qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPIDJMS-303) Add support for SASL GSSAPI Kerberos mechanism
Date Fri, 21 Jul 2017 15:19:03 GMT

    [ https://issues.apache.org/jira/browse/QPIDJMS-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16096362#comment-16096362
] 

ASF GitHub Bot commented on QPIDJMS-303:
----------------------------------------

Github user gtully commented on a diff in the pull request:

    https://github.com/apache/qpid-jms/pull/10#discussion_r128788568
  
    --- Diff: qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SaslGssApiIntegrationTest.java
---
    @@ -0,0 +1,185 @@
    +/*
    + *
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *   http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing,
    + * software distributed under the License is distributed on an
    + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    + * KIND, either express or implied.  See the License for the
    + * specific language governing permissions and limitations
    + * under the License.
    + *
    + */
    +package org.apache.qpid.jms.integration;
    +
    +import org.apache.directory.server.kerberos.shared.keytab.Keytab;
    +import org.apache.directory.server.kerberos.shared.keytab.KeytabEntry;
    +import org.apache.hadoop.minikdc.MiniKdc;
    +import org.apache.qpid.jms.JmsConnectionFactory;
    +import org.apache.qpid.jms.test.QpidJmsTestCase;
    +import org.apache.qpid.jms.test.testpeer.TestAmqpPeer;
    +import org.apache.qpid.proton.amqp.Symbol;
    +import org.junit.After;
    +import org.junit.Before;
    +import org.junit.Test;
    +import org.slf4j.Logger;
    +import org.slf4j.LoggerFactory;
    +
    +import javax.jms.Connection;
    +import javax.jms.ConnectionFactory;
    +import javax.jms.JMSSecurityException;
    +import java.io.File;
    +import java.nio.file.Files;
    +import java.nio.file.Path;
    +
    +import static junit.framework.TestCase.assertTrue;
    +import static org.junit.Assert.assertNull;
    +import static org.junit.Assert.fail;
    +
    +public class SaslGssApiIntegrationTest extends QpidJmsTestCase {
    +
    +    private static final Logger LOG = LoggerFactory.getLogger(SaslGssApiIntegrationTest.class);
    +
    +    private static final Symbol GSSAPI = Symbol.valueOf("GSSAPI");
    +    private static final String serviceName = "amqp/localhost";
    +
    +    private MiniKdc kdc;
    +
    +    @Before
    +    public void setUpKerberso() throws Exception {
    +        Path tempDirectory = Files.createTempDirectory("junit.test.");
    +        File root = tempDirectory.toFile();
    +        root.deleteOnExit();
    +        kdc = new MiniKdc(MiniKdc.createConf(), new File(root, "kdc"));
    +        kdc.start();
    +
    +        // hard coded match, default_keytab_name in minikdc-krb5.conf template
    +        File userKeyTab = new File("target/test.krb5.keytab");
    +        kdc.createPrincipal(userKeyTab, "client", serviceName);
    +
    +        Keytab kt = Keytab.read(userKeyTab);
    +        for (KeytabEntry entry : kt.getEntries()) {
    +            LOG.info("KeyTab Kerb PrincipalNames:" + entry.getPrincipalName());
    +        }
    +
    +        java.util.logging.Logger logger = java.util.logging.Logger.getLogger("javax.security.sasl");
    --- End diff --
    
    yep.


> Add support for SASL GSSAPI Kerberos mechanism
> ----------------------------------------------
>
>                 Key: QPIDJMS-303
>                 URL: https://issues.apache.org/jira/browse/QPIDJMS-303
>             Project: Qpid JMS
>          Issue Type: Bug
>          Components: qpid-jms-client
>            Reporter: Gary Tully
>
> It would be great to be able to authenticate using kerberos credentials using the SASL
GSSAPI mechanism.
> Authentication would be sufficient leaving TLS to do encryption of the channel if that
is necessary.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message