cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From johnpfeifer4 <johnpfeif...@gmail.com>
Subject Re: Spring Security with CXF JMS Endpoint
Date Mon, 01 Feb 2010 21:55:27 GMT

I've done some digging... I'm going to need the username and password to
validate against our spring security authentication provider.

I'm thinking that I could configure the interceptor to look for user/pass in
JMS Headers or in a single header (in the case of Basic Auth).  I'll have to
dig around a bit more and let you know what I find.

Thanks,

John

Andreas Veithen-2 wrote:
> 
> Isn't the JMSXUserID set to the user who connected to the broker?
> Since John's use case is a HTTP->JMS bridge with HTTP Basic Auth, I
> would be surprised that the connection to the broker is opened using
> the credentials of the user who submitted the HTTP request.
> 
> Andreas
> 
> On Mon, Feb 1, 2010 at 21:16, Daniel Kulp <dkulp@apache.org> wrote:
>>
>> Christian recently did some updates to the JMS transport to pull the
>> JMSXUserID from the JMS Message and stick that into our SecurityContext.
>>   You
>> would probably need an interceptor that would then take that and feed
>> that
>> into the Spring security context.      If you do develop some
>> interceptors for
>> this, we'd love to have them.  :-)
>>
>> Dan
>>
>>
>>
>>
>> On Mon February 1 2010 1:51:44 pm johnpfeifer4 wrote:
>>> I was wondering if anyone has an example of implement spring security
>>> with
>>>  a CXF JMS Endpoint.  We currently secure all of our endpoints with the
>>>  <security:http> element, limiting access to certain endpoints to a
>>>  particular role(s).
>>>
>>> Now we have a requirement to enforce security for JMS endpoints.  It
>>> seems
>>> that the listener that picks it off the JMS queue would have to know
>>> where
>>> to find the credentials on the message.   Perhaps we need to write our
>>> own
>>> interceptors to do this?
>>>
>>> I figured I would post here before I start my own investigation.  Any
>>> help
>>> would be greatly appreciated.
>>>
>>> Thanks,
>>>
>>> John
>>>
>>
>> --
>> Daniel Kulp
>> dkulp@apache.org
>> http://www.dankulp.com/blog
>>
> 
> 

-- 
View this message in context: http://old.nabble.com/Spring-Security-with-CXF-JMS-Endpoint-tp27409262p27412082.html
Sent from the cxf-user mailing list archive at Nabble.com.


Mime
View raw message