You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2019/08/07 05:44:00 UTC
[jira] [Commented] (AMQ-7230) Add support for regex based
certificate authentication
[ https://issues.apache.org/jira/browse/AMQ-7230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16901720#comment-16901720 ]
ASF subversion and git services commented on AMQ-7230:
------------------------------------------------------
Commit c4927638da9797df2d740a3e6694092b20228a34 in activemq's branch refs/heads/master from Lionel Cons
[ https://gitbox.apache.org/repos/asf?p=activemq.git;h=c492763 ]
AMQ-7230 - Add support for regex based certificate authentication
> Add support for regex based certificate authentication
> ------------------------------------------------------
>
> Key: AMQ-7230
> URL: https://issues.apache.org/jira/browse/AMQ-7230
> Project: ActiveMQ
> Issue Type: Improvement
> Reporter: Lionel Cons
> Assignee: Jean-Baptiste Onofré
> Priority: Minor
> Fix For: 5.16.0, 5.15.10
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The current certificate authentication module ({{TextFileCertificateLoginModule}}) uses a file mapping user names to DNs.
> In some cases, the list of known DNs can be large and dynamic. This is the case for instance when using host certificates.
> Host certificates could be very dynamic (when new virtual machines get created) while keeping a fixed structure such as {{CN=hostxyz.acme.org, OU=computers, DC=acme, DC=org}}. It is impractical to generate all the possible DNs and feed this to ActiveMQ.
> It would be very useful to have regular expression based certificate authentication. With the example above, we could have a single line:
> {quote}acme.computers=/^CN=\w+\.acme\.org, OU=computers, DC=acme, DC=org$/{quote}
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)