jms transport: Support passing username of producer to SecurityContext
----------------------------------------------------------------------
Key: CXF-2055
URL: https://issues.apache.org/jira/browse/CXF-2055
Project: CXF
Issue Type: New Feature
Components: Transports
Affects Versions: 2.1.4
Reporter: Christian Schneider
Priority: Minor
Fix For: 2.2
The HTTP transport sets a SecurityContext object in the message. This allows
the server implementor to retrieve the user principal and its roles from the
message. For JAX-WS the principal and roles are then also available in the
WebServiceContext.
JMS vendors support retrieving the username of the prodcuer that sent a
message. In the JMSDestination this information could be added to the message
in a new SecurityContext object.
Unfortunately there is no common standard for this. So we need to figure out
how each vendor does this:
In Tibco you have to add the following line to queues.conf: >
sender_name_enforced. This means that tibco should add the authenticated user
name in the jms property JMS_TIBCO_SENDER to every message in every queue.
In ActiveMq I have found from the documentation that you can use the option
populateJMSXUserID. Then ActiveMQ sets the property JMSXUserID.
Perhaps we can find the necessary settings for other jms servers too like IBM
MQ.
I would propose to simply check the possible locations where the usename could
be set in the different providers. It is important though that we make sure the
producer canĀ“t simply set the property we use by himself as this would defy any
security.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
