ASF GitHub Bot commented on ARTEMIS-1740:

GitHub user LionelCons opened a pull request:


    ARTEMIS-1740: Add support for regex based certificate authentication

    This adds the possibility to have an optional properties file containing 
regular expressions to match against the DN.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/LionelCons/activemq-artemis artemis_1740

Alternatively you can review and apply these changes as the patch at:


To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2011
commit e8fc4975f5a758ee7204f89d1649cc326bcd5085
Author: Lionel Cons <lionel.cons@...>
Date:   2018-04-11T06:59:24Z

    ARTEMIS-1740: Add support for regex based certificate authentication


> Add support for regex based certificate authentication
> ------------------------------------------------------
>                 Key: ARTEMIS-1740
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1740
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>            Reporter: Lionel Cons
>            Priority: Major
> The current certificate authentication module 
> ({{TextFileCertificateLoginModule}}) uses a file mapping user names to DNs.
> In some cases, the list of known DNs can be large and dynamic. This is the 
> case for instance when using host certificates.
> Host certificates could be very dynamic (when new virtual machines get 
> created) while keeping a fixed structure such as {{CN=hostxyz.acme.org, 
> OU=computers, DC=acme, DC=org}}. It is impractical to generate all the 
> possible DNs and feed this to Artemis.
> It would be very useful to have regular expression based certificate 
> authentication. With the example above, we could have a single line:
> {quote}
> acme.computers=/^CN=\w+\.acme\.org, OU=computers, DC=acme, DC=org$/
> {quote}

This message was sent by Atlassian JIRA

Reply via email to