cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian Schneider (JIRA)" <j...@apache.org>
Subject [jira] Created: (CXF-2055) jms transport: Support passing username of producer to SecurityContext
Date Sat, 21 Feb 2009 08:26:02 GMT
jms transport: Support passing username of producer to SecurityContext
----------------------------------------------------------------------

                 Key: CXF-2055
                 URL: https://issues.apache.org/jira/browse/CXF-2055
             Project: CXF
          Issue Type: New Feature
          Components: Transports
    Affects Versions: 2.1.4
            Reporter: Christian Schneider
            Priority: Minor
             Fix For: 2.2


The HTTP transport sets a SecurityContext object in the message. This allows the server implementor
to retrieve the user principal and its roles from the message. For JAX-WS the principal and
roles are then also available in the WebServiceContext.

JMS vendors support retrieving the username of the prodcuer that sent a message. In the JMSDestination
this information could be added to the message in a new SecurityContext object.  

Unfortunately there is no common standard for this. So we need to figure out how each vendor
does this:
In Tibco you have to add the following line to queues.conf: > sender_name_enforced. This
means that tibco should add the authenticated user name in the jms property JMS_TIBCO_SENDER
to every message in every queue. 
In ActiveMq I have found from the documentation that you can use the option populateJMSXUserID.
Then ActiveMQ sets the property JMSXUserID.
Perhaps we can find the necessary settings for other jms servers too like IBM MQ.

I would propose to simply check the possible locations where the usename could be set in the
different providers. It is important though that we make sure the producer canĀ“t simply set
the property we use by himself as this would defy any security.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message