Sorry that I've taken so long to come back to this. However I think I have a
solution.
JaasCertificateAuthenticationBroker presently makes a check at line 73 as to
whether there is a security context:
if (context.getSecurityContext() == null) {
I am wondering if an additional check should be included to ensure that an
SSL transport is being used.
My use case is that I want the client's SSL certificate to be used for
authentication ONLY when SSL is being used as the transport. I do not
believe that it makes sense to look for an SSL certificate otherwise, and it
should be permissible to grant privileged access for other transports.
I propose a patch be made to line 73 along the lines of:
if (context.getConnector().getServer() instanceof SslTransportServer &&
context.getSecurityContext() == null) {
Does anyone agree/disagree?
Kind regards,
Christopher
--
View this message in context:
http://www.nabble.com/Determining-the-client%27s-AMQ-interface-within-a-JAAS-login-module-tp23018992p23609154.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
