activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From huntc <hu...@mac.com>
Subject Re: Determining the client's AMQ interface within a JAAS login module
Date Tue, 19 May 2009 03:29:13 GMT

Sorry that I've taken so long to come back to this. However I think I have a
solution.

JaasCertificateAuthenticationBroker presently makes a check at line 73 as to
whether there is a security context:


if (context.getSecurityContext() == null) {


I am wondering if an additional check should be included to ensure that an
SSL transport is being used.

My use case is that I want the client's SSL certificate to be used for
authentication ONLY when SSL is being used as the transport. I do not
believe that it makes sense to look for an SSL certificate otherwise, and it
should be permissible to grant privileged access for other transports.

I propose a patch be made to line 73 along the lines of:


if (context.getConnector().getServer() instanceof SslTransportServer && 
  context.getSecurityContext() == null) {


Does anyone agree/disagree?

Kind regards,
Christopher
-- 
View this message in context: http://www.nabble.com/Determining-the-client%27s-AMQ-interface-within-a-JAAS-login-module-tp23018992p23609154.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message