mattrpav commented on code in PR #1480:
URL: https://github.com/apache/activemq/pull/1480#discussion_r2299188712


##########
assembly/src/release/conf/login.config:
##########
@@ -18,4 +18,12 @@ activemq {
     org.apache.activemq.jaas.PropertiesLoginModule required
         org.apache.activemq.jaas.properties.user="users.properties"
         org.apache.activemq.jaas.properties.group="groups.properties";
-};
\ No newline at end of file
+};
+
+OAuthConfiguration {
+    org.apache.activemq.jaas.oauth.OAuthLoginModule required
+    issuer="https://cognito-idp.us-west-2.amazonaws.com/us-west-2_iz1VrIxct";
+    
jwks_uri="https://cognito-idp.us-west-2.amazonaws.com/us-west-2_iz1VrIxct/.well-known/jwks.json";
+    group_resolver_class="org.apache.activemq.jaas.oauth.NoOpGroupResolver"

Review Comment:
   Using a class for group resolution gets tricky across runtimes that have 
varying classloader behaviors (specifically Apache Karaf and OSGi-based 
runtimes.)
   
   Since there is only one method, I think having an AbstractOAuthLoginModule 
with shared methods and an abstract method for groupLookup() is the way to go.
   
   The default implementation can simply load a groups.properties file with 
user, group and role mappings similar to how pure local accounts work.
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org
For additional commands, e-mail: gitbox-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact


Reply via email to