[jira] Resolved: (CXF-2055) jms transport: Support passing username of producer to SecurityContext

Mon, 05 Oct 2009 14:56:59 -0700 

     [ 
https://issues.apache.org/jira/browse/CXF-2055?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Christian Schneider resolved CXF-2055.
--------------------------------------

       Resolution: Fixed
    Fix Version/s: 2.3

The current implementation only implements setting the scurity context from 
JMSXUserID. So it will not work for Tibco. The implementation for Tibco will be 
done in a separate issue.

> jms transport: Support passing username of producer to SecurityContext
> ----------------------------------------------------------------------
>
>                 Key: CXF-2055
>                 URL: https://issues.apache.org/jira/browse/CXF-2055
>             Project: CXF
>          Issue Type: New Feature
>          Components: Transports
>    Affects Versions: 2.1.4
>            Reporter: Christian Schneider
>            Assignee: Christian Schneider
>            Priority: Minor
>             Fix For: 2.3
>
>
> The HTTP transport sets a SecurityContext object in the message. This allows 
> the server implementor to retrieve the user principal and its roles from the 
> message. For JAX-WS the principal and roles are then also available in the 
> WebServiceContext.
> JMS vendors support retrieving the username of the prodcuer that sent a 
> message. In the JMSDestination this information could be added to the message 
> in a new SecurityContext object.  
> Unfortunately there is no common standard for this. So we need to figure out 
> how each vendor does this:
> In Tibco you have to add the following line to queues.conf: > 
> sender_name_enforced. This means that tibco should add the authenticated user 
> name in the jms property JMS_TIBCO_SENDER to every message in every queue. 
> In ActiveMq I have found from the documentation that you can use the option 
> populateJMSXUserID. Then ActiveMQ sets the property JMSXUserID.
> Perhaps we can find the necessary settings for other jms servers too like IBM 
> MQ.
> I would propose to simply check the possible locations where the usename 
> could be set in the different providers. It is important though that we make 
> sure the producer canĀ“t simply set the property we use by himself as this 
> would defy any security.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to