OK well what I am thinking about is basically adding a nullable property to
the PropertiesLoginModule that will allow the user to provide the classpath
to an implementation of the
org.apache.activemq.artemis.utils.SensitiveDataCodec, so that essentially
the login.config would look like the following.
activemq {
com.paypal.credit.apache.artemis.passwordmasking.CryptoMonsterLogin
required
debug=false
org.apache.activemq.jaas.properties.decoder="com.foo.FooDecoder;key=value"
org.apache.activemq.jaas.properties.user="artemis-users.properties"
org.apache.activemq.jaas.properties.role="artemis-roles.properties";
};
This approach should allow users to configure password marking using the
same interface from the previous version.
Also I believe we can allow masked and unmasked passwords to live in the
same files by simply requiring the masked passwords to be encased with
ENC(). An example of how the users.properties file would look is shown
below.
unmaskedpassword=unmaskedpassword
maskedpassword=ENC(fafafsdgaqgegsagegasge)
How does this sound?
--
View this message in context:
http://activemq.2283324.n4.nabble.com/Adding-support-for-password-masking-to-the-Artemis-tp4711531p4711571.html
Sent from the ActiveMQ - Dev mailing list archive at Nabble.com.
