activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ARTEMIS-1740) Add support for regex based certificate authentication
Date Wed, 11 Apr 2018 07:03:00 GMT

    [ https://issues.apache.org/jira/browse/ARTEMIS-1740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16433497#comment-16433497
] 

ASF GitHub Bot commented on ARTEMIS-1740:
-----------------------------------------

GitHub user LionelCons opened a pull request:

    https://github.com/apache/activemq-artemis/pull/2011

    ARTEMIS-1740: Add support for regex based certificate authentication

    This adds the possibility to have an optional properties file containing regular expressions
to match against the DN.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/LionelCons/activemq-artemis artemis_1740

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/activemq-artemis/pull/2011.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2011
    
----
commit e8fc4975f5a758ee7204f89d1649cc326bcd5085
Author: Lionel Cons <lionel.cons@...>
Date:   2018-04-11T06:59:24Z

    ARTEMIS-1740: Add support for regex based certificate authentication

----


> Add support for regex based certificate authentication
> ------------------------------------------------------
>
>                 Key: ARTEMIS-1740
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1740
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>            Reporter: Lionel Cons
>            Priority: Major
>
> The current certificate authentication module ({{TextFileCertificateLoginModule}}) uses
a file mapping user names to DNs.
> In some cases, the list of known DNs can be large and dynamic. This is the case for instance
when using host certificates.
> Host certificates could be very dynamic (when new virtual machines get created) while
keeping a fixed structure such as {{CN=hostxyz.acme.org, OU=computers, DC=acme, DC=org}}.
It is impractical to generate all the possible DNs and feed this to Artemis.
> It would be very useful to have regular expression based certificate authentication.
With the example above, we could have a single line:
> {quote}
> acme.computers=/^CN=\w+\.acme\.org, OU=computers, DC=acme, DC=org$/
> {quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message