activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (ARTEMIS-1740) Add support for regex based certificate authentication
Date Thu, 12 Apr 2018 09:36:00 GMT


ASF GitHub Bot commented on ARTEMIS-1740:

Github user franz1981 commented on the issue:
    And it makes sense, but there are parts like:
    `String name = usersByDn.get(dn);`
    that are not synchronized, hence it won't be thread-safe.
    My advice is to use a lazy initialization using a `Suppliers::memoize` or similar construct
and always use `Supplier::get` to access the variable: that would allow to have always a thread-safe
access to an unmodifiable resource, lazy initialized.

> Add support for regex based certificate authentication
> ------------------------------------------------------
>                 Key: ARTEMIS-1740
>                 URL:
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>            Reporter: Lionel Cons
>            Priority: Major
> The current certificate authentication module ({{TextFileCertificateLoginModule}}) uses
a file mapping user names to DNs.
> In some cases, the list of known DNs can be large and dynamic. This is the case for instance
when using host certificates.
> Host certificates could be very dynamic (when new virtual machines get created) while
keeping a fixed structure such as {{, OU=computers, DC=acme, DC=org}}.
It is impractical to generate all the possible DNs and feed this to Artemis.
> It would be very useful to have regular expression based certificate authentication.
With the example above, we could have a single line:
> {quote}
> acme.computers=/^CN=\w+\.acme\.org, OU=computers, DC=acme, DC=org$/
> {quote}

This message was sent by Atlassian JIRA

View raw message