[
https://issues.apache.org/jira/browse/AMQ-3883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13295565#comment-13295565
]
Gary Tully commented on AMQ-3883:
---------------------------------
is another possible approach, to add the activemq login module to the jaas
config so that both the amq and karaf credentials are present on the
authenticated user principal.
My understanding is that to work reliably, an authorization module needs to
participate in the authentication process so it can be sure to trust the
identities. It is for this reason that there are multiple principals (set) in
an authenticated Subject.
Having said that, there is value in only having to configure a single set of
roles/users, a karaf aware activemq-jaas authorization module may be the way to
go.
> activemq-jaas authorization doesn't work with Karaf JAAS LoginModule
> --------------------------------------------------------------------
>
> Key: AMQ-3883
> URL: https://issues.apache.org/jira/browse/AMQ-3883
> Project: ActiveMQ
> Issue Type: Bug
> Reporter: Freeman Fang
> Attachments: AMQ-3883.patch
>
>
> currently activemq-jaas can't work with karaf loginModule, the reason comes
> from the compare between
> amq GroupPrincipal and karaf UserPrincipal/RolePrincipal doesn't work
> More details please see[1].
> We have a similar issue in Servicemix NMR[2] and the fix can honor the
> compare between
> amq GroupPrincipal and karaf UserPrincipal/RolePrincipal yet not introduce
> any dependency between activemq-jaas and karaf jaas.
> [1]http://karaf.922171.n3.nabble.com/Karaf-ActiveMQ-authorization-problem-td4024834.html
> [2]https://issues.apache.org/jira/browse/SMX4NMR-283
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
