[jira] Commented: (AMQ-3154) unable to implement custom broker-to-broker authorization

Wed, 16 Feb 2011 17:03:47 -0800 

    [ 
https://issues.apache.org/jira/browse/AMQ-3154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12995620#comment-12995620
 ] 

Arthur Naseef commented on AMQ-3154:
------------------------------------

Working on a JUnit, I'm finding it difficult to capture whether the broker 
connection was made or not.  Subclassing DiscoveryNetworkConnector seemed like 
a good idea, but even it doesn't appear to have a clear point in its lifecycle 
at which the success or failure of the connection can be determined.

Any tips would be appreciated.

While it would be possible to create a consumer and producer that use the two 
different brokers, I'd rather not add that complexity.

Note that I'm working purely with 5.4.2 at this point.

> unable to implement custom broker-to-broker authorization
> ---------------------------------------------------------
>
>                 Key: AMQ-3154
>                 URL: https://issues.apache.org/jira/browse/AMQ-3154
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.4.2
>            Reporter: Arthur Naseef
>         Attachments: pre_add_broker.patch
>
>
> Ran into the following issues preventing a custom Broker-To-Broker 
> authentication implementation:
>   - BrokerFilter's addBroker() can not be used to secure a connection:
>       - for duplex connections, it is never called on the initial conneciton
>       - even if addBroker() throws an exception, it does not deny access (it 
> does not close the connection nor prevent other functioning)
>       - addBroker() does not have direct access to the ConnectionContext, nor 
> any other means for the BrokerFilter to access SSL certificates on the SSL 
> transport
>   - BrokerFilter's addConnection() can not be used to secure a connection:
>        - there is no way to distinguish broker connections from clients
> Other approaches were considered, but lead to dead-ends.
> It seems the optimal solution would use the existing addBroker() method.
> A patch will be provided that adds a new method specifically for securing 
> Broker-To-Broker connections.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to