Hi Waruna, According to the diagram, authentication happens on a new "connection". Is my observation correct? There will be no need to do that for sessions created by that connection as same user will be creating them.
Thanks On Wed, Dec 13, 2017 at 11:03 PM, Waruna Jayaweera <[email protected]> wrote: > Hi, > AMQP specification defined the authentication mechanism and security > content data is based on Simple Authentication and Security Layer(SASL) > framework. Following figure shows the proposed implementation for $subject. > > [image: Inline image 1] > > Once client request a connection, server will send the supported SASL > mechanisms ( ex. Plain Text) to client. After that client will send the > selected mechanism + auth response data. Server will create SASL server > based on the client mechanism and then server will evaluate the client > authentication data and callback handler will be executed for > authentication. It will be done using following two extension points. > > 1. Authenticator - Interface to authenticate mechanism based on > security framework .We will use Java Authentication and Authorization > Service (JAAS) as default authentication implementation. > 2. JAAS Modules - Uses can defined own JAAS Login module as well. > > If authentication is success, connection will be established or else will > send authentication error. > > Thanks, > Waruna > > -- > Regards, > > Waruna Lakshitha Jayaweera > Senior Software Engineer > WSO2 Inc; http://wso2.com > phone: +94713255198 > http://waruapz.blogspot.com/ > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Hasitha Abeykoon* Associate Technical Lead; WSO2, Inc.; http://wso2.com *cell:* *+94 719363063* *blog: **abeykoon.blogspot.com* <http://abeykoon.blogspot.com>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
