activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hiram Chirino <hi...@hiramchirino.com>
Subject Re: Apollo & IP based security
Date Wed, 08 Jun 2011 16:49:56 GMT
I've just added the support for this.  The default login.conf is now
generated with the following
login module.

  //
  // Support accepting/rejecting connections based on the remote IP address.
  //
  // The black-list.txt is a text file that contains a new line
separated IP address
  // which are not allowed to connect to this server.
  //
  org.apache.activemq.apollo.broker.security.SocketAddressLoginModule required
    // Uncomment to use a while list of allowed address that can connect to us
    // white_list_file="white-list.txt"
    black_list_file="black-list.txt"
    ;


By default it's only black listing IPs, but you can easily configure
it to only allow remote
connections from the white list.

Regards,
Hiram

FuseSource
Web: http://fusesource.com/




On Wed, Jun 8, 2011 at 11:09 AM, Hiram Chirino <hiram@hiramchirino.com> wrote:
> I thinks that's a great Idea.  We should be able to pass the IP
> information to a login module just as easy as we pass the credentials.
>
> Opened up:
> https://issues.apache.org/jira/browse/APLO-38
>
> Regards,
> Hiram
>
> FuseSource
> Web: http://fusesource.com/
>
>
>
>
> On Wed, Jun 8, 2011 at 6:50 AM, Lionel Cons <lionel.cons@cern.ch> wrote:
>> Hiram,
>>
>> In our environment, we may have to use IP based security.
>>
>> One way to do it would be to have a JAAS module that would not require
>> any login/passcode (like the guest module) and that would add a principal
>> containing the IP address of the origin of the connection.
>>
>> This way, we can build authentication and authorization on top of it.
>> We can also add it to the message header thanks to add_user_header and
>> have traceability (= where does this messge come from?).
>>
>> Does it make sense to add this to Apollo?
>>
>> Cheers,
>>
>> Lionel
>>
>

Mime
View raw message