Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update JaasAuthenticationBroker.java #710

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update JaasAuthenticationBroker.java #710

wants to merge 1 commit into from

Conversation

chris-joys
Copy link

Allow user use encrypt password to check entry detail info via web console

@chris-joys
Update JaasAuthenticationBroker.java
70f25a5 
Allow user use encrypt password to check entry detail info via web console
@mattrpav mattrpav self-requested a review September 13, 2021 02:32
@mattrpav mattrpav mentioned this pull request Sep 21, 2021
Closed
@mattrpav
Copy link
Contributor

@chris-joys is there a JIRA for this change?

mattrpav
mattrpav requested changes Sep 21, 2021
View reviewed changes
activemq-broker/src/main/java/org/apache/activemq/security/JaasAuthenticationBroker.java
@@ -86,6 +88,10 @@ public void addConnection(ConnectionContext context, ConnectionInfo info) throws
@Override
public SecurityContext authenticate(String username, String password, X509Certificate[] certificates) throws SecurityException {
SecurityContext result = null;
Properties prop = new Properties();
prop.put(username, password);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please fix inconsistent spacing

@mattrpav mattrpav self-assigned this Sep 21, 2021
@jbonofre jbonofre self-requested a review October 3, 2021 16:07
@jbonofre
Copy link
Member

It would be great to provide some explanation about this change:

  1. why using decrypt on properties to get the password. My understanding is that you are using encrypted password (instead of plain)
  2. If you are using encrypted password, the JAAS plugin should be configured by a property to define if the password is encrypted or not, else I think it will break all users using plain password.

jbonofre
jbonofre requested changes Oct 20, 2023
View reviewed changes
Copy link
Member

@jbonofre jbonofre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please answer to the question in my previous comment, and introduce a property enabling encrypted passwords.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbonofre jbonofre jbonofre requested changes

@mattrpav mattrpav mattrpav requested changes

Assignees

@mattrpav mattrpav

Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@chris-joys @mattrpav @jbonofre