There is one in ServiceMix. http://svn.apache.org/repos/asf/incubator/servicemix/trunk/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/login/
On 8/2/06, Hiram Chirino <[EMAIL PROTECTED]> wrote:
On 8/1/06, Sepand M <[EMAIL PROTECTED]> wrote: > Hi all, > > So far I've mainly been reading ActiveMQ and making design docs. > Here's what I've got: > > For authorization, my current plan is to just have the client's DN > replace the user name field in the ConnectionInfo class (how this is > done is explained below). I want to do this because I don't know much > about JAAS and I'm trying to avoid writing classes to authorize based > on DNs. If you guys know this stuff (and you probably do), we could > change this easily enough. > > Here's the rest of my design: > > I want to modify SslTransportFactory to use a specific SslContext > object and allow client's access to its init method so that they can > set their own key and trust managers. I also want to create new > SslTransport and SslTransportServer classes. SslTransport will be > derived from TcpTransport. Its main task will be to replace the user > name field of ConnectionInfo commands with its socket's DN (this could > be changed easily to attach the entire certificate to ConnectionInfo > as a new generic field). SslTransport will also make sure that it uses > SslSocketFactory's. SslTransportServer will only be there to make sure > SslSocketFactory's are used. > > For my current design that about does it. The proper Brokers and > plugins (JaasAuthenticationBroker and AuthorizationPlugin) would have > to be used and the configuration files would need to use the DN as the > username. > > I'm not sure about this, but I think if we were to attach the complete > certificate and try to do things "properly" we'd need a new > CertificateAuthenticationBroker and a way for JAAS to authenticate > that certificate (I'm new to JAAS so I don't know how easy/hard this > would be). > Sounds spot on! The JAAS part would totally depend on how the JAAS module that authenticates against a certificate expects to receive the certificate. Right now our current JAAS login only uses userid/password, that would need to change for a cert. Anybody know where we can get a JAAS module that authenticates certificates? Regards, Hiram > Any thoughts? > - Sepand > > On 8/1/06, James Strachan <[EMAIL PROTECTED]> wrote: > > On 8/1/06, ngcutura <[EMAIL PROTECTED]> wrote: > > > > > > My JIRA username is 'ngcutura' and I'll be glad to assign LDAP Authorization > > > issue to myself. > > > > Great! You're all set now with JIRA karma > > > > > I also take this opportunity to remind you of my code > > > waiting for your review. :-) > > > > Thanks for the reminder - will try get there soon :) > > > > > I wouldn't mind creating and assigning certificate login but as Sepand was > > > the first to raise it I'd wait for him (a while). > > > > Coolio > > > > -- > > > > James > > ------- > > http://radio.weblogs.com/0112098/ > > > -- Regards, Hiram Blog: http://hiramchirino.com
-- Cheers, Guillaume Nodet