Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 10D972009F8 for ; Fri, 3 Jun 2016 14:52:14 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 0CF13160A2A; Fri, 3 Jun 2016 12:52:14 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 54D53160A25 for ; Fri, 3 Jun 2016 14:52:13 +0200 (CEST) Received: (qmail 68648 invoked by uid 500); 3 Jun 2016 12:52:12 -0000 Mailing-List: contact dev-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list dev@activemq.apache.org Received: (qmail 68636 invoked by uid 99); 3 Jun 2016 12:52:12 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Jun 2016 12:52:12 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id B46F9C13B4 for ; Fri, 3 Jun 2016 12:52:11 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.821 X-Spam-Level: X-Spam-Status: No, score=-0.821 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx2-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id gHHBuhz9pfGf for ; Fri, 3 Jun 2016 12:52:09 +0000 (UTC) Received: from mail-lf0-f43.google.com (mail-lf0-f43.google.com [209.85.215.43]) by mx2-lw-eu.apache.org (ASF Mail Server at mx2-lw-eu.apache.org) with ESMTPS id E5C775F479 for ; Fri, 3 Jun 2016 12:52:08 +0000 (UTC) Received: by mail-lf0-f43.google.com with SMTP id s64so53940497lfe.0 for ; Fri, 03 Jun 2016 05:52:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=tTdT+hiA7oZC7dg+HhVOhIQruml7ba8vpK8lQh7V94w=; b=LgY7qBqB2KkNxWfcpWh7sqSzVigmqeWsTiJ945qLWvktO3zxUsMSTFVyWizu5JhW0V eGmnVo3sbb4TVsGMSfPZSsp8rdSf5dntvTvy2shjlnEb53/cdhSIv4wiKDIgJvyDDQIc p8zRi1diacmxllIr2M0lFG/y1JZlmg5nT0Ddgx5GeW6/KOfTr/bY3owhtDJDurZq6TGL DySioFRPF/FfZRvW4TNCLgBNn3xzVZPPY1a8eBTRcwjX4gXj6F+N8qgvTnE6dzrX4TVy wi5WUM95u6UaO/78x1uE0qkD+kP8mBcYq/EoLWyrXeXXbjYaAdZL8D5JWuxF7/eo3VME A9qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=tTdT+hiA7oZC7dg+HhVOhIQruml7ba8vpK8lQh7V94w=; b=FQYIOGRaKX8lC6VZpZQBHQyqxhhMsudHAJbBgsR0YrwNMBWM0ET7URT5K+bWzKHtOy YQ4YjgkDFadp48O5GH4BZSyDMYWCz+5+Ai+oiL1JBy6bhtd/jtUUwIeC4Pp2/kwYXOrk 2MRoYmkTA8f4/F/0uv3Axdmc9EVLM7xACwf/+Gz04alV5qQFsUgaIeIm+Y2OoidqN8nC m7h8MQMZbmXaY20R9p+ShR6MqXEWTuV7ljrQVoLIP/e6SvLfSeGGOdcyyS+JeeY0jG2A JpKXLKyB2Qqhc7UcQTU13jZ4YOyHXTyjPFBzUerRYdUsPm5+GBaTo7g6EAjYJgeqrGH2 jdZQ== X-Gm-Message-State: ALyK8tK2gAkLYMcJtx+dBqbLSnADo+chYqXaGYeJoLf8jOpnn2BqsJxsLbvkEYpbcb4Sn3EiHmhyzFSRAIHLCA== X-Received: by 10.25.19.101 with SMTP id j98mr1053219lfi.13.1464958328370; Fri, 03 Jun 2016 05:52:08 -0700 (PDT) MIME-Version: 1.0 Received: by 10.25.142.138 with HTTP; Fri, 3 Jun 2016 05:52:07 -0700 (PDT) From: Jeff Mesnil Date: Fri, 3 Jun 2016 14:52:07 +0200 Message-ID: Subject: Container-managed security in Artemis Resource Adapter To: dev@activemq.apache.org Content-Type: text/plain; charset=UTF-8 archived-at: Fri, 03 Jun 2016 12:52:14 -0000 Hi, I'm working on providing Container-managed security in Artemis resource adapter for our app server. Artemis RA has been coded to support it already. If there is a security domain specified for its resource adapter, Artemis ManagedConnection will use the security's Subject for its authentication on the broker side. However there is one use case that I'm not sure about. When the user specifies credentials when calling the RA's ConnectionFactory methods, Artemis discards them if there is a subject from the SecurityDomain[1]. I would have expected the opposite: credential parameters from the ConnectionRequestInfo should have precedence over the Subject's from the security domain. What do you think about changing that behaviour? If there are credentials from the ConnectionRequestInfo, use them else if there is a Subject, use it else raise an exception. [1] https://github.com/apache/activemq-artemis/blob/master/artemis-ra/src/main/java/org/apache/activemq/artemis/ra/ActiveMQRACredential.java#L122 -- Jeff Mesnil jmesnil@gmail.com http://jmesnil.net/weblog/