activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mario Siegenthaler" <mario.siegentha...@gmail.com>
Subject Re: JMS authentication in the embedded web-console
Date Mon, 25 Jun 2007 15:33:22 GMT
Just as an afterthought: I'll need the webconsole to allow only
non-modifying actions for a certain group of users. F.e. it should be
possible to view the contents of a queue but not to purge it.
While a solution to this is rather straightforward, namely to use the
JEE-role based security model (isUserInRole) it's not exactly
configuration friendly. We'd need some way to have a 'default' way
that doesn't check for anything.
Another way'd be to rely onto the activemq-security and let it decide
if a user may purge a queue or not. However this'll need to be able to
pass the user to activemq. Anyone running such a configuration?

Let me know what you think on this subject
Mario

On 6/25/07, Mario Siegenthaler <mario.siegenthaler@gmail.com> wrote:
> Hi
> Tom pointed out the problem with the web console and a secured
> JMS-connection. While it's already possible to configure that over
> JNDI and straightforward to make that configurable via
> system-properties, this will be an issue for the in-vm jetty, that's
> started with the broker. We'd require the user to set a user/password
> to connect to the invm-broker. IMO this is quite a hassle (the same
> thing is true for the console, this thing in fact kills the broker
> because it can't startup because it gets a invalid username/password
> exception).
> The easiest thing'd be to allow vm:// connections without checking for
> username/password. The problem with this approach is certainly that
> the policy check on the queues/topics'd have to be ignored.
>
> Any thoughts on this topic? I'll be happy to write a patch as soon as
> I know the way we want to go.
>
> Mario
>

Mime
View raw message