2 Replies Latest reply on Nov 27, 2013 8:29 AM by Philippe Granjal

    SSL Identification / Add certificate information on message (consumer side)

    Philippe Granjal Newbie

      I know JMS specification doesn't provide such authentication only user/password authentication should be used.

      But once the ssl connection is established I really need to identify producer according to its certificate for each message (using a core bridge between servers) .

      So is there any workaround to do such a thing ?

       

      I tried using HornetQInterceptor but no luck.

      Also a sub-question would be why NettyConnection.getDefaltHornetQPrincipal() isn't allowed.

       

      //never allow this
         public HornetQPrincipal getDefaultHornetQPrincipal()
         {
            return null;
         }
      

       

      It killed my idea of creating a custom Login module that would return some made up username from the certificate.

        • 1. Re: SSL Identification / Add certificate information on message (consumer side)
          Andy Taylor Master

          I know JMS specification doesn't provide such authentication only user/password authentication should be used.

          But once the ssl connection is established I really need to identify producer according to its certificate for each message (using a core bridge between servers) .

          So is there any workaround to do such a thing ?

          The SSL authentication is taken care of by Netty, our transport layer so no, currently this is not possible as we only handle the unencrypted data. Saying that Netty does expose some functionality to access the SSL Engine used so maybe this is something we could add. Feel free to eaise a JIRA although its unlikely to be high on our list of todo's. you could have a go at im-lementing this yourself, we are always happy to receive community contributions.

          I tried using HornetQInterceptor but no luck.

          Also a sub-question would be why NettyConnection.getDefaltHornetQPrincipal() isn't allowed.

          This is not really for SSL, its used by wildfly so it can allow invm connections without security.

          1 of 1 people found this helpful
          • 2. Re: SSL Identification / Add certificate information on message (consumer side)
            Philippe Granjal Newbie

            If there is no workaround I'll be happy to purpose some patch.


            I'll think about it and open a Jira then.


            Thank you.