activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arthur Naseef (JIRA)" <>
Subject [jira] Created: (AMQ-3154) unable to implement custom broker-to-broker authorization
Date Mon, 24 Jan 2011 23:42:43 GMT
unable to implement custom broker-to-broker authorization

                 Key: AMQ-3154
             Project: ActiveMQ
          Issue Type: Bug
          Components: Broker
    Affects Versions: 5.4.2
            Reporter: Arthur Naseef

Ran into the following issues preventing a custom Broker-To-Broker authentication implementation:

  - BrokerFilter's addBroker() can not be used to secure a connection:
      - for duplex connections, it is never called on the initial conneciton
      - even if addBroker() throws an exception, it does not deny access (it does not close
the connection nor prevent other functioning)
      - addBroker() does not have direct access to the ConnectionContext, nor any other means
for the BrokerFilter to access SSL certificates on the SSL transport

  - BrokerFilter's addConnection() can not be used to secure a connection:
       - there is no way to distinguish broker connections from clients

Other approaches were considered, but lead to dead-ends.

It seems the optimal solution would use the existing addBroker() method.

A patch will be provided that adds a new method specifically for securing Broker-To-Broker

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message