Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@
public class JaasDualAuthenticationBroker extends BrokerFilter implements AuthenticationBroker {
private final JaasCertificateAuthenticationBroker sslBroker;
private final JaasAuthenticationBroker nonSslBroker;

private final boolean certificateRequired;

/*** Simple constructor. Leaves everything to superclass.
*
Expand All @@ -70,11 +70,12 @@ public class JaasDualAuthenticationBroker extends BrokerFilter implements Authen
* @param jaasSslConfiguration The JAAS domain configuration name for
* SSL connections (refer to JAAS documentation).
*/
public JaasDualAuthenticationBroker(Broker next, String jaasConfiguration, String jaasSslConfiguration) {
public JaasDualAuthenticationBroker(Broker next, String jaasConfiguration, String jaasSslConfiguration, boolean certificateRequired) {
super(next);

this.nonSslBroker = new JaasAuthenticationBroker(new EmptyBroker(), jaasConfiguration);
this.sslBroker = new JaasCertificateAuthenticationBroker(new EmptyBroker(), jaasSslConfiguration);
this.certificateRequired = certificateRequired;
}

/**
Expand Down Expand Up @@ -110,18 +111,28 @@ public void removeConnection(ConnectionContext context, ConnectionInfo info, Thr
}
}

private boolean isSSL(ConnectionContext context, ConnectionInfo info) throws Exception {
protected boolean isSSL(ConnectionContext context, ConnectionInfo info) throws Exception {
boolean sslCapable = false;
boolean sslCertificatePresent = false;

Connector connector = context.getConnector();
if (connector instanceof TransportConnector) {
TransportConnector transportConnector = (TransportConnector) connector;
sslCapable = transportConnector.getServer().isSslServer();
}

// AMQ-5943, also check if transport context carries X509 cert
if (!sslCapable && info.getTransportContext() instanceof X509Certificate[]) {
// AMQ-9750, optionally require a sslCertificate be present in order to support both one-way and two-way
if (info.getTransportContext() instanceof X509Certificate[]) {
sslCapable = true;
sslCertificatePresent = true;
}

if(certificateRequired) {
return sslCertificatePresent;
} else {
return sslCapable;
}
return sslCapable;
}

@Override
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,11 @@
*/
public class JaasDualAuthenticationPlugin extends JaasAuthenticationPlugin {
private String sslConfiguration = "activemq-ssl-domain";
private boolean certificateRequired = false;

public Broker installPlugin(Broker broker) {
initialiseJaas();
return new JaasDualAuthenticationBroker(broker, configuration, sslConfiguration);
return new JaasDualAuthenticationBroker(broker, configuration, sslConfiguration, certificateRequired);
}

// Properties
Expand All @@ -48,4 +49,12 @@ public void setSslConfiguration(String sslConfiguration) {
public String getSslConfiguration() {
return sslConfiguration;
}

public void setCertificateRequired(boolean certificateRequired) {
this.certificateRequired = certificateRequired;
}

public boolean isCertificateRequired() {
return this.certificateRequired;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ void createLoginConfig() {
protected void setUp() throws Exception {
receiveBroker = new StubBroker();

authBroker = new JaasDualAuthenticationBroker(receiveBroker, "activemq-domain", "activemq-ssl-domain");
authBroker = new JaasDualAuthenticationBroker(receiveBroker, "activemq-domain", "activemq-ssl-domain", false);

connectionContext = new ConnectionContext();

Expand Down