I recently added support for JAAS modules which utilize username/password for authentication and authorization. See here [1]. Part of that work involved importing the certificate JAAS module as well, but Artemis doesn't yet have all the plumbing necessary to support it since it doesn't pass around the certificate to all the relevant parties. I plan on adding support for this in the future, but I'm working on other things at the moment. Feel free to contribute.
Justin [1] https://github.com/jbertram/activemq-artemis/commit/6ed9c5ae91dc7a08cdb3825fb17a5da24037fa36 ----- Original Message ----- From: "slew77" <stephen.lewi...@yahoo.co.uk> To: users@activemq.apache.org Sent: Wednesday, October 14, 2015 11:48:02 AM Subject: Artemis - Certificate Security Hi, Hoping to get some advice on adding a security plugin to Artemis. We are using an Artemis 1.1.0 broker. Client systems post messages to a common queue and listen for messages on a client specific queue. There will be thousands of client systems. Each client should be able to write to the common queue, but not read from it. Each client should be able to read from their response queue only, but not write to it. We must base this access on the client certificate used to connect, i.e. we can't use username/password. The docs suggest it's possible to add a JAAS plugin, is that correct and is there an example I could follow? If it is possible, is it feasible to base the authorisation on the client certificate? Ideally we'd do a lookup from the certificate thumbprint to get either a username or the roles that we need. Any help gratefully received! Thanks in advance, Steve. -- View this message in context: http://activemq.2283324.n4.nabble.com/Artemis-Certificate-Security-tp4702960.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
