[GitHub] activemq-artemis pull request #1388: ARTEMIS-1264 allow role mapping via cha...

[gtully <gi...@git.apache.org>]

GitHub user gtully opened a pull request:

    https://github.com/apache/activemq-artemis/pull/1388

    ARTEMIS-1264 allow role mapping via chained login modules

    Add krb5sslloginmodule that will populate userPrincipal that can be mapped to roles independently
    Generalised callback handlers to take a connection and pull certs or peerprincipal based on
    callback. This bubbled up into api change in securitystore and security manager

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/gtully/activemq-artemis ARTEMIS-1264-RoleMapping

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/activemq-artemis/pull/1388.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1388
    
----
commit 2c83408d0dc1d3bc7897a33f31bd110284c1150b
Author: gtully <ga...@gmail.com>
Date:   2017-07-06T15:54:57Z

    ARTEMIS-1264 allow role mapping via chained login modules
    
    Add krb5sslloginmodule that will populate userPrincipal that can be mapped to roles independently
    Generalised callback handlers to take a connection and pull certs or peerprincipal based on
    callback. This bubbled up into api change in securitystore and security manager

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis pull request #1388: ARTEMIS-1264 allow role mapping via cha...

[asfgit <gi...@git.apache.org>]

Github user asfgit closed the pull request at:

    https://github.com/apache/activemq-artemis/pull/1388


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis issue #1388: ARTEMIS-1264 allow role mapping via chained lo...

[gtully <gi...@git.apache.org>]

Github user gtully commented on the issue:

    https://github.com/apache/activemq-artemis/pull/1388
  
    note there are some api changes in the mix here, in place of cert[] the connection is passed in. This allows lower levels to pull certs or peer info from the connection on demand. Which in turn allows chaining of login modules. The unit test now works b/c the krbloginModule provides the authenticated user and the properties login module provides the roll mapping


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] activemq-artemis issue #1388: ARTEMIS-1264 allow role mapping via chained lo...

[gtully <gi...@git.apache.org>]

Github user gtully commented on the issue:

    https://github.com/apache/activemq-artemis/pull/1388
  
    there is a regression in: org.apache.activemq.artemis.tests.integration.amqp.AmqpSecurityTest.testSendAndRejected
    org.apache.activemq.artemis.core.security.SecurityAuth#getRemotingConnection passing back a null remotingConnection - this needs a little revisit.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---