Return-Path: Delivered-To: apmail-cxf-issues-archive@www.apache.org Received: (qmail 75003 invoked from network); 21 Feb 2009 08:40:23 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 21 Feb 2009 08:40:23 -0000 Received: (qmail 45100 invoked by uid 500); 21 Feb 2009 08:40:22 -0000 Delivered-To: apmail-cxf-issues-archive@cxf.apache.org Received: (qmail 45086 invoked by uid 500); 21 Feb 2009 08:40:22 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 45075 invoked by uid 99); 21 Feb 2009 08:40:22 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 21 Feb 2009 00:40:22 -0800 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 21 Feb 2009 08:40:22 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id C0292234C495 for ; Sat, 21 Feb 2009 00:40:01 -0800 (PST) Message-ID: <1742069172.1235205601772.JavaMail.jira@brutus> Date: Sat, 21 Feb 2009 00:40:01 -0800 (PST) From: "Christian Schneider (JIRA)" To: issues@cxf.apache.org Subject: [jira] Commented: (CXF-2055) jms transport: Support passing username of producer to SecurityContext In-Reply-To: <1131073668.1235204762150.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/CXF-2055?page=3Dcom.atlassian.j= ira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D126755= 37#action_12675537 ]=20 Christian Schneider commented on CXF-2055: ------------------------------------------ For Tibco EMS the information on how to setup this can be found in: tib_ems_users_guid.pdf / Chapter 2 Messages / JMS Message Structure / EMS M= essage properties and Chapter 3 Destinations / Destination Properties / sender name enforced >From my viewpoint it makes sense to configure send_name_enforced for all de= stinations > jms transport: Support passing username of producer to SecurityContext > ---------------------------------------------------------------------- > > Key: CXF-2055 > URL: https://issues.apache.org/jira/browse/CXF-2055 > Project: CXF > Issue Type: New Feature > Components: Transports > Affects Versions: 2.1.4 > Reporter: Christian Schneider > Priority: Minor > Fix For: 2.2 > > > The HTTP transport sets a SecurityContext object in the message. This all= ows the server implementor to retrieve the user principal and its roles fro= m the message. For JAX-WS the principal and roles are then also available i= n the WebServiceContext. > JMS vendors support retrieving the username of the prodcuer that sent a m= essage. In the JMSDestination this information could be added to the messag= e in a new SecurityContext object. =20 > Unfortunately there is no common standard for this. So we need to figure = out how each vendor does this: > In Tibco you have to add the following line to queues.conf: > sender_name= _enforced. This means that tibco should add the authenticated user name in = the jms property JMS_TIBCO_SENDER to every message in every queue.=20 > In ActiveMq I have found from the documentation that you can use the opti= on populateJMSXUserID. Then ActiveMQ sets the property JMSXUserID. > Perhaps we can find the necessary settings for other jms servers too like= IBM MQ. > I would propose to simply check the possible locations where the usename = could be set in the different providers. It is important though that we mak= e sure the producer can=C2=B4t simply set the property we use by himself as= this would defy any security. --=20 This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.