activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sepand M" <sepa...@gmail.com>
Subject Re: Where to add new SSL BrokerService functionality
Date Fri, 11 Aug 2006 15:28:55 GMT
I am actually implementing option 1 anyways since the reflection stuff
is part of the other Transport implementations (I'm being consistent).
The problem is that I want the user to be sure that the broker they
start will only use certificate authenticated connections (this is for
the paranoid to be sure that nothing else will get inside their
server). I am suggesting something like a setNeedClientCert method
that would operate similar to setUseJmx (except that setUseJmx adds a
broker filter and setNeedClientAuth would change the addConnector
calls to enable client certificates).

On 8/10/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
> I would go with option 1 since SSL is transport layer option and does
> not really have anything to do with the core of the broker.
>
> On 8/10/06, Sepand M <sepandm@gmail.com> wrote:
> > Hi all,
> >
> > As some of you may know, I'm working on an SSL client certificate
> > authorization system for ActiveMQ. I've gotten some of the basics done
> > and am trying to create a way of ensuring that SSL client certificates
> > are used.
> >
> > I see two options (and I strongly prefer the second one):
> > 1. The client would add the proper "option" to the URI they bind to on
> > the broker side (e.g URI="localhost:61616?needClientAuth=true").
> >
> > 2. Adding a method to the BrokerService that enables this functionality.
> >
> > Unless someone suggests something different, I'm choosing method 2.
> > The problem is I can't decide if I should subclass the existing
> > BrokerService or add the menthioned method to the existing
> > BrokerService class.
> >
> > So far, BrokerService seems to be doing everything and it has no
> > subclasses, but I'm wondering how much more can be crammed into it and
> > if SSL functionality should be built into the general purpose broker.
> >
> > Any thoughts?
> >
> > Regards,
> > Sepand
> >
>
>
> --
> Regards,
> Hiram
>
> Blog: http://hiramchirino.com
>

Mime
View raw message