[
https://jira.jboss.org/jira/browse/JBMESSAGING-1490?page=com.atlassian.ji...
]
Nicholas Sayer commented on JBMESSAGING-1490:
---------------------------------------------
See also JBAS-6397 (for the part about having to specify a dummy ManagedConnectionFactory
in the JAAS context).
BridgeService should be JAAS aware
----------------------------------
Key: JBMESSAGING-1490
URL:
https://jira.jboss.org/jira/browse/JBMESSAGING-1490
Project: JBoss Messaging
Issue Type: Feature Request
Affects Versions: 1.4.2.GA
Environment: n/a
Reporter: Nicholas Sayer
Assignee: Howard Gao
Priority: Optional
org.jboss.jms.server.bridge.BridgeService currently requires a username and password for
the source and destination. It would be better if it could be configured with a JAAS login
context name. This would allow username and password information to be set in, for
example, a SecureIdentityLoginModule. For example:
<application-policy name = "JmsBridgeRealm">
<authentication>
<login-module code =
"org.jboss.resource.security.SecureIdentityLoginModule" flag =
"required">
<module-option name =
"principal">${bridge.user}</module-option>
<module-option name =
"userName">${bridge.user}</module-option>
<module-option name =
"password">${bridge.encryptedPassword}</module-option>
<module-option name =
"ignoreMissigingMCF">true</module-option>
<!-- it is a separate bug that you must set managedConnectionFactoryName to something
regardless of setting ignoreMissingMCF to true -->
<module-option name =
"managedConnectionFactoryName">jboss.nonexistent:service=NonExistent,name=NonExistent</module-option>
</login-module>
</authentication>
</application-policy>
There is undoubtedly a better way to accomplish this (probably to pass the JAAS context
directly into the JMS connection factory used to vend connections for the bridge), but
we're using this as a crude hack for now:
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.CredentialNotFoundException;
import javax.resource.spi.security.PasswordCredential;
import org.jboss.jms.server.bridge.BridgeService;
public class JAASAwareBridgeService extends BridgeService {
private String sourceContext, targetContext;
public void setSourceLoginContext(String ctxName) { this.sourceContext = ctxName;
}
public String getSourceLoginContext() { return this.sourceContext; }
public void setTargetLoginContext(String ctxName) { this.targetContext = ctxName;
}
public String getTargetLoginContext() { return this.targetContext; }
public void start() throws Exception {
setupSourceCredentials();
setupTargetCredentials();
super.start();
}
private void setupSourceCredentials() throws LoginException {
PasswordCredential pc = getPasswordCredential(this.sourceContext);
super.setSourceUsername(pc.getUserName());
super.setSourcePassword(new String(pc.getPassword()));
}
private void setupTargetCredentials() throws LoginException {
PasswordCredential pc = getPasswordCredential(this.targetContext);
super.setTargetUsername(pc.getUserName());
super.setTargetPassword(new String(pc.getPassword()));
}
private static PasswordCredential getPasswordCredential(String contextName)
throws LoginException {
LoginContext ctx = new LoginContext(contextName);
ctx.login();
Subject s = ctx.getSubject();
Set<PasswordCredential> creds =
s.getPrivateCredentials(PasswordCredential.class);
if (creds.isEmpty())
throw new CredentialNotFoundException("Login context
'" + contextName + "' subject has no PasswordCredential");
return creds.iterator().next(); // get 1st
}
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira