activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Strachan" <james.strac...@gmail.com>
Subject Re: Authentication pattern with JMS?
Date Wed, 25 Apr 2007 05:28:19 GMT
It'd be much eaiser to just create a connnection per user/client and
use the built in JMS authentication
(ConnectionFactory.createConnection())
http://activemq.apache.org/security.html

Then you'd get the benefit of being able to use fine grained
destination based authorisation as well as things like the broker
providing details of the user who sent a message etc
http://activemq.apache.org/jmsxuserid.html

On 4/25/07, rousseau <steve.cook1@excite.com> wrote:
>
> I'm looking to use ActiveMQ as a transport to my applications API as an
> alternative to using raw sockets. As I'm only using JMS as a transport
> layer, I don't think it's appropriate to use the ActiveMQ security, but I
> still need users to be authenticated.
>
> I had a look at the response/request pattern in the docs, and wonder if the
> following logic is the right one to use:
>
> # Client creates a temporaryqueue for responses (reponseQueue)
> # Client sends a message to the servers standard "login" queue, with
> replyTo() = responseQueue
> # Server checks the "login" queue for the new message
> # Server creates its own temporaryqueue for this users requests
> (requestQueue)
> # Server sends a message with a random string (salt) to responseQueue, with
> replyTo() = requestQueue
> # Client calculates the MD5 hash of password + salt, and sends a message
> with user and md5hash to requestQueue
> # Server authenticates the MD5 hash, and sends an ack message to
> responseQueue stating authentication OK or failed
> # if OK, Client should then send all messages to requestQueue and Server
> treats all messages on that queue as authenticated
>
> Does this make sense? or is there any way for unauthenticated users to spoof
> the requestQueue or listen in on responseQueue?
>
> /Steve
> --
> View this message in context: http://www.nabble.com/Authentication-pattern-with-JMS--tf3642791s2354.html#a10173547
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>


-- 

James
-------
http://radio.weblogs.com/0112098/

Mime
View raw message