public class NodeLoginModule
Clients must connect to us with a username and password and must use TLS. If a someone connects with ArtemisMessagingComponent.NODE_USER then we confirm it's just us as the node by checking their TLS certificate is the same as our one in our key store. Then they're given full access to all valid queues. If they connect with ArtemisMessagingComponent.PEER_USER then we confirm they belong on our P2P network by checking their root CA is the same as our root CA. If that's the case the only access they're given is the ablility send to our P2P address. In both cases the messages these authenticated nodes send to us are tagged with their subject DN and we assume the CN within that is their legal name. Otherwise if the username is neither of the above we assume it's an RPC user and authenticate against our list of valid RPC users. RPC clients are given permission to perform RPC and nothing else.
Modifier and Type | Class and Description |
---|---|
static class |
NodeLoginModule.Companion |
Modifier and Type | Field and Description |
---|---|
static NodeLoginModule.Companion |
Companion |
static java.lang.String |
NODE_ROLE |
static java.lang.String |
PEER_ROLE |
static java.lang.String |
RPC_ROLE |
Constructor and Description |
---|
NodeLoginModule()
Clients must connect to us with a username and password and must use TLS. If a someone connects with
ArtemisMessagingComponent.NODE_USER then we confirm it's just us as the node by checking their TLS certificate
is the same as our one in our key store. Then they're given full access to all valid queues. If they connect with
ArtemisMessagingComponent.PEER_USER then we confirm they belong on our P2P network by checking their root CA is
the same as our root CA. If that's the case the only access they're given is the ablility send to our P2P address.
In both cases the messages these authenticated nodes send to us are tagged with their subject DN and we assume
the CN within that is their legal name.
Otherwise if the username is neither of the above we assume it's an RPC user and authenticate against our list of
valid RPC users. RPC clients are given permission to perform RPC and nothing else.
|
Modifier and Type | Method and Description |
---|---|
boolean |
abort() |
boolean |
commit() |
void |
initialize(javax.security.auth.Subject subject,
javax.security.auth.callback.CallbackHandler callbackHandler,
java.util.Map<java.lang.String,?> sharedState,
java.util.Map<java.lang.String,?> options) |
boolean |
login() |
boolean |
logout() |
public static java.lang.String PEER_ROLE
public static java.lang.String NODE_ROLE
public static java.lang.String RPC_ROLE
public static NodeLoginModule.Companion Companion
public NodeLoginModule()
Clients must connect to us with a username and password and must use TLS. If a someone connects with ArtemisMessagingComponent.NODE_USER then we confirm it's just us as the node by checking their TLS certificate is the same as our one in our key store. Then they're given full access to all valid queues. If they connect with ArtemisMessagingComponent.PEER_USER then we confirm they belong on our P2P network by checking their root CA is the same as our root CA. If that's the case the only access they're given is the ablility send to our P2P address. In both cases the messages these authenticated nodes send to us are tagged with their subject DN and we assume the CN within that is their legal name. Otherwise if the username is neither of the above we assume it's an RPC user and authenticate against our list of valid RPC users. RPC clients are given permission to perform RPC and nothing else.
public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map<java.lang.String,?> sharedState, java.util.Map<java.lang.String,?> options)
public boolean login()
public boolean commit()
public boolean abort()
public boolean logout()