You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2009/10/05 18:48:31 UTC
[jira] Commented: (CXF-2055) jms transport: Support passing
username of producer to SecurityContext
[ https://issues.apache.org/jira/browse/CXF-2055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12762254#action_12762254 ]
Daniel Kulp commented on CXF-2055:
----------------------------------
Christian, is this now resolved? At least for ActiveMQ and Weblogic?
New issues could be opened for other JMS providers as encountered, right?
> jms transport: Support passing username of producer to SecurityContext
> ----------------------------------------------------------------------
>
> Key: CXF-2055
> URL: https://issues.apache.org/jira/browse/CXF-2055
> Project: CXF
> Issue Type: New Feature
> Components: Transports
> Affects Versions: 2.1.4
> Reporter: Christian Schneider
> Assignee: Christian Schneider
> Priority: Minor
>
> The HTTP transport sets a SecurityContext object in the message. This allows the server implementor to retrieve the user principal and its roles from the message. For JAX-WS the principal and roles are then also available in the WebServiceContext.
> JMS vendors support retrieving the username of the prodcuer that sent a message. In the JMSDestination this information could be added to the message in a new SecurityContext object.
> Unfortunately there is no common standard for this. So we need to figure out how each vendor does this:
> In Tibco you have to add the following line to queues.conf: > sender_name_enforced. This means that tibco should add the authenticated user name in the jms property JMS_TIBCO_SENDER to every message in every queue.
> In ActiveMq I have found from the documentation that you can use the option populateJMSXUserID. Then ActiveMQ sets the property JMSXUserID.
> Perhaps we can find the necessary settings for other jms servers too like IBM MQ.
> I would propose to simply check the possible locations where the usename could be set in the different providers. It is important though that we make sure the producer canĀ“t simply set the property we use by himself as this would defy any security.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.