activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hiram Chirino <hi...@hiramchirino.com>
Subject Re: AMQ 5.8 | Issue with re-generating Kerberos token during failover
Date Mon, 25 Nov 2013 17:12:30 GMT
Try something like:

((ActiveMQConnection)connection).addTransportListener(new
DefaultTransportListener(){
   public void transportResumed(){
      connection.setPassword( GET_NEW_TOKEN() );
   }
});


On Wed, Nov 20, 2013 at 9:49 AM, Harman <jassal.harman@gmail.com> wrote:
> We are using failover transport for connecting to network of brokers and we
> are using kerberos for authentication and authorization.
>
> During connection setup in connection factory create connection we generate
> a kerberos token and set is in the password field of the AMQ connection
> factory. Broker authenticates this token and authorizes the connecting
> service.
>
> But problem arises during failover when primary broker goes down. At this
> time failover transport kicks in and copies the connection data from
> ConnectionInfo class which has cached copy of kerberos token generated
> during initial connection and uses this data to connect to second broker.
> Now second broker is not able to authenticate using this token as it has
> already expired.
>
> I wanted to reach out to dev community to see if there is a way to
> regenerate password (token) during failover. I am sure we are not the only
> ones trying to stuff short-lived credentials into the JMS password field.
>
> Please let me know if you have any suggestions.
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.nabble.com/AMQ-5-8-Issue-with-re-generating-Kerberos-token-during-failover-tp4674700.html
> Sent from the ActiveMQ - Dev mailing list archive at Nabble.com.



-- 
Hiram Chirino

Engineering | Red Hat, Inc.

hchirino@redhat.com | fusesource.com | redhat.com

skype: hiramchirino | twitter: @hiramchirino

blog: Hiram Chirino's Bit Mojo

Mime
View raw message