activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hiram Chirino <>
Subject Re: AMQ 5.8 | Issue with re-generating Kerberos token during failover
Date Mon, 25 Nov 2013 17:12:30 GMT
Try something like:

   public void transportResumed(){
      connection.setPassword( GET_NEW_TOKEN() );

On Wed, Nov 20, 2013 at 9:49 AM, Harman <> wrote:
> We are using failover transport for connecting to network of brokers and we
> are using kerberos for authentication and authorization.
> During connection setup in connection factory create connection we generate
> a kerberos token and set is in the password field of the AMQ connection
> factory. Broker authenticates this token and authorizes the connecting
> service.
> But problem arises during failover when primary broker goes down. At this
> time failover transport kicks in and copies the connection data from
> ConnectionInfo class which has cached copy of kerberos token generated
> during initial connection and uses this data to connect to second broker.
> Now second broker is not able to authenticate using this token as it has
> already expired.
> I wanted to reach out to dev community to see if there is a way to
> regenerate password (token) during failover. I am sure we are not the only
> ones trying to stuff short-lived credentials into the JMS password field.
> Please let me know if you have any suggestions.
> --
> View this message in context:
> Sent from the ActiveMQ - Dev mailing list archive at

Hiram Chirino

Engineering | Red Hat, Inc. | |

skype: hiramchirino | twitter: @hiramchirino

blog: Hiram Chirino's Bit Mojo

View raw message