activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Strachan" <james.strac...@gmail.com>
Subject Re: Creating a secure connection system and using JMSXUserID support
Date Wed, 19 Jul 2006 16:38:02 GMT
Ah OK - so the certificate is read on the server side right? Forgive
my ignorance of SSL :)

On 7/19/06, Sepand M <sepandm@gmail.com> wrote:
> I could be mistaken, but the transport class would have access to the
> transient field and, in the case of ssl, could attach the cert to it
> as the connections come in.
>
> On 7/19/06, James Strachan <james.strachan@gmail.com> wrote:
> > How would the client send the data to a broker if it were transient? :)
> >
> > On 7/19/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
> > > Adding a transient field to the ConnectionInfo would not cause a wireformat
> > > change.
> > >
> > > I'd rather keep it simple and do it in our current one.
> > >
> > > On 7/19/06, James Strachan <james.strachan@gmail.com> wrote:
> > > >
> > > > How about to avoid breaking backwards compatibiility (or introducing a
> > > > new OpenWire version) just adding a new derivation of a ConnectionInfo
> > > > which could take additional fields like the certificate & token etc?
> > > >
> > > > On 7/19/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
> > > > > Hi Sepand!
> > > > >
> > > > > On 7/18/06, Sepand M <sepandm@gmail.com> wrote:
> > > > > >
> > > > > > Thanks for the info James.
> > > > > >
> > > > > > Please tell me what you think of the following:
> > > > > > I plan on having a new transport class that will do SSL client
> > > > > > certificate authentication and then override the ConnectionInfo
> > > > > > class's username field (we don't need a password) with the
> > > > > > distinguished name of the client.
> > > > >
> > > > >
> > > > >
> > > > > This sounds good.
> > > > >
> > > > > Now, that I think of it.  I think that would useful for the
> > > > authorization
> > > > > layer to be able to access the whole cert that was provided that
the
> > > > > transport layer.   Would it help if the ConnectionInfo class had
an
> > > > > additional transient Object field that you could attach certificate
info
> > > > to?
> > > > >
> > > > > I could have the transport override every command's username with
the
> > > > > > DN, but that's not needed if I use a UserIdBroker.
> > > > >
> > > > >
> > > > > That sounds good too.
> > > > >
> > > > > This should be ok, right?
> > > > > >
> > > > > > Thanks,
> > > > > > Sepand
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Regards,
> > > > > Hiram
> > > > >
> > > > > Blog: http://hiramchirino.com
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > >
> > > > James
> > > > -------
> > > > http://radio.weblogs.com/0112098/
> > > >
> > >
> > >
> > >
> > > --
> > > Regards,
> > > Hiram
> > >
> > > Blog: http://hiramchirino.com
> > >
> > >
> >
> >
> > --
> >
> > James
> > -------
> > http://radio.weblogs.com/0112098/
> >
>


-- 

James
-------
http://radio.weblogs.com/0112098/

Mime
View raw message