Isn't the JMSXUserID set to the user who connected to the broker? Since John's use case is a HTTP->JMS bridge with HTTP Basic Auth, I would be surprised that the connection to the broker is opened using the credentials of the user who submitted the HTTP request.
Andreas On Mon, Feb 1, 2010 at 21:16, Daniel Kulp <[email protected]> wrote: > > Christian recently did some updates to the JMS transport to pull the > JMSXUserID from the JMS Message and stick that into our SecurityContext. You > would probably need an interceptor that would then take that and feed that > into the Spring security context. If you do develop some interceptors for > this, we'd love to have them. :-) > > Dan > > > > > On Mon February 1 2010 1:51:44 pm johnpfeifer4 wrote: >> I was wondering if anyone has an example of implement spring security with >> a CXF JMS Endpoint. We currently secure all of our endpoints with the >> <security:http> element, limiting access to certain endpoints to a >> particular role(s). >> >> Now we have a requirement to enforce security for JMS endpoints. It seems >> that the listener that picks it off the JMS queue would have to know where >> to find the credentials on the message. Perhaps we need to write our own >> interceptors to do this? >> >> I figured I would post here before I start my own investigation. Any help >> would be greatly appreciated. >> >> Thanks, >> >> John >> > > -- > Daniel Kulp > [email protected] > http://www.dankulp.com/blog >
