activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sepand M <sepa...@gmail.com>
Subject Re: Creating a secure connection system and using JMSXUserID support
Date Tue, 18 Jul 2006 00:16:01 GMT
Thanks for your reply.

2 comments below:

James Strachan wrote:
> On 7/17/06, Sepand M <sepandm@gmail.com> wrote:
>> Hi,
>>
>> I'm trying to modify ActiveMQ so it can handle SSL connections
>
> FWIW we already support SSL connections...
>
> http://incubator.apache.org/activemq/configuring-transports.html
>
> in particular...
>
> http://incubator.apache.org/activemq/ssl-transport-reference.html
>
>
>> and
>> authorize access to different queues based on client IDs.
>
> We have a security plugin to perform authentication and authorization
> on specific destinations, details here...
>
> http://incubator.apache.org/activemq/security.html
>
I know that, but can this plugin use certificates to authenticate the 
client?
>
>> I've been looking at your "JMSXUserID support" (
>> http://incubator.apache.org/activemq/jmsxuserid.html) to see if it
>> could be used for authentication once the connection has been
>> established.
>
> So the purpose of the JMSXUserID feature is to be able to add a header
> to all JMS messages that leave a broker so that consumers receiving
> the message can know the authenticated user ID who sent the message.
> i.e. it means that a producer cannot spoof its userID when sending a
> message.
>
> JMSXUserID does not perform the actual authentication/authorization -
> thats a feature of the security plugin I mentioned above.
>
>> From what I see, using the BrokerService.setPopulateJMSXUserID(true);
>> causes the BrokerService to use a UserIDBroker, which in turn uses the
>> ConnectionContext to retreive the userID.
>>
>> The problem I see is that the connection context is set in
>> AbstractConnection.processMessage, which uses the producerId received
>> from the message, which has been send by the producer (and is not
>> validated by the server).
>> This, to me, means that if the producer manages to guess a correct
>> producerId, it will have impersonated another producer.
>>
>> Is this true?
>
> The clientID is the thing we use; something the client can generate
> itself. Though we ensure that only 1 connection that is active has a
> single clientID value at any point in time (so no client can pretend
> to be another one - its also required by the JMS spec). So I don't
> think it matters too much what the producerId is - unless I've
> misunderstood your point

OK. That was my main concern. thank you.

Mime
View raw message