qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Sarenik (JIRA)" <qpid-...@incubator.apache.org>
Subject [jira] Issue Comment Edited: (QPID-1645) Kerberos auth support for the java client
Date Fri, 17 Apr 2009 09:53:15 GMT

    [ https://issues.apache.org/jira/browse/QPID-1645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12700101#action_12700101
] 

Jan Sarenik edited comment on QPID-1645 at 4/17/09 2:51 AM:
------------------------------------------------------------

VERIFIED
========

On RHEL4 and RHEL5 I have verified this using the following
script:

-------------------------------------------------------------------------------
#!/bin/sh
#
# Prerequisities:
#   * broker has to be run with "qpidd --auth yes --realm EXAMPLE.COM"
#   * you have to get the ticket first
#   * packages (qpidd, krb5-*, cyrus-sasl-gssapi, qpid-java-*,
#               rhm-docs)

EXAMPLE_PATH=/usr/share/doc/rhm-0.5/java
EXAMPLE_LIST=`find $EXAMPLE_PATH -type f -name '*.java'`
CLASSPATH=`find /usr/share/java -name '*.jar' | tr '\n' :`

TMPFILE=`mktemp`
PROPFILE=$EXAMPLE_PATH/org/apache/qpid/example/jmsexample/requestResponse/\
requestResponse.properties

cat $PROPFILE > $TMPFILE
sed -i "s|^\(connectionfactory.qpidConnectionfactory\).*$|\1 = amqp://testuser:test@clientid/testpath?brokerlist='tcp://$HOSTNAME:5672'|"
$PROPFILE

cat > $EXAMPLE_PATH/myjas.conf <<EOF
com.sun.security.jgss.initiate {
  com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
};
EOF

pushd $EXAMPLE_PATH
find $EXAMPLE_PATH  -iname *.class -exec rm {} \;
javac -cp  "$CLASSPATH" -sourcepath "$EXAMPLE_PATH" \
  -d "$EXAMPLE_PATH" $EXAMPLE_LIST

java \
    -Djavax.security.auth.useSubjectCredsOnly=false \
    -Djava.security.auth.login.config=myjas.conf \
    -Dsun.security.krb5.debug=true \
    -Dqpid.sasl_mechs="GSSAPI" \
    -Dqpid.sasl_protocol=qpidd \
    -Dqpid.sasl_server_name=$HOSTNAME \
    -cp "$CLASSPATH" \
    org.apache.qpid.example.jmsexample.requestResponse.Server \
    &> /dev/null &

sleep 3

java \
    -Djavax.security.auth.useSubjectCredsOnly=false \
    -Djava.security.auth.login.config=myjas.conf \
    -Dsun.security.krb5.debug=true \
    -Dqpid.sasl_mechs="GSSAPI" \
    -Dqpid.sasl_protocol=qpidd \
    -Dqpid.sasl_server_name=$HOSTNAME \
    -cp "$CLASSPATH" \
    org.apache.qpid.example.jmsexample.requestResponse.Client

killall java
cat $TMPFILE > $PROPFILE
rm -rfv $TMPFILE $EXAMPLE_PATH/myjas.conf
-------------------------------------------------------------------------------


      was (Author: jasan):
    VERIFIED
========

On RHEL4 and RHEL5 I have verified this using the following
script:

-------------------------------------------------------------------------------
#!/bin/sh
#
# Prerequisities:
#   * broker has to be run with "qpidd --auth yes --realm EXAMPLE.COM"
#   * you have to get the ticket first
#   * packages (qpidd, krb5-*, cyrus-sasl-gssapi, qpid-java-*,
#               rhm-docs)

EXAMPLE_PATH=/usr/share/doc/rhm-0.5/java
EXAMPLE_LIST=`find $EXAMPLE_PATH -type f -name '*.java'`
CLASSPATH=`find /usr/share/java -name '*.jar' | tr '\n' :`

TMPFILE=`mktemp`
PROPFILE=$EXAMPLE_PATH/org/apache/qpid/example/jmsexample/requestResponse/\
requestResponse.properties

cat $PROPFILE > $TMPFILE
sed -i "s|^\(connectionfactory.qpidConnectionfactory\).*$|\1 = amqp://testuser:test@clientid/testpath?brokerlist='tcp://$HOSTNAME:5672'|"
$PROPFILE

cat > $EXAMPLE_PATH/myjas.conf <<EOF
com.sun.security.jgss.initiate {
  com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
};
EOF

pushd $EXAMPLE_PATH
find $EXAMPLE_PATH  -iname *.class -exec rm -v {} \ &> /dev/null
javac -cp  "$CLASSPATH" -sourcepath "$EXAMPLE_PATH" \
  -d "$EXAMPLE_PATH" $EXAMPLE_LIST

java \
    -Djavax.security.auth.useSubjectCredsOnly=false \
    -Djava.security.auth.login.config=myjas.conf \
    -Dsun.security.krb5.debug=true \
    -Dqpid.sasl_mechs="GSSAPI" \
    -Dqpid.sasl_protocol=qpidd \
    -Dqpid.sasl_server_name=$HOSTNAME \
    -cp "$CLASSPATH" \
    org.apache.qpid.example.jmsexample.requestResponse.Server \
    &> /dev/null &

sleep 3

java \
    -Djavax.security.auth.useSubjectCredsOnly=false \
    -Djava.security.auth.login.config=myjas.conf \
    -Dsun.security.krb5.debug=true \
    -Dqpid.sasl_mechs="GSSAPI" \
    -Dqpid.sasl_protocol=qpidd \
    -Dqpid.sasl_server_name=$HOSTNAME \
    -cp "$CLASSPATH" \
    org.apache.qpid.example.jmsexample.requestResponse.Client

killall java
cat $TMPFILE > $PROPFILE
rm -rfv $TMPFILE $EXAMPLE_PATH/myjas.conf
-------------------------------------------------------------------------------

  
> Kerberos auth support for the java client
> -----------------------------------------
>
>                 Key: QPID-1645
>                 URL: https://issues.apache.org/jira/browse/QPID-1645
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Client
>    Affects Versions: M4
>            Reporter: Rajith Attapattu
>            Assignee: Rajith Attapattu
>             Fix For: 0.5
>
>
> Currently the 0-8 java client only supports PLAIN and cram-MD5 as authentication mechanisms.
> The 0-10 java client only uses PLAIN.
> It would be good to add Keberos as an authentication mechanism to the java client.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org


Mime
View raw message