David, If you have security concerns, I think rather than trying to write a custom JMS listener, it would probably be worthwhile looking at using a more secure mechanism like SSL certificates or Kerberos.
Rajith On Mon, Dec 10, 2012 at 3:25 PM, <[email protected]> wrote: > Hi, Phil, > > Got it. It seems that we need to write our own JMS listener, extending > from the default one, org.apache.axis2.transport.jms.JMSListener . > > Thanks for the help. > David > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Phil Harvey > Sent: Sunday, December 09, 2012 12:57 AM > To: [email protected] > Subject: RE: How to encrypt user password in connection url > > Hi David, > > I was actually thinking containers such as WebSphere which allow JNDI > objects to be securely stored by an administrator. Sounds like that > might not be useful in your case though. > > I don't know the best way of securely storing the connection URL in > Synapse. Writing a custom JMSListener may be an option. You could try > asking for advice on the Synapse mailing list. > > Finally, note that Qpid does support client SSL authentication. This may > provide the level of security that you need. If you think this might be > useful we can help you set it up. > > Incidentally, which version of the Qpid client and broker are you using? > > Phil > On Dec 8, 2012 4:47 PM, <[email protected]> wrote: > >> Hi, Phil, >> >> Thanks for the info. >> >> We are trying to embed qpid in Synapse where qpid connection >> information is stored in a property file in the format like - >> >> connectionfactory.QueueConnectionFactory = >> amqp://user:password@clientID/test?brokerlist=... >> >> So what you mean is that we need to create customized listener to read > >> the property file and decrypt the password where the password can be >> encrypted? >> >> It seems out of the box in Synapse, it uses >> org.apache.axis2.transport.jms.JMSListener and there is no such an >> option. >> >> Thanks, >> David >> >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Phil Harvey >> Sent: Saturday, December 08, 2012 2:11 AM >> To: [email protected] >> Subject: Re: How to encrypt user password in connection url >> >> Hi David, >> >> I assume you're talking about encrypting the stored URL string, and >> not about encrypting the details sent over the wire to the broker. I >> think the only way to do this is to store it in a secure JNDI context, > e.g. >> one provided by a Java application server. This is in line with the >> approach commonly taken for making JDBC connections from JEE apps. >> >> Phil >> >> >> On 8 December 2012 00:27, <[email protected]> wrote: >> >> > ** >> > Hi, Guys, >> > >> > Is there a way to encrypt password in the connection URL below? >> > >> > amqp://[<user>:<pass>@][<clientid>]<virtualhost>[..] >> > >> > David >> > >> > Visit our website at http://www.ubs.com >> > >> > This message contains confidential information and is intended only >> > for the individual named. If you are not the named addressee you >> > should not disseminate, distribute or copy this e-mail. Please >> > notify >> >> > the sender immediately by e-mail if you have received this e-mail by > >> > mistake and delete this e-mail from your system. >> > >> > E-mails are not encrypted and cannot be guaranteed to be secure or >> > error-free as information could be intercepted, corrupted, lost, >> > destroyed, arrive late or incomplete, or contain viruses. The >> > sender therefore does not accept liability for any errors or >> > omissions in the >> >> > contents of this message which arise as a result of e-mail >> transmission. >> > If verification is required please request a hard-copy version. >> > This message is provided for informational purposes and should not >> > be construed as a solicitation or offer to buy or sell any >> > securities or related financial instruments. >> > >> > >> > UBS reserves the right to retain all messages. Messages are >> > protected and accessed only in legally justified cases. >> > >> > >> > -------------------------------------------------------------------- >> > - To unsubscribe, e-mail: [email protected] For >> > additional commands, e-mail: [email protected] >> > >> Visit our website at http://www.ubs.com >> >> This message contains confidential information and is intended only >> for the individual named. If you are not the named addressee you >> should not disseminate, distribute or copy this e-mail. Please notify > >> the sender immediately by e-mail if you have received this e-mail by >> mistake and delete this e-mail from your system. >> >> E-mails are not encrypted and cannot be guaranteed to be secure or >> error-free as information could be intercepted, corrupted, lost, >> destroyed, arrive late or incomplete, or contain viruses. The sender >> therefore does not accept liability for any errors or omissions in the > >> contents of this message which arise as a result of e-mail > transmission. >> If verification is required please request a hard-copy version. This >> message is provided for informational purposes and should not be >> construed as a solicitation or offer to buy or sell any securities or >> related financial instruments. >> >> >> UBS reserves the right to retain all messages. Messages are protected >> and accessed only in legally justified cases. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] For >> additional commands, e-mail: [email protected] >> >> > Visit our website at http://www.ubs.com > > This message contains confidential information and is intended only > for the individual named. If you are not the named addressee you > should not disseminate, distribute or copy this e-mail. Please > notify the sender immediately by e-mail if you have received this > e-mail by mistake and delete this e-mail from your system. > > E-mails are not encrypted and cannot be guaranteed to be secure or > error-free as information could be intercepted, corrupted, lost, > destroyed, arrive late or incomplete, or contain viruses. The sender > therefore does not accept liability for any errors or omissions in the > contents of this message which arise as a result of e-mail transmission. > If verification is required please request a hard-copy version. This > message is provided for informational purposes and should not be > construed as a solicitation or offer to buy or sell any securities > or related financial instruments. > > > UBS reserves the right to retain all messages. Messages are protected > and accessed only in legally justified cases. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
