activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Strachan" <james.strac...@gmail.com>
Subject Re: Creating a secure connection system and using JMSXUserID support
Date Tue, 18 Jul 2006 02:54:40 GMT
On 7/17/06, Sepand M <sepandm@gmail.com> wrote:
> Hi,
>
> I'm trying to modify ActiveMQ so it can handle SSL connections

FWIW we already support SSL connections...

http://incubator.apache.org/activemq/configuring-transports.html

in particular...

http://incubator.apache.org/activemq/ssl-transport-reference.html


> and
> authorize access to different queues based on client IDs.

We have a security plugin to perform authentication and authorization
on specific destinations, details here...

http://incubator.apache.org/activemq/security.html


> I've been looking at your "JMSXUserID support" (
> http://incubator.apache.org/activemq/jmsxuserid.html) to see if it
> could be used for authentication once the connection has been
> established.

So the purpose of the JMSXUserID feature is to be able to add a header
to all JMS messages that leave a broker so that consumers receiving
the message can know the authenticated user ID who sent the message.
i.e. it means that a producer cannot spoof its userID when sending a
message.

JMSXUserID does not perform the actual authentication/authorization -
thats a feature of the security plugin I mentioned above.

> From what I see, using the BrokerService.setPopulateJMSXUserID(true);
> causes the BrokerService to use a UserIDBroker, which in turn uses the
> ConnectionContext to retreive the userID.
>
> The problem I see is that the connection context is set in
> AbstractConnection.processMessage, which uses the producerId received
> from the message, which has been send by the producer (and is not
> validated by the server).
> This, to me, means that if the producer manages to guess a correct
> producerId, it will have impersonated another producer.
>
> Is this true?

The clientID is the thing we use; something the client can generate
itself. Though we ensure that only 1 connection that is active has a
single clientID value at any point in time (so no client can pretend
to be another one - its also required by the JMS spec). So I don't
think it matters too much what the producerId is - unless I've
misunderstood your point
-- 

James
-------
http://radio.weblogs.com/0112098/

Mime
View raw message