[jboss-jira] [JBoss JIRA] Created: (JBMESSAGING-1490) BridgeService should be JAAS aware
Nicholas Sayer (JIRA)
jira-events at lists.jboss.org
Fri Jan 16 19:29:04 EST 2009
BridgeService should be JAAS aware
----------------------------------
Key: JBMESSAGING-1490
URL: https://jira.jboss.org/jira/browse/JBMESSAGING-1490
Project: JBoss Messaging
Issue Type: Feature Request
Affects Versions: 1.4.2.GA
Environment: n/a
Reporter: Nicholas Sayer
Assignee: Tim Fox
Priority: Optional
org.jboss.jms.server.bridge.BridgeService currently requires a username and password for the source and destination. It would be better if it could be configured with a JAAS login context name. This would allow username and password information to be set in, for example, a SecureIdentityLoginModule. For example:
<application-policy name = "JmsBridgeRealm">
<authentication>
<login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required">
<module-option name = "principal">${bridge.user}</module-option>
<module-option name = "userName">${bridge.user}</module-option>
<module-option name = "password">${bridge.encryptedPassword}</module-option>
<module-option name = "ignoreMissigingMCF">true</module-option>
<!-- it is a separate bug that you must set managedConnectionFactoryName to something regardless of setting ignoreMissingMCF to true -->
<module-option name = "managedConnectionFactoryName">jboss.nonexistent:service=NonExistent,name=NonExistent</module-option>
</login-module>
</authentication>
</application-policy>
There is undoubtedly a better way to accomplish this (probably to pass the JAAS context directly into the JMS connection factory used to vend connections for the bridge), but we're using this as a crude hack for now:
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.CredentialNotFoundException;
import javax.resource.spi.security.PasswordCredential;
import org.jboss.jms.server.bridge.BridgeService;
public class JAASAwareBridgeService extends BridgeService {
private String sourceContext, targetContext;
public void setSourceLoginContext(String ctxName) { this.sourceContext = ctxName; }
public String getSourceLoginContext() { return this.sourceContext; }
public void setTargetLoginContext(String ctxName) { this.targetContext = ctxName; }
public String getTargetLoginContext() { return this.targetContext; }
public void start() throws Exception {
setupSourceCredentials();
setupTargetCredentials();
super.start();
}
private void setupSourceCredentials() throws LoginException {
PasswordCredential pc = getPasswordCredential(this.sourceContext);
super.setSourceUsername(pc.getUserName());
super.setSourcePassword(new String(pc.getPassword()));
}
private void setupTargetCredentials() throws LoginException {
PasswordCredential pc = getPasswordCredential(this.targetContext);
super.setTargetUsername(pc.getUserName());
super.setTargetPassword(new String(pc.getPassword()));
}
private static PasswordCredential getPasswordCredential(String contextName) throws LoginException {
LoginContext ctx = new LoginContext(contextName);
ctx.login();
Subject s = ctx.getSubject();
Set<PasswordCredential> creds = s.getPrivateCredentials(PasswordCredential.class);
if (creds.isEmpty())
throw new CredentialNotFoundException("Login context '" + contextName + "' subject has no PasswordCredential");
return creds.iterator().next(); // get 1st
}
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list