[ https://issues.apache.org/jira/browse/ARTEMIS-1740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16434579#comment-16434579 ]
ASF GitHub Bot commented on ARTEMIS-1740: ----------------------------------------- Github user jbertram commented on the issue: https://github.com/apache/activemq-artemis/pull/2011 This looks good except for a few things: - I would rather not have an additional file for the regex properties. I think it would be better to instead denote the regex in the normal user properties file using the traditional forward slashes (as described in the JIRA). - There's no documentation. The new functionality should be documented in docs/user-manual/en/security.md. - I'd like to see an integration test added to {{org.apache.activemq.artemis.tests.integration.security.SecurityTest}}. There's several tests in there already which test cert-based login. > Add support for regex based certificate authentication > ------------------------------------------------------ > > Key: ARTEMIS-1740 > URL: https://issues.apache.org/jira/browse/ARTEMIS-1740 > Project: ActiveMQ Artemis > Issue Type: Improvement > Reporter: Lionel Cons > Priority: Major > > The current certificate authentication module > ({{TextFileCertificateLoginModule}}) uses a file mapping user names to DNs. > In some cases, the list of known DNs can be large and dynamic. This is the > case for instance when using host certificates. > Host certificates could be very dynamic (when new virtual machines get > created) while keeping a fixed structure such as {{CN=hostxyz.acme.org, > OU=computers, DC=acme, DC=org}}. It is impractical to generate all the > possible DNs and feed this to Artemis. > It would be very useful to have regular expression based certificate > authentication. With the example above, we could have a single line: > {quote} > acme.computers=/^CN=\w+\.acme\.org, OU=computers, DC=acme, DC=org$/ > {quote} -- This message was sent by Atlassian JIRA (v7.6.3#76005)