mattrpav commented on code in PR #1480:
URL: https://github.com/apache/activemq/pull/1480#discussion_r2299188712
##########
assembly/src/release/conf/login.config:
##########
@@ -18,4 +18,12 @@ activemq {
org.apache.activemq.jaas.PropertiesLoginModule required
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
-};
\ No newline at end of file
+};
+
+OAuthConfiguration {
+ org.apache.activemq.jaas.oauth.OAuthLoginModule required
+ issuer="https://cognito-idp.us-west-2.amazonaws.com/us-west-2_iz1VrIxct";
+
jwks_uri="https://cognito-idp.us-west-2.amazonaws.com/us-west-2_iz1VrIxct/.well-known/jwks.json";
+ group_resolver_class="org.apache.activemq.jaas.oauth.NoOpGroupResolver"
Review Comment:
Using a class for group resolution gets tricky across runtimes that have
varying classloader behaviors (specifically Apache Karaf and OSGi-based
runtimes.)
Since there is only one method, I think having an AbstractOAuthLoginModule
with shared methods and an abstract method for groupLookup() is the way to go.
The default implementation can simply load a groups.properties file with
user, group and role mappings similar to how pure local accounts work.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
