authentication using Unix Domain Socket

145 views
Skip to first unread message

Jun

unread,
Mar 24, 2016, 2:14:35 PM3/24/16
to Crossbar

This is regarding how a dynamic authenticator to authenticate itself from the thread titled Authenticating the Authenticator posted earlier: 


3. use Unix domain sockets for connecting the authenticator to the 

router, use filesystem permissions for security, and a fixed WAMP 

authrole again 


And My question is how to  modify the config.json to set up my config.json file? 

"endpoint": {

   "type": "unix",

   "path": "/tmp/socket1"

}


My authenticator is a java program under /auth.jar 

How does crossbar know which my java is connecting via unix socket? 

and I am using jawampa crossbar client library to connect to crossbar like:

WampClientBuilder builder = new WampClientBuilder();

builder.withConnectorProvider(connectorProvider)

      .withUri(wampUrl)

      .withRealm(realm)

      .withSerializations(s)

  .withInfiniteReconnects()

  .withAuthMethod(new Ticket(ticket))

  .withAuthId(authID)

  .withReconnectInterval(5, TimeUnit.SECONDS);

currently, I am using ticket to authenticate the authenticator, but I do not want to have a  static password to store in the config.json file. 


Tobias Oberstein

unread,
Mar 26, 2016, 5:56:02 AM3/26/16
to cross...@googlegroups.com
Hi,

> My authenticator is a java program under /auth.jar
>
> How does crossbar know which my java is connecting via unix socket?#

It doesn't.

You run your Java program under a dedicated user, and then setup
filesystem permissions such that only Crossbar.io and that dedicated
user can access the Unix domain socket.

>
> and I am using jawampa crossbar client library to connect to crossbar like:
>
> WampClientBuilder builder = new WampClientBuilder();
>
> builder.withConnectorProvider(connectorProvider)
>
> .withUri(wampUrl)
>
> .withRealm(realm)
>
> .withSerializations(s)
>
> .withInfiniteReconnects()
>
> .withAuthMethod(new Ticket(ticket))
>
> .withAuthId(authID)
>
> .withReconnectInterval(5, TimeUnit.SECONDS);
>
> currently, I am using ticket to authenticate the authenticator, but I do
> not want to have a static password to store in the config.json file.

As said, use Unix domain socket. Your Java WAMP client library needs
support for talking WAMP over Unix domain socket.

=> If you find out how, please post here. An example that shows how to
do it using say jawampa would be cool and useful!

Or: use WAMP-cryptosign for authentication - this doesn't require a
secret to be contained in the Crossbar.io node configuration.

But I doubt that there is a WAMP Java library already that support
WAMP-cryptosign.

Hope this helps,

Cheers,
/Tobias

>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Crossbar" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to crossbario+...@googlegroups.com
> <mailto:crossbario+...@googlegroups.com>.
> To post to this group, send email to cross...@googlegroups.com
> <mailto:cross...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/crossbario/1a3ac080-0279-4e15-9bbc-07ec40d8935c%40googlegroups.com
> <https://groups.google.com/d/msgid/crossbario/1a3ac080-0279-4e15-9bbc-07ec40d8935c%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.

Jun

unread,
Apr 5, 2016, 5:04:57 PM4/5/16
to Crossbar
It helps. So far, I have not found how jawampa can work out with wamp over unix domain socket. 

Jun
Reply all
Reply to author
Forward
0 new messages