activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ARTEMIS-1740) Add support for regex based certificate authentication
Date Thu, 12 Apr 2018 08:10:00 GMT

    [ https://issues.apache.org/jira/browse/ARTEMIS-1740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16435124#comment-16435124
] 

ASF GitHub Bot commented on ARTEMIS-1740:
-----------------------------------------

Github user franz1981 commented on a diff in the pull request:

    https://github.com/apache/activemq-artemis/pull/2011#discussion_r180996871
  
    --- Diff: artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/ReloadableProperties.java
---
    @@ -95,6 +99,21 @@ public synchronized ReloadableProperties obtained() {
           return invertedValueProps;
        }
     
    +   public synchronized Map<String, Pattern> regexpPropertiesMap() {
    --- End diff --
    
    You could use a [Supplier::memoize](https://google.github.io/guava/releases/19.0/api/docs/com/google/common/base/Suppliers.html#memoize(com.google.common.base.Supplier)
to allow a thread-safe lazy initialization without having that method synchronized even when
you just need to get `regexpProps`


> Add support for regex based certificate authentication
> ------------------------------------------------------
>
>                 Key: ARTEMIS-1740
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1740
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>            Reporter: Lionel Cons
>            Priority: Major
>
> The current certificate authentication module ({{TextFileCertificateLoginModule}}) uses
a file mapping user names to DNs.
> In some cases, the list of known DNs can be large and dynamic. This is the case for instance
when using host certificates.
> Host certificates could be very dynamic (when new virtual machines get created) while
keeping a fixed structure such as {{CN=hostxyz.acme.org, OU=computers, DC=acme, DC=org}}.
It is impractical to generate all the possible DNs and feed this to Artemis.
> It would be very useful to have regular expression based certificate authentication.
With the example above, we could have a single line:
> {quote}
> acme.computers=/^CN=\w+\.acme\.org, OU=computers, DC=acme, DC=org$/
> {quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message