[jboss-jira] [JBoss JIRA] Updated: (JBMESSAGING-1490) BridgeService should be JAAS aware
Yong Hao Gao (JIRA)
jira-events at lists.jboss.org
Thu Sep 8 23:33:41 EDT 2011
[ https://issues.jboss.org/browse/JBMESSAGING-1490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yong Hao Gao updated JBMESSAGING-1490:
--------------------------------------
Fix Version/s: 1.4.8.SP4
(was: 1.4.8.SP3)
> BridgeService should be JAAS aware
> ----------------------------------
>
> Key: JBMESSAGING-1490
> URL: https://issues.jboss.org/browse/JBMESSAGING-1490
> Project: JBoss Messaging
> Issue Type: Feature Request
> Affects Versions: 1.4.2.GA
> Environment: n/a
> Reporter: Nicholas Sayer
> Assignee: Yong Hao Gao
> Priority: Optional
> Fix For: 1.4.0.SP3.CP15, 1.4.8.SP4
>
>
> org.jboss.jms.server.bridge.BridgeService currently requires a username and password for the source and destination. It would be better if it could be configured with a JAAS login context name. This would allow username and password information to be set in, for example, a SecureIdentityLoginModule. For example:
> <application-policy name = "JmsBridgeRealm">
> <authentication>
> <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required">
> <module-option name = "principal">${bridge.user}</module-option>
> <module-option name = "userName">${bridge.user}</module-option>
> <module-option name = "password">${bridge.encryptedPassword}</module-option>
> <module-option name = "ignoreMissigingMCF">true</module-option>
> <!-- it is a separate bug that you must set managedConnectionFactoryName to something regardless of setting ignoreMissingMCF to true -->
> <module-option name = "managedConnectionFactoryName">jboss.nonexistent:service=NonExistent,name=NonExistent</module-option>
> </login-module>
> </authentication>
> </application-policy>
> There is undoubtedly a better way to accomplish this (probably to pass the JAAS context directly into the JMS connection factory used to vend connections for the bridge), but we're using this as a crude hack for now:
> import java.util.Set;
> import javax.security.auth.Subject;
> import javax.security.auth.login.LoginContext;
> import javax.security.auth.login.LoginException;
> import javax.security.auth.login.CredentialNotFoundException;
> import javax.resource.spi.security.PasswordCredential;
> import org.jboss.jms.server.bridge.BridgeService;
> public class JAASAwareBridgeService extends BridgeService {
> private String sourceContext, targetContext;
> public void setSourceLoginContext(String ctxName) { this.sourceContext = ctxName; }
> public String getSourceLoginContext() { return this.sourceContext; }
> public void setTargetLoginContext(String ctxName) { this.targetContext = ctxName; }
> public String getTargetLoginContext() { return this.targetContext; }
> public void start() throws Exception {
> setupSourceCredentials();
> setupTargetCredentials();
> super.start();
> }
> private void setupSourceCredentials() throws LoginException {
> PasswordCredential pc = getPasswordCredential(this.sourceContext);
> super.setSourceUsername(pc.getUserName());
> super.setSourcePassword(new String(pc.getPassword()));
> }
> private void setupTargetCredentials() throws LoginException {
> PasswordCredential pc = getPasswordCredential(this.targetContext);
> super.setTargetUsername(pc.getUserName());
> super.setTargetPassword(new String(pc.getPassword()));
> }
> private static PasswordCredential getPasswordCredential(String contextName) throws LoginException {
> LoginContext ctx = new LoginContext(contextName);
> ctx.login();
> Subject s = ctx.getSubject();
> Set<PasswordCredential> creds = s.getPrivateCredentials(PasswordCredential.class);
> if (creds.isEmpty())
> throw new CredentialNotFoundException("Login context '" + contextName + "' subject has no PasswordCredential");
> return creds.iterator().next(); // get 1st
> }
> }
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list