[
https://issues.apache.org/jira/browse/ARTEMIS-5901?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Justin Bertram updated ARTEMIS-5901:
------------------------------------
Description:
Currently the key used for the authentication cache uses a hash based on the
username, password, and DN of the TLS cert (if available). This typically
results in a unique value for each user. However, if a custom JAAS
{{LoginModule}} is used that doesn't use these credentials (e.g. it uses
certificate's *UPN* instead of DN) then the authentication cache key will not
necessarily be unique for each user.
Currently the only option in this situation is to disable authentication
caching, but that can adversely impact performance.
Therefore, the broker should support some way to customize the authentication
cache key (e.g. via a plugin).
was:
Currently the key used for the authentication cache uses a hash based on the
username, password, and DN of the TLS cert (if available). This typically
results in a unique value for each user. However, if a custom
{{SecurityManager}} implementation is used that doesn't use these credentials
(e.g. it uses certificate's *UPN* instead of DN) then the authentication cache
key will not necessarily be unique for each user.
Currently the only option in this situation is to disable authentication
caching, but that can adversely impact performance.
Therefore, the broker should support some way to customize the authentication
cache key (e.g. via a plugin).
> Allow custom authentication cache key
> --------------------------------------
>
> Key: ARTEMIS-5901
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5901
> Project: Artemis
> Issue Type: Improvement
> Reporter: Justin Bertram
> Assignee: Justin Bertram
> Priority: Major
>
> Currently the key used for the authentication cache uses a hash based on the
> username, password, and DN of the TLS cert (if available). This typically
> results in a unique value for each user. However, if a custom JAAS
> {{LoginModule}} is used that doesn't use these credentials (e.g. it uses
> certificate's *UPN* instead of DN) then the authentication cache key will not
> necessarily be unique for each user.
> Currently the only option in this situation is to disable authentication
> caching, but that can adversely impact performance.
> Therefore, the broker should support some way to customize the authentication
> cache key (e.g. via a plugin).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
