Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-3198

Allow JAAS GuestLoginModule to fail if users specify a password

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.4.2
    • Fix Version/s: 5.5.0
    • Component/s: Broker
    • Labels:

      Description

      The GuestLoginModule currently always allows login so it is a handy default. In the case where two login modules are configured, it is nice to have the guest login module only succeed if there are no password credentials such that the second module gets a chance to authenticate. This ensures that only anonymous users (or users that do not supply a password, map to guest, where as any user that supplies a password will have to pass authorization or fail.

      Without this option, and using GuestLoginModule sufficient, a failed authentication attempt will map you to the guest user.
      This enhancement will implement the credentialsInvalidate attribute.
      With the following config, if you don't specify a password you are guest. If you do specify a valid username/password pair you will authenticate, else you are rejected.

      activemq-guest-when-no-creds-only-domain {
          org.apache.activemq.jaas.GuestLoginModule sufficient
             debug=true
             credentialsInvalidate=true
             org.apache.activemq.jaas.guest.user="guest"
             org.apache.activemq.jaas.guest.group="guests";
      
          org.apache.activemq.jaas.PropertiesLoginModule requisite
              debug=true
              org.apache.activemq.jaas.properties.user="org/apache/activemq/security/users.properties"
              org.apache.activemq.jaas.properties.group="org/apache/activemq/security/groups.properties";
      };
      

        Attachments

          Activity

            People

            • Assignee:
              gtully Gary Tully
              Reporter:
              gtully Gary Tully
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: