cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian Schneider (JIRA)" <>
Subject [jira] Commented: (CXF-2055) jms transport: Support passing username of producer to SecurityContext
Date Sat, 21 Feb 2009 08:40:01 GMT


Christian Schneider commented on CXF-2055:

For Tibco EMS the information on how to setup this can be found in:
tib_ems_users_guid.pdf / Chapter 2 Messages / JMS Message Structure / EMS Message properties
and Chapter 3 Destinations / Destination Properties / sender name enforced

>From my viewpoint it makes sense to configure send_name_enforced for all destinations

> jms transport: Support passing username of producer to SecurityContext
> ----------------------------------------------------------------------
>                 Key: CXF-2055
>                 URL:
>             Project: CXF
>          Issue Type: New Feature
>          Components: Transports
>    Affects Versions: 2.1.4
>            Reporter: Christian Schneider
>            Priority: Minor
>             Fix For: 2.2
> The HTTP transport sets a SecurityContext object in the message. This allows the server
implementor to retrieve the user principal and its roles from the message. For JAX-WS the
principal and roles are then also available in the WebServiceContext.
> JMS vendors support retrieving the username of the prodcuer that sent a message. In the
JMSDestination this information could be added to the message in a new SecurityContext object.
> Unfortunately there is no common standard for this. So we need to figure out how each
vendor does this:
> In Tibco you have to add the following line to queues.conf: > sender_name_enforced.
This means that tibco should add the authenticated user name in the jms property JMS_TIBCO_SENDER
to every message in every queue. 
> In ActiveMq I have found from the documentation that you can use the option populateJMSXUserID.
Then ActiveMQ sets the property JMSXUserID.
> Perhaps we can find the necessary settings for other jms servers too like IBM MQ.
> I would propose to simply check the possible locations where the usename could be set
in the different providers. It is important though that we make sure the producer canĀ“t simply
set the property we use by himself as this would defy any security.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message