The current certificate authentication module (TextFileCertificateLoginModule) uses a file mapping user names to DNs.
In some cases, the list of known DNs can be large and dynamic. This is the case for instance when using host certificates.
Host certificates could be very dynamic (when new virtual machines get created) while keeping a fixed structure such as CN=hostxyz.acme.org, OU=computers, DC=acme, DC=org. It is impractical to generate all the possible DNs and feed this to ActiveMQ.
It would be very useful to have regular expression based certificate authentication. With the example above, we could have a single line:
acme.computers=/^CN=\w+\.acme\.org, OU=computers, DC=acme, DC=org$/