001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.activemq.security; 018 019 import java.util.Iterator; 020 import java.util.Map; 021 import java.util.Set; 022 import java.util.concurrent.CopyOnWriteArrayList; 023 024 import org.apache.activemq.broker.Broker; 025 import org.apache.activemq.broker.BrokerFilter; 026 import org.apache.activemq.broker.ConnectionContext; 027 import org.apache.activemq.command.ConnectionInfo; 028 029 /** 030 * Handles authenticating a users against a simple user name/password map. 031 * 032 * @version $Revision$ 033 */ 034 public class SimpleAuthenticationBroker extends BrokerFilter { 035 036 private final Map userPasswords; 037 private final Map userGroups; 038 private final CopyOnWriteArrayList<SecurityContext> securityContexts = new CopyOnWriteArrayList<SecurityContext>(); 039 040 public SimpleAuthenticationBroker(Broker next, Map userPasswords, Map userGroups) { 041 super(next); 042 this.userPasswords = userPasswords; 043 this.userGroups = userGroups; 044 } 045 046 public void addConnection(ConnectionContext context, ConnectionInfo info) throws Exception { 047 048 if (context.getSecurityContext() == null) { 049 // Check the username and password. 050 String pw = (String)userPasswords.get(info.getUserName()); 051 if (pw == null || !pw.equals(info.getPassword())) { 052 throw new SecurityException("User name or password is invalid."); 053 } 054 055 final Set groups = (Set)userGroups.get(info.getUserName()); 056 SecurityContext s = new SecurityContext(info.getUserName()) { 057 public Set<?> getPrincipals() { 058 return groups; 059 } 060 }; 061 062 context.setSecurityContext(s); 063 securityContexts.add(s); 064 } 065 super.addConnection(context, info); 066 } 067 068 public void removeConnection(ConnectionContext context, ConnectionInfo info, Throwable error) 069 throws Exception { 070 super.removeConnection(context, info, error); 071 if (securityContexts.remove(context.getSecurityContext())) { 072 context.setSecurityContext(null); 073 } 074 } 075 076 /** 077 * Previously logged in users may no longer have the same access anymore. 078 * Refresh all the logged into users. 079 */ 080 public void refresh() { 081 for (Iterator<SecurityContext> iter = securityContexts.iterator(); iter.hasNext();) { 082 SecurityContext sc = iter.next(); 083 sc.getAuthorizedReadDests().clear(); 084 sc.getAuthorizedWriteDests().clear(); 085 } 086 } 087 088 }