Kerberos for securing JMS

solso Aug 12, 2004 7:05 AM

Hello to all!

I'm asking myself (and you) if I can use Kerberos for authentication and encryption to JMS like the GSS API can be used for a secured connection.

I want to realise the following scenario:

- Sending binary messages from EJB's to a client over an unsecured network (Internet) and back
- Queue mode for messaging, NO publish/subscribe
- mutual authentication for client and server

I've succesfully implemented a way with GSS API and simple socket connection, but my problem is that I'm not allowed to use sockets in an EJB. That's why I want to use JMS and JBossMQ.

Any information or examples are welcome!
Thanks for your Help...

Richard

1. Re: Kerberos for securing JMS

starksm64 Aug 12, 2004 12:00 PM (in response to solso)

This would require a customization of JMS transport level. Create an RFE on sourceforge with the example socket code and we'll see if we can integrate support for this into the existing UIL2 transport, or at least provide sufficient configuration capability to enable it.

RFE URL:
http://sourceforge.net/tracker/?group_id=22866&atid=376688

You can supply custom socket factories for both the JMS layer and EJB layer so its likely that you can already do this. Start with the RFE and if its doable we can create a wiki page describing how to migrate your code to work with jboss.
Actions
2. Re: Kerberos for securing JMS

solso Aug 13, 2004 4:49 AM (in response to solso)

Hello Scott,

I've added a RFE with the title "kerberos for JMS" to sourceforge.
Maybe there is a possible solution.

Grettings, Richard
Actions

Go to original post