activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rousseau <steve.co...@excite.com>
Subject Authentication pattern with JMS?
Date Wed, 25 Apr 2007 03:09:06 GMT

I'm looking to use ActiveMQ as a transport to my applications API as an
alternative to using raw sockets. As I'm only using JMS as a transport
layer, I don't think it's appropriate to use the ActiveMQ security, but I
still need users to be authenticated.

I had a look at the response/request pattern in the docs, and wonder if the
following logic is the right one to use:

# Client creates a temporaryqueue for responses (reponseQueue)
# Client sends a message to the servers standard "login" queue, with
replyTo() = responseQueue
# Server checks the "login" queue for the new message
# Server creates its own temporaryqueue for this users requests
(requestQueue)
# Server sends a message with a random string (salt) to responseQueue, with
replyTo() = requestQueue
# Client calculates the MD5 hash of password + salt, and sends a message
with user and md5hash to requestQueue
# Server authenticates the MD5 hash, and sends an ack message to
responseQueue stating authentication OK or failed
# if OK, Client should then send all messages to requestQueue and Server
treats all messages on that queue as authenticated

Does this make sense? or is there any way for unauthenticated users to spoof
the requestQueue or listen in on responseQueue?

/Steve
-- 
View this message in context: http://www.nabble.com/Authentication-pattern-with-JMS--tf3642791s2354.html#a10173547
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message