[jboss-jira] [JBoss JIRA] (WFLY-6644) Provide container managed sign on in configuration of pooled-connection-factory

Miroslav Novak (JIRA) issues at jboss.org
Tue May 31 03:09:00 EDT 2016 

     [ https://issues.jboss.org/browse/WFLY-6644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Miroslav Novak updated WFLY-6644:
---------------------------------
    Description: 
Currently it's not possible to configure container managed sign-on for Artemis RA in <pooled-connection-factory> in messaging-activemq subsystem. This will allow to provide authentication information when new connection to Artemis broker is created without specifying username and password when calling connectionFactory.createConnection(). 

Such security-domain could look like:
{code}<security-domain name="CrashRecoveryDomain0">
                    <authentication>
                        <login-module code="ConfiguredIdentity" flag="required">
                            <module-option name="principal" value="crash0"/>
                            <module-option name="password" value="crash0"/>
                            <module-option name="password-stacking" value="useFirstPass"/>
                            <module-option name="userName" value="crash0"/>
                        </login-module>
                    </authentication>
                </security-domain>{code}

The main benefit is that username and password can be omitted when creating new connection and does not have to be hard cored in EJB/Servlet. This could be used for inbound connections as well. We should allow to specify default-principal-name which would be used for authentication. There is more info about this approach in WebLogic documentatin [1].

[1] https://docs.oracle.com/cd/E13222_01/wls/docs92/resadapter/security.html

  was:
Currently it's not possible to configure container managed sign-on for Artemis RA in <pooled-connection-factory> in messaging-activemq subsystem. This will allow to provide authentication information when new connection to Artemis broker is created without specifying username and password when calling connectionFactory.createConnection(). 

Such security-domain could look like:
<security-domain name="CrashRecoveryDomain0">
                    <authentication>
                        <login-module code="ConfiguredIdentity" flag="required">
                            <module-option name="principal" value="crash0"/>
                            <module-option name="password" value="crash0"/>
                            <module-option name="password-stacking" value="useFirstPass"/>
                            <module-option name="userName" value="crash0"/>
                        </login-module>
                    </authentication>
                </security-domain>

The main benefit is that username and password can be omitted when creating new connection and does not have to be hard cored in EJB/Servlet. This could be used for inbound connections as well. We should allow to specify default-principal-name which would be used for authentication. There is more info about this approach in WebLogic documentatin [1].

[1] https://docs.oracle.com/cd/E13222_01/wls/docs92/resadapter/security.html



> Provide container managed sign on in configuration of pooled-connection-factory
> -------------------------------------------------------------------------------
>
>                 Key: WFLY-6644
>                 URL: https://issues.jboss.org/browse/WFLY-6644
>             Project: WildFly
>          Issue Type: Bug
>          Components: JMS
>    Affects Versions: 10.0.0.Final
>            Reporter: Miroslav Novak
>            Assignee: Jeff Mesnil
>
> Currently it's not possible to configure container managed sign-on for Artemis RA in <pooled-connection-factory> in messaging-activemq subsystem. This will allow to provide authentication information when new connection to Artemis broker is created without specifying username and password when calling connectionFactory.createConnection(). 
> Such security-domain could look like:
> {code}<security-domain name="CrashRecoveryDomain0">
>                     <authentication>
>                         <login-module code="ConfiguredIdentity" flag="required">
>                             <module-option name="principal" value="crash0"/>
>                             <module-option name="password" value="crash0"/>
>                             <module-option name="password-stacking" value="useFirstPass"/>
>                             <module-option name="userName" value="crash0"/>
>                         </login-module>
>                     </authentication>
>                 </security-domain>{code}
> The main benefit is that username and password can be omitted when creating new connection and does not have to be hard cored in EJB/Servlet. This could be used for inbound connections as well. We should allow to specify default-principal-name which would be used for authentication. There is more info about this approach in WebLogic documentatin [1].
> [1] https://docs.oracle.com/cd/E13222_01/wls/docs92/resadapter/security.html



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list