001/** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.activemq.jaas; 018 019import java.util.Map; 020 021import javax.security.auth.Subject; 022import javax.security.auth.callback.CallbackHandler; 023 024import org.jasypt.encryption.pbe.StandardPBEStringEncryptor; 025import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig; 026import org.jasypt.properties.EncryptableProperties; 027 028/** 029 * LDAPLoginModule that supports encryption 030 */ 031public class EncryptableLDAPLoginModule extends LDAPLoginModule { 032 033 private static final String ENCRYPTION_PASSWORD = "encryptionPassword"; 034 private static final String PASSWORD_ENV_NAME = "passwordEnvName"; 035 private static final String PASSWORD_ALGORITHM = "encryptionAlgorithm"; 036 private static final String DEFAULT_PASSWORD_ENV_NAME = "ACTIVEMQ_ENCRYPTION_PASSWORD"; 037 private static final String DEFAULT_PASSWORD_ALGORITHM = "PBEWithMD5AndDES"; 038 private final StandardPBEStringEncryptor configurationEncryptor = new StandardPBEStringEncryptor(); 039 040 @SuppressWarnings({ "rawtypes", "unchecked" }) 041 @Override 042 public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { 043 044 String encryptionPassword = (String)options.get(ENCRYPTION_PASSWORD); 045 String passwordEnvName = options.get(PASSWORD_ENV_NAME) != null ? 046 (String)options.get(PASSWORD_ENV_NAME) : DEFAULT_PASSWORD_ENV_NAME; 047 String passwordAlgorithm = options.get(PASSWORD_ALGORITHM) != null ? 048 (String)options.get(PASSWORD_ALGORITHM) : DEFAULT_PASSWORD_ALGORITHM; 049 050 EnvironmentStringPBEConfig envConfig = new EnvironmentStringPBEConfig(); 051 envConfig.setAlgorithm(passwordAlgorithm); 052 053 //If the password was set, use it 054 //else look up the password from the environment 055 if (encryptionPassword == null) { 056 envConfig.setPasswordEnvName(passwordEnvName); 057 } else { 058 envConfig.setPassword(encryptionPassword); 059 } 060 061 configurationEncryptor.setConfig(envConfig); 062 EncryptableProperties encryptableOptions 063 = new EncryptableProperties(configurationEncryptor); 064 encryptableOptions.putAll(options); 065 066 super.initialize(subject, callbackHandler, sharedState, encryptableOptions); 067 068 } 069 070}