activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sepand M <sepa...@gmail.com>
Subject Re: SSL authentication/authorization patch
Date Fri, 22 Sep 2006 03:37:47 GMT
Yeah, we realized this was needed, but I didn't have time (my work term 
at the company was ending).
I've left instructions for people taking over this project on how to do 
this (it just takes one setter and a well placed call from that setter).
I'm not sure when it will be done though.

- Sepand

Hiram Chirino wrote:
> On 9/21/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
>> On 9/21/06, Kelly Campbell <kelly.a.campbell@gmail.com> wrote:
>> > Thanks for getting this submitted Sepand, and thanks for patching 
>> it in Hiram.
>> >
>> > I'm looking at how best to configure the keystore settings more
>> > dynamically without using the default system properties or anything in
>> > the URL. It looks like I'd need to be able to pass in a
>> > javax.net.ssl.SSLContext or SSLSocketFactory. I'd also like to be able
>> > to pass these in so I can provide an implementation that does some
>> > extra security checks, e.g. checking that the server's DN is what we
>> > expect, turning off weak ciphers.
>> >
>>
>> It would be nice if they were properties on the ssl transport server
>> so that you can configure them using the URI... like:
>>
>> ssl://localhost:61617?keystore=foo.ks&truststore=foo.ts
>>
>> > The part I'm struggling with now is where to create this API for the
>> > client. Should it be a new constructor on ActiveMQConnectionFactory,
>> > or should I add a new overridden ActiveMQSecureConnectionFactory? Or
>> > should I just override it in my own code base, and not have this in
>> > the activemq code at all?
>>
>> Just add properties to the SslTransportServer and make sure they have 
>> setters.
>>
>
> And properties to the SslTransport if you want to set those properties
> on the client connect URL
>
>> >
>> > Thanks,
>> > Kelly
>> >
>> > On 9/11/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
>> > > starting to look into it now. thx for the patch!
>> > >
>> > > On 9/5/06, Sepand M <sepandm@gmail.com> wrote:
>> > > > Hey guys,
>> > > >
>> > > > The patch is done.
>> > > > It's here: https://issues.apache.org/activemq/browse/AMQ-912
>> > > > Hope you like it.
>> > > > It would be really great if you could give an estimate of when 
>> you will
>> > > > decide if it goes in or not (although I doubt you can =) ).
>> > > >
>> > > > Regards,
>> > > > Sepand
>> > > >
>> > > >
>> > >
>> > >
>> > > --
>> > > Regards,
>> > > Hiram
>> > >
>> > > Blog: http://hiramchirino.com
>> > >
>> >
>>
>>
>> -- 
>> Regards,
>> Hiram
>>
>> Blog: http://hiramchirino.com
>>
>
>


Mime
View raw message