activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Mesnil <jmes...@gmail.com>
Subject Container-managed security in Artemis Resource Adapter
Date Fri, 03 Jun 2016 12:52:07 GMT
Hi,

I'm working on providing Container-managed security in Artemis
resource adapter for our app server.

Artemis RA has been coded to support it already. If there is a
security domain specified for its resource adapter, Artemis
ManagedConnection will use the security's Subject for its
authentication on the broker side.

However there is one use case that I'm not sure about.
When the user specifies credentials when calling the RA's
ConnectionFactory methods, Artemis discards them if there is a subject
from the SecurityDomain[1].
I would have expected the opposite: credential parameters from the
ConnectionRequestInfo should have precedence over the Subject's from
the security domain.

What do you think about changing that behaviour?

If there are credentials from the ConnectionRequestInfo, use them
else if there is a Subject, use it
else raise an exception.



[1] https://github.com/apache/activemq-artemis/blob/master/artemis-ra/src/main/java/org/apache/activemq/artemis/ra/ActiveMQRACredential.java#L122
-- 
Jeff Mesnil
jmesnil@gmail.com
http://jmesnil.net/weblog/

Mime
View raw message