Package org.apache.activemq.shiro.authc

Class DefaultAuthenticationPolicy

java.lang.Object
org.apache.activemq.shiro.authc.DefaultAuthenticationPolicy
All Implemented Interfaces:
AuthenticationPolicy
public class DefaultAuthenticationPolicy extends Object implements AuthenticationPolicy
Since:
5.10.0

  • Constructor Details

    • DefaultAuthenticationPolicy

      public DefaultAuthenticationPolicy()

  • Method Details

    • isVmConnectionAuthenticationRequired

      public boolean isVmConnectionAuthenticationRequired()

    • setVmConnectionAuthenticationRequired

      public void setVmConnectionAuthenticationRequired(boolean vmConnectionAuthenticationRequired)

    • getSystemAccountUsername

      public String getSystemAccountUsername()

    • setSystemAccountUsername

      public void setSystemAccountUsername(String systemAccountUsername)

    • getSystemAccountRealmName

      public String getSystemAccountRealmName()

    • setSystemAccountRealmName

      public void setSystemAccountRealmName(String systemAccountRealmName)

    • isAnonymousAccessAllowed

      public boolean isAnonymousAccessAllowed()

    • setAnonymousAccessAllowed

      public void setAnonymousAccessAllowed(boolean anonymousAccessAllowed)

    • getAnonymousAccountUsername

      public String getAnonymousAccountUsername()

    • setAnonymousAccountUsername

      public void setAnonymousAccountUsername(String anonymousAccountUsername)

    • getAnonymousAccountRealmName

      public String getAnonymousAccountRealmName()

    • setAnonymousAccountRealmName

      public void setAnonymousAccountRealmName(String anonymousAccountRealmName)

    • credentialsAvailable

      protected boolean credentialsAvailable(ConnectionReference conn)
      Returns true if the client connection has supplied credentials to authenticate itself, false otherwise.
      Parameters:
      conn - the client's connection context
      Returns:
      true if the client connection has supplied credentials to authenticate itself, false otherwise.

    • isAuthenticationRequired

      public boolean isAuthenticationRequired(SubjectConnectionReference conn)
      Description copied from interface: AuthenticationPolicy
      Returns true if the connection's Subject instance should be authenticated, false otherwise.
      Specified by:
      isAuthenticationRequired in interface AuthenticationPolicy
      Parameters:
      conn - the subject's connection
      Returns:
      true if the connection's Subject instance should be authenticated, false otherwise.

    • isAnonymousAccount

      protected boolean isAnonymousAccount(org.apache.shiro.subject.Subject subject)

    • isSystemAccount

      protected boolean isSystemAccount(org.apache.shiro.subject.Subject subject)

    • matches

      protected boolean matches(org.apache.shiro.subject.PrincipalCollection principals, String username, String realmName)

    • isSystemConnection

      protected boolean isSystemConnection(ConnectionReference conn)

    • customizeSubject

      public void customizeSubject(org.apache.shiro.subject.Subject.Builder subjectBuilder, ConnectionReference conn)
      Description copied from interface: AuthenticationPolicy
      Allows customization of the Subject being built for the specified client connection. This allows for any pre-existing connection-specific identity or state to be applied to the Subject.Builder before the Subject instance is actually created.

      NOTE: This method is called by the SubjectFilter before the filter chain is executed (and before an authentication attempt occurs). Implementations MUST NOT attempt to actually build the subject or perform an authentication attempt in this method.

      Specified by:
      customizeSubject in interface AuthenticationPolicy
      Parameters:
      subjectBuilder - the builder for the Subject that will be created representing the associated client connection
      conn - a reference to the client's connection metadata
      See Also:

    • isAssumeIdentity

      protected boolean isAssumeIdentity(ConnectionReference conn)
      Returns true if an unauthenticated connection should still assume a specific identity, false otherwise. This method will only be called if there are no connection credentialsAvailable. If a client supplies connection credentials, they will always be used to authenticate the client with that identity.

      If true is returned, the assumed identity will be returned by createAssumedIdentity.

      Warning

      This method exists primarily to support the system and anonymous accounts - it is probably unsafe to return true in most other scenarios.
      Parameters:
      conn - a reference to the client's connection
      Returns:
      true if an unauthenticated connection should still assume a specific identity, false otherwise.

    • createAssumedIdentity

      protected org.apache.shiro.subject.PrincipalCollection createAssumedIdentity(ConnectionReference conn)
      Returns a Shiro PrincipalCollection representing the identity to assume (without true authentication) for the specified Connection.

      This method is only called if isAssumeIdentity(ConnectionReference) is true.

      Parameters:
      conn - a reference to the client's connection
      Returns:
      a Shiro PrincipalCollection representing the identity to assume (without true authentication) for the specified Connection.