[
https://issues.apache.org/jira/browse/ARTEMIS-5316?focusedWorklogId=959301&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-959301
]
ASF GitHub Bot logged work on ARTEMIS-5316:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 27/Feb/25 23:26
Start Date: 27/Feb/25 23:26
Worklog Time Spent: 10m
Work Description: tabish121 commented on code in PR #5535:
URL: https://github.com/apache/activemq-artemis/pull/5535#discussion_r1974488157
##########
artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/connect/AMQPBrokerConnection.java:
##########
@@ -1204,6 +1206,47 @@ public static boolean isApplicable(final NettyConnection
connection) {
}
}
+ private static class XOAuth2SASLMechanism implements ClientSASL {
+
+ private final String userName;
+ private final String token;
+
+ public XOAuth2SASLMechanism(String userName, String token) {
+ this.userName = userName;
+ this.token = token;
+ }
+
+ @Override
+ public String getName() {
+ return XOAUTH2;
+ }
+
+ @Override
+ public byte[] getInitialResponse() {
+ String response = String.format("user=%s\u0001auth=Bearer
%s\u0001\u0001", userName, token);
+ return response.getBytes(StandardCharsets.UTF_8);
+ }
+
+ @Override
+ public byte[] getResponse(byte[] challenge) {
+ return EMPTY;
+ }
+
+ public static boolean isApplicable(AMQPBrokerConnectConfiguration
brokerConnectConfiguration, NettyConnection connection) {
+ Map<String, Object> params =
connection.getConnectorConfig().getParams();
+ String amqpSaslMechanism =
ConfigurationHelper.getStringProperty(TransportConstants.AMQP_SASL_MECHANISM,
null, params);
Review Comment:
This seems like something we can get from URI options and not scatter AMQP
specific options into the netty TransportOptions bits that don't carry any
other AMQP related constants. I believe we already have configuration on the
acceptor URI for AMQP for what mechanisms the broker is allowed to offer. This
should be configured somewhat the same in that if you want to use XOAUTH2 then
the connection should specify that as the only allowed option and fail if the
remote doesn't offer it.
Issue Time Tracking
-------------------
Worklog Id: (was: 959301)
Time Spent: 0.5h (was: 20m)
> Support for SASL XOAUTH2 Mechanism in Broker Connection
> -------------------------------------------------------
>
> Key: ARTEMIS-5316
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5316
> Project: ActiveMQ Artemis
> Issue Type: New Feature
> Reporter: Tomasz Ćukasiewicz
> Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> There is a need to support XOAUTH2 authentication between two AMQP brokers,
> as the existing mechanisms are not sufficiently secure for certain use cases.
> Currently, Artemis does not support this authentication method on the client
> side, and the SaslFactory implementation is both private and final, making it
> impossible to extend.
> To address this, an XOAuth2SASLMechanism should be implemented within the
> AMQPBrokerConnection class and integrated into the SaslFactory. The new SASL
> mechanism should return its name as "XOAUTH2" and include the appropriate
> authentication headers.
> A working example of this approach has been successfully tested with the
> Solace broker:
> {code:java}
> @Override
> public byte[] getInitialResponse() {
> String response = String.format("user=%s\u0001auth=Bearer %s\u0001\u0001",
> userName, token);
> return response.getBytes(StandardCharsets.UTF_8);
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
