cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Veithen <andreas.veit...@gmail.com>
Subject Re: Spring Security with CXF JMS Endpoint
Date Mon, 01 Feb 2010 21:47:17 GMT
Isn't the JMSXUserID set to the user who connected to the broker?
Since John's use case is a HTTP->JMS bridge with HTTP Basic Auth, I
would be surprised that the connection to the broker is opened using
the credentials of the user who submitted the HTTP request.

Andreas

On Mon, Feb 1, 2010 at 21:16, Daniel Kulp <dkulp@apache.org> wrote:
>
> Christian recently did some updates to the JMS transport to pull the
> JMSXUserID from the JMS Message and stick that into our SecurityContext.   You
> would probably need an interceptor that would then take that and feed that
> into the Spring security context.      If you do develop some interceptors for
> this, we'd love to have them.  :-)
>
> Dan
>
>
>
>
> On Mon February 1 2010 1:51:44 pm johnpfeifer4 wrote:
>> I was wondering if anyone has an example of implement spring security with
>>  a CXF JMS Endpoint.  We currently secure all of our endpoints with the
>>  <security:http> element, limiting access to certain endpoints to a
>>  particular role(s).
>>
>> Now we have a requirement to enforce security for JMS endpoints.  It seems
>> that the listener that picks it off the JMS queue would have to know where
>> to find the credentials on the message.   Perhaps we need to write our own
>> interceptors to do this?
>>
>> I figured I would post here before I start my own investigation.  Any help
>> would be greatly appreciated.
>>
>> Thanks,
>>
>> John
>>
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
>

Mime
View raw message