Class CompositeUsernamePasswordAuthenticationManagerImpl
- java.lang.Object
-
- org.apache.qpid.server.model.AbstractConfiguredObject<T>
-
- org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager<CompositeUsernamePasswordAuthenticationManagerImpl>
-
- org.apache.qpid.server.security.auth.manager.CompositeUsernamePasswordAuthenticationManagerImpl
-
- All Implemented Interfaces:
EventLoggerProvider
,AuthenticationProvider<CompositeUsernamePasswordAuthenticationManagerImpl>
,ConfiguredObject<CompositeUsernamePasswordAuthenticationManagerImpl>
,ContextProvider
,PermissionedObject
,TaskExecutorProvider
,CachingAuthenticationProvider<CompositeUsernamePasswordAuthenticationManagerImpl>
,CompositeUsernamePasswordAuthenticationManager<CompositeUsernamePasswordAuthenticationManagerImpl>
,UsernamePasswordAuthenticationProvider<CompositeUsernamePasswordAuthenticationManagerImpl>
public class CompositeUsernamePasswordAuthenticationManagerImpl extends AbstractAuthenticationManager<CompositeUsernamePasswordAuthenticationManagerImpl> implements CompositeUsernamePasswordAuthenticationManager<CompositeUsernamePasswordAuthenticationManagerImpl>
Composite username / password authentication provider. Contains list of delegate authentication providers, which are assessed one by one during authentication process until first successful authentication or until all authentication attempts fail. When two delegates share same SASL mechanism (e.g. PlainAuthenticationProvider and ScramSHA256AuthenticationManager have in common SCRAM-SHA-256), implementation is resolved in runtime choosing the delegate containing username requested. If user with same username is present in both delegates, authentication will be performed only against the first delegate in the list.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.apache.qpid.server.model.AbstractConfiguredObject
AbstractConfiguredObject.CallableWithArgument<V,A>, AbstractConfiguredObject.ChainedListenableFuture<V>, AbstractConfiguredObject.ChainedSettableFuture<V>, AbstractConfiguredObject.DuplicateIdException, AbstractConfiguredObject.DuplicateNameException
-
-
Field Summary
Fields Modifier and Type Field Description static String
MECHANISM_NAME
Mechanism name-
Fields inherited from class org.apache.qpid.server.model.AbstractConfiguredObject
SECURED_STRING_VALUE
-
Fields inherited from interface org.apache.qpid.server.security.auth.manager.CachingAuthenticationProvider
AUTHENTICATION_CACHE_EXPIRATION_TIME, AUTHENTICATION_CACHE_ITERATION_COUNT, AUTHENTICATION_CACHE_MAX_SIZE, DEFAULT_AUTHENTICATION_CACHE_EXPIRATION_TIME, DEFAULT_AUTHENTICATION_CACHE_ITERATION_COUNT, DEFAULT_AUTHENTICATION_CACHE_MAX_SIZE
-
Fields inherited from interface org.apache.qpid.server.security.auth.manager.CompositeUsernamePasswordAuthenticationManager
PROVIDER_TYPE
-
Fields inherited from interface org.apache.qpid.server.model.ConfiguredObject
AWAIT_ATTAINMENT_TIMEOUT, CONTEXT, CREATED_BY, CREATED_TIME, DEFAULT_AWAIT_ATTAINMENT_TIMEOUT, DESCRIPTION, DESIRED_STATE, DURABLE, ID, LAST_UPDATED_BY, LAST_UPDATED_TIME, LIFETIME_POLICY, NAME, OVER_SIZED_ATTRIBUTE_ALTERNATIVE_TEXT, STATE, TYPE
-
-
Constructor Summary
Constructors Constructor Description CompositeUsernamePasswordAuthenticationManagerImpl(Map<String,Object> attributes, Container<?> container)
Constructor creates configured object
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AuthenticationResult
authenticate(String username, String password)
Iterates over authentication provider delegates attempting authentication for each one.SaslNegotiator
createSaslNegotiator(String mechanism, SaslSettings saslSettings, NamedAddressSpace addressSpace)
Creates SASL negotiator based on available optionsList<String>
getAvailableMechanisms(boolean secure)
Returns list of available SASL mechanism namesList<String>
getDelegates()
List<String>
getMechanisms()
MD5 => ["PLAIN", "CRAM-MD5-HASHED", "CRAM-MD5-HEX"] Plain => ["PLAIN", "CRAM-MD5", "SCRAM-SHA-1", "SCRAM-SHA-256"] SCRAM-SHA-1 => ["PLAIN", "SCRAM-SHA-1"] SCRAM-SHA-256 => ["PLAIN", "SCRAM-SHA-256"] SimpleLDAP => ["PLAIN"]protected void
onOpen()
Initializes SASL negotiatorsprotected void
postResolveChildren()
Initiates SCRAM adapters, delegatesString
toString()
void
validateChange(ConfiguredObject<?> proxyForValidation, Set<String> changedAttributes)
Validate changes-
Methods inherited from class org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager
activate, getDisabledMechanisms, getEventLogger, getSecureOnlyMechanisms, logCreated, logDeleted, logOperation, logRecovered, logUpdated, onValidate, startQuiesced
-
Methods inherited from class org.apache.qpid.server.model.AbstractConfiguredObject
addChangeListener, addChildAsync, addFutureCallback, applyToChildren, asObjectRecord, attainState, attributesAsString, attributeSet, authorise, authorise, authorise, authoriseCreateChild, awaitChildClassToAttainState, awaitChildClassToAttainState, beforeClose, beforeDelete, changeAttributes, childAdded, childRemoved, close, closeAsync, closeChildren, create, createAsync, createChild, createChildAsync, decryptSecrets, delete, deleteAsync, deleteChildren, deleteNoChecks, doAfter, doAfter, doAfter, doAfter, doAfter, doAfter, doAfterAlways, doAfterAlways, doCreation, doOnConfigThread, doOpening, doResolution, doSync, doSync, doValidation, findConfiguredObject, forceUpdateAllSecureAttributes, getAccessControl, getActualAttributes, getAncestor, getAttainedChildById, getAttainedChildByName, getAttribute, getAttributeNames, getCategoryClass, getChildById, getChildByName, getChildExecutor, getChildren, getContext, getContextKeys, getContextValue, getContextValue, getCreatedBy, getCreatedTime, getDescription, getDesiredState, getId, getLastOpenedTime, getLastUpdatedBy, getLastUpdatedTime, getLifetimePolicy, getModel, getName, getObjectFactory, getParent, getState, getStatistics, getStatistics, getSubjectWithAddedSystemRights, getSystemPrincipal, getSystemTaskControllerContext, getSystemTaskSubject, getSystemTaskSubject, getTaskExecutor, getType, getTypeClass, getUserPreferences, handleExceptionOnOpen, hasEncrypter, isDurable, isSystemProcess, isSystemSubject, managesChildStorage, newToken, notifyStateChanged, onClose, onCreate, onDelete, onExceptionInOpen, onResolve, open, openAsync, postResolve, postSetAttributes, registerWithParents, removeChangeListener, removeContextVariable, rethrowRuntimeExceptionsOnOpen, runTask, setAttributes, setAttributesAsync, setContextVariable, setEncrypter, setState, setUserPreferences, start, startAsync, stop, updateModel, validateChildDelete, validateOnCreate
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface org.apache.qpid.server.model.AuthenticationProvider
getDisabledMechanisms, getSecureOnlyMechanisms
-
Methods inherited from interface org.apache.qpid.server.model.ConfiguredObject
addChangeListener, asObjectRecord, authorise, authorise, authorise, close, closeAsync, createChild, createChildAsync, decryptSecrets, delete, deleteAsync, findConfiguredObject, getActualAttributes, getAttainedChildById, getAttainedChildByName, getAttribute, getAttributeNames, getCategoryClass, getChildById, getChildByName, getChildExecutor, getChildren, getContext, getCreatedBy, getCreatedTime, getDescription, getDesiredState, getId, getLastOpenedTime, getLastUpdatedBy, getLastUpdatedTime, getLifetimePolicy, getModel, getName, getObjectFactory, getParent, getState, getStatistics, getStatistics, getType, getTypeClass, getUserPreferences, hasEncrypter, isDurable, managesChildStorage, newToken, open, openAsync, removeChangeListener, removeContextVariable, setAttributes, setAttributesAsync, setContextVariable, setUserPreferences
-
Methods inherited from interface org.apache.qpid.server.model.ContextProvider
getContextKeys, getContextValue, getContextValue
-
Methods inherited from interface org.apache.qpid.server.logging.EventLoggerProvider
getEventLogger
-
Methods inherited from interface org.apache.qpid.server.model.TaskExecutorProvider
getTaskExecutor
-
-
-
-
Field Detail
-
MECHANISM_NAME
public static final String MECHANISM_NAME
Mechanism name- See Also:
- Constant Field Values
-
-
Method Detail
-
postResolveChildren
protected void postResolveChildren()
Initiates SCRAM adapters, delegates
-
onOpen
protected void onOpen()
Initializes SASL negotiators- Overrides:
onOpen
in classAbstractConfiguredObject<CompositeUsernamePasswordAuthenticationManagerImpl>
-
validateChange
public void validateChange(ConfiguredObject<?> proxyForValidation, Set<String> changedAttributes)
Validate changes- Overrides:
validateChange
in classAbstractConfiguredObject<CompositeUsernamePasswordAuthenticationManagerImpl>
- Parameters:
proxyForValidation
- ConfiguredObjectchangedAttributes
- Attribute names
-
getMechanisms
public List<String> getMechanisms()
- MD5 => ["PLAIN", "CRAM-MD5-HASHED", "CRAM-MD5-HEX"]
- Plain => ["PLAIN", "CRAM-MD5", "SCRAM-SHA-1", "SCRAM-SHA-256"]
- SCRAM-SHA-1 => ["PLAIN", "SCRAM-SHA-1"]
- SCRAM-SHA-256 => ["PLAIN", "SCRAM-SHA-256"]
- SimpleLDAP => ["PLAIN"]
- Specified by:
getMechanisms
in interfaceAuthenticationProvider<CompositeUsernamePasswordAuthenticationManagerImpl>
- Returns:
- List of mechanism names
-
getAvailableMechanisms
public List<String> getAvailableMechanisms(boolean secure)
Returns list of available SASL mechanism names- Specified by:
getAvailableMechanisms
in interfaceAuthenticationProvider<CompositeUsernamePasswordAuthenticationManagerImpl>
- Overrides:
getAvailableMechanisms
in classAbstractAuthenticationManager<CompositeUsernamePasswordAuthenticationManagerImpl>
- Parameters:
secure
- Secure flag- Returns:
- List of mechanism names
-
createSaslNegotiator
public SaslNegotiator createSaslNegotiator(String mechanism, SaslSettings saslSettings, NamedAddressSpace addressSpace)
Creates SASL negotiator based on available options- Specified by:
createSaslNegotiator
in interfaceAuthenticationProvider<CompositeUsernamePasswordAuthenticationManagerImpl>
- Parameters:
mechanism
- Mechanism namesaslSettings
- SaslSettingsaddressSpace
- NamedAddressSpace- Returns:
- SaslNegotiator
-
authenticate
public AuthenticationResult authenticate(String username, String password)
Iterates over authentication provider delegates attempting authentication for each one.- Specified by:
authenticate
in interfaceUsernamePasswordAuthenticationProvider<CompositeUsernamePasswordAuthenticationManagerImpl>
- Parameters:
username
- usernamepassword
- password- Returns:
- AuthenticationResult
-
toString
public String toString()
- Overrides:
toString
in classAbstractConfiguredObject<CompositeUsernamePasswordAuthenticationManagerImpl>
-
getDelegates
public List<String> getDelegates()
- Specified by:
getDelegates
in interfaceCompositeUsernamePasswordAuthenticationManager<CompositeUsernamePasswordAuthenticationManagerImpl>
-
-