[
https://issues.apache.org/jira/browse/ARTEMIS-4059?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17993090#comment-17993090
]
Rich T commented on ARTEMIS-4059:
---------------------------------
Hey [~jbertram] this would indeed still be useful, especially as ARTEMIS-3957
is still open.
We have a work around which works because we have disabled caching at the
SecurityManager level and already extend the
[ActiveMQJAASSecurityManager|https://github.com/openremote/openremote/blob/97fbb88e3efe165a0cd1311843092189b9d3f2fd/manager/src/main/java/org/openremote/manager/mqtt/ActiveMQORSecurityManager.java]
for multitenancy and in the {{authenticate}} override method we call a custom
implementation of {{getAuthenticatedSubject}} that injects the following custom
security principal into the {{Subject}} which allows us to get the
{{RemotingConnection}} from the {{Subject}} in {{{}verifyRights{}}}.
I appreciate there is no perfect solution here and if there isn't much demand
for this then just consider our use case as unusual and close this I would
suggest.
> ActiveMQSecurityManager5 authorize should include remoting connection
> ---------------------------------------------------------------------
>
> Key: ARTEMIS-4059
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4059
> Project: ActiveMQ Artemis
> Issue Type: Wish
> Components: Broker
> Affects Versions: 2.26.0
> Reporter: Rich T
> Priority: Major
>
> It seems that for ActiveMQSecurityManager5 the RemotingConnection parameter
> was dropped but in our use case we need this so we can verify the clientID
> matches the address as we require MQTT clients to include their client ID in
> their topics.
>
> We currently have to try and find the session from the subject which is error
> prone when the same user has multiple connections.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
