Try PubSub+

Authentication on reconnect?

fijimffijimf Member Posts: 3

I'm developing an application with the Java API. The application is a long running server. We are authenticating with username and password, and our passwords are rotated every twelve hours.

It's not clear to me if sessions need to be reauthenticated on reconnection. If they do is there a way to update the PASSWORD in a way which will be pick it up by the reconnect attempt?

Thanks,
Jim

Tagged:

Comments

  • AaronAaron Member, Moderator, Employee Posts: 88 Solace Employee

    Hi Jim... yes, a Session needs to re-authenticate with the broker upon reconnection.

    I just tried to change the JCSMPProperty.PASSWORD of an existing Session, and it causes an exception to be thrown. I tried doing session.setProperty(JCSMPProperties.PASSWORD,"abc"); inside a JCSMPReconnectEventHandler, and it didn't work.

    But your use case is valid and interesting, so I'll raise with the Solace team internally about pros/cons of implementing.

    In the meantime, I think you will have to close() the Session, change the password property, and then recreate the Session and call connect() again... so, not exactly a reconnect, more of a "new connection".

  • TomFTomF Member, Employee Posts: 65 Solace Employee

    @Aaron I'm just interested - did you try to change JCSMPProperty.PASSWORD of an existing session or a connected session? I'm just wondering if session state affects what can be done with the password. I assume that you can set a password, connect, disconnect, change the password and reconnect, but haven't had a chance to try.

  • fijimffijimf Member Posts: 3

    The docs make it pretty clear that the properties which can be set on an existing session are pretty limited.

  • AaronAaron Member, Moderator, Employee Posts: 88 Solace Employee

    @TomF doesn't matter. What Jim said: https://docs.solace.com/API-Developer-Online-Ref-Documentation/java/com/solacesystems/jcsmp/JCSMPSession.html#setProperty(java.lang.String, java.lang.Object)

    Not very flexible, but there's probably some security considerations of modifying some of the Session properties. But I'd think being able to update the password would be a good one..?

    @fijimf would using something like Kerberos help in this situation?

  • fijimffijimf Member Posts: 3

    @Aaron stepping out of my area of competence here, so please don't pounce if I get details wrong. Our ops teams have chosen user password authentication backed by LDAP. Our UNIX clients use Kerberos credentials to generate a token which can be used against LDAP. As a security measure those tokens expire every few hours.

    My understanding is that they are reluctant to use Solace's native Kerberos support because it would make connecting/authenticating more difficult across the enterprise from both Windows and Linux.

  • AaronAaron Member, Moderator, Employee Posts: 88 Solace Employee

    Hey Jim... apologies for the delay. I've escalated your specific inquiry to the Solace SEs who manage your account. Hopefully they'll be in touch..!

Sign In or Register to comment.