
Description copied from interface:ActiveMQSecurityManagerInitialize the manager with the given configuration properties. This method is called by the broker when the file-based configuration is read. If you're creating/configuring the plugin programmatically then the recommended approach is to simply use the manager's getters/setters rather than this method.- Specified by:
initin interfaceActiveMQSecurityManager- Parameters:
properties- name/value pairs used to configure the ActiveMQSecurityManager instance- Returns:
thisinstance
-
validateUser
Description copied from interface:ActiveMQSecurityManageris this a valid user.- Specified by:
validateUserin interfaceActiveMQSecurityManager- Parameters:
user- the userpassword- the users password- Returns:
trueif a valid user
-
authenticate
public Subject authenticate(String userToAuthenticate, String passwordToAuthenticate, RemotingConnection remotingConnection, String securityDomain) Description copied from interface:ActiveMQSecurityManager5is this a valid user.This method is called instead of
ActiveMQSecurityManager.validateUser(String, String).- Specified by:
authenticatein interfaceActiveMQSecurityManager5- Parameters:
userToAuthenticate- the userpasswordToAuthenticate- the user's passwordremotingConnection- the user's connection which contains any corresponding SSL certssecurityDomain- the name of the JAAS security domain to use (can be null)- Returns:
- the Subject of the authenticated user, else null
-
validateUserAndRole
public boolean validateUserAndRole(String user, String password, Set<Role> roles, CheckType checkType) Description copied from interface:ActiveMQSecurityManageris this a valid user and do they have the correct role- Specified by:
validateUserAndRolein interfaceActiveMQSecurityManager- Parameters:
user- the userpassword- the users passwordroles- the roles the user hascheckType- the type of check to perform- Returns:
trueif the user is valid and they have the correct roles
-
authorize
Description copied from interface:ActiveMQSecurityManager5Determine whether the given user has the correct role for the given check type.This method is called instead of
ActiveMQSecurityManager.validateUserAndRole(String, String, Set, CheckType).- Specified by:
authorizein interfaceActiveMQSecurityManager5- Parameters:
subject- the Subject to authorizeroles- the roles configured in the security-settingscheckType- which permission to validateaddress- the address (or FQQN) to grant access to- Returns:
trueif the user is authorized, else false
-
addNewUser
- Specified by:
addNewUserin interfaceUserManagement- Throws:
Exception
-
removeUser
- Specified by:
removeUserin interfaceUserManagement- Throws:
Exception
-
listUser
- Specified by:
listUserin interfaceUserManagement
-
updateUser
- Specified by:
updateUserin interfaceUserManagement- Throws:
Exception
-
completeInit
-