Spring Security Shiro Plugin - Reference Documentation Burt Beckwith Version 3.1.2.BUILD-SNAPSHOT Table of Contents 1. Introduction to the Spring Security Shiro Plugin . . . . . . . . . . . . . . Chapter 1. Introduction to the Spring Security Shiro Plugin The Spring Security Shiro plugin adds some support for using a hybrid approach combining Spring Security and Shiro. It currently only supports supports Shiro ACLs, since Spring Security ACLs are very powerful but can be very cumbersome to use, and the Shiro approach is straightforward and simple. The majority of the authentication and authorization

1 Shiro support for the Spring Security plugin Table of contents 2 Shiro support for the Spring Security plugin - Reference Documentation Authors: Burt Beckwith Version: 0.1 Table of Contents 1 Introduction The Spring Security Shiro plugin adds some support for using a hybrid approach combining Spring Security and . It currently only supports Shiro ACLs, since Spring Security ACLs are very Shiro authentication and authorization work is still done by Spring Security. This plugin listens for Spring Security authentication events and uses the Spring Security Authentication instance to build and register a Shiro

the Spring Security plugin Shiro support for the Spring Security plugin - Reference Documentation Authors: Burt Beckwith Version: 1.0.0 Table of Contents 1 Introduction to the Spring Security Shiro Plugin Spring Security Shiro Plugin The Spring Security Shiro plugin adds some support for using a hybrid approach combining Spring and . It currently only supports Shiro ACLs, since Spring Security ACLs are are very Security Shiro powerful but can be very cumbersome to use, and the Shiro approach is straightforward and simple. The majority of the authentication and authorization work is still done by Spring

Message Grouping Consumer Priority Extra Acknowledge Modes Management Management Console Metrics Security Masking Passwords Broker Plugins Resource Limits The JMS Bridge Client Reconnection and Session 3.x subscriber using CleanSession=1 is now non-durable rather than durable. This may impact security-settings for MQTT clients which previously only had createDurableQueue for their role. They cluster nodes. Although this is a "breaking" change, not performing hostname verification is a security risk (e.g. due to man-in-the- middle attacks). Enabling it by default aligns core client behavior

Message Grouping Consumer Priority Extra Acknowledge Modes Management Management Console Metrics Security Masking Passwords Broker Plugins Resource Limits The JMS Bridge Client Reconnection and Session 3.x subscriber using CleanSession=1 is now non- durable rather than durable. This may impact security-settings for MQTT clients which previously only had createDurableQueue for their role. They cluster nodes. Although this is a "breaking" change, not performing hostname verification is a security risk (e.g. due to man-in- the-middle attacks). Enabling it by default aligns core client behavior

Message Grouping Consumer Priority Extra Acknowledge Modes Management Management Console Metrics Security Masking Passwords Broker Plugins Resource Limits The JMS Bridge Client Failover Diverting 3.x subscriber using CleanSession=1 is now non-durable rather than durable. This may impact security-settings for MQTT clients which previously only had createDurableQueue for their role. They cluster nodes. Although this is a "breaking" change, not performing hostname verification is a security risk (e.g. due to man-in-the- middle attacks). Enabling it by default aligns core client behavior

Message Grouping Consumer Priority Extra Acknowledge Modes Management Management Console Metrics Security Masking Passwords Broker Plugins Resource Limits The JMS Bridge Client Failover Diverting 3.x subscriber using CleanSession=1 is now non-durable rather than durable. This may impact security-settings for MQTT clients which previously only had createDurableQueue for their role. They cluster nodes. Although this is a "breaking" change, not performing hostname verification is a security risk (e.g. due to man-in-the- middle attacks). Enabling it by default aligns core client behavior

Message Grouping Consumer Priority Extra Acknowledge Modes Management Management Console Metrics Security Masking Passwords Broker Plugins Resource Limits The JMS Bridge Client Reconnection and Session and ARTEMIS-3010 2.15.0 Full release notes. Highlights: Ability to use FQQN syntax for both security-settings and JNDI lookup Support pausing dispatch during group rebalance (to avoid potential out-of- Per-acceptor security domains Command-line check tool for checking the health of a broker Support disabling metrics per address via the enable-metrics address setting Improvements to the audit logging

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 6.4. AMQP and security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 29.2. Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269 43.2. Role based security for addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269 43.3. Security Setting Plugin . . . . . .

Message Grouping Consumer Priority Extra Acknowledge Modes Management Management Console Metrics Security Masking Passwords Broker Plugins Resource Limits The JMS Bridge Client Reconnection and Session ID cache to check the cache's size and clear it Support for min/max expiry-delay Per-acceptor security domains Command-line check tool for checking the health of a broker Support disabling metrics setting Versions 9 Improvements to the audit logging Speed optimizations for the HierarchicalObjectRepository , an internal object used to store address and security settings Upgrading from older versions