activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ngcutura <ngcut...@gmail.com>
Subject Certificate login
Date Mon, 31 Jul 2006 20:08:39 GMT

Hi all,

I have another requirement in my project (a tough one). Instead of using
username/password I want to use only certificate for both authentication and
authorization.

I see two approaches:

1. As JMS allows only (username, password) in createConnection(), I can
export certificate to a String and supply it as a username and develop
custom JAAS login module that would convert username String back to the
certificate and authenticate (against an LDAP directory). However, I don't
like this approach.

2. As I am going to use SSL anyway, I would like to use SSL client
authentication as the basis for AMQ authentication. As much as I understood
JSSE, certificates are checked against keystore so I can develop custom
keystore implementation that checks certificates against LDAP directory.
However, I do not know how to make AMQ aware of this process i.e. how to
bind the Subject with SSL connection so that AMQ can use this information
for authorization. SSL client authentication is invisible to AMQ, as I
understood.

Concentrating on approach (2.), I can obtian certificates from SSL session
but how do I obtain SSL session from AMQ? Is it Connection, Transport or
other entity? Would it be convenient in current AMQ architecture to do what
I propose?

I would appreciate a hint from somebody with deeper knowledge of AMQ and
JSSE.

Thanks and regards,
NGC

-- 
View this message in context: http://www.nabble.com/Certificate-login-tf2029724.html#a5583011
Sent from the ActiveMQ - Dev forum at Nabble.com.


Mime
View raw message