[jboss-jira] [JBoss JIRA] Updated: (JBMESSAGING-1127) Use SSL certificate for client authentication

Tim Fox (JIRA) jira-events at lists.jboss.org
Fri Feb 6 02:24:45 EST 2009 

     [ https://jira.jboss.org/jira/browse/JBMESSAGING-1127?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tim Fox updated JBMESSAGING-1127:
---------------------------------

    Fix Version/s: 2.1.0.beta
                       (was: 2.0.0 Beta)


> Use SSL certificate for client authentication
> ---------------------------------------------
>
>                 Key: JBMESSAGING-1127
>                 URL: https://jira.jboss.org/jira/browse/JBMESSAGING-1127
>             Project: JBoss Messaging
>          Issue Type: Feature Request
>          Components: JMS Remoting, JMS Security
>    Affects Versions: 1.4.0.GA
>         Environment: JBAS 4.2.1 on Solaris 9 and 10, Sun JVM 1.5.0
>            Reporter: Brendan Sibre
>            Assignee: Tim Fox
>             Fix For: 2.1.0.beta
>
>
> Clients connect to JBM using the sslbisocket connector.  They should be able to use a client certificate to authenticate them via my custom loginmodule (which has been tested and works with EJBs, Tomcat, etc).
> Use the principal created by the SSL connection for the getConnection() so that I do not need to pass a username and password.  It seems that the callback handler used by the JBoss Messaging and the remoting SSLBisocket connector needs to be able to handle an X509Callback.  This probably means that
> it will need to be a HandshakeCompletedListener on the remoting connector.
> Ideally, this method of authentication would be configured with the connector and then JBoss Messaging would use a CallerIdentityLoginModule to
> accept the Subject that already exists so that JBoss Messaging will continue to work with EJBs (JmsXA) etc.
> Forum posts include links to other potentially related JIRA issues.  Hopefully JBoss Messaging can address this issue as it fits in the junction between
> JBM and remoting.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list