[jboss-jira] [JBoss JIRA] Commented: (JBMESSAGING-1490) BridgeService should be JAAS aware

BridgeService should be JAAS aware ---------------------------------- Key: JBMESSAGING-1490 URL: https://jira.jboss.org/jira/browse/JBMESSAGING-1490 Project: JBoss Messaging Issue Type: Feature Request Affects Versions: 1.4.2.GA Environment: n/a Reporter: Nicholas Sayer Assignee: Howard Gao Priority: Optional org.jboss.jms.server.bridge.BridgeService currently requires a username and password for the source and destination. It would be better if it could be configured with a JAAS login context name. This would allow username and password information to be set in, for example, a SecureIdentityLoginModule. For example: <application-policy name = "JmsBridgeRealm"> <authentication> <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required"> <module-option name = "principal">${bridge.user}</module-option> <module-option name = "userName">${bridge.user}</module-option> <module-option name = "password">${bridge.encryptedPassword}</module-option> <module-option name = "ignoreMissigingMCF">true</module-option> <!-- it is a separate bug that you must set managedConnectionFactoryName to something regardless of setting ignoreMissingMCF to true --> <module-option name = "managedConnectionFactoryName">jboss.nonexistent:service=NonExistent,name=NonExistent</module-option> </login-module> </authentication> </application-policy> There is undoubtedly a better way to accomplish this (probably to pass the JAAS context directly into the JMS connection factory used to vend connections for the bridge), but we're using this as a crude hack for now: import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.security.auth.login.CredentialNotFoundException; import javax.resource.spi.security.PasswordCredential; import org.jboss.jms.server.bridge.BridgeService; public class JAASAwareBridgeService extends BridgeService { private String sourceContext, targetContext; public void setSourceLoginContext(String ctxName) { this.sourceContext = ctxName; } public String getSourceLoginContext() { return this.sourceContext; } public void setTargetLoginContext(String ctxName) { this.targetContext = ctxName; } public String getTargetLoginContext() { return this.targetContext; } public void start() throws Exception { setupSourceCredentials(); setupTargetCredentials(); super.start(); } private void setupSourceCredentials() throws LoginException { PasswordCredential pc = getPasswordCredential(this.sourceContext); super.setSourceUsername(pc.getUserName()); super.setSourcePassword(new String(pc.getPassword())); } private void setupTargetCredentials() throws LoginException { PasswordCredential pc = getPasswordCredential(this.targetContext); super.setTargetUsername(pc.getUserName()); super.setTargetPassword(new String(pc.getPassword())); } private static PasswordCredential getPasswordCredential(String contextName) throws LoginException { LoginContext ctx = new LoginContext(contextName); ctx.login(); Subject s = ctx.getSubject(); Set<PasswordCredential> creds = s.getPrivateCredentials(PasswordCredential.class); if (creds.isEmpty()) throw new CredentialNotFoundException("Login context '" + contextName + "' subject has no PasswordCredential"); return creds.iterator().next(); // get 1st } }