[jira] Commented: (CXF-2055) jms transport: Support passing username of producer to SecurityContext

Sat, 21 Feb 2009 00:40:25 -0800 

    [ 
https://issues.apache.org/jira/browse/CXF-2055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12675537#action_12675537
 ] 

Christian Schneider commented on CXF-2055:
------------------------------------------

For Tibco EMS the information on how to setup this can be found in:
tib_ems_users_guid.pdf / Chapter 2 Messages / JMS Message Structure / EMS 
Message properties
and Chapter 3 Destinations / Destination Properties / sender name enforced

>From my viewpoint it makes sense to configure send_name_enforced for all 
>destinations


> jms transport: Support passing username of producer to SecurityContext
> ----------------------------------------------------------------------
>
>                 Key: CXF-2055
>                 URL: https://issues.apache.org/jira/browse/CXF-2055
>             Project: CXF
>          Issue Type: New Feature
>          Components: Transports
>    Affects Versions: 2.1.4
>            Reporter: Christian Schneider
>            Priority: Minor
>             Fix For: 2.2
>
>
> The HTTP transport sets a SecurityContext object in the message. This allows 
> the server implementor to retrieve the user principal and its roles from the 
> message. For JAX-WS the principal and roles are then also available in the 
> WebServiceContext.
> JMS vendors support retrieving the username of the prodcuer that sent a 
> message. In the JMSDestination this information could be added to the message 
> in a new SecurityContext object.  
> Unfortunately there is no common standard for this. So we need to figure out 
> how each vendor does this:
> In Tibco you have to add the following line to queues.conf: > 
> sender_name_enforced. This means that tibco should add the authenticated user 
> name in the jms property JMS_TIBCO_SENDER to every message in every queue. 
> In ActiveMq I have found from the documentation that you can use the option 
> populateJMSXUserID. Then ActiveMQ sets the property JMSXUserID.
> Perhaps we can find the necessary settings for other jms servers too like IBM 
> MQ.
> I would propose to simply check the possible locations where the usename 
> could be set in the different providers. It is important though that we make 
> sure the producer canĀ“t simply set the property we use by himself as this 
> would defy any security.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to