Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Patch Available
Description
This patch adds new Transports, Brokers, and Plugins needed for authentication and authorization based on SSL certificates.
It also adds a few unit tests for the mentioned classes.
The new (or heavily modified) SslTransport, SslTransportServer, and SslTransportFactory classes allow for access to the underlying socket's need and want client auth settings. If a certificate is found, it is set as the transportContext of the created connection.
The JaasCertificateAuthenticationBroker uses the new CertificateLoginModule to authenticate certificates (this class is abstract to allow for different backends for certificate authentication, a concrete class is TextFileCertificateLoginModule).
JaasCertificateAuthenticationBroker also sets the security context's user name to that provided for the certificate by the login module. This allows for authorization using the existing authorization broker.
Attachments
Attachments
Issue Links
- relates to
-
AMQ-5876 improve performance of TextFileCertificateLoginModule when many entries are in the "textfiledn.user " file
- Resolved