activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Tully (JIRA)" <j...@apache.org>
Subject [jira] Created: (AMQ-3198) Allow JAAS GuestLoginModule to fail if users specify a password
Date Fri, 04 Mar 2011 15:40:36 GMT
Allow JAAS GuestLoginModule to fail if users specify a password
---------------------------------------------------------------

                 Key: AMQ-3198
                 URL: https://issues.apache.org/jira/browse/AMQ-3198
             Project: ActiveMQ
          Issue Type: Improvement
          Components: Broker
    Affects Versions: 5.4.2
            Reporter: Gary Tully
            Assignee: Gary Tully
             Fix For: 5.5.0


The GuestLoginModule currently always allows login so it is a handy default. In the case where
two login modules are configured, it is nice to have the guest login module only succeed if
there are no password credentials such that the second module gets a chance to authenticate.
This ensures that only anonymous users (or users that do not supply a password, map to guest,
where as any user that supplies a password will have to pass authorization or fail.
 
Without this option, and using GuestLoginModule sufficient, a failed authentication attempt
will map you to the guest user.
This enhancement will implement the credentialsInvalidate attribute.
With the following config, if you don't specify a password you are guest. If you do specify
a valid username/password pair you will authenticate, else you are rejected.
{code}
activemq-guest-when-no-creds-only-domain {
    org.apache.activemq.jaas.GuestLoginModule sufficient
       debug=true
       credentialsInvalidate=true
       org.apache.activemq.jaas.guest.user="guest"
       org.apache.activemq.jaas.guest.group="guests";

    org.apache.activemq.jaas.PropertiesLoginModule requisite
        debug=true
        org.apache.activemq.jaas.properties.user="org/apache/activemq/security/users.properties"
        org.apache.activemq.jaas.properties.group="org/apache/activemq/security/groups.properties";
};
{code}

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message