activemq icon indicating copy to clipboard operation
activemq copied to clipboard
verified publisher icon apache

WIP: [AMQ-9750] Update JaasDualAuthenticationBroker to support mixed-mode SSL

Open mattrpav opened this issue 5 months ago • 3 comments

mattrpav avatar Jul 29 '25 23:07 mattrpav

Instead of having to add a new flag, couldn't you just check the ssl config for the transport and see if it's set to require a cert or if the cert is optional?

cshannon avatar Jul 30 '25 12:07 cshannon

Great idea. I'll update if 'wantAuth' or 'needAuth' AND then if there is a certificate present, return true-- otherwise it will fallback to the non-SSL certificate JAAS domain.

mattrpav avatar Jul 30 '25 13:07 mattrpav

Yeah that should be fine, since it will fallback to the other option. If the cert exists and the context is configured to want/need the cert then that should be good enough. This way you don't need to add another config option because it's essentially already being configured in the context by setting need/want to be true. Prevents mistakes and having to remember to change the config in the same spot twice.

cshannon avatar Jul 30 '25 13:07 cshannon