Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-7230

Add support for regex based certificate authentication

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.15.10, 5.16.0
    • Component/s: Broker
    • Labels:
      None

      Description

      The current certificate authentication module (TextFileCertificateLoginModule) uses a file mapping user names to DNs.

      In some cases, the list of known DNs can be large and dynamic. This is the case for instance when using host certificates.

      Host certificates could be very dynamic (when new virtual machines get created) while keeping a fixed structure such as CN=hostxyz.acme.org, OU=computers, DC=acme, DC=org. It is impractical to generate all the possible DNs and feed this to ActiveMQ.

      It would be very useful to have regular expression based certificate authentication. With the example above, we could have a single line:

      acme.computers=/^CN=\w+\.acme\.org, OU=computers, DC=acme, DC=org$/

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jbonofre Jean-Baptiste Onofré
                Reporter:
                lionel.cons Lionel Cons
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m