activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob (JIRA)" <j...@apache.org>
Subject [jira] Commented: (AMQ-2591) The ability to disable wildcards on a topic.
Date Fri, 05 Feb 2010 15:48:33 GMT

    [ https://issues.apache.org/activemq/browse/AMQ-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=57405#action_57405
] 

Rob commented on AMQ-2591:
--------------------------

As a side note... our clients are pretty ephemeral. Our customer adds new users to the system
daily and the entire rest of the system handles this... but it appears tricky to pass this
information on to AMQ. It is not ideal for us to catch messages from our customer daily about
new users and then creating new users and groups within activemq.

We want to have one group called "guests". They have write only access on upstream channels
to the server... and read only for pretty much any queue. The idea was to use the name of
the queue as a secret. We would then have one other user "server" who would have looser restrictions.

The way AMQ is now.. we would have to add and remove 1000+ users daily to activemq to force
them to only be allowed to read their single "private" queue. From what I can tell.. this
would mean editing the config file daily... or adding LDAP entires daily. It seems like it
would be so much simpler if would could prevent a generic user from mass subscribing to all
queues without knowing the names of the queues.

Also... don't people run into trouble with wildcarding? It seems to make it hard to enforce
one user per queue without having user/password settings for each user of the system.

> The ability to disable wildcards on a topic.
> --------------------------------------------
>
>                 Key: AMQ-2591
>                 URL: https://issues.apache.org/activemq/browse/AMQ-2591
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Broker, JMS client
>    Affects Versions: 5.3.0
>         Environment: windows xp
>            Reporter: adam i
>
> I've been doing some work with the orbited project. http://orbited.org/ . This provides
a web based message consumer. The issue is since we have client side code calling a topic
or queue they could easily just turn on the * and listen to everything. This is assuming of
course we don't have security in place for each user. There are cases when someone would want
to keep a topic private and in that case security can be used. There are also cases where
you would want certain topics to be public. You don't want someone to do a topic/* and get
all the messages from all the public topics. This feature would greatly enhance activemq's
ability to work in the real time web.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message