FAQ
Hi,

I'm working on providing Container-managed security in Artemis
resource adapter for our app server.

Artemis RA has been coded to support it already. If there is a
security domain specified for its resource adapter, Artemis
ManagedConnection will use the security's Subject for its
authentication on the broker side.

However there is one use case that I'm not sure about.
When the user specifies credentials when calling the RA's
ConnectionFactory methods, Artemis discards them if there is a subject
from the SecurityDomain[1].
I would have expected the opposite: credential parameters from the
ConnectionRequestInfo should have precedence over the Subject's from
the security domain.

What do you think about changing that behaviour?

If there are credentials from the ConnectionRequestInfo, use them
else if there is a Subject, use it
else raise an exception.



[1] https://github.com/apache/activemq-artemis/blob/master/artemis-ra/src/main/java/org/apache/activemq/artemis/ra/ActiveMQRACredential.java#L122
--
Jeff Mesnil
jmesnil@gmail.com
http://jmesnil.net/weblog/

Search Discussions

  • Andy Taylor at Jun 6, 2016 at 8:34 am
    makes sense to me.
    On 3 June 2016 at 13:52, Jeff Mesnil wrote:

    Hi,

    I'm working on providing Container-managed security in Artemis
    resource adapter for our app server.

    Artemis RA has been coded to support it already. If there is a
    security domain specified for its resource adapter, Artemis
    ManagedConnection will use the security's Subject for its
    authentication on the broker side.

    However there is one use case that I'm not sure about.
    When the user specifies credentials when calling the RA's
    ConnectionFactory methods, Artemis discards them if there is a subject
    from the SecurityDomain[1].
    I would have expected the opposite: credential parameters from the
    ConnectionRequestInfo should have precedence over the Subject's from
    the security domain.

    What do you think about changing that behaviour?

    If there are credentials from the ConnectionRequestInfo, use them
    else if there is a Subject, use it
    else raise an exception.



    [1]
    https://github.com/apache/activemq-artemis/blob/master/artemis-ra/src/main/java/org/apache/activemq/artemis/ra/ActiveMQRACredential.java#L122
    --
    Jeff Mesnil
    jmesnil@gmail.com
    http://jmesnil.net/weblog/

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupdev @
categoriesactivemq
postedJun 3, '16 at 12:52p
activeJun 6, '16 at 8:34a
posts2
users2
websiteactivemq.apache.org

2 users in discussion

Jeff Mesnil: 1 post Andy Taylor: 1 post

People

Translate

site design / logo © 2018 Grokbase