Can we validate client's ipaddress when authenticate username and password using EMS 5.x JAAS plugin?
Article ID: KB0091784
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Resolution:
Yes, you can. You can use the ConnectionInfoCallback class in com.tibco.tibems.tibemsd.security to get the the inetAddress of the remote end of the TCP connection for this client.
========================================
getInetAddress
public java.net.InetAddress getInetAddress()
Returns:
the inetAddress of the remote end of the TCP connection for this client. This may or may not be the IP address of the client's network interface. NATs and other routing elements in the network may affect its value. Calling getHostName() or any of its variants may be expensive, as a reverse DNS lookup will be required
========================================
Here is what you can do:
1. import this class in our JAAS sample program: FlatFileUserAuthLoginModule.java.
import com.tibco.tibems.tibemsd.security.ConnectionInfoCallback;
2. In the login() function add the ConnectionInfoCallback and get the ipaddress:
Callback[] callbacks = new Callback[3];
callbacks[0] = new NameCallback(" ");
callbacks[1] = new PasswordCallback(" ", false);
callbacks[2] = new ConnectionInfoCallback();
InetAddress ipaddress = ((ConnectionInfoCallback)callbacks[2]).getInetAddress();
3. You need to implement your own logic to validate the ipaddress.
Attached the modified sample java program: samples\security\com\tibco\example\FlatFileUserAuthLoginModule.java. It tries to validate client ipaddress with the hostnames defined in a plain text file, the plain text file is defined as hostfile parameter in jass config file.
If you want JAAS plugin to only validate client's ipaddress and want the username and password to be authenticated using local EMS server user configuration or LDAP directory server, there is a issue with current EMS 5 version: EMS server can't stop the authentication when JAAS authentication module throws "LoginException", this requirement can't be achieved with current EMS version. The next EMS release: 5.2 will address this issue logged in CR: 1-A5NL7T and provide this feature.
Yes, you can. You can use the ConnectionInfoCallback class in com.tibco.tibems.tibemsd.security to get the the inetAddress of the remote end of the TCP connection for this client.
========================================
getInetAddress
public java.net.InetAddress getInetAddress()
Returns:
the inetAddress of the remote end of the TCP connection for this client. This may or may not be the IP address of the client's network interface. NATs and other routing elements in the network may affect its value. Calling getHostName() or any of its variants may be expensive, as a reverse DNS lookup will be required
========================================
Here is what you can do:
1. import this class in our JAAS sample program: FlatFileUserAuthLoginModule.java.
import com.tibco.tibems.tibemsd.security.ConnectionInfoCallback;
2. In the login() function add the ConnectionInfoCallback and get the ipaddress:
Callback[] callbacks = new Callback[3];
callbacks[0] = new NameCallback(" ");
callbacks[1] = new PasswordCallback(" ", false);
callbacks[2] = new ConnectionInfoCallback();
InetAddress ipaddress = ((ConnectionInfoCallback)callbacks[2]).getInetAddress();
3. You need to implement your own logic to validate the ipaddress.
Attached the modified sample java program: samples\security\com\tibco\example\FlatFileUserAuthLoginModule.java. It tries to validate client ipaddress with the hostnames defined in a plain text file, the plain text file is defined as hostfile parameter in jass config file.
If you want JAAS plugin to only validate client's ipaddress and want the username and password to be authenticated using local EMS server user configuration or LDAP directory server, there is a issue with current EMS 5 version: EMS server can't stop the authentication when JAAS authentication module throws "LoginException", this requirement can't be achieved with current EMS version. The next EMS release: 5.2 will address this issue logged in CR: 1-A5NL7T and provide this feature.
Issue/Introduction
Can we validate client's ipaddress when authenticate username and password using EMS 5.x JAAS plugin?
Attachments
Feedback
Yes
No
Powered by
