activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sepand M" <sepa...@gmail.com>
Subject Re: Creating a secure connection system and using JMSXUserID support
Date Wed, 19 Jul 2006 16:22:03 GMT
I could be mistaken, but the transport class would have access to the
transient field and, in the case of ssl, could attach the cert to it
as the connections come in.

On 7/19/06, James Strachan <james.strachan@gmail.com> wrote:
> How would the client send the data to a broker if it were transient? :)
>
> On 7/19/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
> > Adding a transient field to the ConnectionInfo would not cause a wireformat
> > change.
> >
> > I'd rather keep it simple and do it in our current one.
> >
> > On 7/19/06, James Strachan <james.strachan@gmail.com> wrote:
> > >
> > > How about to avoid breaking backwards compatibiility (or introducing a
> > > new OpenWire version) just adding a new derivation of a ConnectionInfo
> > > which could take additional fields like the certificate & token etc?
> > >
> > > On 7/19/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
> > > > Hi Sepand!
> > > >
> > > > On 7/18/06, Sepand M <sepandm@gmail.com> wrote:
> > > > >
> > > > > Thanks for the info James.
> > > > >
> > > > > Please tell me what you think of the following:
> > > > > I plan on having a new transport class that will do SSL client
> > > > > certificate authentication and then override the ConnectionInfo
> > > > > class's username field (we don't need a password) with the
> > > > > distinguished name of the client.
> > > >
> > > >
> > > >
> > > > This sounds good.
> > > >
> > > > Now, that I think of it.  I think that would useful for the
> > > authorization
> > > > layer to be able to access the whole cert that was provided that the
> > > > transport layer.   Would it help if the ConnectionInfo class had an
> > > > additional transient Object field that you could attach certificate info
> > > to?
> > > >
> > > > I could have the transport override every command's username with the
> > > > > DN, but that's not needed if I use a UserIdBroker.
> > > >
> > > >
> > > > That sounds good too.
> > > >
> > > > This should be ok, right?
> > > > >
> > > > > Thanks,
> > > > > Sepand
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Regards,
> > > > Hiram
> > > >
> > > > Blog: http://hiramchirino.com
> > > >
> > > >
> > >
> > >
> > > --
> > >
> > > James
> > > -------
> > > http://radio.weblogs.com/0112098/
> > >
> >
> >
> >
> > --
> > Regards,
> > Hiram
> >
> > Blog: http://hiramchirino.com
> >
> >
>
>
> --
>
> James
> -------
> http://radio.weblogs.com/0112098/
>

Mime
View raw message