activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ARTEMIS-1600) Support masked passwords in bootstrap.xm and login.config
Date Wed, 17 Jan 2018 19:20:00 GMT

    [ https://issues.apache.org/jira/browse/ARTEMIS-1600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16329247#comment-16329247
] 

ASF GitHub Bot commented on ARTEMIS-1600:
-----------------------------------------

Github user jbertram commented on a diff in the pull request:

    https://github.com/apache/activemq-artemis/pull/1771#discussion_r162151931
  
    --- Diff: artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
---
    @@ -105,12 +110,39 @@ public void initialize(Subject subject,
           this.subject = subject;
           this.handler = callbackHandler;
     
    -      config = new LDAPLoginProperty[]{new LDAPLoginProperty(INITIAL_CONTEXT_FACTORY,
(String) options.get(INITIAL_CONTEXT_FACTORY)), new LDAPLoginProperty(CONNECTION_URL, (String)
options.get(CONNECTION_URL)), new LDAPLoginProperty(CONNECTION_USERNAME, (String) options.get(CONNECTION_USERNAME)),
new LDAPLoginProperty(CONNECTION_PASSWORD, (String) options.get(CONNECTION_PASSWORD)), new
LDAPLoginProperty(CONNECTION_PROTOCOL, (String) options.get(CONNECTION_PROTOCOL)), new LDAPLoginProperty(AUTHENTICATION,
(String) options.get(AUTHENTICATION)), new LDAPLoginProperty(USER_BASE, (String) options.get(USER_BASE)),
new LDAPLoginProperty(USER_SEARCH_MATCHING, (String) options.get(USER_SEARCH_MATCHING)), new
LDAPLoginProperty(USER_SEARCH_SUBTREE, (String) options.get(USER_SEARCH_SUBTREE)), new LDAPLoginProperty(ROLE_BASE,
(String) options.get(ROLE_BASE)), new LDAPLoginProperty(ROLE_NAME, (String) options.get(ROLE_NAME)),
new LDAPLoginProperty(ROLE_SEARCH_MATCHING, (String) options.get(ROLE_SEARCH_MATCHING)), new
LDAPLoginProperty(ROLE_SEARCH_SUBTREE, (String) options.get(ROLE_SEARCH_SUBTREE)), new LDAPLoginProperty(USER_ROLE_NAME,
(String) options.get(USER_ROLE_NAME)), new LDAPLoginProperty(EXPAND_ROLES, (String) options.get(EXPAND_ROLES)),
new LDAPLoginProperty(EXPAND_ROLES_MATCHING, (String) options.get(EXPAND_ROLES_MATCHING)),
new LDAPLoginProperty(REFERRAL, (String) options.get(REFERRAL))};
    +      config = new LDAPLoginProperty[]{new LDAPLoginProperty(INITIAL_CONTEXT_FACTORY,
(String) options.get(INITIAL_CONTEXT_FACTORY)),
    +                                       new LDAPLoginProperty(CONNECTION_URL, (String)
options.get(CONNECTION_URL)),
    +                                       new LDAPLoginProperty(CONNECTION_USERNAME, (String)
options.get(CONNECTION_USERNAME)),
    +                                       new LDAPLoginProperty(CONNECTION_PASSWORD, (String)
options.get(CONNECTION_PASSWORD)),
    +                                       new LDAPLoginProperty(CONNECTION_PROTOCOL, (String)
options.get(CONNECTION_PROTOCOL)),
    +                                       new LDAPLoginProperty(AUTHENTICATION, (String)
options.get(AUTHENTICATION)),
    +                                       new LDAPLoginProperty(USER_BASE, (String) options.get(USER_BASE)),
    +                                       new LDAPLoginProperty(USER_SEARCH_MATCHING, (String)
options.get(USER_SEARCH_MATCHING)),
    +                                       new LDAPLoginProperty(USER_SEARCH_SUBTREE, (String)
options.get(USER_SEARCH_SUBTREE)),
    +                                       new LDAPLoginProperty(ROLE_BASE, (String) options.get(ROLE_BASE)),
    +                                       new LDAPLoginProperty(ROLE_NAME, (String) options.get(ROLE_NAME)),
    +                                       new LDAPLoginProperty(ROLE_SEARCH_MATCHING, (String)
options.get(ROLE_SEARCH_MATCHING)),
    +                                       new LDAPLoginProperty(ROLE_SEARCH_SUBTREE, (String)
options.get(ROLE_SEARCH_SUBTREE)),
    +                                       new LDAPLoginProperty(USER_ROLE_NAME, (String)
options.get(USER_ROLE_NAME)),
    +                                       new LDAPLoginProperty(EXPAND_ROLES, (String) options.get(EXPAND_ROLES)),
    +                                       new LDAPLoginProperty(EXPAND_ROLES_MATCHING, (String)
options.get(EXPAND_ROLES_MATCHING)),
    +                                       new LDAPLoginProperty(REFERRAL, (String) options.get(REFERRAL))};
    +
           if (isLoginPropertySet(AUTHENTICATE_USER)) {
              authenticateUser = Boolean.valueOf(getLDAPPropertyValue(AUTHENTICATE_USER));
           }
           isRoleAttributeSet = isLoginPropertySet(ROLE_NAME);
           roleAttributeName = getLDAPPropertyValue(ROLE_NAME);
    +      String isMask = (String) options.get(MASK_PASSWORD);
    --- End diff --
    
    This isn't used anywhere so it can be removed.


> Support masked passwords in bootstrap.xm and login.config
> ---------------------------------------------------------
>
>                 Key: ARTEMIS-1600
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1600
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: Broker, Web Console
>    Affects Versions: 2.4.0
>            Reporter: Howard Gao
>            Assignee: Howard Gao
>            Priority: Major
>             Fix For: 2.5.0
>
>
> We provide a feature to mask passwords in the configuration files. 
> However, passwords in the bootstrap.xml (when the console is 
> secured with HTTPS) cannot be masked. This enhancement has 
> been opened to allow passwords in the bootstrap.xml to be masked
> using the built-in masking feature provided by the broker.
> Also the LDAPLoginModule configuration (in login.config) has a 
> connection password attribute that also needs this mask support.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message