[ https://issues.apache.org/jira/browse/ARTEMIS-1740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16435268#comment-16435268 ]
ASF GitHub Bot commented on ARTEMIS-1740: ----------------------------------------- Github user franz1981 commented on a diff in the pull request: https://github.com/apache/activemq-artemis/pull/2011#discussion_r181025545 --- Diff: artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileCertificateLoginModule.java --- @@ -71,8 +79,12 @@ protected String getUserNameForCertificates(final X509Certificate[] certs) throw if (certs == null) { throw new LoginException("Client certificates not found. Cannot authenticate."); } - - return usersByDn.get(getDistinguishedName(certs)); + String dn = getDistinguishedName(certs); + String name = usersByDn.get(dn); --- End diff -- Hence this `userByDb` not synchronized access no longer exists in the new commit? With github and multiple commits is not simple to do reviews :P > Add support for regex based certificate authentication > ------------------------------------------------------ > > Key: ARTEMIS-1740 > URL: https://issues.apache.org/jira/browse/ARTEMIS-1740 > Project: ActiveMQ Artemis > Issue Type: Improvement > Reporter: Lionel Cons > Priority: Major > > The current certificate authentication module > ({{TextFileCertificateLoginModule}}) uses a file mapping user names to DNs. > In some cases, the list of known DNs can be large and dynamic. This is the > case for instance when using host certificates. > Host certificates could be very dynamic (when new virtual machines get > created) while keeping a fixed structure such as {{CN=hostxyz.acme.org, > OU=computers, DC=acme, DC=org}}. It is impractical to generate all the > possible DNs and feed this to Artemis. > It would be very useful to have regular expression based certificate > authentication. With the example above, we could have a single line: > {quote} > acme.computers=/^CN=\w+\.acme\.org, OU=computers, DC=acme, DC=org$/ > {quote} -- This message was sent by Atlassian JIRA (v7.6.3#76005)