NMS .NET 4.0 Sandbox Security Question

[prgtrdr <pr...@gmail.com>]

I'm trying to use NMS Version 1.6.0 with my code ('IntPub') that must run in
a sandbox in a .NET 4.0 environment for security reasons.  The code that
creates the sandbox makes my code 'partially trusted' and therefore
'security-transparent' which seems to mean that it can't create a
ConnectionFactory (see error log below) because NMS seems to be
'security-critical'.  Here's the code that's causing this error:

        connecturi = new Uri("tcp://my.server.com:61616");
        var connectionFactory = new ConnectionFactory(connecturi);

I also tried this instead with similar results:

        connecturi = new Uri("activemq:tcp://my.server.com:61616");
        var connectionFactory =
NMSConnectionFactory.CreateConnectionFactory(connecturi);

Since I can't change the security level of my assembly (the sandbox prevents
it) is there a way to make NMS run as 'safe-critical' so it can be called by
'security-transparent' code?

I appreciate any help or suggestions...

Thanks,
Bill

Assembly 'IntPub, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=6fa620743b8dc60a' is partially trusted, which causes the CLR
to make it entirely security transparent regardless of any transparency
annotations in the assembly itself.  In order to access security critical
code, this assembly must be fully trusted.Detail: 
<OrganizationServiceFault
xmlns:i="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://schemas.microsoft.com/xrm/2011/Contracts">
  <ErrorCode>-2147220956</ErrorCode>
  <ErrorDetails
xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic"
/>
  <Message>Unexpected exception from plug-in (Execute): Samples.WebClient:
System.MethodAccessException: Attempt by security transparent method
'Samples.WebClient.Execute(System.IServiceProvider)' to access security
critical method 'Apache.NMS.ActiveMQ.ConnectionFactory..ctor(System.Uri)'
failed.



--
View this message in context: http://activemq.2283324.n4.nabble.com/NMS-NET-4-0-Sandbox-Security-Question-tp4669278.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: NMS .NET 4.0 Sandbox Security Question

[Timothy Bish <ta...@gmail.com>]

On 07/16/2013 10:15 AM, prgtrdr wrote:
> Hi Tim,
>
> Thanks for taking the time to respond.  I think you meant to write that the
> http: and https: protocols are NOT currently supported in NMS, correct?
>
> Although I'm not familiar with the NMS internals, I'm happy to have a look
> at what it would take to implement them.  Can you point me in the right
> direction to give me a head start?  For example,
>
> 1. Would you use the Ajax API as a model?  I've struggled with it because of
> the servlet requirement, would that make it inappropriate for an NMS client
> that would not be running in a browser?
>
> 2.  What about the REST API?  Would NMS be able to keep a session alive
> between requests?
>
> Thanks,
> Bill
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.nabble.com/NMS-NET-4-0-Sandbox-Security-Question-tp4669278p4669364.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
The best way to start would be to dissect how the current activemq http 
transport works, see the code in activemq-http.  You would create an 
http transport for NMS doing something similar, streaming the openwire 
commands over http as XML transformed objects. ActiveMQ uses XStream, 
you could use .NET transformations, I recall seeing a blog posting 
somewhere covering how to make the XML transformation in .NET produce 
XStream compatible code.  On the NMS client end you also need a small 
HTTP server running to allow activemq to send you HTTP Get requests etc.

-- 
Tim Bish
Sr Software Engineer | RedHat Inc.
tim.bish@redhat.com | www.fusesource.com | www.redhat.com
skype: tabish121 | twitter: @tabish121
blog: http://timbish.blogspot.com/

www.camelone.org : The open source integration conference:

Re: NMS .NET 4.0 Sandbox Security Question

[prgtrdr <pr...@gmail.com>]

Hi Tim,

Thanks for taking the time to respond.  I think you meant to write that the
http: and https: protocols are NOT currently supported in NMS, correct?

Although I'm not familiar with the NMS internals, I'm happy to have a look
at what it would take to implement them.  Can you point me in the right
direction to give me a head start?  For example,

1. Would you use the Ajax API as a model?  I've struggled with it because of
the servlet requirement, would that make it inappropriate for an NMS client
that would not be running in a browser?

2.  What about the REST API?  Would NMS be able to keep a session alive
between requests?

Thanks,
Bill



--
View this message in context: http://activemq.2283324.n4.nabble.com/NMS-NET-4-0-Sandbox-Security-Question-tp4669278p4669364.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: NMS .NET 4.0 Sandbox Security Question

[Timothy Bish <ta...@gmail.com>]

On 07/16/2013 09:24 AM, prgtrdr wrote:
> I've since learned that the sandbox restricts the use of all communication
> protocols except http: and https:.  Is there a way to get NMS to communicate
> with ActiveMQ via those protocols?
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.nabble.com/NMS-NET-4-0-Sandbox-Security-Question-tp4669278p4669357.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
Those are currently supported in NMS, you are welcome to contribute to 
the project though.

-- 
Tim Bish
Sr Software Engineer | RedHat Inc.
tim.bish@redhat.com | www.fusesource.com | www.redhat.com
skype: tabish121 | twitter: @tabish121
blog: http://timbish.blogspot.com/

www.camelone.org : The open source integration conference:

Re: NMS .NET 4.0 Sandbox Security Question

[prgtrdr <pr...@gmail.com>]

I've since learned that the sandbox restricts the use of all communication
protocols except http: and https:.  Is there a way to get NMS to communicate
with ActiveMQ via those protocols?



--
View this message in context: http://activemq.2283324.n4.nabble.com/NMS-NET-4-0-Sandbox-Security-Question-tp4669278p4669357.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.