On Wed, 13 Oct 2021 at 19:20, A K <mailbox.abhishek.ku...@gmail.com> wrote: > > Hi Team, > > > > We got requirement to Authenticate ServiceBus with RBAC(role-based access > control). At this moment this feature is not supported by Qpid JMS, but > this is supported by Microsoft SDK which internally uses Qpid Proton > library. > > > > Reference link for not supporting - > https://docs.microsoft.com/en-us/azure/service-bus-messaging/migrate-jms-activemq-to-servicebus#authentication-and-authorization > > > > We are trying to find a way to achieve the same functionality with the Qpid > JMS library. As Microsoft SDK achieves this functionality through Qpid > proton, so there could be a way to achieve this with Qpid JMS. > > > > I compared both Microsoft and Qpid proton logs. I observed one major > difference - Qpid JMS library logs credential while communication, but > Microsoft SDK doesn't logs credential while connecting to ServiceBus. Still > puzzle for me - how they are able to connect to ServiceBus and establish > communication.? >
You just aren't looking closely enough, there is actually significantly more auth related detail in the Microsoft protocol trace, probably the majority of the trace, it isnt all in the same place though since its using another mechanism to do it. They connect with ANONYMOUS SASL instead, and then do a bunch of specific work with senders and receivers to and from the '$cbs' and 'cbs-client-reply-to' addresses to negotiate auth details and establish ability to do anything else. > > > Please find below sample details - > > 1. Microsoft > > --> sample class - > https://github.com/abhikt48/servicebus/blob/master/RBAC-logs/GenerateRBACtokenPublish.java > > --> logs - > https://github.com/abhikt48/servicebus/blob/master/RBAC-logs/Microsoft_Publish_Logs.txt > > 2. QPID JMS > > --> sample class - > https://github.com/abhikt48/servicebus/blob/master/RBAC-logs/QpidPublishMsg.java > > --> sample logs - > https://github.com/abhikt48/servicebus/blob/master/RBAC-logs/Qpid_Publish_logs.txt > > > > > > Could you please suggest your opinion on below queries - > > 1) Do we have any custom way to connect ServiceBus with RBAC > authentication? If yes, then can you please provide details? > As above it uses various specific work with senders and receivers, which the client has no idea about, so it can't simply do this itself. No clients except Azure ones do it themselves that I am aware of, though it is perhaps slightly easier for you to do it yourself using other (non-JMS) clients. I dont know if its possible for you to do it yourself over the top with the JMS client, I'm not sure how much of the protocol detail needs to match exactly what happens with their client or if you can get close-enough using JMS API itself, it's not something I've tried. > 2) Can you please point out PROTON class/method who is responsible for > authentication? (Will help in debug) > The Sasl interface is where SASL authentication related work goes through, but as above, in this case as the related bits are done with layered sender/receivers, not the SASL negotiation. > > > Looking forward to get any input on this. Thanks in advance. > > > > Regards, > > Abhishek Kumar --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
