activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Strachan" <james.strac...@gmail.com>
Subject Re: Creating a secure connection system and using JMSXUserID support
Date Wed, 19 Jul 2006 16:00:51 GMT
How would the client send the data to a broker if it were transient? :)

On 7/19/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
> Adding a transient field to the ConnectionInfo would not cause a wireformat
> change.
>
> I'd rather keep it simple and do it in our current one.
>
> On 7/19/06, James Strachan <james.strachan@gmail.com> wrote:
> >
> > How about to avoid breaking backwards compatibiility (or introducing a
> > new OpenWire version) just adding a new derivation of a ConnectionInfo
> > which could take additional fields like the certificate & token etc?
> >
> > On 7/19/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
> > > Hi Sepand!
> > >
> > > On 7/18/06, Sepand M <sepandm@gmail.com> wrote:
> > > >
> > > > Thanks for the info James.
> > > >
> > > > Please tell me what you think of the following:
> > > > I plan on having a new transport class that will do SSL client
> > > > certificate authentication and then override the ConnectionInfo
> > > > class's username field (we don't need a password) with the
> > > > distinguished name of the client.
> > >
> > >
> > >
> > > This sounds good.
> > >
> > > Now, that I think of it.  I think that would useful for the
> > authorization
> > > layer to be able to access the whole cert that was provided that the
> > > transport layer.   Would it help if the ConnectionInfo class had an
> > > additional transient Object field that you could attach certificate info
> > to?
> > >
> > > I could have the transport override every command's username with the
> > > > DN, but that's not needed if I use a UserIdBroker.
> > >
> > >
> > > That sounds good too.
> > >
> > > This should be ok, right?
> > > >
> > > > Thanks,
> > > > Sepand
> > > >
> > >
> > >
> > >
> > > --
> > > Regards,
> > > Hiram
> > >
> > > Blog: http://hiramchirino.com
> > >
> > >
> >
> >
> > --
> >
> > James
> > -------
> > http://radio.weblogs.com/0112098/
> >
>
>
>
> --
> Regards,
> Hiram
>
> Blog: http://hiramchirino.com
>
>


-- 

James
-------
http://radio.weblogs.com/0112098/

Mime
View raw message