activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hiram Chirino <>
Subject Re: Security of the management interface
Date Wed, 18 May 2011 00:05:14 GMT
Good feedback.  Opened some issues to track.  Feel free to add more as
they come to mind.



Connect at CamelOne May 24-26
The Open Source Integration Conference

On Tue, May 17, 2011 at 2:14 AM, Lionel Cons <> wrote:
> Hiram,
> First of all, thanks for starting to document the management interface. I
> hope you will add the missing bits (e.g. get/update apollo.xml, shutdown the
> broker...) soon.
> Here are some security related comments.
> Since credentials will be given in clear to the management interface (HTTP
> basic authentication), Apollo should support SSL encryption for it.
> The current authorization scheme (allow users defined in broker.admin to do
> everything) is not fine grain enough. At minimum, there should be the
> possibility to have two different accesses: read-only (only get information
> without changing the broker state) and read-write (such as restarting the
> broker, changing its configuration, deleting a queue...). Note that the
> broker configuration is very sensitive since it may contain clear text
> passwords (e.g. <key_storage>) and security settings (who is allowed to do
> what).
> Maybe the management interface should have its own fine grain access control
> (a bit like httpd) so that one can specify at the URL level who can do what?
> The management interface will probably be extended to include what the
> ActiveMQ web console provides today. If this is the case, actions such as
> browsing a queue, inspecting a message, sending a message, etc. should be
> controlled by the same per destination ACLs used by the STOMP access.
> Cheers,
> Lionel

View raw message