authentication using Unix Domain Socket

#1

This is regarding how a dynamic authenticator to authenticate itself from the thread titled Authenticating the Authenticator posted earlier:

  1. use Unix domain sockets for connecting the authenticator to the

router, use filesystem permissions for security, and a fixed WAMP

authrole again

And My question is how to modify the config.json to set up my config.json file?

“endpoint”: {

“type”: “unix”,

“path”: “/tmp/socket1”

}

My authenticator is a java program under /auth.jar

How does crossbar know which my java is connecting via unix socket?

and I am using jawampa crossbar client library to connect to crossbar like:

WampClientBuilder builder = new WampClientBuilder();

		builder.withConnectorProvider(connectorProvider)

		       .withUri(wampUrl)

		       .withRealm(realm)

		       .withSerializations(s)

			   .withInfiniteReconnects()

			   .withAuthMethod(new Ticket(ticket))

			   .withAuthId(authID)

			   .withReconnectInterval(5, TimeUnit.SECONDS);

currently, I am using ticket to authenticate the authenticator, but I do not want to have a static password to store in the config.json file.

0 Likes

#2

Hi,

My authenticator is a java program under /auth.jar

How does crossbar know which my java is connecting via unix socket?#

It doesn't.

You run your Java program under a dedicated user, and then setup filesystem permissions such that only Crossbar.io and that dedicated user can access the Unix domain socket.

and I am using jawampa crossbar client library to connect to crossbar like:

WampClientBuilder builder = new WampClientBuilder();

builder.withConnectorProvider(connectorProvider)

       .withUri(wampUrl)

       .withRealm(realm)

       .withSerializations(s)

   .withInfiniteReconnects()

   .withAuthMethod(new Ticket(ticket))

   .withAuthId(authID)

   .withReconnectInterval(5, TimeUnit.SECONDS);

currently, I am using ticket to authenticate the authenticator, but I do
not want to have a static password to store in the config.json file.

As said, use Unix domain socket. Your Java WAMP client library needs support for talking WAMP over Unix domain socket.

=> If you find out how, please post here. An example that shows how to do it using say jawampa would be cool and useful!

Or: use WAMP-cryptosign for authentication - this doesn't require a secret to be contained in the Crossbar.io node configuration.

But I doubt that there is a WAMP Java library already that support WAMP-cryptosign.

Hope this helps,

Cheers,
/Tobias

···

--
You received this message because you are subscribed to the Google
Groups "Crossbar" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to crossbario+...@googlegroups.com
<mailto:crossbario+...@googlegroups.com>.
To post to this group, send email to cross...@googlegroups.com
<mailto:cross...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/crossbario/1a3ac080-0279-4e15-9bbc-07ec40d8935c%40googlegroups.com
<https://groups.google.com/d/msgid/crossbario/1a3ac080-0279-4e15-9bbc-07ec40d8935c%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.

0 Likes

#3

It helps. So far, I have not found how jawampa can work out with wamp over unix domain socket.

Jun

···

On Thursday, March 24, 2016 at 11:14:35 AM UTC-7, Jun wrote:

This is regarding how a dynamic authenticator to authenticate itself from the thread titled Authenticating the Authenticator posted earlier:

  1. use Unix domain sockets for connecting the authenticator to the

router, use filesystem permissions for security, and a fixed WAMP

authrole again

And My question is how to modify the config.json to set up my config.json file?

“endpoint”: {

“type”: “unix”,

“path”: “/tmp/socket1”

}

My authenticator is a java program under /auth.jar

How does crossbar know which my java is connecting via unix socket?

and I am using jawampa crossbar client library to connect to crossbar like:

WampClientBuilder builder = new WampClientBuilder();

  	builder.withConnectorProvider(connectorProvider)
  	       .withUri(wampUrl)
  	       .withRealm(realm)
  	       .withSerializations(s)
  		   .withInfiniteReconnects()
  		   .withAuthMethod(new Ticket(ticket))
  		   .withAuthId(authID)
  		   .withReconnectInterval(5, TimeUnit.SECONDS);

currently, I am using ticket to authenticate the authenticator, but I do not want to have a static password to store in the config.json file.

0 Likes