Gary Tully created ARTEMIS-3168:
-----------------------------------
Summary: JAAS login module to convert existing Principal to an
Artemis UserPrincipal
Key: ARTEMIS-3168
URL: https://issues.apache.org/jira/browse/ARTEMIS-3168
Project: ActiveMQ Artemis
Issue Type: New Feature
Components: JAAS
Affects Versions: 2.17.0
Reporter: Gary Tully
Assignee: Gary Tully
Fix For: 2.18.0
Artemis verifies that an authenticated subject always has an Artemis
UserPrincipal which makes sense. All of the existing login modules produce
UserPrincipals. However login modules are plugable and varied. Some allow some
control of the roll principal classes that they support but are less likely to
allow the Principal classes to be replaced.
For the hawtio console for example, the configurable RolePrincipal classes
allow both karaf and Artemis to co-exist and share role names. They can also
agree on the UserPrincipal class. However in chaining login modules where there
is not agreement on the UserPrincipal, it is useful to be able to convert to
the Artemis expected format at the end of the login process.
A simple PrincipalConversionLoginModule configured with the list of class names
to match against, would suffice here. A known validated XPrincipal(Bob) can
then appear in Artemis as UserPrincipal(Bob) without prior agreement, making
any login module a candidate for inclusion in the Artemis login.config.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
