activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hiram Chirino" <hi...@hiramchirino.com>
Subject Re: SSL authentication/authorization patch
Date Fri, 22 Sep 2006 01:03:10 GMT
On 9/21/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
> On 9/21/06, Kelly Campbell <kelly.a.campbell@gmail.com> wrote:
> > Thanks for getting this submitted Sepand, and thanks for patching it in Hiram.
> >
> > I'm looking at how best to configure the keystore settings more
> > dynamically without using the default system properties or anything in
> > the URL. It looks like I'd need to be able to pass in a
> > javax.net.ssl.SSLContext or SSLSocketFactory. I'd also like to be able
> > to pass these in so I can provide an implementation that does some
> > extra security checks, e.g. checking that the server's DN is what we
> > expect, turning off weak ciphers.
> >
>
> It would be nice if they were properties on the ssl transport server
> so that you can configure them using the URI... like:
>
> ssl://localhost:61617?keystore=foo.ks&truststore=foo.ts
>
> > The part I'm struggling with now is where to create this API for the
> > client. Should it be a new constructor on ActiveMQConnectionFactory,
> > or should I add a new overridden ActiveMQSecureConnectionFactory? Or
> > should I just override it in my own code base, and not have this in
> > the activemq code at all?
>
> Just add properties to the SslTransportServer and make sure they have setters.
>

And properties to the SslTransport if you want to set those properties
on the client connect URL

> >
> > Thanks,
> > Kelly
> >
> > On 9/11/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
> > > starting to look into it now. thx for the patch!
> > >
> > > On 9/5/06, Sepand M <sepandm@gmail.com> wrote:
> > > > Hey guys,
> > > >
> > > > The patch is done.
> > > > It's here: https://issues.apache.org/activemq/browse/AMQ-912
> > > > Hope you like it.
> > > > It would be really great if you could give an estimate of when you will
> > > > decide if it goes in or not (although I doubt you can =) ).
> > > >
> > > > Regards,
> > > > Sepand
> > > >
> > > >
> > >
> > >
> > > --
> > > Regards,
> > > Hiram
> > >
> > > Blog: http://hiramchirino.com
> > >
> >
>
>
> --
> Regards,
> Hiram
>
> Blog: http://hiramchirino.com
>


-- 
Regards,
Hiram

Blog: http://hiramchirino.com

Mime
View raw message