jbertram commented on a change in pull request #4001:
URL: https://github.com/apache/activemq-artemis/pull/4001#discussion_r839737850
##########
File path: docs/user-manual/en/security.md
##########
@@ -1221,6 +1221,11 @@ management performed on the live broker will be
reflected on the backup upon
failover. Typically LDAP would be employed for this kind of use-case, but not
everyone wants or is able to administer an independent LDAP server.
+> **Note:**
+>
+> `ActiveMQBasicSecurityManager` works only with standalone broker
+> configuration or with live/backup clusters. It won't work with multiple
lives.
+
Review comment:
To be clear, the `PropertiesLoginModule` is a login module used with the
JAAS security manager. There is no such thing as a "JAAS PropertiesLogin
manager."
Regarding the basic security manager your documentation update says, "It
won't work with multiple lives." My point is that the basic security manager
works _exactly_ like the JAAS security manager in regard to multiple lives.
_Neither one_ will propagate credentials around the cluster. Furthermore, you
say, "...works only with standalone broker configuration..." Again, this is
unclear because you _can_ use the basic security manager in a cluster just like
you can with the JAAS security manager. The **main use** (if not the only use)
where the basic security manager makes sense is with a single live/backup pair.
The documentation already explains this fact saying:
> All user & role data is stored in the bindings journal (or bindings table
if using JDBC). The advantage here is that in a live/backup use-case any user
management performed on the live broker will be reflected on the backup upon
failover.
Although perhaps it could be stated more strongly.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
