hi,
I have implemented mutal authentication for AMQ by using needClientAuth and
wantClientAuth.
It can be set in the transportconnector as additional parameters e.g.
<transportConnectors>
<transportConnector uri="ssl://localhost:61616?needClientAuth=true"
discoveryUri="multicast://default"/>
</transportConnectors>
I needed to modify two classes for this: TransportFactory and
TcpTransportServer.
To this mail I have attached the .diff files. It would be nice to see this
feature in the next AMQ.
I hope this helps.
cya
mike
p.s. other ssl opetions can also be implemented in this way. It should be
really easy do to so.
--- D:\esb\TransportFactory.java 2006-04-03 00:21:14.000000000 +0200
+++ D:\ActiveMQ\org\apache\activemq\transport\TransportFactory.java
2006-04-20 14:27:29.812412800 +0200
@@ -111,6 +111,8 @@
public Transport doConnect(URI location) throws Exception {
try {
Map options = new HashMap(URISupport.parseParamters(location));
+ IntrospectionSupport.extractProperties(options, "needClientAuth");
+ IntrospectionSupport.extractProperties(options, "wantClientAuth");
WireFormat wf = createWireFormat(options);
Transport transport = createTransport(location, wf);
Transport rc = configure(transport, wf, options);
--- D:\esb\TcpTransportServer.java 2006-04-03 00:21:38.000000000 +0200
+++ D:\ActiveMQ\org\apache\activemq\transport\tcp\TcpTransportServer.java
2006-04-20 15:00:31.001222400 +0200
@@ -26,6 +26,12 @@
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.util.HashMap;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLSocket;
+
+import org.apache.activemq.util.IntrospectionSupport;
+import org.apache.activemq.util.URISupport;
+import java.util.Map;
import org.apache.activeio.command.WireFormat;
import org.apache.activeio.command.WireFormatFactory;
@@ -55,10 +61,14 @@
private long maxInactivityDuration = 30000;
private int minmumWireFormatVersion;
private boolean trace;
+ private boolean needClientAuth;
+ private boolean wantClientAuth;
public TcpTransportServer(URI location, ServerSocketFactory
serverSocketFactory) throws IOException, URISyntaxException {
super(location);
serverSocket = createServerSocket(location, serverSocketFactory);
+ Map options = new HashMap(URISupport.parseParamters(location));
+ IntrospectionSupport.setProperties(this, options);
serverSocket.setSoTimeout(2000);
updatePhysicalUri(location);
}
@@ -111,14 +121,43 @@
this.trace = trace;
}
- /**
+ public boolean isNeedClientAuth() {
+ return needClientAuth;
+ }
+
+ public void setNeedClientAuth(boolean needClientAuth) {
+ this.needClientAuth = needClientAuth;
+ }
+
+ public boolean isWantClientAuth() {
+ return wantClientAuth;
+ }
+
+ public void setWantClientAuth(boolean wantClientAuth) {
+ this.wantClientAuth = wantClientAuth;
+ }
+
+ /**
* pull Sockets from the ServerSocket
*/
public void run() {
while (!isStopped()) {
- Socket socket = null;
+
+ Socket socket = null;
+
try {
- socket = serverSocket.accept();
+
+ if (serverSocket instanceof SSLServerSocket){
+ socket = serverSocket.accept();
+ if (needClientAuth) {
+
((SSLSocket)socket).setNeedClientAuth(needClientAuth);
+ } else {
+
((SSLSocket)socket).setWantClientAuth(wantClientAuth);
+ }
+ } else {
+ socket = serverSocket.accept();
+ }
+
if (socket != null) {
if (isStopped() || getAcceptListener() == null) {
socket.close();
This mail has originated outside your organization, either from an external
partner or the Global Internet. Keep this in mind if you answer this message.
