activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Strachan" <>
Subject Re: Getting Stomp support to a usable state...
Date Wed, 06 Jun 2007 09:37:10 GMT
On 6/2/07, Tom Samplonius <> wrote:
>   How much more work needs to occur to get Stomp protocol support to a usable state?

Huh? :) Its very useable right now

> The biggest issue is lack of any authentication support for Stomp, so anyone with access
to the Stomp port can get and send anything.  I can't imagine that anyone is using Stomp in
production yet.

Stomp has always supported authentication (on the CONNECT) which plugs
into the underlying message brokers security & authentication

>   But is anyone working on this?  I've looked into the JAAS stuff, and the Stomp code
in ActiveMQ.  It would take me a week to figure out how to wrap Stomp with JAAS, as I have
never worked with JAAS before.  I assume the original author of the Stomp support probably
skipped authentication.  Does anyone have any patches?  Or any insight on how to fix this?
 I really want usable Stomp support in ActiveMQ.

Just use the JAAS plugin in ActiveMQ and you're good to go; the Stomp
code uses whatever security plugin you're using

>   The Web Console has similar issues.  There is no easy way to password protect it. 
But if you password protect JMX access, it will break the Web Console.

Thats more of a JMX thing really; you can enable security on JMX. The
web console is also a WAR; so you can use the normal servlet security
stuff too

>   I assume that everyone that uses ActiveMQ in production today, is using just OpenWire
and JMX, and not the Web Console or Stomp.  Is that the case?  Or, are users not aware of
the default-open security configuration of ActiveMQ?

I know lots of folks using both the Web Console and Stomp in
production with security


View raw message