You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Gary Tully (Jira)" <ji...@apache.org> on 2023/04/28 08:24:00 UTC

[jira] [Updated] (ARTEMIS-4263) support access to our JaasCallbackhandler from a jdk http Authenticator

     [ https://issues.apache.org/jira/browse/ARTEMIS-4263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gary Tully updated ARTEMIS-4263:
--------------------------------
    Description: 
To allow the jolokia jvm agent to utilise jaas with our callback handler, it is necessary to provide a wrapper that is aware of the capabilities of the various artemis login modules and provide the necessary callback implementation

httpserver supports an extension point in the form of a {{com.sun.net.httpserver.Authenticator}} that we can use.  the jolokia jvm agent has an authenticator that does jaas but is limited to plain credentials. We can plug in a similar Artemis jaas delegating authenticator and do proper rbac when the jolokia jvm agent is in play.

This will allow us to reduce the surface are that we expose to support jolokia, avoiding the need for jetty. 

 

 

  was:
To allow the jolokia jvm agent to utilise jaas with our callback handler, it is necessary to provide a wrapper that is aware of the capabilities of the various artemis login modules and provide the necessary callback implementation

Jolokia supports an externsion point in the form of a 

com.sun.net.httpserver.Authenticator that we can use. 

This will allow us to reduce the surface are that we expose to support jolokia, avoiding the need for jetty. 

 

 


> support access to our JaasCallbackhandler from a jdk http Authenticator
> -----------------------------------------------------------------------
>
>                 Key: ARTEMIS-4263
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4263
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: JAAS
>    Affects Versions: 2.28.0
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> To allow the jolokia jvm agent to utilise jaas with our callback handler, it is necessary to provide a wrapper that is aware of the capabilities of the various artemis login modules and provide the necessary callback implementation
> httpserver supports an extension point in the form of a {{com.sun.net.httpserver.Authenticator}} that we can use.  the jolokia jvm agent has an authenticator that does jaas but is limited to plain credentials. We can plug in a similar Artemis jaas delegating authenticator and do proper rbac when the jolokia jvm agent is in play.
> This will allow us to reduce the surface are that we expose to support jolokia, avoiding the need for jetty. 
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)