Re: SSL with client authentification?

[lpfarris <lo...@gmail.com>]

I am trying to enable SSL client authentication. Throwing a few extra logging
statements into the snapshot release shows me I'm almost there. When
org.apache.activemq.util.IntrospectionSupport is trying to
setNeedClientAuth(true) on the SSL server socket, I get the exception
(normally ignored):

INFO  IntrospectionSupport           - java.lang.IllegalAccessException:
Class org.apache.activemq.util.IntrospectionSupport can not access a member
of class com.sun.net.ssl.internal.ssl.SSLSocketImpl with modifiers "public
synchronized"

Before I go coding up a new transport to work around this, I wonder if I am
missing something?

I am running on a 2.6.9 linux kernel with Sun's java 1.5.0_06
-- 
View this message in context: http://www.nabble.com/SSL-with-client-authentification--tf683274.html#a5730447
Sent from the ActiveMQ - User forum at Nabble.com.

Re: SSL with client authentification?

[lpfarris <lo...@gmail.com>]

Rough patch is attached. My next step is to figure out how to use that
properly for authc and authz purposes.
It works with "transport.socket.needClientAuth=true" and
transport.socket.wantClientAuth=true"

  -Lorenzo


James.Strachan wrote:
> 
> We welcome patches if you want to patch the code to do what you need :)
> 
> http://incubator.apache.org/activemq/contributing.html
> 
> On 8/9/06, lpfarris <lo...@gmail.com> wrote:
>>
>> Thanks for clarifying that for me. I suspect my best bet in the short
>> term is
>> going to be extending the relevant classes in
>> org.apache.activemq.transport.tcp for my purposes.
>> cheers,
>>      Lorenzo
>>
>> --
>> View this message in context:
>> http://www.nabble.com/SSL-with-client-authentification--tf683274.html#a5731823
>> Sent from the ActiveMQ - User forum at Nabble.com.
>>
>>
> 
> 
> -- 
> 
> James
> -------
> http://radio.weblogs.com/0112098/
> 
> 
http://www.nabble.com/user-files/235718/ssl_client_auth_patch.txt
ssl_client_auth_patch.txt 
-- 
View this message in context: http://www.nabble.com/SSL-with-client-authentification--tf683274.html#a5936157
Sent from the ActiveMQ - User forum at Nabble.com.

Re: SSL with client authentification?

[James Strachan <ja...@gmail.com>]

We welcome patches if you want to patch the code to do what you need :)

http://incubator.apache.org/activemq/contributing.html

On 8/9/06, lpfarris <lo...@gmail.com> wrote:
>
> Thanks for clarifying that for me. I suspect my best bet in the short term is
> going to be extending the relevant classes in
> org.apache.activemq.transport.tcp for my purposes.
> cheers,
>      Lorenzo
>
> --
> View this message in context: http://www.nabble.com/SSL-with-client-authentification--tf683274.html#a5731823
> Sent from the ActiveMQ - User forum at Nabble.com.
>
>


-- 

James
-------
http://radio.weblogs.com/0112098/

Re: SSL with client authentification?

[lpfarris <lo...@gmail.com>]

Thanks for clarifying that for me. I suspect my best bet in the short term is
going to be extending the relevant classes in
org.apache.activemq.transport.tcp for my purposes.
cheers,
     Lorenzo

-- 
View this message in context: http://www.nabble.com/SSL-with-client-authentification--tf683274.html#a5731823
Sent from the ActiveMQ - User forum at Nabble.com.

Re: SSL with client authentification?

[James Strachan <ja...@gmail.com>]

It looks like that class can't be used properly with introspection as
it is not a valid JavaBean property as the getter is not called
isNeedClientAuth()

http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/SSLSocket.html#getNeedClientAuth()

it looks like we'll need to patch our introspector to deal with bad
bean properties or hand-craft the SSL transport to specifically deal
with this limitation.

On 8/9/06, lpfarris <lo...@gmail.com> wrote:
>
> I should also have mentioned that I was trying to use the url
> ssl://somehostname:61616?transport.socket.needClientAuth=true
>
>
> lpfarris wrote:
> >
> > I am trying to enable SSL client authentication. Throwing a few extra
> > logging statements into the snapshot release shows me I'm almost there.
> > When org.apache.activemq.util.IntrospectionSupport is trying to
> > setNeedClientAuth(true) on the SSL server socket, I get the exception
> > (normally ignored):
> >
> > INFO  IntrospectionSupport           - java.lang.IllegalAccessException:
> > Class org.apache.activemq.util.IntrospectionSupport can not access a
> > member of class com.sun.net.ssl.internal.ssl.SSLSocketImpl with modifiers
> > "public synchronized"
> >
> > Before I go coding up a new transport to work around this, I wonder if I
> > am missing something?
> >
> > I am running on a 2.6.9 linux kernel with Sun's java 1.5.0_06
> >
> --
> View this message in context: http://www.nabble.com/SSL-with-client-authentification--tf683274.html#a5730506
> Sent from the ActiveMQ - User forum at Nabble.com.
>
>


-- 

James
-------
http://radio.weblogs.com/0112098/

Re: SSL with client authentification?

[lpfarris <lo...@gmail.com>]

I should also have mentioned that I was trying to use the url
ssl://somehostname:61616?transport.socket.needClientAuth=true


lpfarris wrote:
> 
> I am trying to enable SSL client authentication. Throwing a few extra
> logging statements into the snapshot release shows me I'm almost there.
> When org.apache.activemq.util.IntrospectionSupport is trying to
> setNeedClientAuth(true) on the SSL server socket, I get the exception
> (normally ignored):
> 
> INFO  IntrospectionSupport           - java.lang.IllegalAccessException:
> Class org.apache.activemq.util.IntrospectionSupport can not access a
> member of class com.sun.net.ssl.internal.ssl.SSLSocketImpl with modifiers
> "public synchronized"
> 
> Before I go coding up a new transport to work around this, I wonder if I
> am missing something?
> 
> I am running on a 2.6.9 linux kernel with Sun's java 1.5.0_06
> 
-- 
View this message in context: http://www.nabble.com/SSL-with-client-authentification--tf683274.html#a5730506
Sent from the ActiveMQ - User forum at Nabble.com.