cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: Spring Security with CXF JMS Endpoint
Date Mon, 01 Feb 2010 22:03:03 GMT
On Mon February 1 2010 4:55:27 pm johnpfeifer4 wrote:
> I've done some digging... I'm going to need the username and password to
> validate against our spring security authentication provider.
> 
> I'm thinking that I could configure the interceptor to look for user/pass
>  in JMS Headers or in a single header (in the case of Basic Auth).  I'll
>  have to dig around a bit more and let you know what I find.

Yea.   If you need that, then the JMSXUserID wouldn't be appropriate.   In 
that case, you would call mesage.get(Message.PROTOCOL_HEADERS) and get the 
header out of there.    

Dan

> 
> Thanks,
> 
> John
> 
> Andreas Veithen-2 wrote:
> > Isn't the JMSXUserID set to the user who connected to the broker?
> > Since John's use case is a HTTP->JMS bridge with HTTP Basic Auth, I
> > would be surprised that the connection to the broker is opened using
> > the credentials of the user who submitted the HTTP request.
> >
> > Andreas
> >
> > On Mon, Feb 1, 2010 at 21:16, Daniel Kulp <dkulp@apache.org> wrote:
> >> Christian recently did some updates to the JMS transport to pull the
> >> JMSXUserID from the JMS Message and stick that into our SecurityContext.
> >>   You
> >> would probably need an interceptor that would then take that and feed
> >> that
> >> into the Spring security context.      If you do develop some
> >> interceptors for
> >> this, we'd love to have them.  :-)
> >>
> >> Dan
> >>
> >> On Mon February 1 2010 1:51:44 pm johnpfeifer4 wrote:
> >>> I was wondering if anyone has an example of implement spring security
> >>> with
> >>>  a CXF JMS Endpoint.  We currently secure all of our endpoints with the
> >>>  <security:http> element, limiting access to certain endpoints to
a
> >>>  particular role(s).
> >>>
> >>> Now we have a requirement to enforce security for JMS endpoints.  It
> >>> seems
> >>> that the listener that picks it off the JMS queue would have to know
> >>> where
> >>> to find the credentials on the message.   Perhaps we need to write our
> >>> own
> >>> interceptors to do this?
> >>>
> >>> I figured I would post here before I start my own investigation.  Any
> >>> help
> >>> would be greatly appreciated.
> >>>
> >>> Thanks,
> >>>
> >>> John
> >>
> >> --
> >> Daniel Kulp
> >> dkulp@apache.org
> >> http://www.dankulp.com/blog
> 

-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog

Mime
View raw message