activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Bertram <jbert...@apache.com>
Subject Re: Adding support for password masking to the Artemis
Date Wed, 04 May 2016 21:05:31 GMT
That sounds fine.  I would expect the PR to also include a test or two (as mentioned previously)
plus documentation updates as well.  A full blown example (e.g. based on the "security" example)
would be nice to have as well.


Justin

----- Original Message -----
From: "adclayton" <adclayton@paypal.com>
To: dev@activemq.apache.org
Sent: Wednesday, May 4, 2016 3:09:35 PM
Subject: Re: Adding support for password masking to the Artemis

OK well what I am thinking about is basically adding a nullable property to
the PropertiesLoginModule that will allow the user to provide the classpath
to an implementation of the
org.apache.activemq.artemis.utils.SensitiveDataCodec, so that essentially
the login.config would look like the following.

activemq {
   com.paypal.credit.apache.artemis.passwordmasking.CryptoMonsterLogin
required
       debug=false
      
org.apache.activemq.jaas.properties.decoder="com.foo.FooDecoder;key=value"
       org.apache.activemq.jaas.properties.user="artemis-users.properties"
       org.apache.activemq.jaas.properties.role="artemis-roles.properties";
};

This approach should allow users to configure password marking using the
same interface from the previous version.

Also I believe we can allow masked and unmasked passwords to live in the
same files by simply requiring the masked passwords to be encased with
ENC().  An example of how the users.properties file would look is shown
below.

unmaskedpassword=unmaskedpassword
maskedpassword=ENC(fafafsdgaqgegsagegasge)


How does this sound?



--
View this message in context: http://activemq.2283324.n4.nabble.com/Adding-support-for-password-masking-to-the-Artemis-tp4711531p4711571.html
Sent from the ActiveMQ - Dev mailing list archive at Nabble.com.

Mime
View raw message