org.apache.activemq.broker.UserIDBroker Maven / Gradle / Ivy
/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.broker;
import java.util.Set;
import org.apache.activemq.command.Message;
import org.apache.activemq.jaas.UserPrincipal;
import org.apache.activemq.security.SecurityContext;
/**
* This broker filter will append the producer's user ID into the JMSXUserID header
* to allow folks to know reliably who the user was who produced a message.
* Note that you cannot trust the client, especially if working over the internet
* as they can spoof headers to be anything they like.
*
*
*/
public class UserIDBroker extends BrokerFilter {
boolean useAuthenticatePrincipal = false;
public UserIDBroker(Broker next) {
super(next);
}
public void send(ProducerBrokerExchange producerExchange, Message messageSend) throws Exception {
final ConnectionContext context = producerExchange.getConnectionContext();
String userID = context.getUserName();
if (isUseAuthenticatePrincipal()) {
SecurityContext securityContext = context.getSecurityContext();
if (securityContext != null) {
Set> principals = securityContext.getPrincipals();
if (principals != null) {
for (Object candidate : principals) {
if (candidate instanceof UserPrincipal) {
userID = ((UserPrincipal)candidate).getName();
break;
}
}
}
}
}
messageSend.setUserID(userID);
super.send(producerExchange, messageSend);
}
public boolean isUseAuthenticatePrincipal() {
return useAuthenticatePrincipal;
}
public void setUseAuthenticatePrincipal(boolean useAuthenticatePrincipal) {
this.useAuthenticatePrincipal = useAuthenticatePrincipal;
}
}