Cool! I've only had a quick glance but it looks promising.

Given the minimal schema changes, this could go into the 0.7.6 release.
We'd need to provide SQL scripts to add the new table and index, and update
the schema version no.

At this stage, I'm not too concerned about username and password being
transferred in plaintext, as the tcps or https connectors can be used if
this is an issue. However, it shouldn't be difficult to plugin encryption.

JDBM support is not required, as its being dropped post 0.7.6.

I'll have an in depth look at it tomorrow.

Regards,

Tim

-----Original Message-----
From: openjms-developer-***@lists.sourceforge.net
[mailto:openjms-developer-***@lists.sourceforge.net]On Behalf Of Knut at
work
Sent: Wednesday, 23 July 2003 4:10 AM
To: openjms-***@lists.sourceforge.net
Subject: [openjms-developer] OpenJms and Security


Hello!

I have developed a solution for authentication of users in OpenJMS.

This is just a very first 'shot' and I would be pleased if any of you guys
who knows the code would be so kind to have a look. I have only studied the
source for a couple of days so maybe ive choosed some stupid solutions :-)

Limitations:
-By the time only authentication of user/password, nothing for Acl against
Queue/Topic.
-username/password are beeing transferd from client to server in plaintext
-Only implemented for the TCP-connector
-Only impl. for RDBMS and tested against MySql


The source is taken from the openjms-0.7.5-src.

Howto:
unpack openjms-0.7.5-src.zip
Unpack the src.zip to ../main/.. in openjms-0.7.5-src catalog
Unpack the config.zip to ../config in openjms-0.7.5-src catalog
and build.

Add suitable drivers for the DB
and run.

openjms.xml
-------------------
if you set <SecurityConfiguration enableSecurity="false"/> openjms should
behave ex. as before (i hope....)


Knut

Sorry, forgot to supply the changelog.

Also the only way to add new users is thru the openjms.xml file.
Have not done any changes to the Admin yet.


Knut
----- Original Message -----
From: Knut at work
To: openjms-***@lists.sourceforge.net
Sent: Tuesday, July 22, 2003 6:09 PM
Subject: OpenJms and Security


Hello!

I have developed a solution for authentication of users in OpenJMS.

This is just a very first 'shot' and I would be pleased if any of you guys who knows the code would be so kind to have a look. I have only studied the source for a couple of days so maybe ive choosed some stupid solutions :-)

Limitations:
-By the time only authentication of user/password, nothing for Acl against Queue/Topic.
-username/password are beeing transferd from client to server in plaintext
-Only implemented for the TCP-connector
-Only impl. for RDBMS and tested against MySql


The source is taken from the openjms-0.7.5-src.

Howto:
unpack openjms-0.7.5-src.zip
Unpack the src.zip to ../main/.. in openjms-0.7.5-src catalog
Unpack the config.zip to ../config in openjms-0.7.5-src catalog
and build.

Add suitable drivers for the DB
and run.

openjms.xml
-------------------
if you set <SecurityConfiguration enableSecurity="false"/> openjms should behave ex. as before (i hope....)


Knut

Thanks Knut.

I've applied the changes to CVS. Allow ~24 hours from when you get this
message for them to
propagate through to the anon CVS server.

I've made a few changes:
o UserManager is no longer a singleton.
OpenJMS relies too much on singletons - they're a code smell I'd like to
remove.

o Authentication check has been moved out of the TCP connector and into
JmsServerConnectionManager. This means each connector now has
authentication support.

o JMSSecurityException is now raised on the server, rather than in the
client code.

o minor reformatting

I've also updated the dbtool schema, and added a schema converter to migrate
existing databases to the new 0.7.6 schema.

Still to do, in no particular order:

1. update remaining create_*.sql scripts to include the users table.
2. add sql scripts to create the users tables, for existing databases
3. update configuration reference xdoc to include <SecurityConfiguration/>
and <Users/>
4. add security section to the administrators guide xdocs
5. add user management to the admin GUI
6. update sample configs to include <SecurityConfiguration/> and <Users/>
7. more testing. I'll be running it against the JMS CTS over the next few
days.
8. Add encryption of password, to avoid sending it cleartext [optional]

If you (or anyone else for that matter) wants to do any of the above, please
let me know.

Also, I had a hard time applying these changes, because CVS has moved on bit
since
you checked last out. In future, could you submit patches created using
diff,
Thanks,

Tim

-----Original Message-----
From: openjms-developer-***@lists.sourceforge.net
[mailto:openjms-developer-***@lists.sourceforge.net]On Behalf Of Knut at
work
Sent: Wednesday, 23 July 2003 5:29 AM
To: openjms-***@lists.sourceforge.net
Subject: [openjms-developer] Fw: OpenJms and Security


Sorry, forgot to supply the changelog.

Also the only way to add new users is thru the openjms.xml file.
Have not done any changes to the Admin yet.


Knut
----- Original Message -----
From: Knut at work
To: openjms-***@lists.sourceforge.net
Sent: Tuesday, July 22, 2003 6:09 PM
Subject: OpenJms and Security


Hello!

I have developed a solution for authentication of users in OpenJMS.

This is just a very first 'shot' and I would be pleased if any of you guys
who knows the code would be so kind to have a look. I have only studied the
source for a couple of days so maybe ive choosed some stupid solutions :-)

Limitations:
-By the time only authentication of user/password, nothing for Acl against
Queue/Topic.
-username/password are beeing transferd from client to server in plaintext
-Only implemented for the TCP-connector
-Only impl. for RDBMS and tested against MySql


The source is taken from the openjms-0.7.5-src.

Howto:
unpack openjms-0.7.5-src.zip
Unpack the src.zip to ../main/.. in openjms-0.7.5-src catalog
Unpack the config.zip to ../config in openjms-0.7.5-src catalog
and build.

Add suitable drivers for the DB
and run.

openjms.xml
-------------------
if you set <SecurityConfiguration enableSecurity="false"/> openjms should
behave ex. as before (i hope....)


Knut

and <Users/>
days.
9. Add authentication to the embedded JNDI provider
10. Add authentication the administration API
please let me know.

+1 to rewrite I also think it is worth looking into MQSeries Explorer.
+1 To JMX support we could embed mx4j similar to the Avalon Phoenix
container. We could then write a JMX-based management application
(alternatively we could use third-party jmx enabled management
applications). We could also look at OpenNMS, which I believe is a
JMX-enabled management application

There is a series of articles at IBM AlphaWorks on JMX. If anyone is
interested you should be able to get to all 3 articles from here
http://www-106.ibm.com/developerworks/java/library/j-jmx3/


It would also be nice to ditch our BasicService stuff and go do either one
of the Avalon containers. The lightweight containers you mentioned are still
under heavt development. Has anyone looked into HiveMind
http://jakarta.apache.org/commons/sandbox/hivemind/
+1

Points 3 and 4 are done:
. http://openjms.sourceforge.net/config/security.html
. http://openjms.sourceforge.net/config/reference.html#SecurityConfiguration

As a side note, I've also fleshed out the http and https configuration docs:
http://openjms.sourceforge.net/config/http.html
http://openjms.sourceforge.net/config/https.html

and updated the release/change notes:
http://openjms.sourceforge.net/changes-report.html

As always, keep an eye on the news and status page for project updates:
http://openjms.sourceforge.net/status.html

Regards,

Tim