[jira] [Commented] (AMQ-5943) network bridge fails when using jaasDualAuthenticationPlugin

Mon, 24 Aug 2015 02:59:33 -0700 

    [ 
https://issues.apache.org/jira/browse/AMQ-5943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14709051#comment-14709051
 ] 

Torsten Mielke commented on AMQ-5943:
-------------------------------------

The network bridge internally creates a VM transport that fails to be 
authenticated via the JaasDualAuthenticationBroker. 

{code:java}
    @Override
    public void addConnection(ConnectionContext context, ConnectionInfo info) 
throws Exception {
        if (context.getSecurityContext() == null) {
            boolean isSSL = false;
            Connector connector = context.getConnector();
            if (connector instanceof TransportConnector) {
                TransportConnector transportConnector = (TransportConnector) 
connector;
                isSSL = transportConnector.getServer().isSslServer();
            }

            if (isSSL) {
                this.sslBroker.addConnection(context, info);
            } else {
                this.nonSslBroker.addConnection(context, info);
            }
            super.addConnection(context, info);
        }
    }
{code}

For the VM transport isSSL will evaluate to false and hence it calls 
this.nonSslBroker.addConnection(context, info) which calls into the 
JaasAuthenticationBroker and expects a username and password.

> network bridge fails when using jaasDualAuthenticationPlugin
> ------------------------------------------------------------
>
>                 Key: AMQ-5943
>                 URL: https://issues.apache.org/jira/browse/AMQ-5943
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker, security
>    Affects Versions: 5.12.0
>            Reporter: Torsten Mielke
>              Labels: broker, jaas, security
>
> If a network bridge is to be established to another broker's ssl transport as 
> in 
> {code:xml}
> <networkConnector duplex="true" dynamicOnly="true" name="to-A" networkTTL="2" 
> uri="static://(ssl://localhost:61626)" >
> {code}
> and the other broker is configured for 
> {code:xml}
> <jaasDualAuthenticationPlugin configuration="activemq-domain" 
> sslConfiguration="activemq-ssl-domain"/>
> {code}
> then the network bridge will fail. Note the network connector does not set 
> username and password but is supposed to be authenticated via its SSL 
> certificate. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to