git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Artemis Rest Interface JAAS


> I am hoping there is a way to pass authenticated credential from step 2
to step 3, then 4.

Looking at the code I don't see where any credentials are taken from the
incoming HTTP requests and passed along to the messaging operations. As you
noted, everything is hard-code to not use security.

> Or better yet, avoid the 2nd authentication and authorization at Artemis
server (with security on) all together.

I believe the only way to accomplish that would be to completely rewrite
the REST interface.

> It seems to me that artemis-rest expects us to secure rest interface URLs
with Artemis server security turned off.

Yes, I believe that was an original design assumption of the REST interface
implementation.

> In my case, I am hoping to secure both rest interface URLs and tcp:61616
so that client can post message via rest or via normal JMS protocol.  Is it
possible?

That doesn't look to be possible at this point from what I can tell.

Out of curiosity, is there a reason you're wanting to use the REST
interface (which is not standardized) vs. a lightweight protocol like STOMP
(which is standardized)?


Justin

On Mon, Oct 29, 2018 at 10:37 PM shumin <shuminli18@xxxxxxxxx> wrote:

> What I described in my previous post are securing all URLs via web.xml.  I
> am
> using a Servlet filter to enforce basic authentication using the same
> security realm as the Artemis server.  The issue is that the security
> credential from war is not carried over to Artemis server as the server has
> it own security turned on although they both use the same realm.  Here is
> the sequence (and you can see it from the stacktrace)
>
> 1. curl --user user:password http://localhost:8161/queue/myQueue
> 2. the Servlet filter authenticated and authorized the access
> 3. artemis-reat creates session at
> org.apache.activemq.artemis.rest.queue.QueueDestinationsResource.java:102.
>
> 4. It passes hard-coded null for both user and password at
>
> org.apache.activemq.artemis.rest.queue.QueueDestinationsResource.findQueue(QueueDestinationsResource.java:102)
> 5. Exception thrown from server that username is null.
>
> I am hoping there is a way to pass authenticated credential from step 2 to
> step 3, then 4.  Or better yet, avoid the 2nd authentication and
> authorization at Artemis server (with security on) all together.
>
> It seems to me that artemis-rest expects us to secure rest interface URLs
> with Artemis server security turned off.  In my case, I am hoping to secure
> both rest interface URLs and tcp:61616 so that client can post message via
> rest or via normal JMS protocol.  Is it possible?
>
>
>
> --
> Sent from:
> http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
>