Forum Home » Fuse Distributions » Fuse Message Broker

Thread: Circumventing Jetty authentication when using BlobMessage

 
This question is not answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 0 Threads: [ Previous | Next ]
kennethjcoe

Posts: 1
Registered: 04/25/12
Circumventing Jetty authentication when using BlobMessage
Posted: Apr 25, 2012 6:21 PM
 
  Click to reply to this thread Reply
Our message brokers use authentication for the administrative console (by setting property "authenticate" = "true" in jetty.xml) like so:

<bean id="securityConstraint"class="org.eclipse.jetty.http.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admin" />
<property name="authenticate" value="false" />
</bean>

This secures the admin console quite well. However, I've just been experimenting with using BlobMessage, which utilizes the "fileserver" service that is active with the broker. What I've discovered is that the client can't transfer the BlobMessage to the uploadURL if "authenticate" is set to true. When I set it to "false" the BlobMessages transfer just fine.

Is there a way to specify credentials when sending the BlobMessage? Is the only solution to turn off authenticaion on the web console(s)?

Any advice is very much appreciated.