ARTEMIS-3010 doc updates
This commit is contained in:
parent
805a94018c
commit
c64d4d62e3
|
@ -70,9 +70,9 @@ This process does **not** work for passwords in:
|
||||||
|
|
||||||
- `artemis-users.properties`
|
- `artemis-users.properties`
|
||||||
|
|
||||||
Maksed passwords for `artemis-users.properties` *can* be generated using the
|
Masked passwords for `artemis-users.properties` *can* be generated using the
|
||||||
`mask` command using the `--hash` command-line option. However, we recommend
|
`mask` command using the `--hash` command-line option. However, this is also
|
||||||
using the set of tools provided by the `user` command described below.
|
possible using the set of tools provided by the `user` command described below.
|
||||||
|
|
||||||
## Masking Configuration
|
## Masking Configuration
|
||||||
|
|
||||||
|
@ -100,10 +100,11 @@ hashed values for password verification.
|
||||||
|
|
||||||
Use the following command from the CLI of the Aremtis *instance* you wish to
|
Use the following command from the CLI of the Aremtis *instance* you wish to
|
||||||
add the user/password to. This command will not work from the Artemis home
|
add the user/password to. This command will not work from the Artemis home
|
||||||
used to create the instance. For example:
|
used to create the instance, and it will also not work unless the broker has
|
||||||
|
been started. For example:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
./artemis user add --user guest --password guest --role admin
|
./artemis user add --user-command-user guest --user-command-password guest --role admin
|
||||||
```
|
```
|
||||||
|
|
||||||
This will use the default codec to perform a "one-way" hash of the password
|
This will use the default codec to perform a "one-way" hash of the password
|
||||||
|
@ -114,6 +115,17 @@ Passwords in `artemis-users.properties` are automatically detected as hashed or
|
||||||
not by looking for the syntax `ENC(<hash>)`. The `mask-password` parameter does
|
not by looking for the syntax `ENC(<hash>)`. The `mask-password` parameter does
|
||||||
not need to be `true` to use hashed passwords here.
|
not need to be `true` to use hashed passwords here.
|
||||||
|
|
||||||
|
> **Warning**
|
||||||
|
>
|
||||||
|
> Management and CLI operations to manipulate user & role data are only available
|
||||||
|
> when using the `PropertiesLoginModule`.
|
||||||
|
>
|
||||||
|
> In general, using properties files and broker-centric user management for
|
||||||
|
> anything other than very basic use-cases is not recommended. The broker is
|
||||||
|
> designed to deal with messages. It's not in the business of managing users,
|
||||||
|
> although that functionality is provided at a limited level for convenience. LDAP
|
||||||
|
> is recommended for enterprise level production use-cases.
|
||||||
|
|
||||||
### cluster-password
|
### cluster-password
|
||||||
|
|
||||||
If it is specified in `ENC()` syntax it will be treated as masked, or
|
If it is specified in `ENC()` syntax it will be treated as masked, or
|
||||||
|
|
|
@ -584,12 +584,15 @@ guest=password
|
||||||
```
|
```
|
||||||
|
|
||||||
Passwords in `artemis-users.properties` can be hashed. Such passwords should
|
Passwords in `artemis-users.properties` can be hashed. Such passwords should
|
||||||
follow the syntax `ENC(<hash>)`. Hashed passwords can easily be added to
|
follow the syntax `ENC(<hash>)`.
|
||||||
`artemis-users.properties` using the `user` CLI command from the Artemis
|
|
||||||
*instance*. This command will not work from the Artemis home.
|
Hashed passwords can easily be added to `artemis-users.properties` using the
|
||||||
|
`user` CLI command from the Artemis *instance*. This command will not work
|
||||||
|
from the Artemis home, and it will also not work unless the broker has been
|
||||||
|
started.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
./artemis user add --user guest --password guest --role admin
|
./artemis user add --user-command-user guest --user-command-password guest --role admin
|
||||||
```
|
```
|
||||||
|
|
||||||
This will use the default codec to perform a "one-way" hash of the password
|
This will use the default codec to perform a "one-way" hash of the password
|
||||||
|
@ -617,6 +620,12 @@ etc.).
|
||||||
>
|
>
|
||||||
> Management and CLI operations to manipulate user & role data are only available
|
> Management and CLI operations to manipulate user & role data are only available
|
||||||
> when using the `PropertiesLoginModule`.
|
> when using the `PropertiesLoginModule`.
|
||||||
|
>
|
||||||
|
> In general, using properties files and broker-centric user management for
|
||||||
|
> anything other than very basic use-cases is not recommended. The broker is
|
||||||
|
> designed to deal with messages. It's not in the business of managing users,
|
||||||
|
> although that functionality is provided at a limited level for convenience. LDAP
|
||||||
|
> is recommended for enterprise level production use-cases.
|
||||||
|
|
||||||
#### LDAPLoginModule
|
#### LDAPLoginModule
|
||||||
|
|
||||||
|
|
|
@ -23,6 +23,32 @@ Highlights:
|
||||||
- Support for admin objects in the JCA resource adapter to facilitate deployment into 3rd-party Java EE application servers
|
- Support for admin objects in the JCA resource adapter to facilitate deployment into 3rd-party Java EE application servers
|
||||||
- Ability to prevent an acceptor from automatically starting
|
- Ability to prevent an acceptor from automatically starting
|
||||||
|
|
||||||
|
#### Upgrading from older versions
|
||||||
|
|
||||||
|
Due to [ARTEMIS-2893](https://issues.apache.org/jira/browse/ARTEMIS-2893) the
|
||||||
|
fundamental way user management was implemented had to change to avoid data
|
||||||
|
integrity issues related to concurrent modification. From a user's perspective
|
||||||
|
two main things changed:
|
||||||
|
|
||||||
|
1. User management is no longer possible using the `artemis user` commands
|
||||||
|
when the broker is **offline**. Of course users are still free to modify the
|
||||||
|
properties files directly in this situation.
|
||||||
|
2. The parameters of the `artemis user` commands changed. Instead of using
|
||||||
|
something like this:
|
||||||
|
```sh
|
||||||
|
./artemis user add --user guest --password guest --role admin
|
||||||
|
```
|
||||||
|
Use this instead:
|
||||||
|
```sh
|
||||||
|
./artemis user add --user-command-user guest --user-command-password guest --role admin
|
||||||
|
```
|
||||||
|
In short, use `user-command-user` in lieu of `user` and `user-command-password`
|
||||||
|
in lieu of `password`. Both `user` and `password` parameters now apply to the
|
||||||
|
connection used to send the command to the broker.
|
||||||
|
|
||||||
|
For additional details see [ARTEMIS-2893](https://issues.apache.org/jira/browse/ARTEMIS-2893)
|
||||||
|
and [ARTEMIS-3010](https://issues.apache.org/jira/browse/ARTEMIS-3010)
|
||||||
|
|
||||||
## 2.15.0
|
## 2.15.0
|
||||||
|
|
||||||
[Full release notes](https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315920&version=12348568).
|
[Full release notes](https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315920&version=12348568).
|
||||||
|
|
Loading…
Reference in New Issue