activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hiram Chirino <hi...@hiramchirino.com>
Subject Re: Security of the management interface
Date Thu, 19 May 2011 00:22:41 GMT
Yes,

All authentication is done via JAAS in Apollo.  See:
http://activemq.apache.org/apollo/documentation/user-manual.html#Authentication

Regards,
Hiram

FuseSource
Web: http://fusesource.com/

Connect at CamelOne May 24-26
The Open Source Integration Conference



On Wed, May 18, 2011 at 3:06 PM, Allen Reese <areese@yahoo-inc.com> wrote:
> Is it possible to control access to the rest interface via JAAS?
> We have internal JAAS modules for allowing roles based access.
>
> Thanks,
>
> --Allen Reese
>
>> -----Original Message-----
>> From: chirino@gmail.com [mailto:chirino@gmail.com] On Behalf
>> Of Hiram Chirino
>> Sent: Tuesday, May 17, 2011 5:05 PM
>> To: Lionel Cons
>> Cc: dev@activemq.apache.org
>> Subject: Re: Security of the management interface
>>
>> Good feedback.  Opened some issues to track.  Feel free to
>> add more as they come to mind.
>>
>> https://issues.apache.org/jira/browse/APLO-11
>> https://issues.apache.org/jira/browse/APLO-12
>>
>> Regards,
>> Hiram
>>
>> FuseSource
>> Web: http://fusesource.com/
>>
>> Connect at CamelOne May 24-26
>> The Open Source Integration Conference
>>
>>
>>
>> On Tue, May 17, 2011 at 2:14 AM, Lionel Cons
>> <lionel.cons@cern.ch> wrote:
>> > Hiram,
>> >
>> > First of all, thanks for starting to document the management
>> > interface. I hope you will add the missing bits (e.g. get/update
>> > apollo.xml, shutdown the
>> > broker...) soon.
>> >
>> > Here are some security related comments.
>> >
>> > Since credentials will be given in clear to the management
>> interface
>> > (HTTP basic authentication), Apollo should support SSL
>> encryption for it.
>> >
>> > The current authorization scheme (allow users defined in
>> broker.admin
>> > to do
>> > everything) is not fine grain enough. At minimum, there
>> should be the
>> > possibility to have two different accesses: read-only (only get
>> > information without changing the broker state) and
>> read-write (such as
>> > restarting the broker, changing its configuration, deleting a
>> > queue...). Note that the broker configuration is very
>> sensitive since
>> > it may contain clear text passwords (e.g. <key_storage>)
>> and security
>> > settings (who is allowed to do what).
>> >
>> > Maybe the management interface should have its own fine
>> grain access
>> > control (a bit like httpd) so that one can specify at the
>> URL level who can do what?
>> >
>> > The management interface will probably be extended to
>> include what the
>> > ActiveMQ web console provides today. If this is the case,
>> actions such
>> > as browsing a queue, inspecting a message, sending a message, etc.
>> > should be controlled by the same per destination ACLs used
>> by the STOMP access.
>> >
>> > Cheers,
>> >
>> > Lionel
>> >
>>

Mime
View raw message