activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gerdes, Mike" <Mike.Ger...@airbus.com>
Subject AW: SSL with client authentification?
Date Thu, 20 Apr 2006 13:06:12 GMT

hi,

I have implemented mutal authentication for AMQ by using needClientAuth and wantClientAuth.
It can be set in the transportconnector as additional parameters e.g.

<transportConnectors>
       <transportConnector uri="ssl://localhost:61616?needClientAuth=true" discoveryUri="multicast://default"/>
    </transportConnectors>

I needed to modify two classes for this: TransportFactory and TcpTransportServer.

To this mail I have attached the .diff files. It would be nice to see this feature in the
next AMQ.

I hope this helps.

cya

mike

p.s. other ssl opetions can also be implemented in this way. It should be really easy do to
so.

--- D:\esb\TransportFactory.java	2006-04-03 00:21:14.000000000 +0200
+++ D:\ActiveMQ\org\apache\activemq\transport\TransportFactory.java	2006-04-20 14:27:29.812412800
+0200
@@ -111,6 +111,8 @@
     public Transport doConnect(URI location) throws Exception {
         try {
             Map options = new HashMap(URISupport.parseParamters(location));
+            IntrospectionSupport.extractProperties(options, "needClientAuth");
+            IntrospectionSupport.extractProperties(options, "wantClientAuth");
             WireFormat wf = createWireFormat(options);
             Transport transport = createTransport(location, wf);
             Transport rc = configure(transport, wf, options);

--- D:\esb\TcpTransportServer.java	2006-04-03 00:21:38.000000000 +0200
+++ D:\ActiveMQ\org\apache\activemq\transport\tcp\TcpTransportServer.java	2006-04-20 15:00:31.001222400
+0200
@@ -26,6 +26,12 @@
 import java.net.URISyntaxException;
 import java.net.UnknownHostException;
 import java.util.HashMap;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLSocket;
+
+import org.apache.activemq.util.IntrospectionSupport;
+import org.apache.activemq.util.URISupport;
+import java.util.Map;

 import org.apache.activeio.command.WireFormat;
 import org.apache.activeio.command.WireFormatFactory;
@@ -55,10 +61,14 @@
     private long maxInactivityDuration = 30000;
     private int minmumWireFormatVersion;
     private boolean trace;
+    private boolean needClientAuth;
+    private boolean wantClientAuth;
    
     public TcpTransportServer(URI location, ServerSocketFactory serverSocketFactory) throws
IOException, URISyntaxException {
         super(location);
         serverSocket = createServerSocket(location, serverSocketFactory);
+        Map options = new HashMap(URISupport.parseParamters(location));
+        IntrospectionSupport.setProperties(this, options);
         serverSocket.setSoTimeout(2000);
         updatePhysicalUri(location);
     }
@@ -111,14 +121,43 @@
         this.trace = trace;
     }

-    /**
+    public boolean isNeedClientAuth() {
+		return needClientAuth;
+	}
+
+	public void setNeedClientAuth(boolean needClientAuth) {
+		this.needClientAuth = needClientAuth;
+	}
+
+	public boolean isWantClientAuth() {
+		return wantClientAuth;
+	}
+
+	public void setWantClientAuth(boolean wantClientAuth) {
+		this.wantClientAuth = wantClientAuth;
+	}
+
+	/**
      * pull Sockets from the ServerSocket
      */
     public void run() {
         while (!isStopped()) {
-            Socket socket = null;
+        
+            Socket socket = null;
+     	  
             try {
-                socket = serverSocket.accept();
+
+            	if (serverSocket instanceof SSLServerSocket){
+            		socket = serverSocket.accept();
+            		if (needClientAuth) {
+            			((SSLSocket)socket).setNeedClientAuth(needClientAuth);
+            		} else {
+            			((SSLSocket)socket).setWantClientAuth(wantClientAuth);
+            		}
+            	} else {
+            		socket = serverSocket.accept();
+            	}
+
                 if (socket != null) {
                     if (isStopped() || getAcceptListener() == null) {
                         socket.close();

This mail has originated outside your organization, either from an external partner or the
Global Internet. Keep this in mind if you answer this message.

Mime
View raw message