You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Arthur Naseef (JIRA)" <ji...@apache.org> on 2011/02/16 19:31:30 UTC
[jira] Commented: (AMQ-3154) unable to implement custom
broker-to-broker authorization
[ https://issues.apache.org/jira/browse/AMQ-3154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12995443#comment-12995443 ]
Arthur Naseef commented on AMQ-3154:
------------------------------------
I'm looking for some quick feedback on the fit of this solution; we would like to make use of this update, but prefer to have reason to believe it is a good fit first. If not, I will gladly implement an alternate approach.
> unable to implement custom broker-to-broker authorization
> ---------------------------------------------------------
>
> Key: AMQ-3154
> URL: https://issues.apache.org/jira/browse/AMQ-3154
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.4.2
> Reporter: Arthur Naseef
> Attachments: pre_add_broker.patch
>
>
> Ran into the following issues preventing a custom Broker-To-Broker authentication implementation:
> - BrokerFilter's addBroker() can not be used to secure a connection:
> - for duplex connections, it is never called on the initial conneciton
> - even if addBroker() throws an exception, it does not deny access (it does not close the connection nor prevent other functioning)
> - addBroker() does not have direct access to the ConnectionContext, nor any other means for the BrokerFilter to access SSL certificates on the SSL transport
> - BrokerFilter's addConnection() can not be used to secure a connection:
> - there is no way to distinguish broker connections from clients
> Other approaches were considered, but lead to dead-ends.
> It seems the optimal solution would use the existing addBroker() method.
> A patch will be provided that adds a new method specifically for securing Broker-To-Broker connections.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira