[
https://issues.apache.org/jira/browse/QPIDJMS-548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17416660#comment-17416660
]
ASF GitHub Bot commented on QPIDJMS-548:
----------------------------------------
michaelandrepearce edited a comment on pull request #43:
URL: https://github.com/apache/qpid-jms/pull/43#issuecomment-921763750
@gemmellr the issue, we are getting is that whilst ActiveMQ (Openwire) and
ActiveMQ Artemis (CORE) clients seem to be honouring the credentials when set
via JMS as such its vendor agnostic and secrets can be present to app securely
and separately
connectionFactory.createConnection(user,password)
where as with Qpid we are getting issue whereby connecting to secured
artemis clusters we seem to be having to set the credentials on the CF itself
for it to be happy with artemis when secured. And thus looking for options how
to securly and in an agnostic way (by using JNDI properties that are explicitly
meant for credentials) set that then on the CF if it is having issues not
honouring the creds passed when we do
connectionFactory.createConnection(user,password)
putting credentials in url, isnt the best as you are essentially mixing a
config item with a security item, e.g. i want the URL to be visible to ops/dev
teams theres no security concerns there, but credentials clearly more
sensitive. Thus why to look to use the JNDI properties that are meant for
credentials.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
> Support using principle and credentials from jndi context for default CF when
> using naming url
> ----------------------------------------------------------------------------------------------
>
> Key: QPIDJMS-548
> URL: https://issues.apache.org/jira/browse/QPIDJMS-548
> Project: Qpid JMS
> Issue Type: Improvement
> Components: qpid-jms-client
> Reporter: Michael Andre Pearce
> Priority: Major
> Fix For: 1.2.0
>
>
> Since QPIDJMS-542 it possible to provide the url on the context via
> java.naming.provider.url, as an extension / enhancement to this would be to
> support using the jndi context security principle and security context.
> e.g.
> java.naming.factory.initial=org.apache.qpid.jms.jndi.JmsInitialContextFactory
> java.naming.provider.url=failover:(amqps://host1:5672,amqps://host2:5672)
> java.naming.security.principal=myuser
> java.naming.security.credentials=mypassword
>
> Would set the user and password on the connection factory to "myuser" and
> "mypassword"
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
