You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/04/11 07:03:00 UTC

[jira] [Commented] (ARTEMIS-1740) Add support for regex based certificate authentication

    [ https://issues.apache.org/jira/browse/ARTEMIS-1740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16433497#comment-16433497 ] 

ASF GitHub Bot commented on ARTEMIS-1740:
-----------------------------------------

GitHub user LionelCons opened a pull request:

    https://github.com/apache/activemq-artemis/pull/2011

    ARTEMIS-1740: Add support for regex based certificate authentication

    This adds the possibility to have an optional properties file containing regular expressions to match against the DN.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/LionelCons/activemq-artemis artemis_1740

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/activemq-artemis/pull/2011.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2011
    
----
commit e8fc4975f5a758ee7204f89d1649cc326bcd5085
Author: Lionel Cons <li...@...>
Date:   2018-04-11T06:59:24Z

    ARTEMIS-1740: Add support for regex based certificate authentication

----


> Add support for regex based certificate authentication
> ------------------------------------------------------
>
>                 Key: ARTEMIS-1740
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1740
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>            Reporter: Lionel Cons
>            Priority: Major
>
> The current certificate authentication module ({{TextFileCertificateLoginModule}}) uses a file mapping user names to DNs.
> In some cases, the list of known DNs can be large and dynamic. This is the case for instance when using host certificates.
> Host certificates could be very dynamic (when new virtual machines get created) while keeping a fixed structure such as {{CN=hostxyz.acme.org, OU=computers, DC=acme, DC=org}}. It is impractical to generate all the possible DNs and feed this to Artemis.
> It would be very useful to have regular expression based certificate authentication. With the example above, we could have a single line:
> {quote}
> acme.computers=/^CN=\w+\.acme\.org, OU=computers, DC=acme, DC=org$/
> {quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)