[
https://issues.apache.org/jira/browse/PROTON-1606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16191571#comment-16191571
]
Robbie Gemmell commented on PROTON-1606:
----------------------------------------
You say it breaks your ability to use amqps. Would I be right in assuming what
you mean is that you cant use ANONMOUS when using TLS either because your
service doesn't offer that mechanism, or perhaps because it does but aligns
using it with requirement to perform other actions (e.g a higher level
token-based authentication system) that you don't want to do?
In either case, I'd assume that to authenticate you instead normally either use
another SASL mechnism, e.g PLAIN might do since its over TLS, or instead
require use of client certificate based authentication but still want to avoid
ANONYMOUS if offered when doing so (and could also drop the SASL layer
entirely). Traditionally servers supporting the latter would offer the SASL
EXTERNAL mechanism to clients with certificates. If you know its either of
those cases then its possible to do those already by adjusting the SASL
behaviour in the connection bound callback. If not, I don't think a method on
the transport would really work with how it is created and used, so its
probably better to think about adding something to stop the reactor creating
the transport SASL layer to begin with.
> (Proton-J) Using Sasl needs to be optional for Client Role
> ----------------------------------------------------------
>
> Key: PROTON-1606
> URL: https://issues.apache.org/jira/browse/PROTON-1606
> Project: Qpid Proton
> Issue Type: Improvement
> Components: proton-j
> Affects Versions: proton-j-0.22.0
> Environment: N/A
> Reporter: tim taylor
> Original Estimate: 8h
> Remaining Estimate: 8h
>
> In order for my application to use Proton-j for amqps messaging, the Sasl
> layer cannot be created by the global handler (IOHandler) at
> CONNECTION_LOCAL_OPEN time. The code below breaks our ability to use proton-j
> for amqps messaging as a CLIENT against our service.
> ...
> sasl = transport.sasl();
> sasl.client();
> sasl.setMechanisms("ANONYMOUS");
> ...
> I need these three lines of code to be optional in the global handler, or for
> a new API that allows a transport implementation to undo creating the Sasl
> layer.
> Something like:
> ....
> Transport transport = event.getConnection().getTransport();
> transport.disableSasl();
> ....
> The service I am hitting against is not using Proton-j as the SERVER role.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
