001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.activemq.broker; 018 019 import java.util.Set; 020 import org.apache.activemq.command.Message; 021 import org.apache.activemq.jaas.UserPrincipal; 022 import org.apache.activemq.security.SecurityContext; 023 024 /** 025 * This broker filter will append the producer's user ID into the JMSXUserID header 026 * to allow folks to know reliably who the user was who produced a message. 027 * Note that you cannot trust the client, especially if working over the internet 028 * as they can spoof headers to be anything they like. 029 * 030 * 031 */ 032 public class UserIDBroker extends BrokerFilter { 033 boolean useAuthenticatePrincipal = false; 034 public UserIDBroker(Broker next) { 035 super(next); 036 } 037 038 public void send(ProducerBrokerExchange producerExchange, Message messageSend) throws Exception { 039 final ConnectionContext context = producerExchange.getConnectionContext(); 040 String userID = context.getUserName(); 041 if (isUseAuthenticatePrincipal()) { 042 SecurityContext securityContext = context.getSecurityContext(); 043 if (securityContext != null) { 044 Set<?> principals = securityContext.getPrincipals(); 045 if (principals != null) { 046 for (Object candidate : principals) { 047 if (candidate instanceof UserPrincipal) { 048 userID = ((UserPrincipal)candidate).getName(); 049 break; 050 } 051 } 052 } 053 } 054 } 055 messageSend.setUserID(userID); 056 super.send(producerExchange, messageSend); 057 } 058 059 060 public boolean isUseAuthenticatePrincipal() { 061 return useAuthenticatePrincipal; 062 } 063 064 public void setUseAuthenticatePrincipal(boolean useAuthenticatePrincipal) { 065 this.useAuthenticatePrincipal = useAuthenticatePrincipal; 066 } 067 }