ARTEMIS-5830 - add jaas config to broker properties

Author: gtully

artemis-server/src/main/java/org/apache/activemq/artemis/core/config/Configuration.java

@@ -1538,4 +1538,6 @@ default String resolvePropertiesSources(String propertiesFileUrl) {
    default boolean isUsingDatabasePersistence() {
       return getStoreConfiguration() != null && getStoreConfiguration().getStoreType() == StoreConfiguration.StoreType.DATABASE;
    }
+
+   Map<String, JaasAppConfiguration> getJaasConfigs();
 }

artemis-server/src/main/java/org/apache/activemq/artemis/core/config/JaasAppConfiguration.java

@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.core.config;
+
+import javax.security.auth.login.AppConfigurationEntry;
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+
+public class JaasAppConfiguration implements Serializable {
+
+   private static final long serialVersionUID = -651209063030767325L;
+
+   private String name;
+
+   private List<JaasAppConfigurationEntry> modules = new ArrayList<>();
+
+   public JaasAppConfiguration() {
+   }
+
+   public String getName() {
+      return name;
+   }
+
+   public JaasAppConfiguration setName(String name) {
+      this.name = name;
+      return this;
+   }
+
+   public List<JaasAppConfigurationEntry> getModules() {
+      return modules;
+   }
+
+   // help the properties setter
+   public JaasAppConfiguration addModule(JaasAppConfigurationEntry entry) {
+      modules.add(entry);
+      return this;
+   }
+
+   public static AppConfigurationEntry[] asAppConfigurationEntry(JaasAppConfiguration jaasAppConfiguration) {
+      if (jaasAppConfiguration == null) {
+         return null;
+      }
+      AppConfigurationEntry[] entries = new AppConfigurationEntry[jaasAppConfiguration.getModules().size()];
+      for (int i = 0; i < jaasAppConfiguration.getModules().size(); i++) {
+         JaasAppConfigurationEntry jaasAppConfigurationEntry = jaasAppConfiguration.getModules().get(i);
+         entries[i] = new AppConfigurationEntry(jaasAppConfigurationEntry.getLoginModuleClass(), jaasAppConfigurationEntry.getLoginModuleControlFlag(), jaasAppConfigurationEntry.getParams());
+      }
+      return entries;
+   }
+
+   @Override
+   public boolean equals(Object o) {
+      if (o == null || getClass() != o.getClass()) return false;
+      JaasAppConfiguration that = (JaasAppConfiguration) o;
+      return Objects.equals(name, that.name) && Objects.equals(modules, that.modules);
+   }
+
+   @Override
+   public int hashCode() {
+      return Objects.hash(name, modules);
+   }
+}

artemis-server/src/main/java/org/apache/activemq/artemis/core/config/JaasAppConfigurationEntry.java

@@ -0,0 +1,100 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.core.config;
+
+import javax.security.auth.login.AppConfigurationEntry;
+import java.io.Serializable;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Objects;
+
+public class JaasAppConfigurationEntry implements Serializable {
+
+   private static final long serialVersionUID = -651209063030767725L;
+
+   private String name;
+
+   private String loginModuleClass;
+
+   private String controlFlag;
+
+   private Map<String, String> params = new HashMap<>();
+
+   public JaasAppConfigurationEntry() {
+   }
+
+   public String getName() {
+      return name;
+   }
+
+   public String getLoginModuleClass() {
+      return loginModuleClass;
+   }
+
+   public Map<String, String> getParams() {
+      return params;
+   }
+
+   public String getControlFlag() {
+      return controlFlag;
+   }
+
+   public JaasAppConfigurationEntry setName(String name) {
+      this.name = name;
+      return this;
+   }
+
+   public JaasAppConfigurationEntry setLoginModuleClass(String loginModuleClass) {
+      this.loginModuleClass = loginModuleClass;
+      return this;
+   }
+
+   public JaasAppConfigurationEntry setParams(Map<String, String> params) {
+      this.params = params;
+      return this;
+   }
+
+   public void setControlFlag(String controlFlag) {
+      this.controlFlag = controlFlag;
+      getLoginModuleControlFlag();
+   }
+
+   AppConfigurationEntry.LoginModuleControlFlag getLoginModuleControlFlag() {
+      if (this.controlFlag == null || this.controlFlag.isEmpty() || this.controlFlag.equals("required")) {
+         return AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
+      } else if (this.controlFlag.equals("requisite")) {
+         return AppConfigurationEntry.LoginModuleControlFlag.REQUISITE;
+      } else if (this.controlFlag.equals("optional")) {
+         return AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
+      } else if (this.controlFlag.equals("sufficient")) {
+         return AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT;
+      }
+      throw new IllegalArgumentException("Unknown control flag: " + this.controlFlag);
+   }
+
+   @Override
+   public boolean equals(Object o) {
+      if (o == null || getClass() != o.getClass()) return false;
+      JaasAppConfigurationEntry that = (JaasAppConfigurationEntry) o;
+      return Objects.equals(name, that.name) && Objects.equals(loginModuleClass, that.loginModuleClass) && Objects.equals(controlFlag, that.controlFlag) && Objects.equals(params, that.params);
+   }
+
+   @Override
+   public int hashCode() {
+      return Objects.hash(name, loginModuleClass, controlFlag, params);
+   }
+}

artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/ConfigurationImpl.java

@@ -57,6 +57,7 @@
 import java.util.Properties;
 import java.util.Set;
 import java.util.Stack;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.concurrent.TimeUnit;
 import java.util.function.Consumer;
@@ -86,6 +87,7 @@
 import org.apache.activemq.artemis.core.config.DivertConfiguration;
 import org.apache.activemq.artemis.core.config.FederationConfiguration;
 import org.apache.activemq.artemis.core.config.HAPolicyConfiguration;
+import org.apache.activemq.artemis.core.config.JaasAppConfiguration;
 import org.apache.activemq.artemis.core.config.MetricsConfiguration;
 import org.apache.activemq.artemis.core.config.StoreConfiguration;
 import org.apache.activemq.artemis.core.config.WildcardConfiguration;
@@ -159,9 +161,11 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.security.auth.login.AppConfigurationEntry;
+
 import static org.apache.activemq.artemis.utils.PasswordMaskingUtil.isEncMasked;
 
-public class ConfigurationImpl implements Configuration, Serializable {
+public class ConfigurationImpl extends javax.security.auth.login.Configuration implements Configuration, Serializable {
 
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
 
@@ -478,6 +482,8 @@ public class ConfigurationImpl implements Configuration, Serializable {
 
    private boolean purgePageFolders = ActiveMQDefaultConfiguration.getPurgePageFolders();
 
+   private Map<String, JaasAppConfiguration> jaasConfigs = new ConcurrentHashMap<>();
+
    /**
     * Parent folder for all data folders.
     */
@@ -671,6 +677,26 @@ public void parsePrefixedProperties(Object target, String name, Properties prope
       if (!beanProperties.isEmpty()) {
          populateWithProperties(target, name, beanProperties);
       }
+      if (!jaasConfigs.isEmpty()) {
+         initJaasConfigOverride();
+      }
+   }
+
+   private javax.security.auth.login.Configuration defaultJaasConfiguration = null;
+   private void initJaasConfigOverride() {
+      if (defaultJaasConfiguration == null) {
+         defaultJaasConfiguration = javax.security.auth.login.Configuration.getConfiguration();
+         javax.security.auth.login.Configuration.setConfiguration(this);
+      }
+   }
+
+   @Override
+   public AppConfigurationEntry[] getAppConfigurationEntry(String realm) {
+      if (getJaasConfigs().containsKey(realm)) {
+         return JaasAppConfiguration.asAppConfigurationEntry(getJaasConfigs().get(realm));
+      } else {
+         return defaultJaasConfiguration.getAppConfigurationEntry(realm);
+      }
    }
 
    public void populateWithProperties(final Object target, final String propsId, Map<String, Object> beanProperties) throws InvocationTargetException, IllegalAccessException {
@@ -1002,6 +1028,15 @@ public void exportAsProperties(File file) throws Exception {
       }
    }
 
+   @Override
+   public Map<String, JaasAppConfiguration> getJaasConfigs() {
+      return jaasConfigs;
+   }
+
+   public void addJaasConfig(JaasAppConfiguration config) {
+      jaasConfigs.put(config.getName(), config);
+   }
+
    private void writeProperties(FileWriter writer) throws Exception {
       final BeanUtilsBean beanUtilsBean = new BeanUtilsBean();
       beanUtilsBean.getPropertyUtils().addBeanIntrospector(new FluentPropertyBeanIntrospectorWithIgnores());

artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/GuestLoginModule.java

@@ -41,8 +41,8 @@ public class GuestLoginModule implements AuditLoginModule {
 
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
 
-   private static final String GUEST_USER = "org.apache.activemq.jaas.guest.user";
-   private static final String GUEST_ROLE = "org.apache.activemq.jaas.guest.role";
+   public static final String GUEST_USER = "org.apache.activemq.jaas.guest.user";
+   public static final String GUEST_ROLE = "org.apache.activemq.jaas.guest.role";
 
    private String userName = "guest";
    private String roleName = "guests";