EncryptableLDAPLoginModule.java example

Explorer
activemq-master
/**
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.activemq.jaas;

import java.util.Map;

import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;

import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;
import org.jasypt.properties.EncryptableProperties;

/**
 * LDAPLoginModule that supports encryption
 */
public class EncryptableLDAPLoginModule extends LDAPLoginModule {

    private static final String ENCRYPTION_PASSWORD = "encryptionPassword";
    private static final String PASSWORD_ENV_NAME = "passwordEnvName";
    private static final String PASSWORD_ALGORITHM = "encryptionAlgorithm";
    private static final String DEFAULT_PASSWORD_ENV_NAME = "ACTIVEMQ_ENCRYPTION_PASSWORD";
    private static final String DEFAULT_PASSWORD_ALGORITHM = "PBEWithMD5AndDES";
    private final StandardPBEStringEncryptor configurationEncryptor = new StandardPBEStringEncryptor();

    @SuppressWarnings({ "rawtypes", "unchecked" })
    @Override
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {

        String encryptionPassword = (String)options.get(ENCRYPTION_PASSWORD);
        String passwordEnvName = options.get(PASSWORD_ENV_NAME) != null ?
                (String)options.get(PASSWORD_ENV_NAME) : DEFAULT_PASSWORD_ENV_NAME;
        String passwordAlgorithm = options.get(PASSWORD_ALGORITHM) != null ?
                (String)options.get(PASSWORD_ALGORITHM) : DEFAULT_PASSWORD_ALGORITHM;

        EnvironmentStringPBEConfig envConfig = new EnvironmentStringPBEConfig();
        envConfig.setAlgorithm(passwordAlgorithm);

        //If the password was set, use it
        //else look up the password from the environment
        if (encryptionPassword == null) {
            envConfig.setPasswordEnvName(passwordEnvName);
        } else {
            envConfig.setPassword(encryptionPassword);
        }

        configurationEncryptor.setConfig(envConfig);
        EncryptableProperties encryptableOptions
            = new EncryptableProperties(configurationEncryptor);
        encryptableOptions.putAll(options);

        super.initialize(subject, callbackHandler, sharedState, encryptableOptions);

    }

}