You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Gary Tully (Jira)" <ji...@apache.org> on 2021/03/08 23:38:00 UTC
[jira] [Updated] (ARTEMIS-3168) JAAS login module to convert
existing Principal to an Artemis UserPrincipal
[ https://issues.apache.org/jira/browse/ARTEMIS-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary Tully updated ARTEMIS-3168:
--------------------------------
Description:
Artemis verifies that an authenticated subject always has an Artemis UserPrincipal which makes sense. All of the existing login modules produce UserPrincipals. However login modules are plugable and varied. Some allow some control of the role principal classes that they support but are less likely to allow the Principal classes to be replaced.
For the hawtio console for example, the configurable RolePrincipal classes allow both karaf and Artemis to co-exist and share role names. They can also agree on the UserPrincipal class. However in chaining login modules where there is not agreement on the UserPrincipal, it is useful to be able to convert to the Artemis expected format at the end of the login process.
A simple PrincipalConversionLoginModule configured with the list of class names to match against, would suffice here. A known validated XPrincipal(Bob) can then appear in Artemis as UserPrincipal(Bob) without prior agreement, making any login module a candidate for inclusion in the Artemis login.config.
was:
Artemis verifies that an authenticated subject always has an Artemis UserPrincipal which makes sense. All of the existing login modules produce UserPrincipals. However login modules are plugable and varied. Some allow some control of the roll principal classes that they support but are less likely to allow the Principal classes to be replaced.
For the hawtio console for example, the configurable RolePrincipal classes allow both karaf and Artemis to co-exist and share role names. They can also agree on the UserPrincipal class. However in chaining login modules where there is not agreement on the UserPrincipal, it is useful to be able to convert to the Artemis expected format at the end of the login process.
A simple PrincipalConversionLoginModule configured with the list of class names to match against, would suffice here. A known validated XPrincipal(Bob) can then appear in Artemis as UserPrincipal(Bob) without prior agreement, making any login module a candidate for inclusion in the Artemis login.config.
> JAAS login module to convert existing Principal to an Artemis UserPrincipal
> ---------------------------------------------------------------------------
>
> Key: ARTEMIS-3168
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3168
> Project: ActiveMQ Artemis
> Issue Type: New Feature
> Components: JAAS
> Affects Versions: 2.17.0
> Reporter: Gary Tully
> Assignee: Gary Tully
> Priority: Minor
> Fix For: 2.18.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Artemis verifies that an authenticated subject always has an Artemis UserPrincipal which makes sense. All of the existing login modules produce UserPrincipals. However login modules are plugable and varied. Some allow some control of the role principal classes that they support but are less likely to allow the Principal classes to be replaced.
> For the hawtio console for example, the configurable RolePrincipal classes allow both karaf and Artemis to co-exist and share role names. They can also agree on the UserPrincipal class. However in chaining login modules where there is not agreement on the UserPrincipal, it is useful to be able to convert to the Artemis expected format at the end of the login process.
> A simple PrincipalConversionLoginModule configured with the list of class names to match against, would suffice here. A known validated XPrincipal(Bob) can then appear in Artemis as UserPrincipal(Bob) without prior agreement, making any login module a candidate for inclusion in the Artemis login.config.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)