[
https://issues.apache.org/jira/browse/QPID-943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rajith Attapattu updated QPID-943:
----------------------------------
Attachment: c++broker_userid_check.patch
1. The broker will verify that the userid, if supplied, matches the
authenticated identity of the connection.
2. For a federation link an argument ( qpid.fed_link) will be added to
ClientProperties when sending the ConnectionStartOk command.
3. The receiving broker will mark the connection as a federation link which
will be used by SemanticState.cpp to skip the message authentication step for
all messages received via that connection as we trust the broker. In an
unstrusted domain user_id check is useless as you would need to rely on a
stronger mechanism such as message signing.
4. As an aside the qpid.fed_link property is also used to mark a connection as
a federation link in management.
> Move JMSXUserID creation to client to improve broker performance
> ----------------------------------------------------------------
>
> Key: QPID-943
> URL: https://issues.apache.org/jira/browse/QPID-943
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker, Java Client
> Affects Versions: M2.1
> Reporter: Marnie McCormack
> Assignee: Rajith Attapattu
> Fix For: M4
>
> Attachments: c++broker_userid_check.patch,
> javabroker_userid_check.patch, JMSXUserID.patch
>
>
> Summary:
> Currently the broker modifies the message to add the JMSXUserID. A better
> approach would be to have the client encode that detail and have the broker
> verify that it is correct. This means that the broker does not have to
> re-encode every message. It also allows the sending client to decide if they
> wish to include the JMSXUserID for validation.
> Proposed Changes:
> Removing existing modification code replacing with validation if the
> JMSXUserID is present. If validation is required to pass then close the
> connection on failures.
> Augment to client to have the ability to manuall or automatically set the
> JMSXUserID based on the authenticated connection.
> Test Strategy:
> Test messages with manual user id creation(correct and incorrect), automatic
> user id creation.
> Test broker in validation mode and lenient mode.
> Testing should include performance metrics to quantify the inpact of the
> additional processing.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
