activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Tully (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-3883) activemq-jaas authorization doesn't work with Karaf JAAS LoginModule
Date Fri, 15 Jun 2012 10:11:42 GMT

    [ https://issues.apache.org/jira/browse/AMQ-3883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13295565#comment-13295565
] 

Gary Tully commented on AMQ-3883:
---------------------------------

is another possible approach, to add the activemq login module to the jaas config so that
both the amq and karaf credentials are present on the authenticated user principal.
My understanding is that to work reliably, an authorization module needs to participate in
the authentication process so it can be sure to trust the identities. It is for this reason
that there are multiple principals (set) in an authenticated Subject.

Having said that, there is value in only having to configure a single set of roles/users,
a karaf aware activemq-jaas authorization module may be the way to go.
                
> activemq-jaas authorization doesn't work with Karaf JAAS LoginModule
> --------------------------------------------------------------------
>
>                 Key: AMQ-3883
>                 URL: https://issues.apache.org/jira/browse/AMQ-3883
>             Project: ActiveMQ
>          Issue Type: Bug
>            Reporter: Freeman Fang
>         Attachments: AMQ-3883.patch
>
>
> currently activemq-jaas can't work with karaf loginModule, the reason comes from the
compare between
> amq GroupPrincipal and karaf UserPrincipal/RolePrincipal doesn't work
> More details please see[1].
> We have a similar issue in Servicemix NMR[2] and the fix can honor the compare between
> amq GroupPrincipal and karaf UserPrincipal/RolePrincipal yet not introduce any dependency
between activemq-jaas and karaf jaas.
> [1]http://karaf.922171.n3.nabble.com/Karaf-ActiveMQ-authorization-problem-td4024834.html
> [2]https://issues.apache.org/jira/browse/SMX4NMR-283

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message