[jira] Commented: (CXF-2055) jms transport: Support passing username of producer to SecurityContext

Sat, 21 Feb 2009 00:40:25 -0800 

    [ 
https://issues.apache.org/jira/browse/CXF-2055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12675538#action_12675538
 ] 

Christian Schneider commented on CXF-2055:
------------------------------------------

For ActiveMQ the information can be found at:
http://activemq.apache.org/jmsxuserid.html


> jms transport: Support passing username of producer to SecurityContext
> ----------------------------------------------------------------------
>
>                 Key: CXF-2055
>                 URL: https://issues.apache.org/jira/browse/CXF-2055
>             Project: CXF
>          Issue Type: New Feature
>          Components: Transports
>    Affects Versions: 2.1.4
>            Reporter: Christian Schneider
>            Priority: Minor
>             Fix For: 2.2
>
>
> The HTTP transport sets a SecurityContext object in the message. This allows 
> the server implementor to retrieve the user principal and its roles from the 
> message. For JAX-WS the principal and roles are then also available in the 
> WebServiceContext.
> JMS vendors support retrieving the username of the prodcuer that sent a 
> message. In the JMSDestination this information could be added to the message 
> in a new SecurityContext object.  
> Unfortunately there is no common standard for this. So we need to figure out 
> how each vendor does this:
> In Tibco you have to add the following line to queues.conf: > 
> sender_name_enforced. This means that tibco should add the authenticated user 
> name in the jms property JMS_TIBCO_SENDER to every message in every queue. 
> In ActiveMq I have found from the documentation that you can use the option 
> populateJMSXUserID. Then ActiveMQ sets the property JMSXUserID.
> Perhaps we can find the necessary settings for other jms servers too like IBM 
> MQ.
> I would propose to simply check the possible locations where the usename 
> could be set in the different providers. It is important though that we make 
> sure the producer canĀ“t simply set the property we use by himself as this 
> would defy any security.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to