3 Replies Latest reply on Mar 29, 2011 5:57 PM by joe_boy12

    JMS Gateway security

    joe_boy12 Novice

      Hello folks

       

      I am trying to present a Proof of Concept for JBoss ESB SOA platform for my team and came across a situation which concerns me a bit.

       

      I have a JMS Gateway Queue and its secured. I mean only specified roles can read/write on it. No issues with message producer at all. The 1st issue comes when I dont want to put my user name and password openly in following props on jboss-esb.xml file. e.g.

       

      <jms-message-filter dest-type="QUEUE" dest-name="queue/MyGatewayQueue" jms-security-principal="esb_user" jms-security-credential="esb_password"/>

       

      so if I give reading rights to guest user in my jbm-queue-service.xml - anybody whos unauthenticated can read my message on that queue.

       

      The 2nd issue is - even if I go for either choice from above - the gateway is not able to create / populate AuthenticationRequest object on meesage context when passing that info to ESB aware channel which in turn calls a secured service - which I think is an open defect - now what I need to do is - write a composer class which inturn somehow creates an AuthenticationRequest object before message is passed on ESB aware channel.

       

      Does anybody have better solution?

       

      Thanks

      Joe