activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Allen Reese <are...@yahoo-inc.com>
Subject RE: Security of the management interface
Date Wed, 18 May 2011 19:06:28 GMT
Is it possible to control access to the rest interface via JAAS?
We have internal JAAS modules for allowing roles based access.

Thanks,

--Allen Reese 

> -----Original Message-----
> From: chirino@gmail.com [mailto:chirino@gmail.com] On Behalf 
> Of Hiram Chirino
> Sent: Tuesday, May 17, 2011 5:05 PM
> To: Lionel Cons
> Cc: dev@activemq.apache.org
> Subject: Re: Security of the management interface
> 
> Good feedback.  Opened some issues to track.  Feel free to 
> add more as they come to mind.
> 
> https://issues.apache.org/jira/browse/APLO-11
> https://issues.apache.org/jira/browse/APLO-12
> 
> Regards,
> Hiram
> 
> FuseSource
> Web: http://fusesource.com/
> 
> Connect at CamelOne May 24-26
> The Open Source Integration Conference
> 
> 
> 
> On Tue, May 17, 2011 at 2:14 AM, Lionel Cons 
> <lionel.cons@cern.ch> wrote:
> > Hiram,
> >
> > First of all, thanks for starting to document the management 
> > interface. I hope you will add the missing bits (e.g. get/update 
> > apollo.xml, shutdown the
> > broker...) soon.
> >
> > Here are some security related comments.
> >
> > Since credentials will be given in clear to the management 
> interface 
> > (HTTP basic authentication), Apollo should support SSL 
> encryption for it.
> >
> > The current authorization scheme (allow users defined in 
> broker.admin 
> > to do
> > everything) is not fine grain enough. At minimum, there 
> should be the 
> > possibility to have two different accesses: read-only (only get 
> > information without changing the broker state) and 
> read-write (such as 
> > restarting the broker, changing its configuration, deleting a 
> > queue...). Note that the broker configuration is very 
> sensitive since 
> > it may contain clear text passwords (e.g. <key_storage>) 
> and security 
> > settings (who is allowed to do what).
> >
> > Maybe the management interface should have its own fine 
> grain access 
> > control (a bit like httpd) so that one can specify at the 
> URL level who can do what?
> >
> > The management interface will probably be extended to 
> include what the 
> > ActiveMQ web console provides today. If this is the case, 
> actions such 
> > as browsing a queue, inspecting a message, sending a message, etc. 
> > should be controlled by the same per destination ACLs used 
> by the STOMP access.
> >
> > Cheers,
> >
> > Lionel
> >
> 
Mime
View raw message